| Commit message (Collapse) | Author | Age |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
BUG=b:151399776
BUG=b:151394062
TEST=Video device is properly probed with policy enabled on a guest
kernel with VIRTIO_VIDEO enabled.
Change-Id: Ia29afa0ab3eb969291c046d8657cd28e88d54b96
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2230418
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating a file or directory the virtio-fs server changes its
effective uid and gid to the uid and gid of the process that made the
call. This ensures that the file or directory has the correct owner and
group when it is created and also serves as an access check to ensure
that the process that made the call has permission to modify the parent
directory.
However, this causes an EACCES error when the following conditions are
met:
* The parent directory has g+rw permissions with gid A
* The process has gid B but has A in its list of supplementary groups
In this case the fuse context only contains gid B, which doesn't have
permission to modify the parent directory.
Unfortunately there's no way for us to detect this on the server side so
instead we just have to rely on the permission checks carried out by the
kernel driver. If the server receives a create call, then assume that
the kernel has verified that the process is allowed to create that
file/directory and just create it without changing the server thread's
uid and gid.
Additionally, in order to ensure that a newly created file appears
atomically in the parent directory with the proper owner and group,
change the create implementation to use `O_TMPFILE` and `linkat` as
described in the open(2) manpage. There is no `O_TMPFILE` equivalent
for directories so create a "hidden" directory with a randomly generated
name, modify the uid/gid and mode, and then rename it into place.
BUG=b:156696212
TEST=tast run $DUT vm.Virtiofs
TEST=Create a test directory with group wayland and permissions g+rw.
Then run `su -s /bin/bash -c 'touch ${dir}/foo' - crosvm` and
`su -s /bin/bash -c 'mkdir ${dir}/bar' - crosvm`.
Change-Id: If5fbcb1b011664c7c1ac29542a2f90d129c34962
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2217534
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
|
| |/
|
|
|
|
|
|
|
|
| |
This fixes a crash where crosvm would crash if run on x86_64 with
--shared-dir when running ls in the shared directory. I suspect
whether getdents or getdents64 is used depends on the host libc, so
allow both of them. I suspect upstream's libc uses getdents, and
that's why they haven't fixed the problem.
Message-Id: <20200605234757.28848-1-hi@alyssa.is>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds a fundamental part of the virtio video device, which will
be shared between the encoder and the decoder.
Both devices uses the virtio-video protocol proposed as RFC v3 [1,2].
The corresponding driver code is at CL:2060327 and its children CLs.
The actual decoding and encoding logic will be implemented in different
CLs.
[1]: mail: https://markmail.org/thread/wxdne5re7aaugbjg
[2]: PDF: https://drive.google.com/file/d/1jOsS2WdVhL4PpcWLO8Zukq5J0fXDiWn-/view
BUG=b:147465619, b:140082257
TEST=cargo check --features=video-decoder,video-encoder
TEST=ARCVM started with --video-decoder --video-encoder
Cq-Depend: chromium:2203997
Change-Id: I01999eea218ba0f3aaed1558ca2311a57d0c6819
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1973973
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The glibc qsort implementation sometimes requires querying the physical
page size.
BUG=b:154580659
TEST=run fullscreen 3dmark in ARCVM on kukui
Change-Id: I364d77cf66353e558e798a07a247c55c3e365c32
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2156596
Tested-by: David Stevens <stevensd@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: David Stevens <stevensd@chromium.org>
Reviewed-by: Lepton Wu <lepton@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A mesa change to the amdgpu driver "winsys/amdgpu: Re-use
amdgpu_screen_winsys when possible" causes kcmp to be called with the
following simplified stacktrace.
SYS_kcmp
os_same_file_description
amdgpu_winsys_create
radeonsi_screen_create
<snip>
eglInitialize
virgl_egl_init
virgl_renderer_init
The use of this syscall caused the gpu device process to be killed with
SIGSYS. This change fixes that by allowing kcmp in that process, which
should be secure given the sandboxing in place and the level of
permissions required by kernel to succesfully use the kcmp syscall.
