| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change plumbs the jail throughout the arch specific device creation
process. It also adds a custom callback support for the ProxyDevice so
that the main process can interrupt the child serial process when it has
incoming bytes.
TEST=crosvm run
BUG=None
Change-Id: I6af7d2cb0acbba9bf42eaeeb294cee2bce4a1f36
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1752589
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create VFIO device and VFIO PCI device in create_devices() function, and
intergrate it into PciRootBridge, so guest could see this vfio device.
Add a vfio config parameter, this config point to passthrough or mdev
device sysfs path.
For passthrough case, first user unbind host device from its driver,
then bind host device to vfio-pci. Like:
echo 0000:00:02.0 > /sys/bus/pci/devices/0000:00:02.0/driver/unbind
ech0 8086 1912 > /sys/bus/pci/drivers/vfio-pci/new_id
Finally pass the sysfs to crosvm through
--vfio=/sys/bus/pci/devices/0000:00:02.0
For mdev case, user create a mdev device through
echo $UUID > mdev_type/create, then pass this mdev device to crosvm like
--vfio=/sys/bus/pci/devices/0000:00:02.0/$UUID
BUG=chromium:992270
TEST=none
Change-Id: I0f59d6e93f62f9ab0727ad3a867d204f4ff6ad2d
Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.corp-partner.google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1581140
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two compounded issues broke GPU support on ARM:
1) A mistake when applying code review comments to the initial checkin
of this file and not correctly copying the updated policy when testing
to the DUT.
2) Iteration of the /dev/dri directory from libvirglrender.so uses
getdents instead of getdents64, likely due to some differences in the C
vs Rust runtime.
BUG=chromium:1002667
TEST=glxgears with virtio-gpu on kevin
Change-Id: I225b85998a6a611ebe2a25a75cd88aab9939feb7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1799287
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some code path of mesa requires clock_gettime:
https://gitlab.freedesktop.org/mesa/mesa/blob/08f1cefecd84f851da6d90200bd7af0ecf5bf855/src/egl/drivers/dri2/egl_dri2.c#L3189
Also cxa_guard in llvm begin to call gettid from this CL:
https://llvm.googlesource.com/libcxxabi/+/57e82af58dd4515ab4885f32273268f34f757101
BUG=b:140078110
BUG=b:139318078
TEST=manual - boot arcvm
Change-Id: I258ae5b8d6f38886406acac6a0ac8ca8886a64af
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1773506
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Lepton Wu <lepton@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:892280
TEST=glxgears with virtio-gpu on hana
Change-Id: Ib92b21c124e30eacb3fc28558e2eb5d8d4a92567
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1717739
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: David Riley <davidriley@chromium.org>
Commit-Queue: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Auto-Submit: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ARM platforms have different library locations and also required GPU
devices to be availble to the GPU process.
BUG=chromium:892280
TEST=glxgears with virtio-gpu on kevin and nami
Change-Id: If1baeb1edda76d057e88ab5e88ce22f02e5d30a0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1717738
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: David Riley <davidriley@chromium.org>
Commit-Queue: David Riley <davidriley@chromium.org>
Auto-Submit: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add allow sched_setscheduler call in seccomp policy
- Change the real time priority constant AUDIO_THREAD_RTPRIO to 10 to match
all other clients' priority.
Run the following commands to test
1. ulimit -r 10
2. crosvm run -r ./vm_rootfs.img -c 1 -m 1024 -s /run --cid 5 --host_ip \
100.115.92.25 --netmask 255.255.255.252 --cras-audio \
--params="snd_intel8x0.inside_vm=1 snd_intel8x0.ac97_clock=48000" \
--mac d2:47:f7:c5:9e:53 ./vm_kernel
3. aplay -Dhw:0,0 -f dat /dev/zero
4. ps -AT -o comm,rtprio | grep crosvm
should see a thread running with rtprio=10
BUG=chromium:983533
BUG=b:138262556
TEST=Test with eve (x86_64) and bob (arm)
Change-Id: Idc3711d03d716741f7cefd9a89b14ae4c20c2033
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1729089
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Chih-Yang Hsia <paulhsia@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using syslog from glibc will use some syscalls we haven't seen before,
leading to the process getting killed. This change fixes that.
