The Cargo.toml originally requested edition = 2021, which is not
available in a released version of Rust yet.
BUG=None
TEST=`cargo build` without the real system_api
Change-Id: I9577301b6bfb83cafd5fd9bb0ec5024b385b324e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3145914
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>
Commit-Queue: Ryo Hashimoto <hashimoto@chromium.org>
Fixes Rust 1.53+ warnings when building crosvm:
warning: lint `safe_packed_borrows` has been renamed to `unaligned_references`
BUG=None
TEST=cargo build
Change-Id: If2d2852e0fc20e6afd7fe8e712a2718b640f052b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3145915
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This removes the minijail build from build_environment, which will
cause the minijail-sys crate to build it from source.
Minijail is upreved to include https://r.android.com/1815277
BUG=b:198305518
TEST=./test_all
Change-Id: I38c46c2a7df43e3d3a94ae0c5f8a9aae2abd3555
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141770
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
A NV12 frame is made of one Y plane at full resolution, and one plane
include one U and one V component for each four pixels. Thus the size of
the second plane should be half of that of the first one.
This is important to get right as ffmpeg conversion functions wil rely
on this information and will fail if the computed size is bigger than
the target buffer.
BUG=b:161774071
BUG=b:169295147
TEST=Android Youtube plays properly on Hatch.
Change-Id: I4196983389def3a4914c076d68067874041fab55
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3023743
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
The fsverity_enable_arg struct contains optional pointers to additional
data. Check for them and try to copy them in if necessary. This
requires a corresponding kernel change where the fuse driver also
reads the struct and copies the relevant data from the userspace
application.
Steps to test this change:
// Create a test file
head -c 1000000 /dev/urandom > file
// Generate a new certificate and private key:
openssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -out cert.pem
// Convert the certificate from PEM to DER format:
openssl x509 -in cert.pem -out cert.der -outform der
// Load the certificate into the fs-verity keyring. This step MUST be
// done on the host kernel.
keyctl padd asymmetric '' %keyring:.fs-verity < cert.der
// Now set up fs-verity on the test file:
fsverity sign file file.sig --key=key.pem --cert=cert.pem \
--salt 12345678
fsverity enable file --signature=file.sig --salt 12345678
BUG=b:141632062
TEST=See above
Change-Id: Ied7106cfbd2919f1f0c7f605166769d4916925b0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141298
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Only change the device uid/gid in the sandbox when it is not 0.
Otherwise, running crosvm as root makes minijail complain:
libminijail[16370]: useless change to uid 0
BUG=none
TEST=run crosvm as root
Change-Id: Ida4b0e772ed000d3e42f77012af9d2505f64d92a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141297
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Fergus Dall <sidereal@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Rather than mapping past the end of the file when using a pmem backing
file that is not 2 MiB aligned, use an anonymous mapping to fill the
remaining part of the arena.
This partially reverts https://crrev.com/c/2153103 while keeping the
effective change: the anonymous mapping used to fill the padding is now
added with the same protection as the file mapping.
Also handle images that are not a multiple of the page size (typically
4096 bytes) - the memory mapping on the host will handle zero-filling
reads and discarding writes past the end of the mapped file as long as
we map a size containing the partial last page.
BUG=chromium:1244217
TEST=Boot crosvm with non-2MB aligned pmem disk; read the last few bytes
TEST=./test_all
Change-Id: Ibe8da170175bb9befce924122b912a28a6dc0e7b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3131444
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
On all architectures, KVM_CREATE_VM takes an argument known
as the 'machine type identifier'. This machine type is
architecture dependent, and the documentation helpfully says:
You probably want to use 0 as machine type.
So let's do that.
Change-Id: I8a8a0f7b78e32012c5ab841097c05a02fe0532ff
Signed-off-by: Marc Zyngier <mzyngier@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3124676
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Andrew Walbran <qwandor@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
This enables the bios to read kernel command line parameters
from crosvm and pass them to the kernel that it loads.
BUG=b:195323844
TEST=pass --params through uboot to Linux
Change-Id: I306bb16421393583edc8b0dbdb3198a5b3cc0377
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3140277
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Tom Cherry <tomcherry@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The `num_idle` field of the shared state between BlockingPool worker
threads can underflow in the following case:
* state.num_idle == 2.
* We spawn 2 new tasks into the BlockingPool.
* Both idle worker threads are woken up. `state.num_idle` goes to 0.
* The first worker thread wakes up and pulls a task from the queue.
That task finishes very quickly so the worker thread pulls the second
task from the queue before the second worker thread is scheduled.
* The second worker thread is scheduled. It sees that
`s.tasks.is_empty() == true` so it goes back to waiting on the
Condvar.
* The second worker thread's wait times out and it tries to decrement
`state.num_idle` leading to underflow.
Fix this by adding a `num_notified` field to the shared worker state.
