To ensure dependencies don't accidentally get updated, their versions are
fixed using the equals constraint. The Cargo.lock file is also checked in
so that the registry won't need to be downloaded by cargo.
These changes are needed so that the crosvm ebuild will not need to
download anything outside of its list of source packages.
TEST=./build_test
BUG=None
Change-Id: Iae8472de77e3589a453685717b26fb1ceb44e257
Reviewed-on: https://chromium-review.googlesource.com/674092
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The compiler was complaining about std::fmt::Debug being an unused
import. Remove the import.
BUG=none
TEST=build_test and see no warnings about unused imports
Change-Id: I5e606982dffee575b3048b6c45cb5222e63ae3dc
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/669305
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Implement the virtual sockets device using vhost subsystem of the host
kernel to handle data transfer.
BUG=chromium:708267
TEST=build and run maitred in guest VM without issue
Change-Id: I35b542c0fc7e0fd9296f7ba3e1dfce60bf524d15
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/638838
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Pass better errors from mmap and guest_memory. These modules were
written before I understood errors. Now the errors passed back to block
can be propagated.
Change-Id: I1842808a4114a715321c555281aacc211f23511c
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/656837
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This fakes out the underlying Net implementation with FakeNet to try
and get some of the code a little further along before it
explodes. Then, we test for known failures when running without a real
vhost file descriptors.
This allows us to pass without running as root as we would expect
running on Paladins.
This is also the final module that was failing at ToT.
Also adds vhost to the build_test test targets.
BUG=none
TEST=Run unit tests:
cargo test -p crosvm -p data_model -p syscall_defines -p kernel_loader -p net_util -p x86_64 -p virtio_sys -p kvm_sys -p vhost -p io_jail -p net_sys -p sys_util -p kvm
Also ran ./build_test
Change-Id: Ie12d05c044634a660a234483532cf783e2a7fe84
Reviewed-on: https://chromium-review.googlesource.com/656278
Commit-Ready: Jason Clinton <jclinton@chromium.org>
Tested-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
This adds the virtio wayland device which is activated by default. The wayland
device needs the XDG_RUNTIME_DIR env variable to be set and a running wayland
compositor to connect to in that directory.
TEST=crosvm run <other args>
BUG=chromium:738638
Change-Id: Iaa417c6bb74739896042318451b4befcac0c1d0e
Reviewed-on: https://chromium-review.googlesource.com/559860
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL includes a small tweak to sys_util so that cloned processes PIDs
are returned.
The proxy device CHILD_SIGNATURE check was removed because it would
deadlock with the synchronization that DeviceManager's post clone
callback uses to wait for the id maps to be set. The check wasn't that
useful to begin with.
This also bumps the libc version.
TEST=None
BUG=None
Change-Id: I881e08c9626e035044b0be1dd2e9fff3e7e61ec1
Reviewed-on: https://chromium-review.googlesource.com/634270
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
We can't really mock out the underlying TAP ioctls unless we introduce
another layer of abstraction. Instead, this CL allows a test to pass
if the reason that it failed was a permission denial as we would
expect running on Paladins as non-root.
Also adds net_util to the build_test test targets.
BUG=none
TEST=Run unit tests:
cargo test -p crosvm -p data_model -p syscall_defines -p kernel_loader -p net_util -p x86_64 -p virtio_sys -p kvm_sys -p vhost -p io_jail -p net_sys -p sys_util -p kvm
Also ran ./build_test
Change-Id: I5c761bd75d3a6d5829f4dd07fb8031612944e912
Reviewed-on: https://chromium-review.googlesource.com/649958
Commit-Ready: Jason Clinton <jclinton@chromium.org>
Tested-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
This is so future changes can use getresuid/setresuid and similar
syscalls.
BUG=chromium:738638
TEST=./build_test
Change-Id: I47765fa1f45c549d8e148d02655dd61993a10f58
Reviewed-on: https://chromium-review.googlesource.com/655143
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
By using libc's openlog, we can ensure that the internal state of the
libc syslogger is consistent with the syslog module. Minijail will be
able to print to stderr and the syslog in the same way the logging
macros in crosvm do. The FD the syslog module uses is shared with libc
and via `syslog::get_fds`, jailed processes can inherit the needed FDs
to continue logging.
Now that `sys_log::init()` must be called in single threaded process,
this moves its tests to the list of the serially run ones in
build_test.py.
TEST=./build_test
BUG=None
Change-Id: I8dbc8ebf9d97ef670185259eceac5f6d3d6824ea
Reviewed-on: https://chromium-review.googlesource.com/649951
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
By inheriting stderr, logs from minijail and the logging macros can be
seen in the stderr of crosvm, which is convenient for debugging.
