The panic hook calls read_to_string, which relies on lseek internally.
Most devices already allow lseek, but add it to the common policy files
to ensure that devices can properly panic.
BUG=None
TEST=compiles
Change-Id: I99d6d1d258706874cc04ce550108991631d71706
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3960213
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: David Stevens <stevensd@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Debian bullseye is becoming old and we require a couple of newer
dependencies. gLinux is also tracking bookworm, so we are staying
close to our usual development environment.
Since the official rust images do not have a bookworm version,
we switch to the official debian image and add a rustup install
to ./tools/install-deps.
The new glibc version uses clone3 in multiple devices, adding
this new syscall to our policy to pass integration tests.
Drive-by change: Upgrading rust-toolchain from 1.62.0 to 1.62.1
BUG=b:243081643
TEST=CQ
Change-Id: I8af721ed4a83df61163d67001b777166abe8abfa
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3892621
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This search/replace updates all copyright notices to drop the
"All rights reserved", Use "ChromiumOS" instead of "Chromium OS"
and drops the trailing dots.
This fulfills the request from legal and unifies our notices.
./tools/health-check has been updated to only accept this style.
BUG=b:246579983
TEST=./tools/health-check
Change-Id: I87a80701dc651f1baf4820e5cc42469d7c5f5bf7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3894243
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
By default, KSM is disabled by the kernel. This is harmless if KSM
is disabled, and only causes merging if the user manually enabled
the feature on their kernel. If enabled, significant memory saving
can occur, at the cost of CPU cycles and a reduction in privacy.
Bug: 1346340
Change-Id: I838cdda97ea8d335b1953dd6775311958069898c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3780870
Reviewed-by: David Manouchehri <david@davidmanouchehri.com>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This duplicates rseq in all of the policy files and causes the minijail
compiler to fail due to duplicate definitions.
rseq was already added in commit 17c782f1c1 ("seccomp: add rseq to all
policy files").
This reverts commit 1a7a822858.
BUG=b:235960683
TEST=emerge-trogdor crosvm
Change-Id: I9d45897e6815b6cdd5ef376a27563ebc4af06bdd
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3765347
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Starting with v4.18, the Linux kernel provides the rseq
syscall which is a mechanism for fast userspace task
synchronization.
Starting with v2.35 glibc uses the new syscall, if it
exists, to gain some performance improvements, so we
need to update the policy files to allow it.
Even on older kernels where rseq is not supported,
glibc will still probe for its existence by expecting
an -ENOSYS response.
BUG=b:235960683
TEST=Local builds against glibc 2.35
Change-Id: I704f2fbf2b058c3a4c3269c7441c3a7324012f8a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3763901
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Owners-Override: Dominick Ng <dominickn@google.com>
Reviewed-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Allow the restartable sequences system call used by glibc 2.35+.
This is an extension of commit 637402a827 ("Add rseq to the seccomp
policy file on aarch64."), which was originally reverted because the
ChromeOS kernel headers did not have the necessary declarations yet.
This depends on the rseq declarations patch to linux-headers:
https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3749266/
BUG=b:235172163
BUG=b:235960683
TEST=Start crosvm on x86-64 Arch Linux with glibc 2.35
TEST=emerge-hatch crosvm # ensure seccomp policies compile
Reported-By: Peter Collingbourne <pcc@google.com>
Change-Id: I14e3dfd150a7c06bdafc68a88ef3f755eb7bf90c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3763776
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
Some newer versions of glibc use this syscall.
Change-Id: I553db954b019fa5fc738074b28dbba78392c3ede
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3690467
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
With these changes arcvm starts when running with 64-bit userspace and
this grep turns up blank:
grep SECCOMP /var/log/audit/audit.log
Generated by:
* Hacking minijail0 to always log <https://r.android.com/2072091> and
making sure it was compiled in debug mode.
* Hacking "crosvm run" to be "crosvm run --seccomp-log-failures". I
don't truly know if this is needed but it didn't hurt.
* Diffing arm vs. arm64
From comparing arm vs. arm64 there could still be some things missing,
or it's possible that arm has simply accumulated some cruft. More can
be added later if we find it's needed.