TEST=use syslog from C
BUG=chromium:988082
Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The crosvm TPM process calls ssleay_rand_bytes(), which in some cases
attempts to acquire entropy through an EGD ("entropy gathering daemon")
- see OpenSSL's RAND_query_egd_bytes(). Attempting to communicate with
this daemon by creating a socket would cause the process to exit
currently because the syscall whitelist did not allow socket() or
connect().
Since we don't have an EGD and don't want to expose it to the sandboxed
TPM process anyway, modify the TPM seccomp policy to cause socket() to
return an error rather than aborting.
BUG=None
TEST=`vmc start --software-tpm termina`
Change-Id: Ib7c6bceced0f6cbe7199614ece8446aa300cec1e
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1684411
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
minigbm sometimes maps buffer with only PROT_READ or only
PROT_WRITE, so allow this.
BUG=b:132939420
TEST=glxgears in container
Change-Id: Ie5ccd827dd14ee78b999d70287b7165d81c5c85e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1673533
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since our Arm version is a 32-bit process, it uses the _llseek syscall
rather than lseek for 64-bit file offset support. Fix the seccomp
filter to match.
Fixes a SIGSYS when attaching a USB device to Linux VM on Arm.
BUG=None
TEST=Attach USB device to kevin; verify device in `adb devices`
Change-Id: Ia46e60df17950bfbe967c4730c62ddb26fb6faa7
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1677318
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds separate seccomp policy for pmem device. Previously,
pmem device was using block device seccomp policy.
BUG=None
TEST=Boot VM and run xfstests on pmem device
Change-Id: I3f25d64d4da6ad8f0ff22b285e1a7e958f545c55
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1652441
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Jakub StaroĊ <jstaron@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The layout of struct usbfs_conninfo_ex was changed in the final revision
of the patch, so the corresponding ioctl number needs to change to
match, since the parameter size is encoded in the ioctl.
The new size is 0x18 or 24, which matches the struct usbfs_conninfo_ex
layout with 7 ports.
BUG=chromium:977020
TEST=Attach Android device to Linux VM on nami
Change-Id: Iec60b4c04880d7d2c71fdea49cfdf7fb5a75f5c6
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1669530
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Commit-Queue: Dmitry Torokhov <dtor@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updated version of libusb uses USBFS_CONNECTINFO and
USBFS_CONNINFO_EX ioctls, as well as readlink and lseek syscalls,
so let's enable them.
BUG=b:133773289
TEST=Try attaching a USB device to Crostini VM.
Change-Id: Ibdcab2da9abe1c0bb35c989d9d62b44ce403e268
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1650534
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Dmitry Torokhov <dtor@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables the full firmware update/reset/use device in application
mode sequence for Edge TPU USB Accelerator.
There is a bit of a UI hiccup: once the firmware update and reset is
complete, the device re-enumerates with a different VID/PID, and the
"Connect to Linux" prompt shows up again. The user must re-affirm that
the device should be connected to Linux to proceed with using the Edge
TPU. This may be unavoidable - I'm not sure if we can tell the
difference between a newly-inserted device and a reset one.
Allowing USBDEVFS_DISCONNECT_CLAIM should be safe, since it can only
operate on file descriptors passed into the xhci device jail.
BUG=chromium:831850
TEST=Run Edge TPU Accelerator demo and verify that it can update FW
Change-Id: I3d61c7bd914830ce25448b1ae4d60e1c16f10aed
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1599881
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Removed for device slot reset and evaluate context. The verification was
unnecessary and may cause some guest kernel operations to fail.
2. The context was updated after dequeue pointer set
3. Reset device when it's attached.
4. Add seccomp rules to allow the above reset.
The verification was copied from another implementation which works for
adb, but does not work with serial devices. The verification is also not
part of the spec, so we removed it here.
