These syscalls are used by the plugin test child process on newer glibc
and kernel versions. Without them, the plugin tests fail because the
child processes die with SIGSYS.
BUG=None
TEST=tools/dev_container tools/presubmit --all
Change-Id: Id56831cf146e1e0f24f700744d6db902133ecc62
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4034381
Reviewed-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
We don't want mprotect or mmap being called with write and execute at
the same time. This policy is for a test, but still filter the arguments
incase this policy is used as a starting point elsewhere.
BUG=b:172212144
TEST=Kokoro passes
Change-Id: I8be82a9af7e404a4eb17f5b2fbb1e6269447de11
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3942708
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Allen Webb <allenwebb@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This search/replace updates all copyright notices to drop the
"All rights reserved", Use "ChromiumOS" instead of "Chromium OS"
and drops the trailing dots.
This fulfills the request from legal and unifies our notices.
./tools/health-check has been updated to only accept this style.
BUG=b:246579983
TEST=./tools/health-check
Change-Id: I87a80701dc651f1baf4820e5cc42469d7c5f5bf7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3894243
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
This change tries to improve the performance of a plugin-based VM
by adding a hint API that allows crosvm to proactively push cpu
state to the plugin when certain ports for hypercalls are accessed
by the VM.
BUG=None
TEST=build and run. See performance increase significantly.
Change-Id: I71af24ebc034095ffea42eedb9ffda0afc719cd6
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1873005
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This is needed to make sure seccomp work with glibc 2.27
BUG=chromium:897477
TEST=None
Change-Id: I101aa07bffd8db2b449be1a697dafcd7d6f1cb58
Reviewed-on: https://chromium-review.googlesource.com/1294729
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This adds openat to a seccomp policy file if open is already there.
We need this because glibc 2.25 changed it system call for open().
BUG=chromium:894614
TEST=None
Change-Id: Ie5b45d858e8d9ea081fd7bfda81709bda048d965
Reviewed-on: https://chromium-review.googlesource.com/1292129
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
The plugin process is similar to a virtual device from the perspective
of crosvm. Therefore, the plugin process should be run in a jail,
similar to the other devices in crosvm.
TEST=cargo build --features plugin; ./build_test
BUG=chromium:800626
Change-Id: I881d7b0f8a11e2626f69a5fa0eee0aa59bb6b6be
Reviewed-on: https://chromium-review.googlesource.com/882131
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