BUG=chromium:1070805
TEST=crostini.GPUEnabled.artifact_gpu_unstable
Change-Id: Ica0e5c6ebc01cbc33ac62fea001949798ca4446e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2151145
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Drew Davenport <ddavenport@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Lepton Wu <lepton@chromium.org>
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the `open_inode` method on an fd for a symlink results in the
kernel returning -ELOOP. Since there are no `*at` methods for extended
attributes, manually read the path for the file and then use the
l{get,set,list,remove}xattr method on the returned path.
BUG=b:136128512
TEST=boot arcvm with virtio-fs and selinux enabled
Change-Id: I2fde57db8a075838a3a877309f6cf89059f19258
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2120763
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=vm.Virtiofs
Change-Id: I2ed7137a901e6e506e6b1562b77fdb042bdc58ab
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2105822
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a frequency file that teaches the seccomp compiler to weight the
comparison tree in favor of the most frequenctly called syscalls.
This frequency file was created by running strace against vm_conciege's
pid (e.g., "strace -p PID -ff -e raw=all -o /tmp/strace") when
performing a start and stop of a VM, deleting the trace files that
weren't for a crosvm process, passing the files to minijail's
tools/generate_seccomp_policy.py (using the -frequency option), and
combining the results of the frequency file. I rounded the #s to the
nearest multiple of 5 and only retained the syscalls that had at least
10 calls.
BUG=None
TEST=Local build and deploy. Verified that crostini VM still boots and
shuts down properly. Used scmp_bpf_disasm to disassemble a few bpf
files before and after this change to confirm that with the frequency
file the first comparision is "jge 2" (to quickly whitelist syscalls
0 and 1 ['read' and 'write']) instead of a comparison around the middle
of the range of syscall numbers that are used.
Change-Id: Icace2b5cdbcae6e51cfd67a3034a1a17fdb6d59e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2005793
Commit-Queue: Matt Delco <delco@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
Tested-by: Matt Delco <delco@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Matt Delco <delco@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=`tast run <dut> vm.Fio.virtiofs`
Change-Id: I937df0be738e0aa302a4ad3e87ed33ff97afb4fc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2089174
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build-time seccomp compiler for aarch64 complains that it doesn't
recognize open, epoll_wait, recv, mmap2, dup2, poll, mkdir, or stat.
I tried to propose a change to upstream minijail to make it aware of
these syscalls, but the calls are in various forms of deprecation
so upstream is doubting the sanity of the policy files.
I applied the following mapping: open->openat, epoll_wait->epoll_pwait,
recv->recvfrom, mmap2->mmap, dup2->dup3, poll->ppoll, mkdir->mkdirat,
and stat->statx. In many cases the new syscall was already present so I
just deleted the old one.
BUG=None
TEST=Ran compile_seccomp_policy.py with an unmodified minijail until
it stopped complaining. I don't have an arm device for runtime testing.
Wrote an app to emulate the execution of the first 400 syscall #s though
the bpf filter and verified that the list that matches the filter is the
same as the policy file.
Change-Id: I599aa549a1712b898eb6b73492872a9676e7215d
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2036218
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minijail's policy compiler complains when there's multiple
unconditional rules for a syscall. In most cases the rules
are redundant to common_device.policy.
BUG=None
TEST=Ran compile_seccomp_policy.py until it stopped
complaining.
Change-Id: Ic43d1fd13f9c012641d71e526942229eb8b08ed4
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2034024
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minijail's policy compiler complains when there's multiple
unconditional rules for a syscall. In most cases the rules
are redundant to common_device.policy. I don't know what
to do about the intentionally contradictory rules for open
and openat, other than to remove then from the common device
policy and add it to all the others.
BUG=None
TEST=Ran compile_seccomp_policy.py until it stopped
complaining.
Change-Id: I6813dd1e0b39e975415662bd7de74c25a1be9eb3
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1918607
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is used in Rust 1.40.0's libstd in place of stat/fstat; update the
whitelists to allow the new syscall as well.
BUG=chromium:1042461
TEST=`crosvm disk resize` does not trigger seccomp failure
Change-Id: Ia3f0e49ee009547295c7af7412dfb5eb3ac1efcb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2003685
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows us to use export a directory to a VM with the
'--shared-dir tag:/dir' crosvm command line flag without relying
on seneschal. The fs device's policy already does the same.