BUG=None
TEST=None
Change-Id: I6d6506776add780b243da50e635c25d27a8976ce
Reviewed-on: https://chromium-review.googlesource.com/649952
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Running crosvm in multiprocess mode includes setting up an io_jail for
each device and it can very often fail due to problems in the
enviroment, such as missing policy files or lack of privilege. The auto
generated debug error messages were not very good (based on initial user
feedback) and so this CL implements display to help make the errors more
understandable when they are printed.
BUG=None
TEST=./build_test
Change-Id: If51c00e60abb9b0d482515fa1e401f2fa6fb9e8f
Reviewed-on: https://chromium-review.googlesource.com/649950
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This removes the clap dependency by replacing that functionality with a
custom written parser. Binary size is reduced by about 60% in optimized
and stripped mode.
TEST=cargo run -- run -h
BUG=None
Change-Id: I2eaf6fcff121ab16613c444693d95fdf3ad04da3
Reviewed-on: https://chromium-review.googlesource.com/636011
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
These copy functions are functionally similar to read_from and write_to,
but have stronger guarantees because they are copying to/from concrete
slices. In particular, the volatile access pattern is specified and the
copy operation never returns an error.
TEST=cargo test
BUG=chromium:738638
Change-Id: Ie10152e10bc8a36058f5d5001ff392ff8975ee36
Reviewed-on: https://chromium-review.googlesource.com/599043
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Split the VhostNet virtio device into generic and specific bits. Almost
the entire Worker implementation is generic between all vhost devices.
The only non-generic bit is a device-specific ioctl to activate a
virtqueue.
To deal with this add a callback to the Worker's Run function to
activate all the virtqueues after they have been set up.
BUG=chromium:708267
TEST=build and run with a vhost-net enabled kernel and see that
everything still works
Change-Id: I262c07e4d2c289f9528924ba708d0b88bd0379bb
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/636121
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This is a regression from the control socket refactoring. The removal of
the control socket receiver class, whose drop impl handled the removal
of the socket's files, meant that no code took care of cleaning them up.
BUG=None
TEST=Run with `-s./` and after a clean exit, make sure there is no
*.sock files in the current directory.
Change-Id: I0064900f4eec6d054d174d59a4aefdf36ab4d3b3
Reviewed-on: https://chromium-review.googlesource.com/642510
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Problems that were fixed:
- gcc crate deprecated compile_library
- `cargo test -p kvm` had a compile error
- `cargo test -p kvm_sys` failed to link with libc
- main.rs failed to include `getpid` and had dead code
- fork.rs had a warning in `cargo test -p sys_util`
- unused const in serial.rs
BUG=None
TEST=sudo cargo test -p data_model -p io_jail -p kernel_loader -p kvm \
-p kvm_sys -p net_sys -p net_util -p syscall_defines -p sys_util \
-p virtio_sys -p vhost -p x86_64 -p crosvm
Change-Id: Iaf0389013fbcdfbfaa7cf37ea1a1fc045f480ada
Reviewed-on: https://chromium-review.googlesource.com/642509
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
A large portion of the VhostNet implementation is common to all vhost
devices. Create a new Vhost trait that encapsulates this behavior and
split the network specific bits into a new Net type and implement the
Vhost trait for it.
BUG=chromium:708267
TEST=build and run with a VHOST_NET enabled kernel and see that
everything still works fine
Change-Id: Ia6b7591f9428c1fba1e13b11791fe40e1bd3942b
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/630060
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
These functions are trivially safe and by adding them to sys_util, we
can remove some unsafe blocks from crosvm. This CL also replaces the
unsafe call sites with the safe alternatives.
There are no previous usages of gete{g,u}id(2), but they will be needed
in a future change.
TEST=None
BUG=None
Change-Id: Ief8787b298cfaa5b7fd1b83f0eba6660369e687d
Reviewed-on: https://chromium-review.googlesource.com/634268
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
We will almost certainly require different seccomp policy files for
different architectures. Move all the existing secommp policy files
into a common directory grouped by architecture.
This will make it easier to install them via the ebuild later.
BUG=none
TEST=none
Change-Id: I0495789cd4143dc374ee6ebe083dc20ce724edbb
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/630058
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL adds VM request capabilities to the control socket. These
requests include the basic exit as well as the essential ioeventfd and
irqfd requests. For virtio wayland, the register/unregister device
memory request was added.
TEST=cargo test
BUG=chromium:738638
Change-Id: I0cbf62d85a299cf454bcf6924a4e1d52d5b7183f
Reviewed-on: https://chromium-review.googlesource.com/602593
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
While vhost_net can provide better performance than a userspace
virtio device, it also requires a kernel module to function. This
also prevents jailing the virtio device, since virtqueue operations
(which necessarily touch guest memory) will be running directly
in the kernel.
