If multiple serial parameters do not have `num` fields, or a different
parameter has already defined serial num 1, then crosvm will show an
error.
BUG=chromium:974885
TEST=cargo test; emerge-sarien crosvm && cros deploy dut crosvm;
Manual testing with and without num field in --serial parameter
Change-Id: Ia80247e8d055179adfd9e7471a98e8a2923cf1f1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1662773
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Trent Begin <tbegin@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Trent Begin <tbegin@chromium.org>
When an ill socket is detected, it will be removed from poll_context and
control_sockets, then the remaining good sockets should change their indices,
So modify should be used instead of add, as all of them have been added
into poll_context already, the add will return an error.
This change is merge of another change at
I977be57ea0898cc8226505f7d3da103a46ea626c that was identical to this one
except it contained the following similar commit message:
linux: when renumbering control sockets, use modify instead of add
In some circumstances, a VM control socket will get removed from the
list of control sockets in the run_control loop. Usually, the last
control socket in the list gets removed, but if that is not the case,
the control sockets will get reordered to fill in the gap in the list.
The `add` method of `PollContext` was used to change the token used for
a given control socket, when `modify` should have been used instead.
The problem with using `add` when a control socket is already part of a
`PollContext` is that it will return an error and terminate crosvm. This
CL fixes that issue.
BUG=none
TEST="crosvm run --vfio=$GVT_UUID", then run many gpu workloads in guest
TEST=crosvm run --gpu
Change-Id: Ic00a781d8839e652e2a8fd54ccd8e55849fa20bb
Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.corp-partner.google.com>
Signed-off-by: Zach Reizner <zachr@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1581151
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Resolve a couple of minor clippy warnings:
- unneeded return statement
- use `if let` instead of `match` for single pattern destruction
- use `values()` function to iterate over map values
- supress warning about `ptr::null()` as expressed by the comment
BUG=None
TEST=./bin/clippy
TEST=cargo build
Change-Id: Ic4cea94cd3a25a9edf6ef38119de8c46dcfec563
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1646739
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Jakub Staroń <jstaron@google.com>
Adds support for virtio-pmem device as an alternative for virtio-blk.
Exposing disk image to guest as virtio-blk device results in both guest
and host independently caching the disk I/O. Using virtio-pmem device
allows to mount disk image as direct access (DAX) in the guest and thus
bypass the guest cache. This will reduce memory foodprint of the VMs.
BUG=None
TEST=cargo test
TEST=Boot patched termina kernel in crosvm; mount virtio-pmem device as
DAX and run xfstests.
Change-Id: I935fc8fc7527f79e5169f07ec7927e4ea4fa6027
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1605517
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Commit-Queue: Jakub Staroń <jstaron@google.com>
The --bios argument is added as an alternative to the kernel positional
argument. The BIOS runs in unreal mode (16-bit cs selector set to the
end of 32-bit address space), which matches the default state KVM puts
the segment and data registers into.
Example usage:
Build u-boot with "make qemu-x86_defconfig && make"
Run crosvm with "crosvm_wrapper.sh run --bios=u-boot.rom"
This produces the following message:
"""
U-Boot 2019.01-00017-gdc76aabe6a-dirty (May 21 2019 - 12:17:02 -0700)
CPU:
DRAM: 16 MiB
unable to get online cpu number: -19
Warning: MP init failure
Model: QEMU x86 (I440FX)
Net: No ethernet found.
error: can't find etc/table-loader
Hit any key to stop autoboot: 0
=>
"""
At this point the u-boot shell works with stdin/stdout, but virtual
disks passed with --rwdisk weren't immediately visible from running
"virtio scan" and "virtio info".
This change puts the bios loading together with the linux kernel loading
code since there is a lot of overlap in functionality.
Bug: b/133358982
Test: ./crosvm_wrapper.sh run --mem=4097 --bios=u-boot.rom
Change-Id: I65b0e1044233af662a642c592d35b106217f3c13
Reviewed-on: https://chromium-review.googlesource.com/1622648
Commit-Ready: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The flag can enable capturing audio from CRAS server to the cras-audio
device.
We'll re-enable capture function on Crostini after finishing capture
permission works.
BUG=chromium:932268
TEST=Boot vm with crosvm --cras-audio --cras-capture to check recording
functionality.
Cq-Depend: chromium:1628633
Change-Id: I7502cbd668cbc722224164d9f69e50a16b0ab86b
Reviewed-on: https://chromium-review.googlesource.com/1628687
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
These type of requests are not necessarily specific to the virtio-wl,
and other devices (virtio-gpu) may want to use them.
BUG=chromium:924405
TEST=compile
Change-Id: Iad0889da8ab3d23bb2378448fc05e3c840a93d93
Reviewed-on: https://chromium-review.googlesource.com/1626791
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This change allows an output to be set for each serial device for a
guest machine (stdout, syslog, or sink).
BUG=chromium:953983
TEST=FEATURES=test emerge-sarien crosvm; cd sys_util; cargo test;
./build_test; manual testing on x86_64 and aarch_64
Change-Id: I9e7fcb0b296c0f8a5aa8d54b1a74ae801f6badc8
Reviewed-on: https://chromium-review.googlesource.com/1572813
Commit-Ready: Trent Begin <tbegin@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Trent Begin <tbegin@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
We're changing the content of the low_mem margin file to handle
multiple values to support notification for multiple memory pressure
levels. The values will be from most critical to least, so we need to
handle this by fetching the first value.