BUG=b:131336977
TEST=local build and test
Change-Id: Ifd7994ff5512346d1bab27654e60c97a602da8a6
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Signed-off-by: Zach Reizner <zachr@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1558934
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:127868532
TEST=`vmc start --enable-gpu termina` succeeds
Change-Id: Ibf18cce93ab98f5008bdada3387ee27eb6f79e61
Reviewed-on: https://chromium-review.googlesource.com/1534959
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Drew Davenport <ddavenport@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:940826
TEST=run unigine valley benchmark 1920x1080
Change-Id: If7b5d97a4284de88e52b3fd3e8f162dd484934e1
Reviewed-on: https://chromium-review.googlesource.com/1517102
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement xhci controller, setup seccomp filters and add xhci to pci
bus.
CQ-DEPEND=CL:1512761
BUG=chromium:831850
TEST=local build
Change-Id: I5c05452ece66e99d3a670e259e095fca616e835d
Reviewed-on: https://chromium-review.googlesource.com/1512762
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Jingkui Wang <jkwang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no such syscall as fseek as far as I can tell. There is lseek,
which would be how fseek is implemented in libc, and it is already
included in the policy.
BUG=chromium:936633
TEST=parse_seccomp_policy seccomp/x86_64/tpm_device.policy
Change-Id: Ifb891395d7447d8b81cb1b17af18c49e5d5fc96f
Reviewed-on: https://chromium-review.googlesource.com/1518490
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to repeated syscall rules in gpu_device and common_device policies,
minijail fails to compile the gpu_device.policy. This change unrefactors
that policy so that it may compile properly.
BUG=chromium:936633,chromium:837073
TEST=vmc start --enable-gpu termina
Change-Id: I09ab9296247279c3a9ba6e3a6852e2a7ae2612ed
Reviewed-on: https://chromium-review.googlesource.com/1493424
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested by running the following on a grunt board (Barla) in dev mode
together with CL:1496910:
sudo crosvm run \
--root rootfs.ext4 \
--socket crosvm.sock \
--seccomp-policy-dir seccomp \
--software-tpm \
-p init=/bin/bash \
-p panic=-1 \
vmlinux.bin
and confirming that /dev/tpm0 and /dev/tpmrm0 are present in the VM.
I needed to override the common device policy's `open` and `openat` and
was not able to get that working with the existing @include.
Note: untested on arm.
BUG=chromium:921841
TEST=manual testing on grunt
Change-Id: Ied7f18a631ce8c0ae280f8b6c01511ca20c3d1c8
Reviewed-on: https://chromium-review.googlesource.com/1496909
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The advantage of seqpacket is that they are connection oriented. A
listener can be created that accepts new connections, useful for the
path based VM control sockets. Previously, the only bidirectional
sockets in crosvm were either stream based or made using socketpair.
This change also whitelists sendmsg and recvmsg for the common device
policy.
TEST=cargo test
BUG=chromium:848187
Change-Id: I83fd46f54bce105a7730632cd013b5e7047db22b
Reviewed-on: https://chromium-review.googlesource.com/1470917
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The glibc realloc() implementation may call the mremap syscall in some
cases; we currently allow mremap in x86_64/common_device.policy but not
the arm equivalent, but this path appears to be reachable on any Linux
platform[1]. Add mremap to the arm policy as well for consistency.
mremap is no more powerful than the existing mmap and munmap syscalls,
so I believe this is safe to allow for all device processes.
Also reorder the mmap2 line in the arm policy so it is in alphabetical
order and can be more easily compared to the x86_64 policy.
BUG=chromium:927919
TEST=Boot crosvm on kevin
[1]: https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=6e766d11bc85b6480fa5c9f2a76559f8acf9deb5;hb=HEAD#l2854
Change-Id: Ie51a21baf30d3e37ce3adacf8e255f981613543d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1459020
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CQ-DEPEND=CL:1449895
BUG=None
TEST=vmc start termina
Change-Id: Ia3edaafc1d2958bd40e6b1adc89dd5e29b679b06
Reviewed-on: https://chromium-review.googlesource.com/1448292
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:926415
TEST=start Tomb Raider
Change-Id: I55352a84a4edd03337f262e1474e0888abfc8c81
Reviewed-on: https://chromium-review.googlesource.com/1446939
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows decoupling input from the wayland socket while using a
standard virtio device for it. The proposed virtio input spec can be
found at
https://www.kraxel.org/virtio/virtio-v1.0-cs03-virtio-input.pdf, it
has already been implemented in qemu and (guest) kernel support exists
since version 4.1.