Add a userspace virtio net device that can be jailed and works
without vhost support in the kernel.
BUG=chromium:703920
TEST=networking works
Change-Id: I468114b48abd8e30e967ff16329a5dce6a75018f
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/604937
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
We have to guarantee that all the descriptor writes are visible to the
guest before the index update is.
Change-Id: I35f1c8d3f5fc9a6ac54de1eb4be66e1c5ac81fc8
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/611215
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Provide the guest OS with /dev/random.
Change-Id: I1323836392f3f1d59a6be276ce495e0d78ea9669
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/603531
Reviewed-by: Zach Reizner <zachr@chromium.org>
Because there are more than one kind of slice (typical &[T] and
VolatileSlice), the trait IntoIovec is added that any linear memory
region-like type can implement. This helps to reduce the number of
copies needed when dealing with volatile memory.
TEST=cargo test
BUG=chromium:738638
Change-Id: I86bbb693cb7a10ec85bafccf562c078167121c03
Reviewed-on: https://chromium-review.googlesource.com/599042
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
UnixDatagram and UnixStream are both wrappers around unix domain sockets
which are often polled.
TEST=None
BUG=chromium:738638
Change-Id: Ib5572faf1d601b89b9fdd323f654ba04650b7600
Reviewed-on: https://chromium-review.googlesource.com/599041
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The queue's next index, as set by the kernel, will increase
monotonically to the limit of a u16 and then wrap back to zero. In
contrast, Rust will panic when its internal counter reaches the limit.
This change enables the wrapping behavior that we want.
TEST=run a kernel that uses a queue >0xffff times
BUG=None
Change-Id: I24101dfb137a1350fd93d1b378840b72431764ea
Reviewed-on: https://chromium-review.googlesource.com/598502
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Add an option for allowing a writable disk.
Allow specifying multiple disks.
Don't assume the path to the root device, force the user to specify a
correct command line option.
Change-Id: I87dea1152e1f81c0cde45ad47e2c4cf0f187918e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/569450
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
parse_seccomp_filters in libminijail will unhelpfully abort() if the
path doesn't exist. Check that the policy file exists so that there's
a semi-useful error message.
BUG=none
TEST=crosvm run without seccomp policy in current directory; no abort
Change-Id: Ie1123e8cae3f6a27bbd5a3128161364401e8d4b2
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/585829
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL also includes the gcc build time dependency for building the
sock_ctrl_msg.c helper code.
TEST=cargo test
BUG=chromium:738638
Change-Id: I4adc2360b7fab4ed7d557603aa7bad2e738b69b4
Reviewed-on: https://chromium-review.googlesource.com/562574
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Fill the upper for bytes of the disk size configuration. The size is a
64bit value accessed with two 32bit reads.
The guest is permitted to read at any byte offset in the config space.
Allow it to do so, even if it doesn't make much sense.
Change-Id: I5d02620a8751b31784e419ae6a57173a2e212b8f
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/569359
Reviewed-by: Zach Reizner <zachr@chromium.org>
vhost_net is an in-kernel implementation of a virtio_net device. This device
implementation is responsible only for negotiating features and setting up
vhost_net to point to the virtqueues in the guest.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=chromium:738639
TEST=boot with networking enabled and ping host
Change-Id: I9192765b9348528a8a7a7f273e9522c2373d22fb
Reviewed-on: https://chromium-review.googlesource.com/538106
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
According to the Virtio specification, all MMIO register access must be
32-bit wide and aligned. However, this restriction is not true in
general for the config space. This change relaxes the restriction for
accesses to config space.
This change also checks that each queue is valid before activating a
device.
TEST=crosvm run
BUG=None
Change-Id: I10228d99992576837ff505aad56fefbc4d8eff78
Reviewed-on: https://chromium-review.googlesource.com/578314
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Add a method get_host_address for converting a
GuestAddress to a (usize) pointer in crosvm's address
space.
Change-Id: I6dc09e942c95204f4e53218b3250664782c8f8f9
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/575439
Reviewed-by: Zach Reizner <zachr@chromium.org>
Use signalfd to catch SIGCHLD, which will notify the main process when a
device process has died, e.g. it crashed or violated seccomp policy. The
main process will then exit gracefully.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=none
TEST=block a syscall and run with multiprocess; ensure no defunct
processes are hanging around
Change-Id: Ief8a94576ad9eeb032f45ce8491fcfe23a971473
Reviewed-on: https://chromium-review.googlesource.com/557460
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