This field acts like a counter for the number of idle worker threads
that have been woken up.
When an idle thread is waiting on a Condvar, rather than checking if the
task queue is empty, it will instead check if num_notified > 0. When an
idle worker thread observes that num_notified > 0 it decrements it by 1
and then goes back to processing tasks from the queue. num_idle is only
decremented when num_notified is 0.
Change the num_idle decrement to a checked_sub so that we can catch it
even when -Coverflow_checks=off. Also add a test for this case. This
test consistently panics without the num_notified changes.
BUG=none
TEST=unit tests
Change-Id: Ia1b348605e0d02415635cdd023db1c10201ab661
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3139159
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
A new command line parameter to specify privileged UIDs.
If the requester UID is privileged, PassthroughFs uses D-Bus to set
quota project ID.
BUG=b:190791826
TEST=build
Cq-Depend: chromium:3129049,chromium:3129048
Change-Id: Ie27f200e8c651be6a5503f69e7b784c5e8f968ea
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3014623
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryo Hashimoto <hashimoto@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Enable with `--cras-snd`.
Verified:
Basic playback and capture
Missing features:
* Getting chmap/jack/stream info from CRAS. They are hardcoded for now.
* Jack connect/disconnect notifications from CRAS
* Reporting latency bytes to the driver. It is currently hardcoded to 0.
BUG=b:179757101
TEST=`aplay` and `arecord` inside a debian img with a 5.10 kernel built
with virtio snd support. Launched with crosvm on rammus/kukui/hatch
Change-Id: I240000a92418b75b3eb8dcd241ff320214b68739
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2777991
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Woody Chow <woodychow@google.com>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
Also removes the use of the hermetic flag in favor of not failing the
build if the submodule is not checked out.
This allows us to remove the tpm2 build from the build_environment
Makefile.
BUG=b:198293072
TEST=./test_all
Change-Id: Ide81e78efe0da3a1b64d4b8ef094a2e901f99ccf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3133623
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
The virtio gpu resource used as a ring buffer for sending
CROSS_DOMAIN_CMD_GET_IMAGE_REQUIREMENTS responses back to the
guest is created with VIRTGPU_BLOB_MEM_GUEST. Because of this, it
is initially created with via a resource_create_blob() without a
ctx_id. The rutabaga backend routes resource_create_blob() requests
without a ctx_id to the default component which is Gfxstream on
Cuttlefish. The Gfxstream component needs to attach the backing
iovecs to the RutabagaResource in order for CrossDomainContext to
eventually take ownership of them.
BUG=b:189133053
TEST=launch Cuttlefish w/ cross domain
Change-Id: I1779fcae2c612dae55ca66fe61a5d2f966cedc1d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3131442
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Jason Macnak <natsu@google.com>
Prevent the dependency build process from leaving untracked files in the
working copy when running test_all.
BUG=None
TEST=./test_all
Change-Id: Ia9dca114ffe98e73f9858795657a3864deab9d3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3119699
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
- Use new VulkanImageAspect
- Use new vulkano::device::physical namespace
- Replace 'loaded_extensions' with 'enabled_extensions'
- Handle 'device_type' change
- Remove u64 to usize casts for DeviceMemoryBuilder
- Extension name update
BUG=b:189133053
TEST=build
Change-Id: I99d319b3eff534d1c4b93db9d7d64d2a95074d19
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3131446
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Auto-Submit: Jason Macnak <natsu@google.com>
Commit-Queue: Jason Macnak <natsu@google.com>
Replace the uses of read_struct() and read_struct_slice() with the
safe DataInit::from_reader() implementation.
BUG=b:197263364
TEST=./test_all
TEST=Boot bzImage kernel
TEST=Boot raw ELF kernel extracted with extract_vmlinux
Change-Id: I80f98243bfb58a7ae93e1686bc4d92b0cd485cda
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108249
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Some devices need to have their current uid mapped in their sandbox
for bind mounts to work as expected. Currently crosvm looks up the
uid/gid for "crosvm" and maps that.
This logic is dubious anyway, since crosvm should be using whatever
user/group it was started under rather then trying to switch (which is
a priviliged operation), but putting concierge in a user namespace
breaks it entierly because the crosvm user gets remapped to a
different numeric value.
Replace the current approach with mapping the current euid/egid,
whatever it may be.
BUG=chromium:1240116
TEST=Manually tested
Change-Id: I0e9b95ed04834da1adedb72bee52ac4359f06041
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3105907
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Allen Webb <allenwebb@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
On 32bit arm systems, starting with glibc 2.33, the fstatat64
syscall is used to fix a y2038 bug and statx is also called
for 64bit->32bit datastructure conversion.
See this upstream glibc 2.33 commit range for more details:
d892723830..aa03f722f3.
