From 974e6dac72e5594e536eecc651569ae6daec571b Mon Sep 17 00:00:00 2001
From: Lucas Manning <lucasmanning@google.com>
Date: Tue, 3 Sep 2024 12:44:48 -0700
Subject: [PATCH] Internal change.

PiperOrigin-RevId: 670667358
---
 pkg/sentry/devices/tpuproxy/seccomp_filter.go | 4 ++++
 pkg/sentry/fsimpl/sys/pci.go                  | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/sentry/devices/tpuproxy/seccomp_filter.go b/pkg/sentry/devices/tpuproxy/seccomp_filter.go
index 0c53f27dca..696e20e70f 100644
--- a/pkg/sentry/devices/tpuproxy/seccomp_filter.go
+++ b/pkg/sentry/devices/tpuproxy/seccomp_filter.go
@@ -104,6 +104,10 @@ func Filters() seccomp.SyscallRules {
 				seccomp.NonNegativeFD{},
 				seccomp.EqualTo(linux.VFIO_SET_IOMMU),
 			},
+			seccomp.PerArg{
+				seccomp.NonNegativeFD{},
+				seccomp.EqualTo(linux.VFIO_DEVICE_RESET),
+			},
 			seccomp.PerArg{
 				seccomp.NonNegativeFD{},
 				seccomp.EqualTo(gasket.GASKET_IOCTL_RESET),
diff --git a/pkg/sentry/fsimpl/sys/pci.go b/pkg/sentry/fsimpl/sys/pci.go
index 5539f5f88f..f80a0acf06 100644
--- a/pkg/sentry/fsimpl/sys/pci.go
+++ b/pkg/sentry/fsimpl/sys/pci.go
@@ -71,7 +71,9 @@ func sysDevicesPCIPaths(sysDevicesPath string) ([]string, error) {
 				return nil, err
 			}
 			for _, pciDent := range pciDents {
-				pciPaths = append(pciPaths, path.Join(sysDevicesPath, dent, pciDent))
+				if pciDeviceRegex.MatchString(pciDent) {
+					pciPaths = append(pciPaths, path.Join(sysDevicesPath, dent, pciDent))
+				}
 			}
 		}
 	}