BUG=b:123309049
TEST=Start tot ARCVM, run 'mkdir /var/run/arc/arcvm && mount -t 9p
-o "trans=virtio,version=9p2000.L,cache=none,access=any"
host_generated /var/run/arc/arcvm && ls /var/run/arc/arcvm',
verify ls prints files.
Change-Id: I8f8b265fc8a7de159508afbee5114b6a3f084d01
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1995319
Tested-by: Yusuke Sato <yusukes@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Lepton Wu <lepton@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Yusuke Sato <yusukes@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a control queue for virtio_net, and implement the command to set
available networking offloads.
Set offloads initially when acking features from the guest. We previously set
offloads on unconditionally.
Add TUNSETOFFLOAD to the allowed ioctls for virtio_net.
BUG=chromium:1031413
TEST=boot 5.4 guest, check vmtap offloads enabled with ethtool
TEST=enable ip_forward in guest, check vmtap offloads disabled with ethtool
Change-Id: I4129aa03419798906bd95cf65a6a4ab63069f50b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1968200
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for FS_IOC_{GET,SET}_ENCRYPTION_POLICY. Unfortunately,
since the I/O direction is encoded backwards in the ioctl definitions,
these will only work with on a kernel that's compiled with a patch to
mark them as unrestricted FUSE ioctls.
BUG=b:136127632
TEST=Compile and run the vfs_crypto.c program on a virtio-fs mount
inside a VM
Change-Id: I124c5a943111b453dd44921a079a2baa1036dfd4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1952570
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instant::Now() is called from buffer_completed in ac97_bus_master.rs
sometimes, so we need this. It seems we've already added this to
arm. I guess that code path is only triggered on "slow" devices, that's
why we missed it here in the first place.
BUG=b:139318078
TEST=manual - Run betty-arcvm-pi board under qemu.
Change-Id: I45395eea4d69942c4e9577a39c8074888b4f637c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1954222
Tested-by: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Lepton Wu <lepton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Lepton Wu <lepton@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:1029666
TEST=tast run crostini.LaunchTerminal.download_buster
Change-Id: I8fa7dc9df4d5f0144aed80fcd60307036fc7e16d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1946765
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:1031360
TEST=graphics.CrostiniTraceGlxgears
Change-Id: I9b416a4a50b7747a0914b33d719f2459c499f71d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1954219
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gettid syscall is used in some corners of glibc and it is a fairly
harmless syscall (we already give getpid), so this change moves it to
the common policy.
TEST=None
BUG=chromium:996938
Change-Id: I129644273f2f02fe917255c7157c48b99c329045
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1952565
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a variant of WriteZeroes that allows the caller to specify the
offset explicitly instead of using the file's cursor. This gets rid of
one of the last bits of shared state between disk file users, which will
help in implementing multi-queue support.
Additionally, modify the WriteZeroes trait to use a generic
implementation based on WriteZeroesAt + Seek when possible.
BUG=chromium:858815
TEST=Boot Termina in crosvm
Change-Id: If710159771aeeb55f4f7746dd4354b6c042144e8
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1913519
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The setres{u,g}id and the gete{u,g}id system calls on arm use 16 bit
values for uid_t and gid_t. This causes the kernel to interpret a
uid/gid of 65535 as -1, which means do nothing.
Use the 32-bit variants of these system calls instead so that we can use
32-bit values. Normally, libc would take care of hiding these kinds of
implementation details but since we can't use the libc wrappers for
these system calls, we have to do it ourselves.
BUG=b:136128319
TEST=`tast run vm.Virtiofs` on kevin
Change-Id: I6c0fda42c131e059139000828b3a53d4a73f340c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1923569
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add x86_64 and arm seccomp policy files for the virtio-fs device.
BUG=b:136128319
TEST=Run a vm with a sandboxed virtio-fs device
Change-Id: I8ea7c5d3e90696077f0c2b1f942cb286a0b36cf4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1916559
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the "at" variants of the read/write functions in the block device.