Example failures (only on 32bit arm):
type=SECCOMP comm="mtpd" exe="/usr/sbin/mtpd" sig=0
arch=40000028 syscall=327 code=0x7ffc0000
type=SECCOMP comm="mtpd" exe="/usr/sbin/mtpd" sig=0
arch=40000028 syscall=397 code=0x7ffc0000
BUG=b:187795855
TEST=Local builds; CQ.
Change-Id: I003feeaa75552770920cdf9969a393940c5e997b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3113972
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Rather than using .find().is_none(), use !.any() to fix a new clippy
warning.
BUG=b:197251702
TEST=bin/clippy # with rust-toolchain = 1.54.0
Change-Id: I7e3de6b8e864f74300956c43dffaa033c58b7eb0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108617
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
mem::take() can be used in place of mem::replace() when replacing with
the default value, fixing a new clippy warning.
BUG=b:197251702
TEST=bin/clippy # with rust-toolchain = 1.54.0
Change-Id: I7289515eece30b9e294046930aa863a1ceab4de4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108616
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Fixes a new clippy warning with Rust 1.54.0.
BUG=b:197251702
TEST=bin/clippy # with rust-toolchain = 1.54.0
Change-Id: I42cf6e380900ea4bb245629b56b0be5c75e2099d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108615
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Pull the duplicated first statement out of the IRQ triggering sequences
to placate clippy's new warning.
BUG=b:197251702
TEST=bin/clippy # with rust-toolchain = 1.54.0
Change-Id: I8cd8577af35990522e198f97f3a666ad6730e31b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108614
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Colin Downs-Razouk <colindr@google.com>
Instead of checking each item for Some/Ok-ness, filter down to just the
desired items using flatten() on the iterator.
BUG=b:197251702
TEST=bin/clippy # with rust-toolchain = 1.54.0
Change-Id: I80db12c36f41e76f5dff6c30299a3f5d3745f578
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108613
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
This only triggers when the powerd support is compiled out, so just
ignore it.
While we're here, fix the name of the power-monitor-powerd feature in
the line just below (drop the extra "d"); it would always apply, since
the feature name was misspelled.
BUG=b:197251702
TEST=bin/clippy # with rust-toolchain = 1.54.0
Change-Id: I1b8ef3732c3d5968a9e230216f8f727bd1445609
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108612
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Tree-wide cleanup of new clippy warning in Rust 1.54 that warns about
needless borrows:
error: this expression borrows a reference (`&...`) that is
immediately dereferenced by the compiler
https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow
BUG=b:197251702
TEST=bin/clippy # with rust-toolchain = 1.54.0
Change-Id: Ib702ec524d4623d264a00ec11dbc2150c411a67b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108321
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Tomasz Jeznach <tjeznach@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
In some places the faccessat and faccessat2 syscalls were
added only for arm64 but starting with glibc 2.33 they are
required on all architectures, so add them to arm and amd64.
BUG=b:187795855
TEST=Local builds; CQ.
Change-Id: Ica4755844fbbd29d31df2967724abe735ab59f7e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3111369
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
We need a file system that supports O_DIRECT. We know ext4 to work and
tmpfs not to work. Try out O_DIRECT before running the individual tests.
Follow up to changing the configuration so that the next time I can notice the
failure reason faster.
BUG=b:190435784
TEST=integration_tests/run
Change-Id: I7f8a97005dd959a5d0af4d1a91459b7bffc0fa9b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3096427
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
In some circumstances, it's possible that the buffered data isn't fully
consumed by the filesystem. Before handling the next request, we need to
drain the residual.
This change also moves the reader/writer/mapper out of the loop, since
we intend to not duplicate the FDs for each interation, and prefer to
reuse the buffer / avoid re-allocation anyway. This allows us to
implement `drain` in DevFuseReader.
BUG=b:196264590
TEST=fsverity measure a filesystem without ioctl impl, the filesystem
does not crash any more
Cq-Depend: chromium:3105916
Change-Id: Ib758c98e6d7b4ce1391c51db19c120a4cec09dff
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3092409
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Add necessary kernel cmdlines for aarch64.
Adjust PCI address to make room for ramoops on aarch64.
Move the code from x86_64 to common places.
BUG=b:153934386
TEST=vm_pstore_dump
Change-Id: I8f92a7fd04a49afd7e8be9e7cf1901ef70b88d65
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3103131
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Kansho Nishida <kansho@chromium.org>
Commit-Queue: Ryo Hashimoto <hashimoto@chromium.org>
For vfio-pci devices created during vm setup period, they have the same pci
address as host.
For hotplug in vfio-pci device, caller should assigh the bus number,
so it could be associated with a pcie root port or pcie downstream port, but
devfn should be 0, as pcie root port driver scan it children device at devfn=0.
BUG=b:185084350
TEST=Boot a vm with passthrough device and check its function
Change-Id: Ia314cb74b15de374de540e440a91374a6538af54
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2955568
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
