mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-12-03 22:28:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
2110 commits 607 branches 2 tags 225 MiB
Commit graph

23 commits

Author SHA1 Message Date
Gurchetan Singh
b66d6f62dc crosvm: sandbox changes for udmabuf 
Allow:
   - UDMABUF_CREATE_LIST -- needed to create udmabuf
   - DMA_BUF_IOCTL_SYNC -- to flush the udmabuf.
     virtio-wl already allows this everywhere so
     this should be fine.

Also add the path to minijail.

BUG=chromium:892806, b:173630595
TEST=no sandbox violations

Change-Id: I70ace6ef0349c4b133615eb41f9f56ccd7121e4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2786287
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
 2021-03-30 16:42:00 +00:00
Manoj Gupta
19ad688208 add getdents64 to policies 
glibc 2.32 is using getdents64 syscall instead of getdents.
So add getdents64 to policies that already have getdents.

BUG=chromium:1171287
TEST=CQ

Change-Id: Icbe1da7cbf669432c8160779a9cbfdeb04db57c0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2760299
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
 2021-03-16 05:25:16 +00:00
Adrian Ratiu
f19933bfb0 tree-wide: seccomp: allow clock_nanosleep syscalls 
Starting with 2.32 glibc nanosleep() was refactored to use the
clock_nanosleep syscall so various software will fail unless
the new syscall is allowed. We can't just drop the old nanosleep
syscall because it will break glibc 2.27 which is still used.

See glibc commits:
807edded25 nptl: Refactor thrd_sleep in terms of clock_nanosleep
3537ecb49c Refactor nanosleep in terms of clock_nanosleep
79a547b162 nptl: Move nanosleep implementation to libc

This is a bulk edit done with the following command:
git grep -rl 'nanosleep: 1' | xargs sed -i \
                           '/^nanosleep: 1/a clock_nanosleep: 1'

BUG=chromium:1171287
TEST=Local builds and booting on kevin/64/eve/minnie.

Change-Id: I975535078d88200f52319c7eea3a4c7ebf299933
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2735575
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
 2021-03-07 01:53:10 +00:00
Chia-I Wu
3c6367b98c seccomp: gpu: allow sched_yield 
It will be needed by virglrenderer with venus enabled.

BUG=b:180621453
TEST=vulkan-smoketest

Change-Id: I3c3b4f38901d278c137b26f8801a3417d88b4533
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2728307
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chia-I Wu <olv@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Commit-Queue: Chia-I Wu <olv@google.com>
 2021-03-05 05:13:36 +00:00
Chia-I Wu
694c53031a seccomp: gpu: allow vulkan loader and intel anv 
BUG=b:176158397
TEST=vkcube

Change-Id: I11b5a97929fbb2c0328aca7d54b5882823b67209
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2634993
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Tested-by: Chia-I Wu <olv@google.com>
Commit-Queue: Chia-I Wu <olv@google.com>
 2021-01-22 13:28:33 +00:00
John Bates
0d9d0e3c85 Allow perfetto tracing from crosvm gpu process 
New syscalls and /run/perfetto bind mount are required.

BUG=b:174162684
TEST=Run crosvm with perfetto instrumentation and confirm that
     events can be traced through traced. Tested on both hatch
     and ARM kukui device.

Cq-Depend: chromium:2570487
Change-Id: I809400ec393c2971ba9a1134ddbef7f48d818786
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2571659
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: John Bates <jbates@chromium.org>
Commit-Queue: John Bates <jbates@chromium.org>
 2020-12-10 04:40:43 +00:00
John Bates
b220eac0d3 devices: gpu: add support for mesa gpu shader cache 
When requested with the --gpu=cache-path=/path arg, crosvm
will pass it to Mesa via env var MESA_GLSL_CACHE_DIR. In
addition, the cache-size will also be passed along if
provided.

BUG=b:168540438
TEST=run with --gpu=cache-path=/tmp,cache-size=50M and
 confirm that files are created in /tmp/mesa_shader_cache.