This reduces the number of syscalls on the host per I/O to one
(pread64/pwrite64) rather than two (lseek + read/write).
The CompositeDiskFile implementation is also updated in this commit,
since it's both a producer and consumer of DiskFile, and it isn't
trivial to update it in a separate commit without breaking compilation.
BUG=None
TEST=Start Crostini on kevin, banon, and nami
Change-Id: I031e7e87cd6c99504db8c56b1725ea51c1e27a53
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1845948
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change plumbs the jail throughout the arch specific device creation
process. It also adds a custom callback support for the ProxyDevice so
that the main process can interrupt the child serial process when it has
incoming bytes.
TEST=crosvm run
BUG=None
Change-Id: I6af7d2cb0acbba9bf42eaeeb294cee2bce4a1f36
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1752589
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create VFIO device and VFIO PCI device in create_devices() function, and
intergrate it into PciRootBridge, so guest could see this vfio device.
Add a vfio config parameter, this config point to passthrough or mdev
device sysfs path.
For passthrough case, first user unbind host device from its driver,
then bind host device to vfio-pci. Like:
echo 0000:00:02.0 > /sys/bus/pci/devices/0000:00:02.0/driver/unbind
ech0 8086 1912 > /sys/bus/pci/drivers/vfio-pci/new_id
Finally pass the sysfs to crosvm through
--vfio=/sys/bus/pci/devices/0000:00:02.0
For mdev case, user create a mdev device through
echo $UUID > mdev_type/create, then pass this mdev device to crosvm like
--vfio=/sys/bus/pci/devices/0000:00:02.0/$UUID
BUG=chromium:992270
TEST=none
Change-Id: I0f59d6e93f62f9ab0727ad3a867d204f4ff6ad2d
Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.corp-partner.google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1581140
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two compounded issues broke GPU support on ARM:
1) A mistake when applying code review comments to the initial checkin
of this file and not correctly copying the updated policy when testing
to the DUT.
2) Iteration of the /dev/dri directory from libvirglrender.so uses
getdents instead of getdents64, likely due to some differences in the C
vs Rust runtime.
BUG=chromium:1002667
TEST=glxgears with virtio-gpu on kevin
Change-Id: I225b85998a6a611ebe2a25a75cd88aab9939feb7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1799287
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some code path of mesa requires clock_gettime:
https://gitlab.freedesktop.org/mesa/mesa/blob/08f1cefecd84f851da6d90200bd7af0ecf5bf855/src/egl/drivers/dri2/egl_dri2.c#L3189
Also cxa_guard in llvm begin to call gettid from this CL:
https://llvm.googlesource.com/libcxxabi/+/57e82af58dd4515ab4885f32273268f34f757101
BUG=b:140078110
BUG=b:139318078
TEST=manual - boot arcvm
Change-Id: I258ae5b8d6f38886406acac6a0ac8ca8886a64af
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1773506
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Lepton Wu <lepton@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:892280
TEST=glxgears with virtio-gpu on hana
Change-Id: Ib92b21c124e30eacb3fc28558e2eb5d8d4a92567
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1717739
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: David Riley <davidriley@chromium.org>
Commit-Queue: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Auto-Submit: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ARM platforms have different library locations and also required GPU
devices to be availble to the GPU process.
BUG=chromium:892280
TEST=glxgears with virtio-gpu on kevin and nami
Change-Id: If1baeb1edda76d057e88ab5e88ce22f02e5d30a0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1717738
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: David Riley <davidriley@chromium.org>
Commit-Queue: David Riley <davidriley@chromium.org>
Auto-Submit: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add allow sched_setscheduler call in seccomp policy
- Change the real time priority constant AUDIO_THREAD_RTPRIO to 10 to match
all other clients' priority.