BUG=chromium:736538
TEST=run vm.CrostiniStartEverything with and put memory pressure on the system
Change-Id: I0278ed492ddda1594d53750e0d4024a878210c9f
Reviewed-on: https://chromium-review.googlesource.com/1584644
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Renames field memory_mb to memory_size. All usages of this
field treat it as a memory size in bytes, not megabytes.
BUG=None
TEST=cargo check
TEST=cargo check --package aarch64 --target aarch64-unknown-linux-gnu
Change-Id: I7b1aefe4f0b612d5eeb2987dc2a0fce6db0dd228
Reviewed-on: https://chromium-review.googlesource.com/1585617
Commit-Ready: Jakub Staroń <jstaron@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Originally, crosvm would list details about an attached usb device for a
given port. This change allows getting details about multiple ports at
once. This is intended to simplify command line usage and downstream
consumers like concierge.
TEST=various vmc commands
Chrome UI for handling USB devices
BUG=chromium:831850
Change-Id: I55681a7fea7425c897a22a579dcc15567683ef54
Reviewed-on: https://chromium-review.googlesource.com/1529765
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Extracts BalloonAdjust from VmRequest into BalloonControlCommand.
BUG=None
TEST=cargo test
TEST=cargo test --package msg_socket
TEST=cargo test --package devices
TEST=cargo test --package vm_control
TEST=tast -verbose run ${IP} vm.CrostiniStartEverything
Change-Id: Ia9f5778c37c8fd4fa560df413134d1b441142f64
Reviewed-on: https://chromium-review.googlesource.com/1565298
Commit-Ready: Jakub Staroń <jstaron@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Only clear signal when EINTR is indicated, rather than doing it after
each attempt to run the VM.
BUG=None
TEST=Local compile. Ran my diagnostic plugin and confirmed that pause
can still be trigger. Ran my benchmarking plugin and saw the time used
decrease by about 13%. The net reduction with 2 other changes is about
42%.
Change-Id: I118e05c6c62d1251946dd6432d4c933a3b8504fc
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1573219
Commit-Ready: Matt Delco <delco@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Pipes have better performance than sockets, so switch the vcpu
communication over to pipes. The vm communication channels will
continue to use sockets since that communication isn't performance
critical (and those messages sometimes exchange file descriptors, and
that functionality requires sockets).
TEST=local compile and confirmed that my diagnostic plugin is still
happy. The time it takes to run my benchmark plugin has decreased by
20%. This combined with my prior commit results in a net wall-clock
time reduction of 32%.
BUG=None
Change-Id: I44c198d62a3bbe3b539ff6ac79707d02488876e3
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1572873
Commit-Ready: Matt Delco <delco@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This change helps to improve performance in plugin communications by
removing unnecessary communication exchange.
The existing protocol basically requires the plugin to send a request
msg and wait for a reply msg. Prior to this change a plugin had to send
a wait request before it got a wait reply (which typically contains an IO
event notication). Similarly, when the plugin sends a resume request
there's also a resume reply that's sent.
The reply to the resume message serves no worthwhile purpose and can be
removed. In the common case there's also no need for the plugin to send
a wait request message--the prior operation was a resume so both sides
know that the only next legal operation is a wait. Thereforce, crosvm
can send a wait reply message without waiting for the plugin's request.
Another way to look at the situation is that a resume request message is
now answered by a wait reply message, and the overall message exchange
pattern looks less like http and more like async I/O.
The plugin's first call to wait is the one time that a wait request is
sent. This in turn will receive an wait-init reply.
TEST=Ran my diagnostic plugin and confirmed that it still passes (after
working around an 8-byte limitation in crosvm). Run my benchmarking
plugin and observed the time it takes to complete go down by 16.5%.
BUG=None
Change-Id: I9c93ba1d3a8f7814ca952f3dc7239d48675192e2
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1571066
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Matt Delco <delco@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
AddressAllocator now maintains a HashMap<Alloc, (u64, u64, u64)>,
which uniquely maps a Allocation enum (e.g: PciBar(bus, dev, bar),
GpuRenderNode, etc...) to it's address, size, and human-readable tag
/ description.
The interface has also been modified to use Error instead of Option.
Aside from improving debugging, tracking allocations will have
numerous uses in the future. For example, when allocating guest memory
over VmControl sockets, it will be possible to restrict allocations to
pre-allocated slices of memory owned by the requesting device.
To plumb through PCI information to PCI devices, this CL necessitated
the addition of a PciDevice method called `assign_bus_dev`, which
notifies PCI devices of their uniquely assigned Bus and Device numbers.
BUG=chromium:936567
TEST=cargo test -p resources && cargo build --features="gpu gpu-forward"
Change-Id: I8b4b0e32c6f3168138739249ede53d03143ee5c3
Reviewed-on: https://chromium-review.googlesource.com/1536207
Commit-Ready: Daniel Prilik <prilik@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This CL fixes four cases of what I believe are undefined behavior:
- In vhost where the original code allocates a Vec<u8> with 1-byte
alignment and casts the Vec's data pointer to a &mut vhost_memory
which is required to be 8-byte aligned. Underaligned references of
type &T or &mut T are always undefined behavior in Rust.
- Same pattern in x86_64.
- Same pattern in plugin::vcpu.
- Code in crosvm_plugin that dereferences a potentially underaligned
pointer. This is always undefined behavior in Rust.
