| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a style problem categorized into `clippy::correctness`, which causes
an error by default.
BUG=chromium:908640
TEST=cargo clippy --all-features --all-targets -- -D clippy:correctness
Change-Id: I85f54c9b031a1628127041e85678c88f1c72d4df
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2145535
Tested-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:1032360
TEST=cargo build outside of chroot; emerge-board crosvm
Cq-Depend: chromium:2055725
Change-Id: I2493f563b07aeaff4627c8b8c4b578901393dc58
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1959449
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is no longer used after the bindings were updated to use c_ulong
instead of c_long; remove it to fix a compiler warning.
BUG=None
TEST=cargo build
Change-Id: I813b06797ddc8b6cdfd8b777bd0a6efe6ec914a4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2047643
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow mounts from the parent namespace to propagate into the mount
namespace of the 9p device process.
BUG=none
TEST=none
Change-Id: Iff455c8967949bd3e0f2990c947d45bbbc541d45
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2018305
Reviewed-by: Yusuke Sato <yusukes@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: Yusuke Sato <yusukes@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The libminijail API defines rlim_t as an alias for rlim64_t. Change the
FFI bindings to use rlim64_t.
BUG=none
TEST=`tast run kevin vm.Virtiofs`
Change-Id: I21ece499bcef187b358574bca0918b39f5971586
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1933612
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rlim_t is defined as an unsigned long but importantly, it is defined as
what the _kernel_ thinks is an unsigned long. This means that when you
have a 32-bit userspace and a 64-bit kernel (like we do for arm64
chromebooks), rlim_t is 64 bits.
This isn't really a problem for C and C++ code because they use the
headers from the kernel where rlim_t is properly sized but it doesn't
really work for rust. The libc crate defines rlim_t as an alias for
::std::os::raw::c_ulong, which leads to the rust compiler thinking that
it has a 32 bit width.
Hilarity ensues when you attempt to cross the rust -> C FFI barrier with
these conflicting definitions. The rust compiler thinks the parameters
can fit in 32 bit registers so it puts the `cur` parameter in r2 and the
`max` parameter in r3. On the other hand, the C code knows that the
parameters are 64-bit values and combines r2/r3 to create the 64-bit
`cur` value and uses the first 8 bytes on the stack as the `max` value.
This leads to a `cur` value that is way too large and a nonsensical
`max` value that depends on whatever happened to be on the stack at the
time.
Fix this by changing the library bindings to u64 and the
Minijail::set_rlimit parameters to rlim64_t. Once we add a method to
minijail that accepts rlim64_t's we can switch the library bindings to
use that as well.
BUG=b:136128319
TEST=`tast run vm.Virtiofs` on kevin
Change-Id: I8f58923c4768ecfe827d2a5d73c72dc778fe419c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1916560
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds additional APIs that are present in the libminijail
header file but not in the rust thunk. In particular it adds the API
that allows pre-compiled bpf files to be used as a policy file. The
native API lacks an API to specify a filename (it only provides an API
to provide the contents of the file).
BUG=None
TEST=Local run of build_test to confirm that both .bpf and .policy files
work in a subsequent change.
Change-Id: I15510ffa857b501512f3f9905882545f407bcd78
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1914415
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The virtio-fs server opens a lot of fds and needs to have it's open file
limit increased.
BUG=b:136128319
TEST=run pjdfstests
Change-Id: I9ccc9e0753f990788c9cef2540b3a1aab5f5d15d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1890583
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Rust 2018 edition, `extern crate` is no longer required for importing
from other crates. Instead of writing:
extern crate dep;
use dep::Thing;
we write:
use dep::Thing;
In this approach, macros are imported individually from the declaring
crate rather than through #[macro_use]. Before:
#[macro_use]
extern crate sys_util;
After:
use sys_util::{debug, error};
The only place that `extern crate` continues to be required is in
importing the compiler's proc_macro API into a procedural macro crate.
This will hopefully be fixed in a future Rust release.
extern crate proc_macro;
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
TEST=local kokoro
Change-Id: I0b43768c0d81f2a250b1959fb97ba35cbac56293
Reviewed-on: https://chromium-review.googlesource.com/1565302
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Separated out of CL:1513058 to make it possible to land parts
individually while the affected crate has no other significant CLs
pending. This avoids repeatedly introducing non-textual conflicts with
new code that adds `use` statements.