Change-Id: I2525597749d654a65373a723cefeab6cf2be62d7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2415509
Tested-by: John Bates <jbates@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
 2020-09-29 19:02:24 +00:00
Lepton Wu
42a5d13124 seccomp: gpu: Allow PR_GET_NAME for prctl 
MALI GPU driver calls this for printing debug information. Just
enable it since it could help debug.

BUG=None
TEST=manual - Run ARCVM on kukui with debug build of mali driver

Change-Id: If65121520071a1df9b8ba932272428cbac844984
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2262176
Tested-by: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Lepton Wu <lepton@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Commit-Queue: Lepton Wu <lepton@chromium.org>
 2020-06-25 10:33:59 +00:00
Zach Reizner
5cf5af601e seccomp: allow kcmp on x86_64 gpu device 
A mesa change to the amdgpu driver "winsys/amdgpu: Re-use
amdgpu_screen_winsys when possible" causes kcmp to be called with the
following simplified stacktrace.

SYS_kcmp
os_same_file_description
amdgpu_winsys_create
radeonsi_screen_create
<snip>
eglInitialize
virgl_egl_init
virgl_renderer_init

The use of this syscall caused the gpu device process to be killed with
SIGSYS. This change fixes that by allowing kcmp in that process, which
should be secure given the sandboxing in place and the level of
permissions required by kernel to succesfully use the kcmp syscall.

BUG=chromium:1070805
TEST=crostini.GPUEnabled.artifact_gpu_unstable

Change-Id: Ica0e5c6ebc01cbc33ac62fea001949798ca4446e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2151145
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Drew Davenport <ddavenport@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Lepton Wu <lepton@chromium.org>
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
 2020-04-16 19:05:15 +00:00
Daniel Verkamp
5de0604f29 seccomp: allow statx syscall where stat/fstat was allowed 
This is used in Rust 1.40.0's libstd in place of stat/fstat; update the
whitelists to allow the new syscall as well.

BUG=chromium:1042461
TEST=`crosvm disk resize` does not trigger seccomp failure

Change-Id: Ia3f0e49ee009547295c7af7412dfb5eb3ac1efcb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2003685
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
 2020-01-17 23:04:03 +00:00
Lepton Wu
373673c43a seccomp: add clock_gettime gettid to gpu policy. 
Some code path of mesa requires clock_gettime:
08f1cefecd/src/egl/drivers/dri2/egl_dri2.c (L3189)

Also cxa_guard in llvm begin to call gettid from this CL:

https://llvm.googlesource.com/libcxxabi/+/57e82af58dd4515ab4885f32273268f34f757101

BUG=b:140078110
BUG=b:139318078
TEST=manual - boot arcvm

Change-Id: I258ae5b8d6f38886406acac6a0ac8ca8886a64af
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1773506
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Lepton Wu <lepton@chromium.org>
 2019-08-28 01:11:09 +00:00
Zach Reizner
2ea297ac76 seccomp: add sendto, writev, and readv to common seccomp policies 
Using syslog from glibc will use some syscalls we haven't seen before,
leading to the process getting killed. This change fixes that.

TEST=use syslog from C
BUG=chromium:988082

Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
 2019-07-27 03:50:22 +00:00
Gurchetan Singh
ad656a9d3a seccomp: whitelist read-only/write-only GPU mappings 
minigbm sometimes maps buffer with only PROT_READ or only
PROT_WRITE, so allow this.