TEST=bin/clippy
TEST=cargo test sys_util
Change-Id: I926f17b1fe022a798f69d738f9990d548f40c59b
Reviewed-on: https://chromium-review.googlesource.com/1566736
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
As described in:
https://doc.rust-lang.org/edition-guide/rust-2018/ownership-and-lifetimes/default-match-bindings.html
which also covers the new mental model that the Rust Book will use for
teaching binding modes and has been found to be more friendly for both
beginners and experienced users.
Before:
match *opt {
Some(ref v) => ...,
None => ...,
}
After:
match opt {
Some(v) => ...,
None => ...,
}
TEST=cargo check --all-features
TEST=local kokoro
Change-Id: I3c5800a9be36aaf5d3290ae3bd3116f699cb00b7
Reviewed-on: https://chromium-review.googlesource.com/1566669
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Before the new borrow checker in the 2018 edition, we sometimes used to
have to manually insert curly braced blocks to limit the scope of
borrows. These are no longer needed.
Details in:
https://doc.rust-lang.org/edition-guide/rust-2018/ownership-and-lifetimes/non-lexical-lifetimes.html
TEST=cargo check --all-features
TEST=local kokoro
Change-Id: I59f9f98dcc03c8790c53e080a527ad9b68c8d6f3
Reviewed-on: https://chromium-review.googlesource.com/1568075
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
In Rust 2018 edition, `extern crate` is no longer required for importing
from other crates. Instead of writing:
extern crate dep;
use dep::Thing;
we write:
use dep::Thing;
In this approach, macros are imported individually from the declaring
crate rather than through #[macro_use]. Before:
#[macro_use]
extern crate sys_util;
After:
use sys_util::{debug, error};
The only place that `extern crate` continues to be required is in
importing the compiler's proc_macro API into a procedural macro crate.
This will hopefully be fixed in a future Rust release.
extern crate proc_macro;
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
TEST=local kokoro
Change-Id: I0b43768c0d81f2a250b1959fb97ba35cbac56293
Reviewed-on: https://chromium-review.googlesource.com/1565302
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Macros were previously imported through `#[macro_use] extern crate`,
which is basically a glob import of all macros from the crate. As of
2018 edition of Rust, `extern crate` is no longer required and macros
are imported individually like any other item from a dependency. This CL
fills in all the appropriate macro imports that will allow us to remove
our use of `extern crate` in a subsequent CL.
TEST=cargo check --all-features --tests
TEST=kokoro
Change-Id: If2ec08b06b743abf5f62677c6a9927c3d5d90a54
Reviewed-on: https://chromium-review.googlesource.com/1565546
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
To avoid wasting time re-sorting these things (CL:1492612).
https://docs.rs/remain
Disclaimer: I wrote the macro.
This CL adds #[sorted] attributes to those Error enums that seemed to
have made some effort to be in sorted order.
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
TEST=emerge-nami crosvm
TEST=local kokoro
CQ-DEPEND=CL:1524247
Change-Id: I89685ced05e2f149fa189ca509bc14c70aebb531
Reviewed-on: https://chromium-review.googlesource.com/1515998
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
This de-duplicates the two separate build.rs files dealing with proto
compilation. The trunks interface.proto will be exposed under
protos::trunks and the plugin proto will be exposed under protos::plugin.
BUG=none
TEST=cargo check
TEST=cargo check --features tpm
TEST=cargo check --features plugin
TEST=cargo check --features tpm,plugin
TEST=FEATURES=test emerge-nami crosvm
TEST=FEATURES=test USE=crosvm-tpm emerge-nami crosvm
TEST=FEATURES=test USE=crosvm-plugin emerge-nami crosvm
TEST=FEATURES=test USE='crosvm-tpm crosvm-plugin' emerge-nami crosvm
TEST=local kokoro
CQ-DEPEND=CL:1553971
Change-Id: I203b654a38e9d671a508156ae06dfb6f70047c4f
Reviewed-on: https://chromium-review.googlesource.com/1556417
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Host/device sockets are now created as a pairs of MsgSockets instead of UnixSeqpacket sockets.
BUG=chromium:950663
TEST=cargo check
TEST=cargo test
Change-Id: I8f61a711fe3c2547bf5d18fcfa23bfd0dc0ef5fd
Reviewed-on: https://chromium-review.googlesource.com/1559041
Commit-Ready: Jakub Staroń <jstaron@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Jakub Staroń <jstaron@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This allows setting the affinity of the VCPU threads to specific host
CPUs. Note that each individual CPU has its affinity set to the full
set of CPUs specified, so the host kernel may still reschedule VCPU
threads on whichever host CPUs it sees fit (within the specified set).
BUG=chromium:909793
TEST=build_test
Change-Id: I09b893901caf91368b64f5329a6e9f39027fef23
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1554865
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Separated out of CL:1513058 to make it possible to land parts
individually while the affected crate has no other significant CLs
pending. This avoids repeatedly introducing non-textual conflicts with
new code that adds `use` statements.
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: If27a414db82bd6005d8067af24639f309d3b5e2e
Reviewed-on: https://chromium-review.googlesource.com/1519691
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Found by running: `cargo rustc -- -D bare_trait_objects`
Bare trait objects like `&Trait` and `Box<Trait>` are soft-deprecated in
2018 edition and will start warning at some point.
As part of this, I replaced `Box<Trait + 'static>` with `Box<dyn Trait>`
because the 'static bound is implied for boxed trait objects.
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
TEST=local kokoro
Change-Id: I41c4f13530bece8a34a8ed1c1afd7035b8f86f19
Reviewed-on: https://chromium-review.googlesource.com/1513059
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
As of Rust 1.33.0, use of trim_left_matches warns that it is
deprecated and should be replaced with trim_start_matches.