This change adds the following options to crosvm:
--evdev: Grabs a host device and passes it through to the guest
--<device>: Creates a default configuration for <device>,
receives the input events from a unix socket. <device> can be
'keyboard', 'mouse' or 'trackpad'.
Bug=chromium:921271
Test=booted on x86 linux and manually tried virtio-input devices
Change-Id: I8455b72c53ea2f431009ee8140799b0797775e76
Reviewed-on: https://chromium-review.googlesource.com/1412355
Commit-Ready: Jorge Moreira Broche <jemoreira@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default virglrenderer logs to stderr with VREND_DEBUG. dup stdout
which is logged via logger to stderr so that virglrenderer logs can be
seen.
BUG=chromium:925590
TEST=cat /var/log/messages
Change-Id: I3e1a5056dab9cfd895867b1835b421b144ee536b
Reviewed-on: https://chromium-review.googlesource.com/1441352
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:925590
TEST=pstree
Change-Id: I2f591894db2a40a812f1720e1fc8422049d85902
Reviewed-on: https://chromium-review.googlesource.com/1440031
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an ac97 device that plays audio through CRAS audio server.
BUG=chromium:781398
BUG=chromium:907520
TEST=Test building by $ cargo build
TEST=Deploy crosvm to DUT and test audio functionality
CQ-DEPEND=CL:1429311
CQ-DEPEND=CL:1429542
Change-Id: Ia273d8f1e82c20d1f1882f088886458339399aae
Reviewed-on: https://chromium-review.googlesource.com/1426282
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an ac97 device that plays audio to /dev/null.
BUG=chromium:781398
TEST=Test crosvm with null device
Change-Id: I3849974b732fc1550ec2bf0f805726bf2ca296f6
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1398641
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds a "tpm" Cargo cfg to crosvm which enables a TPM device
backed by libtpm2 simulator.
Tested by running the following inside cros_sdk:
LIBRARY_PATH=~/src/minijail LD_LIBRARY_PATH=~/src/minijail \
cargo run --release \
--features tpm \
-- \
run \
-r rootfs.ext4 \
--seccomp-policy-dir seccomp/x86_64/ \
-p init=/bin/bash \
-p panic=-1 \
--disable-sandbox \
vmlinux.bin
with a Linux image built from CL:1387655.
The TPM self test completes successfully with the following output:
https://paste.googleplex.com/5996075978588160?raw
Justin's TPM playground runs with the following trace output.
https://paste.googleplex.com/4909751007707136?raw
Design doc: go/vtpm-for-glinux
TEST=ran TPM playground program inside crosvm
TEST=local kokoro
BUG=chromium:911799
Change-Id: I2feb24a3e38cba91f62c6d2cd1f378de4dd03ecf
Reviewed-on: https://chromium-review.googlesource.com/1387624
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:837073
TEST=vmc start --enable-gpu tatl; lxc start stretch-x; xterm && glxgears
Change-Id: I42a096384cb536ec835de69b34db9b9a941bfeaf
Reviewed-on: https://chromium-review.googlesource.com/1401110
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like free() will sometimes try to open
/proc/sys/vm/overcommit_memory in order to decide whether to return
freed heap memory to the kernel; change the seccomp filter to fail the
open syscalls with an error code (ENOENT) rather than killing the
process.
Also allow madvise to free memory for the same free() codepath.
BUG=chromium:888212
TEST=Run fio loop test on kevin
Change-Id: I1c27b265b822771f76b7d9572d9759476770000e
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1305756
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed to make sure seccomp work with glibc 2.27
BUG=chromium:897477
TEST=None
Change-Id: I101aa07bffd8db2b449be1a697dafcd7d6f1cb58
Reviewed-on: https://chromium-review.googlesource.com/1294729
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds openat to a seccomp policy file if open is already there.
We need this because glibc 2.25 changed it system call for open().
BUG=chromium:894614
TEST=None
Change-Id: Ie5b45d858e8d9ea081fd7bfda81709bda048d965
Reviewed-on: https://chromium-review.googlesource.com/1292129
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In deallocate_cluster(), we call set_cluster_refcount() to unref the
cluster that is being deallocated, but we never actually added the
deallocated cluster to the unref_clusters list. Add clusters whose
refcounts reach 0 to the unref_clusters list as well.