BUG=b:223410173, b:230609113
TEST=Start arcvm; start android-sh; run tast arc.VMConfig
Change-Id: Ib5407ddecc3d19f43e14e5b036ac64baee9335bb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3543889
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Douglas Anderson <dianders@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Douglas Anderson <dianders@chromium.org>
This was already allowed in common_device.policy for arm platforms, and
it can be called via future/async code that is used by many devices. Add
it to x86_64 and aarch64 common policies as well.
BUG=b:220908060
TEST=Start Crostini with virtio-snd on hatch and trogdo
Change-Id: I9bf8f56ebed0cfe6d5e17e45226cac73db3d6d37
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3482026
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
aarch64 only has the readlinkat syscall.
BUG=b:209021536
TEST=Cq
Change-Id: I0a6a76bbc388f598f639a97832269256f6e9a61e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3314710
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The panic handler uses getcwd and readlink to print out the executable
name in the backtrace. Allow these for all devices so that panics
actually work instead of crashing the process.
BUG=None
TEST=intentionally panic crosvm on kevin and check /var/log/messages
Change-Id: If64a752a6f0b1f2f6bdd6663ce77078305f38171
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3309201
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The sched_yield system call is somehow called by the code the rust
compiler generates and not directly by the author's implementation. That
along with the fact that it won't get called on every run makes it very
easy to miss when adding a new device (that happened with virtio-snd).
Since that call is quite harmless (it could be argued minijail shouldn't
even block it in the first place) it makes sense to allow it for all
devices.
BUG=b/201306350
Change-Id: I9895da6c8060ae83053474ed9e4472ea2cd8d3e3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3248126
Auto-Submit: Jorge Moreira Broche <jemoreira@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Jorge Moreira Broche <jemoreira@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Kernels before 5.10 had known bugs in the io_uring implementation.
Don't use io_uring when we detect this. Also skip all the io_uring
tests in this case.
BUG=none
TEST=cargo test
Change-Id: I5fd6203ad25a6fb85ff28f1a6ddb0181f836ad89
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3006309
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Woody Chow <woodychow@google.com>
The libminijail version in AOSP complains when there are multiple entries for
the same system call, which was the case for virtio-fs's policy.
BUG=b/185811304
Change-Id: I389c07c86e7d79f16e4f47a893abad598033352a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2837307
Commit-Queue: Jorge Moreira Broche <jemoreira@google.com>
Tested-by: Jorge Moreira Broche <jemoreira@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Fds created via dup don't share file descriptor flags with the original
fd, which means that they don't have the FD_CLOEXEC flag set. Use
fcntl(F_DUPFD_CLOEXEC) so that this flag gets set for the duplicated fds
as well.
BUG=none
TEST=unit tests
Change-Id: Ib471cf40acac1eacf72969ba45247f50b349ed58
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2809687
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Starting with 2.32 glibc nanosleep() was refactored to use the
clock_nanosleep syscall so various software will fail unless
the new syscall is allowed. We can't just drop the old nanosleep
syscall because it will break glibc 2.27 which is still used.
See glibc commits:
807edded25 nptl: Refactor thrd_sleep in terms of clock_nanosleep
3537ecb49c Refactor nanosleep in terms of clock_nanosleep
79a547b162 nptl: Move nanosleep implementation to libc
This is a bulk edit done with the following command:
git grep -rl 'nanosleep: 1' | xargs sed -i \
'/^nanosleep: 1/a clock_nanosleep: 1'
BUG=chromium:1171287
TEST=Local builds and booting on kevin/64/eve/minnie.
Change-Id: I975535078d88200f52319c7eea3a4c7ebf299933
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2735575
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The newly added async primitives allow for increasing the separation of
the various tasks performed by balloon. Breaking each task in to an
asynchronous function.
BUG=chromium:901139
TEST=Boot crosvm, run 'crosvm balloon' to set the balloon size, check
'vmstat' inside the VM to verify the free memory is affected by the
balloon growing and shrinking.
run crosvm balloon_stats command and ensure that stats are reported
correctly.
Change-Id: I0ae2be5eb8e4be65b2eb74de90888357af6ecfd4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1993163
Tested-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Minijail's policy compiler complains when there's multiple
unconditional rules for a syscall. In most cases the rules
are redundant to common_device.policy.
BUG=None
TEST=Ran compile_seccomp_policy.py until it stopped
complaining.
Change-Id: Ic43d1fd13f9c012641d71e526942229eb8b08ed4
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2034024
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