Run the following commands to test
1. ulimit -r 10
2. crosvm run -r ./vm_rootfs.img -c 1 -m 1024 -s /run --cid 5 --host_ip \
100.115.92.25 --netmask 255.255.255.252 --cras-audio \
--params="snd_intel8x0.inside_vm=1 snd_intel8x0.ac97_clock=48000" \
--mac d2:47:f7:c5:9e:53 ./vm_kernel
3. aplay -Dhw:0,0 -f dat /dev/zero
4. ps -AT -o comm,rtprio | grep crosvm
should see a thread running with rtprio=10
BUG=chromium:983533
BUG=b:138262556
TEST=Test with eve (x86_64) and bob (arm)
Change-Id: Idc3711d03d716741f7cefd9a89b14ae4c20c2033
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1729089
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Chih-Yang Hsia <paulhsia@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using syslog from glibc will use some syscalls we haven't seen before,
leading to the process getting killed. This change fixes that.
TEST=use syslog from C
BUG=chromium:988082
Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The crosvm TPM process calls ssleay_rand_bytes(), which in some cases
attempts to acquire entropy through an EGD ("entropy gathering daemon")
- see OpenSSL's RAND_query_egd_bytes(). Attempting to communicate with
this daemon by creating a socket would cause the process to exit
currently because the syscall whitelist did not allow socket() or
connect().
Since we don't have an EGD and don't want to expose it to the sandboxed
TPM process anyway, modify the TPM seccomp policy to cause socket() to
return an error rather than aborting.
BUG=None
TEST=`vmc start --software-tpm termina`
Change-Id: Ib7c6bceced0f6cbe7199614ece8446aa300cec1e
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1684411
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
minigbm sometimes maps buffer with only PROT_READ or only
PROT_WRITE, so allow this.
BUG=b:132939420
TEST=glxgears in container
Change-Id: Ie5ccd827dd14ee78b999d70287b7165d81c5c85e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1673533
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since our Arm version is a 32-bit process, it uses the _llseek syscall
rather than lseek for 64-bit file offset support. Fix the seccomp
filter to match.
Fixes a SIGSYS when attaching a USB device to Linux VM on Arm.
BUG=None
TEST=Attach USB device to kevin; verify device in `adb devices`
Change-Id: Ia46e60df17950bfbe967c4730c62ddb26fb6faa7
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1677318
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds separate seccomp policy for pmem device. Previously,
pmem device was using block device seccomp policy.
BUG=None
TEST=Boot VM and run xfstests on pmem device
Change-Id: I3f25d64d4da6ad8f0ff22b285e1a7e958f545c55
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1652441
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Jakub StaroĊ <jstaron@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The layout of struct usbfs_conninfo_ex was changed in the final revision
of the patch, so the corresponding ioctl number needs to change to
match, since the parameter size is encoded in the ioctl.
The new size is 0x18 or 24, which matches the struct usbfs_conninfo_ex
layout with 7 ports.
BUG=chromium:977020
TEST=Attach Android device to Linux VM on nami
Change-Id: Iec60b4c04880d7d2c71fdea49cfdf7fb5a75f5c6
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1669530
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Commit-Queue: Dmitry Torokhov <dtor@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updated version of libusb uses USBFS_CONNECTINFO and
USBFS_CONNINFO_EX ioctls, as well as readlink and lseek syscalls,
so let's enable them.
BUG=b:133773289
TEST=Try attaching a USB device to Crostini VM.
Change-Id: Ibdcab2da9abe1c0bb35c989d9d62b44ce403e268
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1650534
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Dmitry Torokhov <dtor@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables the full firmware update/reset/use device in application
mode sequence for Edge TPU USB Accelerator.
There is a bit of a UI hiccup: once the firmware update and reset is
complete, the device re-enumerates with a different VID/PID, and the
"Connect to Linux" prompt shows up again. The user must re-affirm that
the device should be connected to Linux to proceed with using the Edge
TPU. This may be unavoidable - I'm not sure if we can tell the
difference between a newly-inserted device and a reset one.
Allowing USBDEVFS_DISCONNECT_CLAIM should be safe, since it can only
operate on file descriptors passed into the xhci device jail.
BUG=chromium:831850
TEST=Run Edge TPU Accelerator demo and verify that it can update FW
Change-Id: I3d61c7bd914830ce25448b1ae4d60e1c16f10aed
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1599881
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Removed for device slot reset and evaluate context. The verification was
unnecessary and may cause some guest kernel operations to fail.
