Google Git
Sign in
chromium / chromiumos / platform / mosys / 7ea3732bbb8aafa2e26d1efb8089c87e9c13f382
commit7ea3732bbb8aafa2e26d1efb8089c87e9c13f382[log] [tgz]
authorEvan Green <evgreen@chromium.org>Mon Jun 24 20:54:52 2019
committerchrome-bot <chrome-bot@chromium.org>Wed Jul 17 01:00:16 2019
treef060732bf77cf801751a28e66e5adc6e2ead261d
parentef043ef12c871346deae57e98830fa9fe0493f1a [diff]
seccomp: Add a bunch of calls for mosys' children

Mosys reaches out and executes a shell script, vpd_get_value. One
example of its invocation is "/usr/local/sbin/vpd_get_value customization_id"

This script reaches out in various cases and launches a bunch of different
things. Examples include:
/usr/sbin/vpd
/usr/sbin/crossystem fmap-base
/usr/sbin/dmidecode -s chassis-type
/usr/sbin/dump_vpd_log
Other programs such as sed, awk, mkdir, mktemp, mv, etc.

I was noticing while staring at the logs to debug a different recovery issue
that this was generating seccomp issues. It seems to come from:
/usr/share/cros/cr50-set-board-id.sh check_device
which is called by chromeos-install.

Add the system calls needed to get this command to run without issue inside
the /usb chroot during recovery. It's getting a little expensive to keep mosys
working with seccomp. It would be better to see mosys stop executing random
scripts it finds throughout the system.

Making this visible was not easy. To test this on Hatch, I had to:
 * Edit ~/trunk/src/scripts/mod_image_for_recovery.sh to add
   --enable_serial=ttyS0 to the build_kernel_image.sh command line
 * Edit and cros_workon ~/trunk/src/platform/initramfs:
    * Add /usr/bin/strace to recovery/Makefile
    * Comment out the exec>"${LOG_FILE}" in recovery/init
    * Add /bin/sh -i into recovery/recovery_init.sh, just before
      running chromeos-recovery.
    * Manually add the equivalent of USE=pcserial to the kernel configs
    * emerge-hatch strace, the kernel, and initramfs.
 * Run build_image (with console enabled), mod_image_for_recovery.sh
   --board=hatch --image=chromiumos_test_image.bin, then boot into the new
   image. At the shell, you can run:

chroot /usb /tmp/strace -f /usr/sbin/mosys platform  brand

And look for instances of SIGSYS happening in any of the output.

BUG=b:134549248
TEST=Examine recovery logs on /dev/sda1, observe no more Bad system call
Also ran mosys platform brand on cheza to verify arm32 version.

Change-Id: I6f2bdd79e0f5fe8a5beab46ed479ef3c1e1cd326
Reviewed-on: https://chromium-review.googlesource.com/1674571
Tested-by: Evan Green <evgreen@chromium.org>
Commit-Ready: Evan Green <evgreen@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
3 files changed
tree: f060732bf77cf801751a28e66e5adc6e2ead261d
  1. core/
  2. drivers/
  3. include/
  4. intf/
  5. io_jail/
  6. lib/
  7. platform/
  8. seccomp/
  9. src/
  10. unittests/
  11. .clang-format
  12. .gitignore
  13. build.rs
  14. Cargo.lock
  15. Cargo.toml
  16. LICENSE
  17. meson.build
  18. meson_options.txt
  19. OWNERS
  20. PRESUBMIT.cfg
  21. README
  22. seccomp_debug.sh
  23. TODO