seccomp: move mmap variant to correct thread

alindima · alindima · commit 650d11030834 · 2021-12-14T18:39:26.000+02:00
During this commit: a3f5d47, the mmap call was mistakenly added to the vmm thread, as opposed to the API thread to which it was intended. Also fix the regression test. There was a bug in it, which lead to this issue being hidden. Signed-off-by: alindima <alindima@amazon.com>
diff --git a/resources/seccomp/aarch64-unknown-linux-musl.json b/resources/seccomp/aarch64-unknown-linux-musl.json
@@ -189,19 +189,6 @@
                     }
                 ]
             },
-            {
-                "syscall": "mmap",
-                "comment": "Used for large buffers sent to api_server",
-                "args": [
-                    {
-                        "index": 3,
-                        "type": "dword",
-                        "op": "eq",
-                        "val": 34,
-                        "comment": " libc::MAP_ANONYMOUS | libc::MAP_PRIVATE"
-                    }
-                ]
-            },
             {
                 "syscall": "mmap",
                 "comment": "Used for reading the timezone in LocalTime::now()",
@@ -537,6 +524,19 @@
                     }
                 ]
             },
+            {
+                "syscall": "mmap",
+                "comment": "Used for large buffers sent to api_server",
+                "args": [
+                    {
+                        "index": 3,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 34,
+                        "comment": " libc::MAP_ANONYMOUS | libc::MAP_PRIVATE"
+                    }
+                ]
+            },
             {
                 "syscall": "rt_sigaction",
                 "comment": "rt_sigaction is used by libc::abort during a panic to install the default handler for SIGABRT",
diff --git a/tests/integration_tests/functional/test_api.py b/tests/integration_tests/functional/test_api.py
@@ -4,8 +4,6 @@
 
 # Disable pylint C0302: Too many lines in module
 # pylint: disable=C0302
-import array
-import itertools
 import os
 import platform
 import resource
@@ -1227,6 +1225,8 @@ def test_map_private_seccomp_regression(test_microvm_with_ssh):
     @type: regression
     """
     test_microvm = test_microvm_with_ssh
+    test_microvm.jailer.extra_args.update(
+        {'http-api-max-payload-size': str(1024 * 1024 * 2)})
     test_microvm.spawn()
     test_microvm.api_session.untime()
 
@@ -1237,13 +1237,10 @@ def test_map_private_seccomp_regression(test_microvm_with_ssh):
     data_store = {
         'latest': {
             'meta-data': {
+                'ami-id': 'b' * (1024 * 1024)
             }
         }
     }
 
-    slice_1mb = array.array('u', itertools.repeat('b', 1024 * 1024))
-    chars = array.array('u')
-    chars = [chars.extend(slice_1mb) for _ in range(190)]
-    data_store["latest"]["meta-data"]["ami-id"] = chars
     response = test_microvm.mmds.put(json=data_store)
     assert test_microvm.api_session.is_status_no_content(response.status_code)