Also add mremap() to the seccomp whitelist for the block device, since
this is being triggered by libc realloc() and other devices already
include it in the whitelist.
BUG=chromium:850998
TEST=cargo test -p qcow; test crosvm on nami and verify that qcow file
size stays bounded when creating a 1 GB file and deleting it
repeatedly
Change-Id: I1bdd96b2176dc13069417e0ac77f0768f9f26012
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1259404
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add newfstatat for x86 and fstatat64 for arm to the seccomp policy file
for the 9p device and server program.
BUG=chromium:886535
TEST=`vmc share termina foo` and then `ls /mnt/shared` inside the VM
works
Change-Id: I6871f54ae885e080dca0ea5751987d59c55a59d6
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1232556
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The path to the wayland socket changed, so the previous whitelist based
on the connect() arg2 sockaddr_un size now fails.
BUG=None
TEST=Verify that release build of crosvm starts again on chromebook
Change-Id: I3c30977e7c1487b937d69e1dbce4b7fd87136978
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1234827
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"devices: block: Flush a minute after a write" introduced new timerfd_
syscalls into the block device but did not add them to the seccomp
whitelist.
BUG=chromium:885238
TEST=Run crosvm in multiprocess mode and verify that it boots
Change-Id: I1568946c64d86ab7dba535a430a8cbe235f64454
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1231513
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sandboxing only works when started as chronos via concierge client. If
started directly via crosvm as root, the jail will not have proper group
permissions to access the Wayland socket.
BUG=chromium:837073
TEST=build with --features=gpu; null_platform_test without --disable-sandbox
CQ-DEPEND=CL:1213779
Change-Id: I6331f7ae1f5b99d31ad44cf158f72337294771f0
Reviewed-on: https://chromium-review.googlesource.com/1181168
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Discard and Write Zeroes commands have been added to the virtio block
specification:
https://github.com/oasis-tcs/virtio-spec/commit/88c8553838346b26be4460485cc57c38850b36f7
Implement both commands using the WriteZeroes trait.
BUG=chromium:850998
TEST=fstrim within termina on a writable qcow image
Change-Id: I33e54e303202328c10f7f2d6e69ab19f419f3998
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1188680
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Seccomp policy for ARM hosts was recently moved from aarch64 to arm to
accurately match the ABI used on the host. Move 9s policy to match this.
BUG=none
TEST=vm.Webserver on kevin succeeds
Change-Id: I97daa524edcd411618561ce07525738bc65457cb
Reviewed-on: https://chromium-review.googlesource.com/1180470
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a new virtio_9p device to be used for sharing directories with
the VM.
BUG=chromium:703939
TEST=mount inside a VM and run `bonnie++ -r 256`
Append the shared directory to the crosvm command line:
--shared-dir /path/to/dir:test_9p
Then mount in the guest:
mkdir /tmp/9p
mount -t 9p -o trans=virtio test_9p /tmp/9p -oversion=9p2000.L
Or for a 9p root:
run --shared-dir /mnt/vm_root:/dev/root -p 'root=/dev/root ro rootflags=ro,trans=virtio,version=9p2000.L,cache=loose rootfstype=9p' vmlinux.bin
CQ-DEPEND=CL:1065170
Change-Id: I41fc21306ab5fa318a271f172d7057b767b29f31
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1065173
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the 9s crate, which provides an executable that can serve the 9p
file system protocol. It initially only supports connections over vsock
but can easily be extended to support network and unix domain socket
based connections.
BUG=chromium:703939
TEST=Run the server, have maitred connect to it over vsock, mount the
9p file system in the guest kernel, share it with the penguin
container, and run `bonnie++ -r 256 -s 512`
CQ-DEPEND=CL:1121550, CL:1166446
Change-Id: Ia0c72bcf29188bba4c07b6c0a2dd5a83d02339b5
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1112870
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a policy for the balloon device so that it starts taking
memory away from the VM when the system is under low memory conditions.
