chromeos-base/crosvm/files/0001-betty-arcvm-Loose-mprotect-mmap-for-software-renderi.patch - third_party/overlays/chromiumos-overlay - Git at Google

 From 6da03c4a5093e3fc9f09fa4c295e27b1df4d3091 Mon Sep 17 00:00:00 2001
 From: Lepton Wu <lepton@chromium.org>
 Date: Fri, 6 Dec 2019 14:22:41 -0800
 Subject: [PATCH] betty-arcvm: Loose mprotect/mmap for software rendering

 betty-arcvm will use llvmpipe for graphics, and llvmpipe needs to
 execute dynamically generated code.

 Change-Id: Ia7b213056e0bdcdfa2a2026f512dc39badaa04a1
 ---
  seccomp/x86_64/gpu_device.policy | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

 diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
 index b98dbd2..bf0184c 100644
 --- a/seccomp/x86_64/gpu_device.policy
 +++ b/seccomp/x86_64/gpu_device.policy
 @@ -61,8 +61,8 @@ lstat: 1
  # Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING
  memfd_create: arg1 == 3
  # mmap/mprotect/open/openat differ from the common_device.policy
 -mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ
 -mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ
 +mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ || arg2 == PROT_READ|PROT_WRITE|PROT_EXEC
 +mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ || arg2 == PROT_READ|PROT_EXEC
  open: 1
  openat: 1
  readlink: 1
 --
 2.24.1.735.g03f4e72817-goog
	From 6da03c4a5093e3fc9f09fa4c295e27b1df4d3091 Mon Sep 17 00:00:00 2001
	From: Lepton Wu <lepton@chromium.org>
	Date: Fri, 6 Dec 2019 14:22:41 -0800
	Subject: [PATCH] betty-arcvm: Loose mprotect/mmap for software rendering

	betty-arcvm will use llvmpipe for graphics, and llvmpipe needs to
	execute dynamically generated code.

	Change-Id: Ia7b213056e0bdcdfa2a2026f512dc39badaa04a1
	---
	seccomp/x86_64/gpu_device.policy \| 4 ++--
	1 file changed, 2 insertions(+), 2 deletions(-)

	diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
	index b98dbd2..bf0184c 100644
	--- a/seccomp/x86_64/gpu_device.policy
	+++ b/seccomp/x86_64/gpu_device.policy
	@@ -61,8 +61,8 @@ lstat: 1
	# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC\|MFD_ALLOW_SEALING
	memfd_create: arg1 == 3
	# mmap/mprotect/open/openat differ from the common_device.policy
	-mmap: arg2 == PROT_READ\|PROT_WRITE \|\| arg2 == PROT_NONE \|\| arg2 == PROT_READ\|PROT_EXEC \|\| arg2 == PROT_WRITE \|\| arg2 == PROT_READ
	-mprotect: arg2 == PROT_READ\|PROT_WRITE \|\| arg2 == PROT_NONE \|\| arg2 == PROT_READ
	+mmap: arg2 == PROT_READ\|PROT_WRITE \|\| arg2 == PROT_NONE \|\| arg2 == PROT_READ\|PROT_EXEC \|\| arg2 == PROT_WRITE \|\| arg2 == PROT_READ \|\| arg2 == PROT_READ\|PROT_WRITE\|PROT_EXEC
	+mprotect: arg2 == PROT_READ\|PROT_WRITE \|\| arg2 == PROT_NONE \|\| arg2 == PROT_READ \|\| arg2 == PROT_READ\|PROT_EXEC
	open: 1
	openat: 1
	readlink: 1
	--
	2.24.1.735.g03f4e72817-goog