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: Id5f2c4f9005498e2357bec5878761c33d2bc3d8b
Reviewed-on: https://chromium-review.googlesource.com/1519697
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The description method is deprecated and its signature forces less
helpful error messages than what Display can provide.
BUG=none
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: I27fc99d59d0ef457c5273dc53e4c563ef439c2c0
Reviewed-on: https://chromium-review.googlesource.com/1497735
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running in multiprocess mode, such as on a device, TPM state gets
placed in /run/vm/tpm.{pid} (e.g. /run/vm/tpm.22726) where pid is the
pid of the original crosvm process. The TPM simulator will write a
single file called NVChip of size 16384 bytes into this directory. The
directory and NVChip file will have uid and pid set to crosvm.
When running without multiprocess mode / without minijail / probably in
cros_sdk, TPM state is placed in /tmp/tpm-simulator as before. The
/run/vm directory is not present under cros_sdk.
Will follow up with a separate CL to remove the TPM state directory at
crosvm exit.
Tested by running the following on a grunt board (Barla) in dev mode:
sudo crosvm run \
--root rootfs.ext4 \
--socket crosvm.sock \
--seccomp-policy-dir seccomp \
--software-tpm \
-p init=/bin/bash \
-p panic=-1 \
vmlinux.bin
and confirming that /dev/tpm0 and /dev/tpmrm0 are present in the VM.
BUG=chromium:921841
TEST=manual testing on grunt
Change-Id: I1868896b9eb6f510d8b97022ba950b3604d9d40b
Reviewed-on: https://chromium-review.googlesource.com/1496910
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have been running into Debug-printed error messages too often and
needing to look up in the source code each level of nested errors to
find out from the comment on the error variant what the short name of
the variant means in human terms. Worse, many errors (like the one shown
below) already had error strings written but were being printed from the
calling code in the less helpful Debug representation anyway.
Before:
[ERROR:src/main.rs:705] The architecture failed to build the vm: NoVarEmpty
After:
[ERROR:src/main.rs:705] The architecture failed to build the vm: /var/empty doesn't exist, can't jail devices.
TEST=cargo check --all-features
TEST=FEATURES=test emerge-amd64-generic crosvm
Change-Id: I77122c7d6861b2d610de2fff718896918ab21e10
Reviewed-on: https://chromium-review.googlesource.com/1469225
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This plumbs in minijail_mount_dev() to allow mounting minimal set of
devices, such as full, zero, urandom, etc. in the jail.
BUG=b:117989168
TEST=cargo test -p io_jail
Change-Id: I072347a5eedab32d1fad6255c4e18e0242b9ac9f
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1447330
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hopefully the changes are self-explanatory and uncontroversial. This
eliminates much of the noise from `cargo clippy` and, for my purposes,
gives me a reasonable way to use it as a tool when writing and reviewing
code.
Here is the Clippy invocation I was using:
cargo +nightly clippy -- -W clippy::correctness -A renamed_and_removed_lints -Aclippy::{blacklisted_name,borrowed_box,cast_lossless,cast_ptr_alignment,enum_variant_names,identity_op,if_same_then_else,mut_from_ref,needless_pass_by_value,new_without_default,new_without_default_derive,or_fun_call,ptr_arg,should_implement_trait,single_match,too_many_arguments,trivially_copy_pass_by_ref,unreadable_literal,unsafe_vector_initialization,useless_transmute}
TEST=cargo check --features wl-dmabuf,gpu,usb-emulation
TEST=boot linux
Change-Id: I55eb1b4a72beb2f762480e3333a921909314a0a2
Reviewed-on: https://chromium-review.googlesource.com/1356911
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed to make sure seccomp work with glibc 2.27
BUG=chromium:897477
TEST=None
Change-Id: I101aa07bffd8db2b449be1a697dafcd7d6f1cb58
Reviewed-on: https://chromium-review.googlesource.com/1294729
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that cargo fmt has landed, run it over everything at once to bring
rust source to the standard formatting.