There are a few pieces here:
* Change the madvise call in MemoryMapping::dont_need_range to use
MADV_REMOVE instead of MADV_DONTNEED. The latter does nothing when
the memory mapping is shared across multiple processes while the
former immediately gives the pages in the specified range back to the
kernel. Subsequent accesses to memory in that range returns zero
pages.
* Change the protocol between the balloon device process and the main
crosvm process. Previously, the device process expected the main
process to send it increments in the amount of memory consumed by the
balloon device. Now, it instead just expects the absolute value of
the memory that should be consumed. To properly implement the policy
the main process needs to keep track of the total memory consumed by
the balloon device so this makes it easier to handle all the policy in
one place.
* Add a policy for dealing with low memory situations. When the VM
starts up, we determine the maximum amount of memory that the balloon
device should consume:
* If the VM has more than 1.5GB of memory, the balloon device max is
the size of the VM memory minus 1GB.
* Otherwise, if the VM has at least 500MB, the balloon device max is
50% of the size of the VM memory.
* Otherwise, the max is 0.
The increment used to change the size of the balloon is defined as
1/16 of the max memory that the balloon device will consume. When the
crosvm main process detects that the system is low on memory, it
immediately increases the balloon size by the increment (unless it has
already reached the max). It then starts 2 timers: one to check for
low memory conditions again in 1 seconds (+ jitter) and another to
check if the system is no longer low on memory in 1 minute (+ jitter)
with a subsequent interval of 30 seconds (+ jitter).
Under persistent low memory conditions the balloon device will consume
the maximum memory after 16 seconds. Once there is enough available
memory the balloon size will shrink back down to 0 after at most 9
minutes.
BUG=chromium:866193
TEST=manual
Start 2 VMs and write out a large file (size > system RAM) in each.
Observe /sys/kernel/mm/chromeos-low_mem/available and see that the
available memory steadily decreases until it goes under the low memory
margin at which point the available memory bounces back up as crosvm
frees up pages.
CQ-DEPEND=CL:1152214
Change-Id: I2046729683aa081c9d7ed039d902ad11737c1d52
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1149155
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These policies are not for aarch64 but use the 32-bit system calls.
We call it aarch64 support because that's what we're targetting for
the guest kernel, but it doesn't really make any sense to call the
seccomp policies aarch64 when we're building a 32-bit binary.
We can add real aarch64 seccomp policies when we start building a
aarch64 crosvm binary.
BUG=chromium:866197
TEST=emerge-kevin crosvm, run vm_CrosVmStart
CQ-DEPEND=CL:1145903
Change-Id: I7c5e70fbc127e4209ed392cfcf10ea36a6dd4b2c
Reviewed-on: https://chromium-review.googlesource.com/1145909
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These syscalls were added to the x86 policy when vfd pipe support was
added, but they were never added to the arm version, for whatever
reason. This is needed to keep crosvm from getting killed by SIGSYS
whenver the user copies to or from guest applications.
BUG=chromium:864218
TEST=on kevin, copy/paste to/from gedit
Change-Id: Ibe385d50e367c362e911badd640bab2c98e07030
Reviewed-on: https://chromium-review.googlesource.com/1145876
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides proper synchronization for guest access to
DMABufs.
Virtio wayland device is given access to the DMA_BUF_SYNC ioctl
in order to implement this. Being able to use this directly in
the virtio wayland device process is important as these calls
can sometimes be relatively expensive and they are frequent
enough that avoiding another context switch is useful for good
performance.
TEST=cache-line artifacts no longer noticeable
BUG=chromium:837209
Change-Id: Ibb8d7c01f70ed5b74afd69288015a65186fec52a
Reviewed-on: https://chromium-review.googlesource.com/1076928
Commit-Ready: David Reveman <reveman@chromium.org>
Tested-by: David Reveman <reveman@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like on ARM we use the real gettimeofday system call when
we're outputting error messages, so we need to whitelist this to avoid
crashing instead of seeing the error messages.
BUG=chromium:843807
TEST=run vm_CrosVmStart and make sure there are no crashes for crosvm
Change-Id: I9f47da8dabe31f0677bcaa1d431e56545e20c9c9
Reviewed-on: https://chromium-review.googlesource.com/1081390
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|