No description
Find a file
Zach Reizner 56158c873a sys_util: add safe wrappers getpid,geteuid,getguid,waitpid,kill
These functions are trivially safe and by adding them to sys_util, we
can remove some unsafe blocks from crosvm. This CL also replaces the
unsafe call sites with the safe alternatives.

There are no previous usages of gete{g,u}id(2), but they will be needed
in a future change.

TEST=None
BUG=None

Change-Id: Ief8787b298cfaa5b7fd1b83f0eba6660369e687d
Reviewed-on: https://chromium-review.googlesource.com/634268
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2017-08-28 18:21:37 -07:00
data_model crosvm: refactor and expand vm control socket IPC 2017-08-25 19:54:11 -07:00
io_jail io_jail: Add InvalidPath error 2017-07-26 16:46:53 -07:00
kernel_loader kernel_loader: Fix clippy warnings. 2017-06-30 22:24:49 -07:00
kvm crosvm: refactor and expand vm control socket IPC 2017-08-25 19:54:11 -07:00
kvm_sys sys_util: add ioctl module 2017-07-13 22:03:30 -07:00
net_sys net_sys: add crate for tap interface ioctl bindings 2017-07-13 22:03:30 -07:00
net_util net_util: implement Read, Write, and Pollable for Tap 2017-08-09 11:47:55 -07:00
seccomp/x86_64 Put seccomp policy files in a common directory 2017-08-25 19:54:16 -07:00
src sys_util: add safe wrappers getpid,geteuid,getguid,waitpid,kill 2017-08-28 18:21:37 -07:00
sys_util sys_util: add safe wrappers getpid,geteuid,getguid,waitpid,kill 2017-08-28 18:21:37 -07:00
syscall_defines
vhost vhost: add crate for interacting with vhost net 2017-07-20 03:05:17 -07:00
virtio_sys virtio_sys: add crate for virtio/vhost ioctl bindings 2017-07-13 22:03:31 -07:00
x86_64 Limit types that can be read from guest memory 2017-06-27 00:20:33 -07:00
.gitignore gitignore: Remove Cargo.lock 2017-06-17 01:12:44 -07:00
Cargo.toml crosvm: refactor and expand vm control socket IPC 2017-08-25 19:54:11 -07:00
LICENSE
README.md crosvm: Add crosvm main program 2017-07-05 21:54:52 -07:00

Chrome OS KVM

This component, known as crosvm, runs untrusted operating systems along with virtualized devices. No actual hardware is emulated. This only runs VMs through the Linux's KVM interface. What makes crosvm unique is a focus on safety within the programming language and a sandbox around the virtual devices to protect the kernel from attack in case of an exploit in the devices.

Overview

The crosvm source code is organized into crates, each with their own unit tests. These crates are:

  • kernel_loader Loads elf64 kernel files to a slice of memory.
  • kvm_sys low-level (mostly) auto-generated structures and constants for using KVM
  • kvm unsafe, low-level wrapper code for using kvm_sys
  • crosvm the top-level binary front-end for using crosvm
  • x86_64 Support code specific to 64 bit intel machines.

Usage

Currently there is no front-end, so the best you can do is run cargo test in each crate.