crosvm

mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-05 18:20:34 +00:00

History

Daniel Verkamp d39dd9af71 seccomp: add mremap to arm common_device.policy The glibc realloc() implementation may call the mremap syscall in some cases; we currently allow mremap in x86_64/common_device.policy but not the arm equivalent, but this path appears to be reachable on any Linux platform[1]. Add mremap to the arm policy as well for consistency. mremap is no more powerful than the existing mmap and munmap syscalls, so I believe this is safe to allow for all device processes. Also reorder the mmap2 line in the arm policy so it is in alphabetical order and can be more easily compared to the x86_64 policy. BUG=chromium:927919 TEST=Boot crosvm on kevin [1]: https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=6e766d11bc85b6480fa5c9f2a76559f8acf9deb5;hb=HEAD#l2854 Change-Id: Ie51a21baf30d3e37ce3adacf8e255f981613543d Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1459020 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Dylan Reid <dgreid@chromium.org>	2019-02-08 06:03:49 -08:00
..
arm	seccomp: add mremap to arm common_device.policy	2019-02-08 06:03:49 -08:00
x86_64	seccomp: refactor policy into common_device.policy	2019-02-07 03:02:12 -08:00

Daniel Verkamp d39dd9af71 seccomp: add mremap to arm common_device.policy

The glibc realloc() implementation may call the mremap syscall in some
cases; we currently allow mremap in x86_64/common_device.policy but not
the arm equivalent, but this path appears to be reachable on any Linux
platform[1].  Add mremap to the arm policy as well for consistency.

mremap is no more powerful than the existing mmap and munmap syscalls,
so I believe this is safe to allow for all device processes.

Also reorder the mmap2 line in the arm policy so it is in alphabetical
order and can be more easily compared to the x86_64 policy.

BUG=chromium:927919
TEST=Boot crosvm on kevin

[1]: https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=6e766d11bc85b6480fa5c9f2a76559f8acf9deb5;hb=HEAD#l2854

Change-Id: Ie51a21baf30d3e37ce3adacf8e255f981613543d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1459020
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>

2019-02-08 06:03:49 -08:00

arm

seccomp: add mremap to arm common_device.policy

2019-02-08 06:03:49 -08:00

x86_64

seccomp: refactor policy into common_device.policy

2019-02-07 03:02:12 -08:00