2. The context was updated after dequeue pointer set
3. Reset device when it's attached.
4. Add seccomp rules to allow the above reset.
The verification was copied from another implementation which works for
adb, but does not work with serial devices. The verification is also not
part of the spec, so we removed it here.
BUG=b:131336977
TEST=local build and test
Change-Id: Ifd7994ff5512346d1bab27654e60c97a602da8a6
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Signed-off-by: Zach Reizner <zachr@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1558934
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:127868532
TEST=`vmc start --enable-gpu termina` succeeds
Change-Id: Ibf18cce93ab98f5008bdada3387ee27eb6f79e61
Reviewed-on: https://chromium-review.googlesource.com/1534959
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Drew Davenport <ddavenport@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:940826
TEST=run unigine valley benchmark 1920x1080
Change-Id: If7b5d97a4284de88e52b3fd3e8f162dd484934e1
Reviewed-on: https://chromium-review.googlesource.com/1517102
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement xhci controller, setup seccomp filters and add xhci to pci
bus.
CQ-DEPEND=CL:1512761
BUG=chromium:831850
TEST=local build
Change-Id: I5c05452ece66e99d3a670e259e095fca616e835d
Reviewed-on: https://chromium-review.googlesource.com/1512762
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Jingkui Wang <jkwang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no such syscall as fseek as far as I can tell. There is lseek,
which would be how fseek is implemented in libc, and it is already
included in the policy.
BUG=chromium:936633
TEST=parse_seccomp_policy seccomp/x86_64/tpm_device.policy
Change-Id: Ifb891395d7447d8b81cb1b17af18c49e5d5fc96f
Reviewed-on: https://chromium-review.googlesource.com/1518490
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to repeated syscall rules in gpu_device and common_device policies,
minijail fails to compile the gpu_device.policy. This change unrefactors
that policy so that it may compile properly.
BUG=chromium:936633,chromium:837073
TEST=vmc start --enable-gpu termina
Change-Id: I09ab9296247279c3a9ba6e3a6852e2a7ae2612ed
Reviewed-on: https://chromium-review.googlesource.com/1493424
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested by running the following on a grunt board (Barla) in dev mode
together with CL:1496910:
sudo crosvm run \
--root rootfs.ext4 \
--socket crosvm.sock \
--seccomp-policy-dir seccomp \
--software-tpm \
-p init=/bin/bash \
-p panic=-1 \
vmlinux.bin
and confirming that /dev/tpm0 and /dev/tpmrm0 are present in the VM.
I needed to override the common device policy's `open` and `openat` and
was not able to get that working with the existing @include.
Note: untested on arm.
BUG=chromium:921841
TEST=manual testing on grunt
Change-Id: Ied7f18a631ce8c0ae280f8b6c01511ca20c3d1c8
Reviewed-on: https://chromium-review.googlesource.com/1496909
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The advantage of seqpacket is that they are connection oriented. A
listener can be created that accepts new connections, useful for the
path based VM control sockets. Previously, the only bidirectional
sockets in crosvm were either stream based or made using socketpair.
This change also whitelists sendmsg and recvmsg for the common device
policy.
TEST=cargo test
BUG=chromium:848187
Change-Id: I83fd46f54bce105a7730632cd013b5e7047db22b
Reviewed-on: https://chromium-review.googlesource.com/1470917
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The glibc realloc() implementation may call the mremap syscall in some
cases; we currently allow mremap in x86_64/common_device.policy but not
the arm equivalent, but this path appears to be reachable on any Linux
platform[1]. Add mremap to the arm policy as well for consistency.
mremap is no more powerful than the existing mmap and munmap syscalls,
so I believe this is safe to allow for all device processes.
Also reorder the mmap2 line in the arm policy so it is in alphabetical
order and can be more easily compared to the x86_64 policy.
BUG=chromium:927919
TEST=Boot crosvm on kevin
[1]: https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=6e766d11bc85b6480fa5c9f2a76559f8acf9deb5;hb=HEAD#l2854
Change-Id: Ie51a21baf30d3e37ce3adacf8e255f981613543d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1459020
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|