This will be very useful in tests that need a file as it removes the
need for a temporary file to be created.
Change-Id: I7fb08209174c870279e34ee07aad7a3b05baaad9
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/864625
Reviewed-by: Zach Reizner <zachr@chromium.org>
There were a few places that used this to get the page size inside of an
unsafe block, For convenience, this adds a safe wrapper in sys_util and
replaces all extant usage of sysconf with the wrapper version.
BUG=chromium:800626
TEST=./build_test
Change-Id: Ic65bf72aea90eabd4158fbdcdbe25c3f13ca93ac
Reviewed-on: https://chromium-review.googlesource.com/857907
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This is used to make EventFd passed over unix domain socket, such as by
the plugin API.
TEST=./build_test
BUG=chromium:800626
Change-Id: Ifd6c81c51b31a376d57a007bf413a836f3af870a
Reviewed-on: https://chromium-review.googlesource.com/857906
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Use ok_or to remove the match witch was harder to read. No functional
change. Pull the check in to a function so that it only needs to be
right once.
Change-Id: I0e5801d9e7e82994e7f1fbda0d2692a4afd59d99
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/850850
Reviewed-by: Zach Reizner <zachr@chromium.org>
The other functions in mmap check that the offset doesn't overflow. The
kernel_loader fuzzer found that read forgot to check.
Change-Id: Ifc89dbe40345c5923a5cf29c9f29e810e9e1a1e8
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/850542
Reviewed-by: Zach Reizner <zachr@chromium.org>
The syslog subsystem tries to figure out the file descriptor for the
connection to the system logger so that it can ensure that it doesn't
get closed in each device process.
However, the check does not work properly if there was already an open
connection to the system logger. In this case the openlog call does not
do anything and we end up guessing the wrong file descriptor number for
the syslog connection.
Work around this by adding a closelog() call before attempting all of
this cleverness. In the long run this should be fixed properly by just
bind mounting /dev/log into each device process's jail.
BUG=none
TEST=Running crosvm under minijail0 does not cause an InvalidFd error.
Change-Id: Iffd535d62acdf8053817af74b9e97444c746a0cf
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/851271
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Getting and settings seals is useful to ensure the size of files
underlying memory mappings doesn't shrink, which can trigger a SIGBUS on
access to the truncated pages.
This also bumps the libc version to get MFD_ALLOW_SEALING.
TEST=cargo test
BUG=None
CQ-DEPEND=CL:850535
Change-Id: Ifbe1ec2c47d3d5c51b63472f545acc10d3c8eed2
Reviewed-on: https://chromium-review.googlesource.com/849488
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This is needed to support the plugin process API, which may register
guest memory mapped at an offset from the beginning of a file.
TEST=cargo test
BUG=None
Change-Id: Idf1e9f0287df5510728ab2bcf4dd090f9e81a5bf
Reviewed-on: https://chromium-review.googlesource.com/849495
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This is needed for plugin process style executions because they don't
register guest memory though the GuestMemory interface. Their memory is
more dynamic and ill-suited to the GuestMemory abstraction.
TEST=./build_test
BUG=None
Change-Id: I250b0b874ef6a0e342fd6e659301f389d01a4cda
Reviewed-on: https://chromium-review.googlesource.com/848018
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Add functions to let the kernel know a given range of memory isn't
needed currently. This function will result in `madvise(DONTNEED)`.
The ability to signal memory as not needed will be used by the balloon
driver to allow system memory to be redistributed away from the VM.
Change-Id: I4ca56e09010eec33989824f5738db4a4be0ec428
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/759305
Reviewed-by: Zach Reizner <zachr@chromium.org>
On older kernels, the memfd_create syscall isn't available. Skip shm
tests if that is the case.
Change-Id: I39c1f1779f1f02e90df727c6ca18b5bdae52e855
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/768102
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Mutable references being declared mutable themselves is unnecessary and
now generates a warning.
Change-Id: I29c7652fb86e17a8eda21efc728dd09b726c304f
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/717733
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
To ensure dependencies don't accidentally get updated, their versions are
fixed using the equals constraint. The Cargo.lock file is also checked in
so that the registry won't need to be downloaded by cargo.
These changes are needed so that the crosvm ebuild will not need to
download anything outside of its list of source packages.
TEST=./build_test
BUG=None
Change-Id: Iae8472de77e3589a453685717b26fb1ceb44e257
Reviewed-on: https://chromium-review.googlesource.com/674092
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Pass better errors from mmap and guest_memory. These modules were
written before I understood errors. Now the errors passed back to block
can be propagated.
Change-Id: I1842808a4114a715321c555281aacc211f23511c
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/656837
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This CL includes a small tweak to sys_util so that cloned processes PIDs
are returned.