BUG=None
TEST=build_test
Change-Id: I42bd5dba10aeffcd076882d28cb02551c50ff614
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1534963
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Both "multiprocess" and "disable-sandbox" control the same config
and actually they have same final effects. So just remove "multiprocess"
argument and also rename "multiprocess" to "sandbox" to make it more
clear.
BUG=None
TEST=`cros_run_unit_tests --board=eve --packages=crosvm`
Change-Id: I313d110af48b43231b1426332b63868cb0218490
Reviewed-on: https://chromium-review.googlesource.com/1524375
Commit-Ready: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This is an easy step toward adopting 2018 edition eventually, and will
make any future CL that sets `edition = "2018"` this much smaller.
The module system changes in Rust 2018 are described here:
https://doc.rust-lang.org/edition-guide/rust-2018/module-system/path-clarity.html
Generated by running:
cargo fix --edition --all
in each workspace, followed by bin/fmt.
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: I000ab5e69d69aa222c272fae899464bbaf65f6d8
Reviewed-on: https://chromium-review.googlesource.com/1513054
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Avoiding Box<dyn Error> makes it less likely that we display errors with
insufficient context by accident.
Many of the errors touched in this CL already had helpful message
written! But those corresponding enum variants were never being
instantiated, and that bug was masked by Box<dyn Error>. For example see
the Error::LoadCmdline and Error::LoadKernel.
pub enum Error {
LoadCmdline(kernel_loader::Error),
...
}
Before this CL:
// Bug: boxes the underlying error without adding LoadCmdline
kernel_loader::load_cmdline(...)?;
After this CL:
kernel_loader::load_cmdline(...).map_err(Error::LoadCmdline)?;
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: I7c0cff843c2211565226b9dfb4142ad6b7fa15ac
Reviewed-on: https://chromium-review.googlesource.com/1502112
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Very similar to the trackpad device, it has the INPUT_PROP_DIRECT
property and does not support any buttons, just touch events.
Change-Id: I2c963013e402ff2aa1b4b529c6c494dd57f4add9
Reviewed-on: https://chromium-review.googlesource.com/1509697
Commit-Ready: Jorge Moreira Broche <jemoreira@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
In case crosvm starts with elevated capabilities (for example, we need
to start with CAP_SETGID to be able to map additional gids into plugin
jail), we should drop them before spawning VCPU threads.
BUG=b:117989168
TEST=Start plugin via concierge_client and verify the process does not
have any effective or permitted privileges.
tast run [] 'vm.*'
Change-Id: Ia1e80bfe19b296936d77fe9ffeda361211b41eed
Reviewed-on: https://chromium-review.googlesource.com/1506296
Commit-Ready: Dmitry Torokhov <dtor@chromium.org>
Tested-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Avoiding Box<dyn Error> makes it less likely that we display errors with
insufficient context by accident.
For example the following code which existed before this CL:
let dev_file = OpenOptions::new()
.read(true)
.write(true)
.open(dev_path)
.map_err(|e| Box::new(e))?;
This code converts io::Error directly to Box<dyn Error> without
providing enough context to debug what happened just from the io error
message.
The new code is forced to provide a dedicated Error enum variant which
carries a handwritten message and possibly further context:
.map_err(|e| Error::OpenVinput(dev_path.to_owned(), e))?;
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: I67d3f1f6f3f92a10d63462584e9546f8ad7074b2
Reviewed-on: https://chromium-review.googlesource.com/1501656
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
I made a separate function to create each distinct VirtioDeviceStub.
Some advantages:
- Makes it easier to see the top level structure of create_devices
(which used to be 463 lines all in one function) -- how it loops
over inputs, how it decides to conditionally create particular
device types.
- Makes it clearer to follow when resources are shared across multiple
devices, particularly resource_bridge_wl_socket. The uses of
resource_bridge_wl_socket used to be 87 lines apart before this CL.
Now it spans only 27 lines so fits on one screen.
- Reduces indentation to leave more space for rustfmt to format the
device creation in a more readable way.
- Improves the ability to use short variable names whose meanings are
scoped to one device. For example wayland and balloon device
creation used to have to manipulate wayland_device_socket and
balloon_device_socket. Now create_wayland_device and
create_balloon_device can each deal with just a thing called
'socket' whose meaning is specific to the appropriate device.
TEST=cargo check
TEST=cargo check --all-features
Change-Id: I50dc53051598668b4d3cabbae588add783b1fb79
Reviewed-on: https://chromium-review.googlesource.com/1501652
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
For the commands that verify the length of arguments, returning
Ok on an invalid length will confuse any external programs that
launch crosvm because they still get exit code of success from
crosvm even when the command failed.
Also add a missed return of 'create_qcow2' sub-command.
BUG=None
TEST=some basic tests:
() cargo check
() verify the return value from changed sub-commands is not 0 with
an invalid argument length.
() launch a VM with concierge_client from a root shell
Change-Id: I8278107a4d2fcf3cb6fafb65f30f431f97f7deb1
Signed-off-by: Jianxun Zhang <jianxun.zhang@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/1501552
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The description method is deprecated and its signature forces less
helpful error messages than what Display can provide.
BUG=none
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: I27fc99d59d0ef457c5273dc53e4c563ef439c2c0
Reviewed-on: https://chromium-review.googlesource.com/1497735
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
When running in multiprocess mode, such as on a device, TPM state gets
placed in /run/vm/tpm.{pid} (e.g. /run/vm/tpm.22726) where pid is the
pid of the original crosvm process. The TPM simulator will write a
single file called NVChip of size 16384 bytes into this directory. The
directory and NVChip file will have uid and pid set to crosvm.
