Use signalfd to catch SIGCHLD, which will notify the main process when a
device process has died, e.g. it crashed or violated seccomp policy. The
main process will then exit gracefully.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=none
TEST=block a syscall and run with multiprocess; ensure no defunct
processes are hanging around
Change-Id: Ief8a94576ad9eeb032f45ce8491fcfe23a971473
Reviewed-on: https://chromium-review.googlesource.com/557460
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
In preparation for adding a net device, factor out some of the common code
for setting up an mmio device and jailing it.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=none
TEST=cargo test
Change-Id: I94f02e56a2b0938d860322b731d8b17a25357128
Reviewed-on: https://chromium-review.googlesource.com/543910
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The cpus option is now used.
Change-Id: I64bcc7cf27427f20b093c70eec3b58cd2c55e290
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/569098
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The `clone_process` function was created to safely encapsulate
fork/clone usage for the proxy device. This patch changes proxy device
to do utilize that.
TEST=cargo run -- -u <other crosvm args>...
BUG=None
Change-Id: I2d9f1794be61be31f3aae21037c7df14b7691172
Reviewed-on: https://chromium-review.googlesource.com/518935
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
A VirtioDevice should expose its type so that the guest can probe it
correctly.
BUG=none
TEST=boot with block device
Change-Id: I6a8cae3afbdc5ae9f6af23eea928c83e67719c12
Reviewed-on: https://chromium-review.googlesource.com/538104
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Run with the new seccomp filter and drop all capabilities. In addition enter a
new user, mount, network, and ipc namespace. Leave the mount namespace empty
after pivot-rooting to an empty directory.
Change-Id: Iee583cf260ede8ca13f005836684eb80c2c3ac3e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/515603
There were a few cases of a write into the serial device that would
panic because the registers were read-only. This change simply ignores
those writes instead of raising a panic.
This is also the first bug that was found by cargo-fuzz! Wohoo!
TEST=None
BUG=None
Change-Id: I8b6805617ac3dcfddd0555c1bb394a7bc1a7cf6d
Reviewed-on: https://chromium-review.googlesource.com/518445
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This program is used to boot a 64-bit kernel elf. It has support for
basic devices that are exposed to the kernel, including a block device.
TEST=cargo test;
cargo run -- -m 512 -c 4 -d rootfs.squashfs -u -p "init=/bin/bash" vmlinux
BUG=chromium:712319
Change-Id: I25a8349a4624d8643fefe2ad70e517fe03b16b8c
Reviewed-on: https://chromium-review.googlesource.com/514417
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This change adds the control socket, a unix domain socket on the
filesystem that other programs can use to control the operation of
crosvm during runtime. Currently only shutdown is supported.
BUG=None
TEST=cargo test
Change-Id: Ic5f91647e28d279debaa2f9f7dbcb606ca96439b
Reviewed-on: https://chromium-review.googlesource.com/514416
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL takes the handle_intr!() macro, changes its name to
handle_eintr!(), and overloads it so it can handle EINTR embedded in
other kinds of Result types.
BUG=None
TEST=cargo test
Change-Id: I920ea7d9f156137f42e9e8ea44a3e6946d06b746
Reviewed-on: https://chromium-review.googlesource.com/556348
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The kernel command line is dynamically built up based on what devices
are added and what extra parameters are passed in my the user. The
module this CL adds ensures the kernel command line that is built is a
valid one.
TEST=None
BUG=None
Change-Id: Ia2b7b9fae7eb29140ae25ab34119d050984f8ef2
Reviewed-on: https://chromium-review.googlesource.com/514689
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This device is useful for exposing a block device, for example a rootfs
image, to the guest.
TEST=None
BUG=None
Change-Id: Ida0d24ed57602f25352563893a1c85b171771c7a
Reviewed-on: https://chromium-review.googlesource.com/514688
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The MMIO transport, along with PCI, is a standard transport for
discovering and configuring virtio devices and their associated queues.
MMIO is by far easier and simpler and so gets implemented first.
BUG=None
TEST=None
Change-Id: Icdaa02284aedf8ec726199784da45d22c8dbab87
Reviewed-on: https://chromium-review.googlesource.com/514687
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The queue module is for navigating virtio queues using guest memory. It
is the basis of the virtio protocol post-configuration.
TEST=None
BUG=None
Change-Id: I2e6f9a1398ee06f3e766fe5edcb1c4283ebe7be8
Reviewed-on: https://chromium-review.googlesource.com/514686
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The purpose of the child process is to enable an extra layer of
isolation between the emulated devices, which have to deal with much
more untrusted guest memory, and the main process which has access to
the kernel's KVM ioctls.
BUG=None
TEST=None
Change-Id: I13c1fcf29e6da88a8a390e1cb174915fa2d86596
Reviewed-on: https://chromium-review.googlesource.com/514685
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The Bus object is meant to be useful for arbitrary address space access
routing. In practice, this is used for MMIO and I/O ports.
TEST=None
BUG=None
Change-Id: I1ac7f231ac630a29195773425ce461fa7ade1753
Reviewed-on: https://chromium-review.googlesource.com/514684
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