The proxy device CHILD_SIGNATURE check was removed because it would
deadlock with the synchronization that DeviceManager's post clone
callback uses to wait for the id maps to be set. The check wasn't that
useful to begin with.
This also bumps the libc version.
TEST=None
BUG=None
Change-Id: I881e08c9626e035044b0be1dd2e9fff3e7e61ec1
Reviewed-on: https://chromium-review.googlesource.com/634270
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
By using libc's openlog, we can ensure that the internal state of the
libc syslogger is consistent with the syslog module. Minijail will be
able to print to stderr and the syslog in the same way the logging
macros in crosvm do. The FD the syslog module uses is shared with libc
and via `syslog::get_fds`, jailed processes can inherit the needed FDs
to continue logging.
Now that `sys_log::init()` must be called in single threaded process,
this moves its tests to the list of the serially run ones in
build_test.py.
TEST=./build_test
BUG=None
Change-Id: I8dbc8ebf9d97ef670185259eceac5f6d3d6824ea
Reviewed-on: https://chromium-review.googlesource.com/649951
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Problems that were fixed:
- gcc crate deprecated compile_library
- `cargo test -p kvm` had a compile error
- `cargo test -p kvm_sys` failed to link with libc
- main.rs failed to include `getpid` and had dead code
- fork.rs had a warning in `cargo test -p sys_util`
- unused const in serial.rs
BUG=None
TEST=sudo cargo test -p data_model -p io_jail -p kernel_loader -p kvm \
-p kvm_sys -p net_sys -p net_util -p syscall_defines -p sys_util \
-p virtio_sys -p vhost -p x86_64 -p crosvm
Change-Id: Iaf0389013fbcdfbfaa7cf37ea1a1fc045f480ada
Reviewed-on: https://chromium-review.googlesource.com/642509
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
These functions are trivially safe and by adding them to sys_util, we
can remove some unsafe blocks from crosvm. This CL also replaces the
unsafe call sites with the safe alternatives.
There are no previous usages of gete{g,u}id(2), but they will be needed
in a future change.
TEST=None
BUG=None
Change-Id: Ief8787b298cfaa5b7fd1b83f0eba6660369e687d
Reviewed-on: https://chromium-review.googlesource.com/634268
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL adds VM request capabilities to the control socket. These
requests include the basic exit as well as the essential ioeventfd and
irqfd requests. For virtio wayland, the register/unregister device
memory request was added.
TEST=cargo test
BUG=chromium:738638
Change-Id: I0cbf62d85a299cf454bcf6924a4e1d52d5b7183f
Reviewed-on: https://chromium-review.googlesource.com/602593
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Because there are more than one kind of slice (typical &[T] and
VolatileSlice), the trait IntoIovec is added that any linear memory
region-like type can implement. This helps to reduce the number of
copies needed when dealing with volatile memory.
TEST=cargo test
BUG=chromium:738638
Change-Id: I86bbb693cb7a10ec85bafccf562c078167121c03
Reviewed-on: https://chromium-review.googlesource.com/599042
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
UnixDatagram and UnixStream are both wrappers around unix domain sockets
which are often polled.
TEST=None
BUG=chromium:738638
Change-Id: Ib5572faf1d601b89b9fdd323f654ba04650b7600
Reviewed-on: https://chromium-review.googlesource.com/599041
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL also includes the gcc build time dependency for building the
sock_ctrl_msg.c helper code.
TEST=cargo test
BUG=chromium:738638
Change-Id: I4adc2360b7fab4ed7d557603aa7bad2e738b69b4
Reviewed-on: https://chromium-review.googlesource.com/562574
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Add a method get_host_address for converting a
GuestAddress to a (usize) pointer in crosvm's address
space.
Change-Id: I6dc09e942c95204f4e53218b3250664782c8f8f9
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/575439
Reviewed-by: Zach Reizner <zachr@chromium.org>
Factor out common ioctl wrappers and macros into their own module.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=none
TEST=cargo test
Change-Id: Ibede8a853f5cc6c6d62565930f312b11024cc5b5
Reviewed-on: https://chromium-review.googlesource.com/566540
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
When syslog is used from another crate, the compiler needs a specific
place to look for the symbols.
Change-Id: I5ba1b7ae0e8f6825aaf2a0d0b6ff31dcab21aa0c
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/569360
Reviewed-by: Zach Reizner <zachr@chromium.org>
Dealing with signals is unpleasant business. SignalFd wraps a kernel
signalfd for a signal, and blocks the default handling for the signal.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=none
TEST=cargo test
Change-Id: I161c992b65b98ffa5c07d546f13efa6b56890df4
Reviewed-on: https://chromium-review.googlesource.com/557459
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This module is designed as a safe wrapper around clone for use by the
proxy device. It includes safe guards that prevent errors with typical
forking applications in rust.
