Add a frequency file that teaches the seccomp compiler to weight the
comparison tree in favor of the most frequenctly called syscalls.
This frequency file was created by running strace against vm_conciege's
pid (e.g., "strace -p PID -ff -e raw=all -o /tmp/strace") when
performing a start and stop of a VM, deleting the trace files that
weren't for a crosvm process, passing the files to minijail's
tools/generate_seccomp_policy.py (using the -frequency option), and
combining the results of the frequency file. I rounded the #s to the
nearest multiple of 5 and only retained the syscalls that had at least
10 calls.
BUG=None
TEST=Local build and deploy. Verified that crostini VM still boots and
shuts down properly. Used scmp_bpf_disasm to disassemble a few bpf
files before and after this change to confirm that with the frequency
file the first comparision is "jge 2" (to quickly whitelist syscalls
0 and 1 ['read' and 'write']) instead of a comparison around the middle
of the range of syscall numbers that are used.
Change-Id: Icace2b5cdbcae6e51cfd67a3034a1a17fdb6d59e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2005793
Commit-Queue: Matt Delco <delco@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
Tested-by: Matt Delco <delco@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Matt Delco <delco@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Minijail's policy compiler complains when there's multiple
unconditional rules for a syscall. In most cases the rules
are redundant to common_device.policy. I don't know what
to do about the intentionally contradictory rules for open
and openat, other than to remove then from the common device
policy and add it to all the others.
BUG=None
TEST=Ran compile_seccomp_policy.py until it stopped
complaining.
Change-Id: I6813dd1e0b39e975415662bd7de74c25a1be9eb3
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1918607
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The gettid syscall is used in some corners of glibc and it is a fairly
harmless syscall (we already give getpid), so this change moves it to
the common policy.
TEST=None
BUG=chromium:996938
Change-Id: I129644273f2f02fe917255c7157c48b99c329045
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1952565
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Using syslog from glibc will use some syscalls we haven't seen before,
leading to the process getting killed. This change fixes that.
TEST=use syslog from C
BUG=chromium:988082
Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
The advantage of seqpacket is that they are connection oriented. A
listener can be created that accepts new connections, useful for the
path based VM control sockets. Previously, the only bidirectional
sockets in crosvm were either stream based or made using socketpair.
This change also whitelists sendmsg and recvmsg for the common device
policy.
TEST=cargo test
BUG=chromium:848187
Change-Id: I83fd46f54bce105a7730632cd013b5e7047db22b
Reviewed-on: https://chromium-review.googlesource.com/1470917
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
