diff options
| author | Jingkui Wang <jkwang@google.com> | 2019-03-20 11:16:26 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2019-05-01 01:50:22 -0700 |
| commit | e23231ccffb149108bb9f80d0b467b24153fcbfa (patch) | |
| tree | f3fbc6f32dfef4dbdd7b8c99f6e5815722379d0f /seccomp | |
| parent | d5f6608f3eb79fa9d058704252f7b91d69954490 (diff) | |
| download | crosvm-e23231ccffb149108bb9f80d0b467b24153fcbfa.tar crosvm-e23231ccffb149108bb9f80d0b467b24153fcbfa.tar.gz crosvm-e23231ccffb149108bb9f80d0b467b24153fcbfa.tar.bz2 crosvm-e23231ccffb149108bb9f80d0b467b24153fcbfa.tar.lz crosvm-e23231ccffb149108bb9f80d0b467b24153fcbfa.tar.xz crosvm-e23231ccffb149108bb9f80d0b467b24153fcbfa.tar.zst crosvm-e23231ccffb149108bb9f80d0b467b24153fcbfa.zip | |
usb: fix serial devices by removing device context verification
1. Removed for device slot reset and evaluate context. The verification was unnecessary and may cause some guest kernel operations to fail. 2. The context was updated after dequeue pointer set 3. Reset device when it's attached. 4. Add seccomp rules to allow the above reset. The verification was copied from another implementation which works for adb, but does not work with serial devices. The verification is also not part of the spec, so we removed it here. BUG=b:131336977 TEST=local build and test Change-Id: Ifd7994ff5512346d1bab27654e60c97a602da8a6 Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Signed-off-by: Zach Reizner <zachr@google.com> Reviewed-on: https://chromium-review.googlesource.com/1558934 Tested-by: kokoro <noreply+kokoro@google.com>
Diffstat (limited to 'seccomp')
| -rw-r--r-- | seccomp/arm/xhci.policy | 4 | ||||
| -rw-r--r-- | seccomp/x86_64/xhci.policy | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/seccomp/arm/xhci.policy b/seccomp/arm/xhci.policy index 0c69bc0..14009b7 100644 --- a/seccomp/arm/xhci.policy +++ b/seccomp/arm/xhci.policy @@ -32,7 +32,9 @@ uname: 1 # 0x8004551a == USBDEVFS_GET_CAPABILITIES # 0x802c550a == USBDEVFS_SUBMITURB # 0xc0105500 == USBDEVFS_CONTROL -ioctl: arg1 == 0xc0105500 || arg1 == 0x802c550a || arg1 == 0x8004551a || arg1 == 0x4004550d || arg1 == 0x8004550f || arg1 == 0x80045510 || arg1 == 0x550b +# 0x5514 == USBDEVFS_RESET +# 0x80045505 == USBDEVFS_SETCONFIGURATION +ioctl: arg1 == 0xc0105500 || arg1 == 0x802c550a || arg1 == 0x8004551a || arg1 == 0x4004550d || arg1 == 0x8004550f || arg1 == 0x80045510 || arg1 == 0x550b || arg1 == 0x5514 || arg1 == 0x80045505 fstat: 1 sigaltstack: 1 recvmsg: 1 diff --git a/seccomp/x86_64/xhci.policy b/seccomp/x86_64/xhci.policy index 0f133d9..9eafb5a 100644 --- a/seccomp/x86_64/xhci.policy +++ b/seccomp/x86_64/xhci.policy @@ -30,7 +30,9 @@ uname: 1 # 0x8004551a == USBDEVFS_GET_CAPABILITIES # 0x8038550a == USBDEVFS_SUBMITURB # 0xc0185500 == USBDEVFS_CONTROL -ioctl: arg1 == 0xc0185500 || arg1 == 0x41045508 || arg1 == 0x8004550f || arg1 == 0x4008550d || arg1 == 0x8004551a || arg1 == 0x550b || arg1 == 0x80045510 || arg1 == 0x8038550a +# 0x5514 == USBDEVFS_RESET +# 0x80045505 == USBDEVFS_SETCONFIGURATION +ioctl: arg1 == 0xc0185500 || arg1 == 0x41045508 || arg1 == 0x8004550f || arg1 == 0x4008550d || arg1 == 0x8004551a || arg1 == 0x550b || arg1 == 0x80045510 || arg1 == 0x8038550a || arg1 == 0x5514 || arg1 == 0x80045505 fstat: 1 sigaltstack: 1 recvmsg: 1 |