TEST=cargo test
BUG=None
Change-Id: I09132a4cae61ebdaa97ec3b95d22567c36c5f15d
Reviewed-on: https://chromium-review.googlesource.com/518446
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL adds the SharedMemory structure for managing memory attached to
a file descriptor, which can be sent to external processes.
TEST=cargo test
BUG=chromium:738638
Change-Id: I2b6a10e0e7275367ddb578831a73de6956d231bb
Reviewed-on: https://chromium-review.googlesource.com/562509
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Add a new method to GuestMemory that allows running a FnMut over all
regions. This will allow the virtio module to generate a vhost memory
table.
Also make do_in_region public, so that VHOST_NET can find the host
userspace address of vrings (necessary for VHOST ioctls).
BUG=none
TEST=cargo build
Change-Id: I43611dcc56146ed4d160f0e189b9328ca0e6d87d
Reviewed-on: https://chromium-review.googlesource.com/543909
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
For some reason, the angle brackets in the comments confused doc-tests
such that they hung everytime `cargo test` was run on sys_util on my
machine. My theory is that the angle brackets triggered some strange
HTML behavior in `cargo test`.
BUG=None
TEST=cd sys_util; cargo test
Change-Id: Iceb81e64aecc4cc2a9397f2d1af2e64aeb8e2b5e
Reviewed-on: https://chromium-review.googlesource.com/518444
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The signal module is used for registering signal handlers and for
signalling threads. Normally signals would be a method of last resort,
but in this case it's the only possible way to trigger a VM exit on a
thread currently inside of a KVM_RUN call.
BUG=None
TEST=None
Change-Id: If1db1e17937d1af08fc24b422c460be754cf9d22
Reviewed-on: https://chromium-review.googlesource.com/514415
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The poll module adds the Poller object for waiting on mutliple file
descriptors at once. The Pollable trait is introduced so rust objects
can expose a file descriptor useful for polling. An impl for EventFd is
included with this change for testing.
TEST=cargo test
BUG=None
Change-Id: I94fd15a17fe0527c0d29c623badb90668d708689
Reviewed-on: https://chromium-review.googlesource.com/514413
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL takes the handle_intr!() macro, changes its name to
handle_eintr!(), and overloads it so it can handle EINTR embedded in
other kinds of Result types.
BUG=None
TEST=cargo test
Change-Id: I920ea7d9f156137f42e9e8ea44a3e6946d06b746
Reviewed-on: https://chromium-review.googlesource.com/556348
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Mmap and GuestMemory are the intended targets for the VolatileMemory
trait.
TEST=cargo test
BUG=None
Change-Id: Ie228b5daef691a6dcb80841be1c3dddb4b19ffc4
Reviewed-on: https://chromium-review.googlesource.com/547335
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This device is useful for exposing a block device, for example a rootfs
image, to the guest.
TEST=None
BUG=None
Change-Id: Ida0d24ed57602f25352563893a1c85b171771c7a
Reviewed-on: https://chromium-review.googlesource.com/514688
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Not all types are safe to read from guest memory. Any type with a
reference or pointer will be initialized to random bits that don't refer
to a valid address. This can cause dangling pointer and general
unsafe behavior.
To fix this, limit types that can be read with read_obj to those that
implement the unsafe trait `DataInit`. Provide implementations of
`DataInit` for intrinsic types that are obviously safe to initialize
with random data.
Implement the needed traits for bootparam types as they are read from
the kernel image directly.
Change-Id: I1040f5bc1b2fc4c58c87d8a2ce3f618edcf6f9b1
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/540750
Reviewed-by: Zach Reizner <zachr@chromium.org>
This will be used to create temporary directories that are lifetime
managed for running jails.
Change-Id: I35dfeae76a211c820db090b65baf72277d9e2d8a
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/520706
Reviewed-by: Zach Reizner <zachr@chromium.org>
Add a module for accessing guest memory.
This module will replace all the slices that are used to access it
currently as those slices aren't valid because the memory is volatile
and a volatile slice doesn't exist in rust.
Modify the existing users so they no longer depend on the deprecated slice
access.
Change-Id: Ic0e86dacf66f68bd88ed9cc197cb14e45ada891d
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/509919
These utilities are used for reading structs from u8 slices.
Often the kernel returns pointers to void pointers that represent a struct.
This helps convert back to the struct.
Change-Id: I6e59fb772f3ba75f006c9370412267ff565dfe4c
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/497768
Reviewed-by: Zach Reizner <zachr@chromium.org>
In KVM, eventfd's are essential for sending and receiving signals to the
VM. This CL adds a safe wrapper around their usage.
TEST=cargo test
BUG=None
Change-Id: I04cd9036db156bfa8b9bd49281347a2460fbff2c
Reviewed-on: https://chromium-review.googlesource.com/496988
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>