diff options
author | Zach Reizner <zachr@google.com> | 2018-01-26 17:37:57 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-03-30 21:53:32 -0700 |
commit | 5d586b73a4c78f4118b97e65a229cbb7e99bf963 (patch) | |
tree | b12bc9fde02864a8788788790c97b5dce206ce0f | |
parent | 3e40b51a62b08dc27dcaa7fbec630e047713aba1 (diff) | |
download | crosvm-5d586b73a4c78f4118b97e65a229cbb7e99bf963.tar crosvm-5d586b73a4c78f4118b97e65a229cbb7e99bf963.tar.gz crosvm-5d586b73a4c78f4118b97e65a229cbb7e99bf963.tar.bz2 crosvm-5d586b73a4c78f4118b97e65a229cbb7e99bf963.tar.lz crosvm-5d586b73a4c78f4118b97e65a229cbb7e99bf963.tar.xz crosvm-5d586b73a4c78f4118b97e65a229cbb7e99bf963.tar.zst crosvm-5d586b73a4c78f4118b97e65a229cbb7e99bf963.zip |
sys_util: use MADV_DONTDUMP for new mmaps
The mmaps made through the sys_util API are usually for guest memory or other large shared memory chunks that will pollute the file system with huge dumps on crash. By using MADV_DONTDUMP, we save the file system from storing these useless data segments when crosvm crashes. TEST=./build_test BUG=None Change-Id: I2041523648cd7c150bbdbfceef589f42d3f9c2b9 Reviewed-on: https://chromium-review.googlesource.com/890279 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
-rw-r--r-- | seccomp/x86_64/balloon_device.policy | 2 | ||||
-rw-r--r-- | seccomp/x86_64/block_device.policy | 2 | ||||
-rw-r--r-- | seccomp/x86_64/net_device.policy | 2 | ||||
-rw-r--r-- | seccomp/x86_64/rng_device.policy | 2 | ||||
-rw-r--r-- | seccomp/x86_64/vhost_net_device.policy | 2 | ||||
-rw-r--r-- | seccomp/x86_64/vhost_vsock_device.policy | 2 | ||||
-rw-r--r-- | seccomp/x86_64/wl_device.policy | 2 | ||||
-rw-r--r-- | sys_util/src/mmap.rs | 12 |
8 files changed, 26 insertions, 0 deletions
diff --git a/seccomp/x86_64/balloon_device.policy b/seccomp/x86_64/balloon_device.policy index 8f56d4e..841ba34 100644 --- a/seccomp/x86_64/balloon_device.policy +++ b/seccomp/x86_64/balloon_device.policy @@ -10,6 +10,8 @@ madvise: 1 # negation, thus the manually negated mask constant. mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb +# Allow MADV_DONTDUMP only. +madvise: arg2 == 0x00000010 munmap: 1 read: 1 recvfrom: 1 diff --git a/seccomp/x86_64/block_device.policy b/seccomp/x86_64/block_device.policy index ff5bc8f..5099171 100644 --- a/seccomp/x86_64/block_device.policy +++ b/seccomp/x86_64/block_device.policy @@ -14,6 +14,8 @@ lseek: 1 # negation, thus the manually negated mask constant. mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb +# Allow MADV_DONTDUMP only. +madvise: arg2 == 0x00000010 munmap: 1 read: 1 recvfrom: 1 diff --git a/seccomp/x86_64/net_device.policy b/seccomp/x86_64/net_device.policy index af90a4d..e854c8f 100644 --- a/seccomp/x86_64/net_device.policy +++ b/seccomp/x86_64/net_device.policy @@ -11,6 +11,8 @@ futex: 1 # negation, thus the manually negated mask constant. mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb +# Allow MADV_DONTDUMP only. +madvise: arg2 == 0x00000010 munmap: 1 poll: 1 ppoll: 1 diff --git a/seccomp/x86_64/rng_device.policy b/seccomp/x86_64/rng_device.policy index 7b9a2cc..33e91ab 100644 --- a/seccomp/x86_64/rng_device.policy +++ b/seccomp/x86_64/rng_device.policy @@ -11,6 +11,8 @@ futex: 1 # negation, thus the manually negated mask constant. mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb +# Allow MADV_DONTDUMP only. +madvise: arg2 == 0x00000010 munmap: 1 read: 1 recvfrom: 1 diff --git a/seccomp/x86_64/vhost_net_device.policy b/seccomp/x86_64/vhost_net_device.policy index 254c1c6..7961dd0 100644 --- a/seccomp/x86_64/vhost_net_device.policy +++ b/seccomp/x86_64/vhost_net_device.policy @@ -28,6 +28,8 @@ ioctl: arg1 == 0x8008af00 || arg1 == 0x4008af00 || arg1 == 0x0000af01 || arg1 == # negation, thus the manually negated mask constant. mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb +# Allow MADV_DONTDUMP only. +madvise: arg2 == 0x00000010 munmap: 1 poll: 1 ppoll: 1 diff --git a/seccomp/x86_64/vhost_vsock_device.policy b/seccomp/x86_64/vhost_vsock_device.policy index b04b51c..452f577 100644 --- a/seccomp/x86_64/vhost_vsock_device.policy +++ b/seccomp/x86_64/vhost_vsock_device.policy @@ -29,6 +29,8 @@ ioctl: arg1 == 0x8008af00 || arg1 == 0x4008af00 || arg1 == 0x0000af01 || arg1 == # negation, thus the manually negated mask constant. mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb +# Allow MADV_DONTDUMP only. +madvise: arg2 == 0x00000010 munmap: 1 poll: 1 ppoll: 1 diff --git a/seccomp/x86_64/wl_device.policy b/seccomp/x86_64/wl_device.policy index cf7fb96..1db9244 100644 --- a/seccomp/x86_64/wl_device.policy +++ b/seccomp/x86_64/wl_device.policy @@ -8,6 +8,8 @@ futex: 1 # negation, thus the manually negated mask constant. mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb +# Allow MADV_DONTDUMP only. +madvise: arg2 == 0x00000010 munmap: 1 poll: 1 ppoll: 1 diff --git a/sys_util/src/mmap.rs b/sys_util/src/mmap.rs index 2813234..4ce72b6 100644 --- a/sys_util/src/mmap.rs +++ b/sys_util/src/mmap.rs @@ -69,6 +69,12 @@ impl MemoryMapping { if addr == libc::MAP_FAILED { return Err(Error::SystemCallFailed(errno::Error::last())); } + // This is safe because we call madvise with a valid address and size, and we check the + // return value. We only warn about an error because failure here is not fatal to the mmap. + if unsafe { libc::madvise(addr, size, libc::MADV_DONTDUMP) } == -1 { + warn!("failed madvise(MADV_DONTDUMP) on mmap: {:?}", + errno::Error::last()); + } Ok(MemoryMapping { addr: addr as *mut u8, size: size, @@ -107,6 +113,12 @@ impl MemoryMapping { if addr == libc::MAP_FAILED { return Err(Error::SystemCallFailed(errno::Error::last())); } + // This is safe because we call madvise with a valid address and size, and we check the + // return value. We only warn about an error because failure here is not fatal to the mmap. + if unsafe { libc::madvise(addr, size, libc::MADV_DONTDUMP) } == -1 { + warn!("failed madvise(MADV_DONTDUMP) on mmap: {:?}", + errno::Error::last()); + } Ok(MemoryMapping { addr: addr as *mut u8, size: size, |