When running without multiprocess mode / without minijail / probably in
cros_sdk, TPM state is placed in /tmp/tpm-simulator as before. The
/run/vm directory is not present under cros_sdk.
Will follow up with a separate CL to remove the TPM state directory at
crosvm exit.
Tested by running the following on a grunt board (Barla) in dev mode:
sudo crosvm run \
--root rootfs.ext4 \
--socket crosvm.sock \
--seccomp-policy-dir seccomp \
--software-tpm \
-p init=/bin/bash \
-p panic=-1 \
vmlinux.bin
and confirming that /dev/tpm0 and /dev/tpmrm0 are present in the VM.
BUG=chromium:921841
TEST=manual testing on grunt
Change-Id: I1868896b9eb6f510d8b97022ba950b3604d9d40b
Reviewed-on: https://chromium-review.googlesource.com/1496910
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The same logic will be needed for the TPM device in a later CL.
BUG=none
TEST=cargo check
TEST=cargo check --features gpu
Change-Id: I1497a5eab51752db80b4b457834e45d669af69b7
Reviewed-on: https://chromium-review.googlesource.com/1497731
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Rename functions and parameters that had 'virtio' in their names
because we also create non-virtio devices like audio.
BUG=none
TEST=emerge-eve crosvm and deploy it to the device, verify some of
devices are still created at /sys/bus/virtio/devices/
Change-Id: I3ea75159a865e5f00ecef349725b3c12f94afaca
Signed-off-by: Jianxun Zhang <jianxun.zhang@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/1480739
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Plugin needs to access to various services such as cras, cups, and so
on, and therefore we need to make sure their respective groups are
mapped in the plugin jail.
BUG=b:117989168
TEST=Start plugin via concierge_client and verify that additional
groups besides crosvm are visible in the jail.
Change-Id: Ic1151fcfca0ca75c9ae6a22828853bbe6c9fe16c
Reviewed-on: https://chromium-review.googlesource.com/1495723
Commit-Ready: Dmitry Torokhov <dtor@chromium.org>
Tested-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Use a function to reduce the repetition.
BUG=None
TEST=some basic build and runtime tests on an eve device:
() run 'cargo check' and 'emerge-eve crosvm'
() launch default termina VM from GUI, install and open
eclipse app to test network, input and graphic features
() launch a test VM instance from shell and vsh into it,
verify virtio devices are created at
/sys/bus/virtio/devices/
Change-Id: If66defdd584cf9afa6f38531e41b85d327362dfa
Signed-off-by: Jianxun Zhang <jianxun.zhang@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/1480738
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Now that the connection oriented seqpacket sockets are used for vm
control messages, a response can be received by the requested. This
change prints out that response.
TEST=crosvm suspend|resume|balloon|stop <socket>
BUG=chromium:848187
Change-Id: I18ac23c26127332e2be498113cc0c3310fd09a7d
Reviewed-on: https://chromium-review.googlesource.com/1482370
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The advantage of seqpacket is that they are connection oriented. A
listener can be created that accepts new connections, useful for the
path based VM control sockets. Previously, the only bidirectional
sockets in crosvm were either stream based or made using socketpair.
This change also whitelists sendmsg and recvmsg for the common device
policy.
TEST=cargo test
BUG=chromium:848187
Change-Id: I83fd46f54bce105a7730632cd013b5e7047db22b
Reviewed-on: https://chromium-review.googlesource.com/1470917
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This allows the default pivot root used by crosvm to be defined at
build time. If it is not set, /var/empty is used.
BUG=chromium:934513,chromium:933582
TEST=PreCQ passes
Change-Id: I2b461170e6b75324740d4ff709fd599085cefe18
Reviewed-on: https://chromium-review.googlesource.com/1483330
Commit-Ready: Allen Webb <allenwebb@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Gate the current software tpm device behind a crosvm flag called
`--software-tpm`. When we get to leveraging the physical tpm, we will
likely want that behind a separate `--hardware-tpm` flag that is
automatically detected when the vm being launched is gLinux.
Based on feedback from apronin:
> Hm, long-term it may actually make sense to have software-tpm and
> real-tpm-for-glinux as two separate run-time options and only enable
> real-tpm-for-glinux for glinux.
>
> we want to protect guests from exploits, but we also want to limit
> access to tpm for random guests. So, enterprises may set this to "no
> TPM" for Linux images their employees run on their devices, so that
> they don't get creative with trying to break TPM from inside those
> images.
BUG=chromium:911799
TEST=run TPM playground program inside crosvm with flag set
TEST=confirm TPM playground does not run with flag unset
Change-Id: I1bccf62be63d40203463623f43b1a6ee2d51f6c0
Reviewed-on: https://chromium-review.googlesource.com/1478377
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
I have been running into Debug-printed error messages too often and
needing to look up in the source code each level of nested errors to
find out from the comment on the error variant what the short name of
the variant means in human terms. Worse, many errors (like the one shown
below) already had error strings written but were being printed from the
calling code in the less helpful Debug representation anyway.
Before:
[ERROR:src/main.rs:705] The architecture failed to build the vm: NoVarEmpty
After:
[ERROR:src/main.rs:705] The architecture failed to build the vm: /var/empty doesn't exist, can't jail devices.