BUG=b:132939420
TEST=glxgears in container

Change-Id: Ie5ccd827dd14ee78b999d70287b7165d81c5c85e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1673533
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
 2019-07-03 15:41:58 +00:00
Drew Davenport
1f9ae42c73 seccomp: Whitelist syscalls for grunt gpu 
BUG=b:127868532
TEST=`vmc start --enable-gpu termina` succeeds

Change-Id: Ibf18cce93ab98f5008bdada3387ee27eb6f79e61
Reviewed-on: https://chromium-review.googlesource.com/1534959
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Drew Davenport <ddavenport@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
 2019-04-09 06:19:59 -07:00
David Riley
33e8ef061d devices: gpu: allow sysinfo syscall 
BUG=chromium:940826
TEST=run unigine valley benchmark 1920x1080

Change-Id: If7b5d97a4284de88e52b3fd3e8f162dd484934e1
Reviewed-on: https://chromium-review.googlesource.com/1517102
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
 2019-03-21 08:07:41 -07:00
Zach Reizner
a632f4b170 seccomp: unrefactor gpu_device.policy 
Due to repeated syscall rules in gpu_device and common_device policies,
minijail fails to compile the gpu_device.policy. This change unrefactors
that policy so that it may compile properly.

BUG=chromium:936633,chromium:837073
TEST=vmc start --enable-gpu termina

Change-Id: I09ab9296247279c3a9ba6e3a6852e2a7ae2612ed
Reviewed-on: https://chromium-review.googlesource.com/1493424
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
 2019-03-02 17:41:27 -08:00
Zach Reizner
bae43dd4c9 seccomp: refactor policy into common_device.policy 
CQ-DEPEND=CL:1449895
BUG=None
TEST=vmc start termina

Change-Id: Ia3edaafc1d2958bd40e6b1adc89dd5e29b679b06
Reviewed-on: https://chromium-review.googlesource.com/1448292
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
 2019-02-07 03:02:12 -08:00
David Riley
825ba5298f devices: gpu: allow brk syscall 
BUG=chromium:926415
TEST=start Tomb Raider

Change-Id: I55352a84a4edd03337f262e1474e0888abfc8c81
Reviewed-on: https://chromium-review.googlesource.com/1446939
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
 2019-02-05 14:11:29 -08:00
David Riley
fccfc05f67 devices: gpu: dup stdout to stderr to allow virglrenderer logging 
By default virglrenderer logs to stderr with VREND_DEBUG.  dup stdout
which is logged via logger to stderr so that virglrenderer logs can be
seen.

BUG=chromium:925590
TEST=cat /var/log/messages

Change-Id: I3e1a5056dab9cfd895867b1835b421b144ee536b
Reviewed-on: https://chromium-review.googlesource.com/1441352
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
 2019-01-31 18:18:44 -08:00
David Riley
d48445eae0 devices: gpu: name gpu thread 
BUG=chromium:925590
TEST=pstree

Change-Id: I2f591894db2a40a812f1720e1fc8422049d85902
Reviewed-on: https://chromium-review.googlesource.com/1440031
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
 2019-01-30 01:25:56 -08:00
David Riley
84c13ec890 devices: gpu: add lstat to gpu device seccomp 
BUG=chromium:837073
TEST=vmc start --enable-gpu tatl; lxc start stretch-x; xterm && glxgears

Change-Id: I42a096384cb536ec835de69b34db9b9a941bfeaf
Reviewed-on: https://chromium-review.googlesource.com/1401110
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
 2019-01-09 19:52:08 -08:00
Yunlian Jiang
a70445aa3b crosvm: add openat to seccomp 
This adds openat to a seccomp policy file if open is already there.
We need this because glibc 2.25 changed it system call for open().

BUG=chromium:894614
TEST=None

Change-Id: Ie5b45d858e8d9ea081fd7bfda81709bda048d965
Reviewed-on: https://chromium-review.googlesource.com/1292129
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
 2018-10-21 05:25:01 -07:00
David Riley
b22b6137aa gpu: add sandboxing via minijail for virtio gpu device. 
Sandboxing only works when started as chronos via concierge client.  If
started directly via crosvm as root, the jail will not have proper group
permissions to access the Wayland socket.

BUG=chromium:837073
TEST=build with --features=gpu; null_platform_test without --disable-sandbox
CQ-DEPEND=CL:1213779

Change-Id: I6331f7ae1f5b99d31ad44cf158f72337294771f0
Reviewed-on: https://chromium-review.googlesource.com/1181168
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
 2018-09-17 13:18:06 -07:00