TEST=cargo test
BUG=None
Change-Id: Ic95a48725e5a40dcbd33ba6d5aef2bd01e91865b
Reviewed-on: https://chromium-review.googlesource.com/1259287
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
TEST=run kokoro presubmit
BUG=None
Change-Id: I301551f8f58263f1a8b7a8276867881cb17517ab
Reviewed-on: https://chromium-review.googlesource.com/1236889
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
While fixing an unrelated bug in mosys' copy of this file, I found this
typo.
BUG=None
TEST=PreCQ
Change-Id: Icbb48864ad890fcd4f83c28203d187fcfdc648cc
Reviewed-on: https://chromium-review.googlesource.com/1194599
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=None
TEST=cargo test -p io_jail
Change-Id: Ib732daca97cb303ec5013e616e6a7037b11af589
Reviewed-on: https://chromium-review.googlesource.com/1056414
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The exec version of Minijail::fork is useful for running the heavily
sandboxed plugin process which is always passed in as a separate
executable by path.
TEST=./build_test
BUG=chromium:800626
Change-Id: Id31b7998f49d56a5bfbc978c1e1811dd54c5a323
Reviewed-on: https://chromium-review.googlesource.com/882130
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for minijail_mount and minijail_mount_with_data. This will
be used by the jail for the wayland device.
BUG=none
TEST=filesystem is mounted inside the jail
Change-Id: I6ad9933d057e7642a7551a6a316ff65d3b95a9dd
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/851412
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
There were remnants of using `minijail_enter`, switch them to
`minijail_fork`.
Change-Id: I5c695cbc3bfd6868f25f46f785a2f96391744d90
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/759598
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also updates the `build_test.py` to use the command line option to
run certain certain test modules serially.
TEST=./build_test
BUG=None
Change-Id: I8a498514cb6b89fab01f02d0ef8faf39629f717c
Reviewed-on: https://chromium-review.googlesource.com/748824
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Using minijail_fork removes the need to manage user and pid namespace
explicitly in crosvm and removes some parent/child synchonization
requirements too.
Change-Id: I47f9d39527d0a3ccf625600e9bfc2cccc3cb27ca
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/719443
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
| |
Change-Id: I0c774816067449cbb838dcf29c6fa947ae5916e1
Reviewed-on: https://chromium-review.googlesource.com/719442
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
| |
Change-Id: I6343e879ba75e8ac912590779c620bd0045e74d9
Reviewed-on: https://chromium-review.googlesource.com/634269
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running crosvm in multiprocess mode includes setting up an io_jail for
each device and it can very often fail due to problems in the
enviroment, such as missing policy files or lack of privilege. The auto
generated debug error messages were not very good (based on initial user
feedback) and so this CL implements display to help make the errors more
understandable when they are printed.
BUG=None
TEST=./build_test
Change-Id: If51c00e60abb9b0d482515fa1e401f2fa6fb9e8f
Reviewed-on: https://chromium-review.googlesource.com/649950
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
parse_seccomp_filters in libminijail will unhelpfully abort() if the
path doesn't exist. Check that the policy file exists so that there's
a semi-useful error message.
BUG=none
TEST=crosvm run without seccomp policy in current directory; no abort
Change-Id: Ie1123e8cae3f6a27bbd5a3128161364401e8d4b2
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/585829
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will be used by some device jails to get access to unix sockets
after being jailed.
TEST=None
BUG=None
Change-Id: I870bfb155b275769ccb3248b1441e7c0b8f20ad7
Reviewed-on: https://chromium-review.googlesource.com/558447
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The FDs for stdin, stdout, and stderr shouldn't be left empty. Just
closing these FDs causes the next open() call from the jailed process to
reuse the 0, 1, or 2 FD. This confuses basic infrastructure like
println!.
Change-Id: I40ea471b4a011f2be5132e1a0ff50656ae2ec14a
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/549659
|
|
|
The io_jail is used to jail io processes run from crosvm. Under the hood
it mostly configures a minijail jail to run in. The minijail
restrictions are applied when iojail::enter is called. This closes
extra FDs and calls minijail_enter.
The minijail_run* functions are left out as we don't have a need to exec
foreign programs. libminijail will be used to jail separate processes
spawned from the main crosvm process.
The ability to close all open file descriptors is added. Minijail only
closes FDs after forking and before exec.
Change-Id: Ida7f52022c934e9e6edeb7b604cd6e6399860cb9
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/505100
Reviewed-by: Zach Reizner <zachr@chromium.org>
|