TEST=cargo check --all-features
TEST=FEATURES=test emerge-amd64-generic crosvm
Change-Id: I77122c7d6861b2d610de2fff718896918ab21e10
Reviewed-on: https://chromium-review.googlesource.com/1469225
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
PluginVm uses /dev/urandom, so we need to mount it, along with
/dev/zero, /dev/null, and /dev/full.
Note that we are not using minijail's mount_dev() API because it will
try to create tmpfs without using MS_NODEV flag and, since crovm may not
have CAP_SYS_ADMIN capability, Chrome OS LSM will stop it. So we rely on
the parent process to have minimal set of devices present and bind-mount
those into the jail.
BUG=b:117989168
TEST=cargo test --features=plugin
Change-Id: I6d8ab122c56614a8f7dbfe3d0eb8ed33532dc6a7
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1447551
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
I was skimming the gpu flag code (tpm will need something similar) and
found the way resource_bridge_wl_socket is used misleading. The same
variable is declared in two different places depending on whether
building with gpu. This CL combines them into one `let` statement.
Also moved the generic param onto None which comes out more readable
after rustfmt while still providing helpful context for the reader.
TEST=cargo check && cargo check --features gpu
Change-Id: I57a1ae214947475efa7bf01ab123a71a58411244
Reviewed-on: https://chromium-review.googlesource.com/1470915
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Allow --tap-fd to be given mutliple times, a different virtual network
card will be added each time the flag is given.
Additionally, --tap-fd is no longer mutually exclusive with --host-ip,
etc.
Bug=chromium:931470
Test=booted cuttlefish device with multiple network cards
Change-Id: I4108f97c7f4b19db12fcb3c533088a04a58e56db
Reviewed-on: https://chromium-review.googlesource.com/1469222
Commit-Ready: Jorge Moreira Broche <jemoreira@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Jorge Moreira Broche <jemoreira@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The default panic hook prints panic information and a backtrace to
stderr, where it gets dropped into /dev/null in the typical crostini
context.
This change adds a panic hook that will call the default panic hook
with stderr redirected to a pipe, which will then get forwarded to
syslog.
The new hook also forces an abort at the end to ensure the crash
reporter sees the panicked crosvm process, which will generate a
minidump for later debugging.
TEST=manually add panic!() observe /var/log/messages
BUG=None
Change-Id: I4e76afe811943e55cec91761447e03b949a674a4
Reviewed-on: https://chromium-review.googlesource.com/1440881
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Based on Linux boot protocol references:
- x86: Documentation/x86/boot.txt
- arm: Documentation/devicetree/bindings/chosen.txt
BUG=None
TEST=Boot Alpine Linux netboot initrd on x86_64 and aarch64
Change-Id: If4730765638f0a0b8bb8f63203c98e4765a354ee
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1407221
Tested-by: kokoro <noreply+kokoro@google.com>
This allows decoupling input from the wayland socket while using a
standard virtio device for it. The proposed virtio input spec can be
found at
https://www.kraxel.org/virtio/virtio-v1.0-cs03-virtio-input.pdf, it
has already been implemented in qemu and (guest) kernel support exists
since version 4.1.
This change adds the following options to crosvm:
--evdev: Grabs a host device and passes it through to the guest
--<device>: Creates a default configuration for <device>,
receives the input events from a unix socket. <device> can be
'keyboard', 'mouse' or 'trackpad'.
Bug=chromium:921271
Test=booted on x86 linux and manually tried virtio-input devices
Change-Id: I8455b72c53ea2f431009ee8140799b0797775e76
Reviewed-on: https://chromium-review.googlesource.com/1412355
Commit-Ready: Jorge Moreira Broche <jemoreira@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This device tree is derived from the Android fstab file which is
provided via command line flag.
BUG=chromium:922737
TEST=None
CQ-DEPEND=CL:1415390
CQ-DEPEND=CL:1415270
Change-Id: Idd007c844f84cab3ff37be16a718f14e5f630312
Reviewed-on: https://chromium-review.googlesource.com/1370058
Commit-Ready: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Each device (Bus, Pci, Proxy, etc), gets a debug label associated with
it. When a child is spawned, the debug label for it is stored in
a map with the child's pid as the key. If a SIGCHLD is handled, this map
is used to print a more helpful message about exactly which child died.
BUG=None
TEST=run with sandboxing and a faulty child device
check logs for message about child died
the child should have a debug label
Change-Id: I61fbbee0a8e701249533a7a3a6a1ad48840f12e5
Reviewed-on: https://chromium-review.googlesource.com/1432835
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This CL adds a "tpm" Cargo cfg to crosvm which enables a TPM device
backed by libtpm2 simulator.
Tested by running the following inside cros_sdk:
LIBRARY_PATH=~/src/minijail LD_LIBRARY_PATH=~/src/minijail \
cargo run --release \
--features tpm \
-- \
run \
-r rootfs.ext4 \
--seccomp-policy-dir seccomp/x86_64/ \
-p init=/bin/bash \
-p panic=-1 \
--disable-sandbox \
vmlinux.bin
with a Linux image built from CL:1387655.
The TPM self test completes successfully with the following output:
https://paste.googleplex.com/5996075978588160?raw
Justin's TPM playground runs with the following trace output.
https://paste.googleplex.com/4909751007707136?raw
Design doc: go/vtpm-for-glinux
TEST=ran TPM playground program inside crosvm
TEST=local kokoro
BUG=chromium:911799
Change-Id: I2feb24a3e38cba91f62c6d2cd1f378de4dd03ecf
Reviewed-on: https://chromium-review.googlesource.com/1387624
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
On KVM implementations that use a paravirtualized clock (e.g. x86), a flag
must be set to indicate to the guest kernel that a VCPU was suspended. The
guest kernel will use this flag to prevent the soft lockup detection from
triggering when this VCPU resumes, which could happen days later in real time.
BUG=chromium:920875
TEST=inside VM `sha256sum /dev/urandom`, `crosvm suspend`, wait 30
seconds, `crosvm resume`
Change-Id: Id479ec0c26c17499ce0d638185a79e7b19ccc69c
Reviewed-on: https://chromium-review.googlesource.com/1417190
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This change adds the suspend and resume commands to crosvm, as well as
corresponding VmRequest variants and VCPU loop support. When a request
triggers a VmRunMode change, the Mutex guarded shared VmRunMode variable
is mutated and the associated Condvar is notified. Each VCPU thread is
interrupted to kick it out of the KVM_RUN call and checks the VmRunMode,
If the VCPU was already suspended by waiting for the Condvar, the
notify_all call will wake up the thread, upon which the VCPU thread can
respond to the new mode.
TEST=crosvm suspend/crosvm resume
BUG=chromium:920875
Change-Id: Ibbeb748ab0d64402c7196890815e8e1cb4dfca38
Reviewed-on: https://chromium-review.googlesource.com/1416317
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
the few uses of rand::thread_rng() have been replaced with either
prngs or reads from /dev/urandom. the implementations are under
the `rand_ish` minicrate.
`protoc-rust` depends on `tempdir`, which relies on rand, so
`tempdir` has been patched with a rewritten version that does not
have rand as a dependency.
BUG=chromium:921795
TEST=cargo test --features plugin
Change-Id: I6f1c7d7a1aeef4dd55ac71e58294d16c291b8871
Reviewed-on: https://chromium-review.googlesource.com/1409705
Commit-Ready: Daniel Prilik <prilik@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This allows manual resizing of block devices at runtime via the command
line ('crosvm disk resize <index> <size>'). The virtio config interrupt
is asserted when the disk size changes so that the guest driver can
update the block device to the updated size.
Currently, there is no automatic policy for resizing disks - that will
be implemented in another change. Additionally, this resize operation
just changes the size of the block device; the filesystem will need to
be resized by the guest (e.g. via the 'btrfs filesystem resize' command)
as a separate step either before (shrinking) or after (expanding) the
disk resize operation.
BUG=chromium:858815
TEST=Start crosvm with a control socket (-s) and resize the disk with
'crosvm disk resize' from another shell.
Change-Id: I01633a7af04bfbaffbd27b9227274406d2a2b9cb
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394152
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Fixes a compiler warning when building with plugin enabled.
BUG=None
TEST='cargo build --features=plugin'
Change-Id: Icbd731b249089d271caca17e192b7a539ba7219c
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1401124
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
The crosvm run --plugin option was behind #[cfg(feature = "plugin")],
but the recently-added --plugin-root and --plugin-mount were not. Add
feature checks around those options as well so that they are only
enabled when the plugin feature is enabled (and so they don't show up in
crosvm run -h for a non-plugin build).
Also allow dead code in struct BindMount, since this is only used for
plugin-enabled builds.
We could wrap all of the plugin-related command line parsing code with
feature checks instead, but that adds a lot of clutter and makes the
code harder to read.
BUG=None
TEST='cargo build' and 'cargo build --features=plugin'
Change-Id: Ieb240cfc55b8cad64748fe39c7de5faa58f1a26c
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1401123
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
The plugin process may need access to writable directories where it can
store its state. Add a plugin-mount option to specify paths that should
be mounted into the plugin's jail.
BUG=b:80150167
TEST=run plugin_adder and plugin_net_config
Change-Id: I2c87d19ab67edaaf99a2cfea6872d3531101d260
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341106
Add support for having the tap fd be passed in on the command line the
same way we do for linux.
BUG=b:80150167
TEST=run plugin_net_config (after changing the expected ip/netmask/mac
address appropriately)
Change-Id: Ic81b167b7bb2caa71ce5931921b87d9eeca69af9
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341105
We use the tap device interface name in some ioctls. When we are
creating a Tap struct from a raw fd make sure that we also grab the
interface name so that these ioctls don't fail later.
BUG=b:80150167
TEST=run the plugin_net_config test
Change-Id: Ic308ebd55d0545c1b445fc6abdf017fdc7ab594b
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341104
When minijail is given a uid/gid map but is not given a uid/gid to
change to, it will default to setting the uid/gid inside the new user
namespace to root. This works fine if crosvm is launched as root but
fails miserably otherwise since we only map the current euid/egid into
the user namespace (and so 0 is not a valid uid/gid).
We would normally want to fix this by having minijail change its uid/gid
to the current euid/egid. However, because of the way minijail is set
up it only attempts to enter a new net namespace after exec-ing the
program to be jailed. Entering a new net namespace requires
CAP_SYS_ADMIN in the current namespace and this capability gets dropped
the moment we switch to a non-root user.
So to deal with this we map root inside the namespace to the crosvm user
outside the namespace. This allows us to enter a new net namespace and
we already tell minijail to drop all caps so the plugin will not have
any caps when it actually runs.
BUG=b:80150167
TEST=run plugin_adder
Change-Id: I10c9e6bef859fd787dd6e17d5cf2ff3e552501fb
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341103
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Mounting a filesystem with the `exec` flag has required CAP_SYS_ADMIN in
the init namespace since February 2018.
BUG=b:80150167
TEST=run the plugin_adder test plugin
Change-Id: Ibf3fdf52314d15f0154742e1b6c11f73155d2d59
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341102
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
validate_raw_fd is needed for the plugin crate. Move it into a common
location so that it can be shared by both the linux and plugin code.
BUG=b:80150167
TEST=manual
Change-Id: I427e10716e75b2619fd0f4ba6725fa40446db4af
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341101
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The expressions that are being converted to usize are already naturally
usize without the casts.
BUG=None
TEST=build_test
Change-Id: Ifb8553e20a3d57cb5edb38dcfcd423edf12a1a28
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1396483
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The balloon socket interface was changed to take an absolute number of
pages in a u64 in commit 448516e3f9 ("balloon: Implement device
policy"), but the 'crosvm balloon' command wasn't updated to match. Fix
the crosvm front-end to send a u64 as expected by the command socket
reader instead of the i32 it was sending previously, and change the
parameter to bytes instead of pages to match the receiving end as well.
BUG=None
TEST=crosvm balloon a running VM to various sizes
Change-Id: I265bee55c06809de7559a79a5eb6d0d094533993
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394157
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
We updated the production toolchain from 1.30 to 1.31 in CL:1366446.
This CL does the same upgrade for the local developer toolchain and
Kokoro.
The relevant changes are in rust-toolchain and kokoro/Dockerfile.
The rest are from rustfmt.
TEST=cargo fmt --all -- --check
TEST=as described in kokoro/README.md
Change-Id: I3b4913f3e237baa36c664b4953be360c09efffd4
Reviewed-on: https://chromium-review.googlesource.com/1374376
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This change uses the resource bridge between virtio-gpu and virtio-cpu
to send resources over the host wayland connection that originated from
the virtio-gpu device. This will help support gpu accelerated wayland
surfaces.
BUG=chromium:875998
TEST=wayland-simple-egl
Change-Id: I3340ecef438779be5cb3643b2de8bb8c33097d75
Reviewed-on: https://chromium-review.googlesource.com/1182793
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This CL adds a crate `sync` containing a type sync::Mutex which wraps
the standard library Mutex and mirrors the same methods, except that
they panic where the standard library would return a PoisonError. This
API codifies our error handling strategy around poisoned mutexes in
crosvm.
- Crosvm releases are built with panic=abort so poisoning never occurs.
A panic while a mutex is held (or ever) takes down the entire process.
Thus we would like for code not to have to consider the possibility of
poison.
- We could ask developers to always write `.lock().unwrap()` on a
standard library mutex. However, we would like to stigmatize the use
of unwrap. It is confusing to permit unwrap but only on mutex lock
results. During code review it may not always be obvious whether a
particular unwrap is unwrapping a mutex lock result or a different
error that should be handled in a more principled way.
Developers should feel free to use sync::Mutex anywhere in crosvm that
they would otherwise be using std::sync::Mutex.
TEST=boot linux
Change-Id: I9727b6f8fee439edb4a8d52cf19d59acf04d990f
Reviewed-on: https://chromium-review.googlesource.com/1359923
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
I noticed this questionable loop that never loops in CL:1357700. Purely
guessing as to what it was supposed to do -- I have not tested this
codepath.
TEST=cargo check
Change-Id: I4560b80f080112a78adf440a663341f4fb0f1070
Reviewed-on: https://chromium-review.googlesource.com/1359010
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The `while sig_ok` in the original code suggests that `sig_ok` would be mutated
by the loop body, but it was not. Really `while sig_ok` was being used to mean
`if sig_ok { loop { ... } }`, with breaks to exit the loop body.
I replaced `while sig_ok` with `if sig_ok` containing `loop`. Since this is an
extra layer of indentation, I removed two layers of indentation by flattening a
a nested match so the new code is overall less indented than before.
Clippy flags such loops in which the loop condition never changes as high
confidence of being a bug or at least misleading:
https://rust-lang.github.io/rust-clippy/master/index.html#while_immutable_condition
TEST=run linux
Change-Id: Ib925bbedbdda11bb50e47f8dd55c2f5af7c53698
Reviewed-on: https://chromium-review.googlesource.com/1357699
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Hopefully the changes are self-explanatory and uncontroversial. This
eliminates much of the noise from `cargo clippy` and, for my purposes,
gives me a reasonable way to use it as a tool when writing and reviewing
code.
Here is the Clippy invocation I was using:
cargo +nightly clippy -- -W clippy::correctness -A renamed_and_removed_lints -Aclippy::{blacklisted_name,borrowed_box,cast_lossless,cast_ptr_alignment,enum_variant_names,identity_op,if_same_then_else,mut_from_ref,needless_pass_by_value,new_without_default,new_without_default_derive,or_fun_call,ptr_arg,should_implement_trait,single_match,too_many_arguments,trivially_copy_pass_by_ref,unreadable_literal,unsafe_vector_initialization,useless_transmute}
TEST=cargo check --features wl-dmabuf,gpu,usb-emulation
TEST=boot linux
Change-Id: I55eb1b4a72beb2f762480e3333a921909314a0a2
Reviewed-on: https://chromium-review.googlesource.com/1356911
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Refactor existing code to use msg_socket.
BUG=None
TEST=local build and run
Change-Id: Iee72326b330e035303f679e1aedd6e5d18ad4f8a
Reviewed-on: https://chromium-review.googlesource.com/1260260
Commit-Ready: Jingkui Wang <jkwang@google.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
