Not sure if adding the device addresses to the mmio bus
is the desired behavior, but it seems to work.
BUG=chromium:924405
TEST=boot VM
Change-Id: I7f6057b3e7d041a52b251af1203353ba7a0d3c22
Reviewed-on: https://chromium-review.googlesource.com/1480743
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The idea is that virtio devices can specify additional memory
regions.
BUG=chromium:924405
TEST=run VM
Change-Id: I2a9f233ca8e2bc4fd9b05ee83101b11deb6e7b04
Reviewed-on: https://chromium-review.googlesource.com/1480742
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This removes add_memory_region and add_io_region, and replaces
it with the add_pci_bar function.
BUG=chromium:924405
TEST=boot VM
Change-Id: Ifc637d174d3f8b1255cf13725a1a224b4cdf0a30
Reviewed-on: https://chromium-review.googlesource.com/1480741
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
We want to support 64-bit BARs and some additional functionality
is required.
BUG=chromium:924405
TEST=compile
Change-Id: I06aba41b6dfb9649437a417a32cb450d19d0d937
Reviewed-on: https://chromium-review.googlesource.com/1480740
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The advantage of seqpacket is that they are connection oriented. A
listener can be created that accepts new connections, useful for the
path based VM control sockets. Previously, the only bidirectional
sockets in crosvm were either stream based or made using socketpair.
This change also whitelists sendmsg and recvmsg for the common device
policy.
TEST=cargo test
BUG=chromium:848187
Change-Id: I83fd46f54bce105a7730632cd013b5e7047db22b
Reviewed-on: https://chromium-review.googlesource.com/1470917
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
These panic!()s might be user-triggerable, and in any event are not fatal errors.
BUG=chromium:908689
TEST=Unit tests in file.
Change-Id: I774bb633dc627247bd807727542589400b59ed07
Reviewed-on: https://chromium-review.googlesource.com/1487674
Commit-Ready: Miriam Zimmerman <mutexlox@chromium.org>
Tested-by: Miriam Zimmerman <mutexlox@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
During review of CL:1387655 we observed that it shouldn't be necessary
for both vtpm_op_send and vtpm_op_recv to perform virtqueue kicks. It
should be sufficient for vtpm_op_send to place both an output buffer and
an input buffer on the virtio queue as a single descriptor chain, and
perform a single kick that executes both operations.
This requires a larger virtio queue because a single virtio buffer
cannot be both read and written.
BUG=chromium:911799
TEST=run TPM playground program inside crosvm
Change-Id: I6822efc3318a3952f91f64904e0434d916beae97
Reviewed-on: https://chromium-review.googlesource.com/1465642
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Cleanup only -- no functional change intended.
A lot of the current TPM virtio device is closely based on previously
existing virtio devices. This CL cleans up the TPM device in preparation
for a change that will let it handle send+recv as a single descriptor
chain.
- Pass all EventFds together inside of the Worker object.
- Introduce an Error enum to enable use of `?` error handling.
- Introduce NeedsInterrupt enum to clarify meaning of return value of
Worker::process_queue.
- Simplify code for instantiating Worker and spawning thread.
TEST=run TPM playground inside crosvm
Change-Id: I4a9a4b379a28d2336a1d9f2dce46f013e647ea16
Reviewed-on: https://chromium-review.googlesource.com/1478381
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
I have been running into Debug-printed error messages too often and
needing to look up in the source code each level of nested errors to
find out from the comment on the error variant what the short name of
the variant means in human terms. Worse, many errors (like the one shown
below) already had error strings written but were being printed from the
calling code in the less helpful Debug representation anyway.
Before:
[ERROR:src/main.rs:705] The architecture failed to build the vm: NoVarEmpty
After:
[ERROR:src/main.rs:705] The architecture failed to build the vm: /var/empty doesn't exist, can't jail devices.
TEST=cargo check --all-features
TEST=FEATURES=test emerge-amd64-generic crosvm
Change-Id: I77122c7d6861b2d610de2fff718896918ab21e10
Reviewed-on: https://chromium-review.googlesource.com/1469225
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Remove a bunch of TODOs that mention things that the C++ test does that
we don't need to do, and replace a TODO with a detailed explanation of
why the code behaves as it does.
BUG=chromium:908689
TEST=None; comment-only change
Change-Id: I6791fbe329e8cdd1cac0d55b7770927d60c051c4
Reviewed-on: https://chromium-review.googlesource.com/1454141
Commit-Ready: Miriam Zimmerman <mutexlox@chromium.org>
Tested-by: Miriam Zimmerman <mutexlox@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Some of the variants of the CommandCounter enum are not currently used;
add a directive to ignore dead code warnings for these variants, since
they are defined by the hardware/spec and may be used in the future.
BUG=None
TEST='cargo build' executes without warnings
Change-Id: I72b6cd24722de801ebfe63bb7419c4e972463082
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1454139
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Miriam Zimmerman <mutexlox@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This allows decoupling input from the wayland socket while using a
standard virtio device for it. The proposed virtio input spec can be
found at
https://www.kraxel.org/virtio/virtio-v1.0-cs03-virtio-input.pdf, it
has already been implemented in qemu and (guest) kernel support exists
since version 4.1.
This change adds the following options to crosvm:
--evdev: Grabs a host device and passes it through to the guest
--<device>: Creates a default configuration for <device>,
receives the input events from a unix socket. <device> can be
'keyboard', 'mouse' or 'trackpad'.
Bug=chromium:921271
Test=booted on x86 linux and manually tried virtio-input devices
Change-Id: I8455b72c53ea2f431009ee8140799b0797775e76
Reviewed-on: https://chromium-review.googlesource.com/1412355
Commit-Ready: Jorge Moreira Broche <jemoreira@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
As reported by the Firecracker team, the block device model doesn't
check if an I/O request starts before the end of the disk but extends
beyond it. For writes to disks backed by raw files, this could end up
unintentionally extending the size of the disk.
Add bounds checks to the request execution path to catch these
out-of-bounds I/Os and fail them. While we're here, fix a few other
minor issues: only seek for read and write requests (the 'sector' field
of the request should be ignored for flush, write zeroes, and discard),
and check for overflow when performing the shifts to convert from
sectors to bytes.
BUG=chromium:927393
TEST=cargo test -p devices block
Change-Id: I0dd19299d03a4f0716093091f173a5c507529963
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1448852
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
By default virglrenderer logs to stderr with VREND_DEBUG. dup stdout
which is logged via logger to stderr so that virglrenderer logs can be
seen.
BUG=chromium:925590
TEST=cat /var/log/messages
Change-Id: I3e1a5056dab9cfd895867b1835b421b144ee536b
Reviewed-on: https://chromium-review.googlesource.com/1441352
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The Ac97 device provides the guest with an audio playback device. All
input devices are stubbed out. Only playback at 48kHz is supported.
The device is emulated by `Ac97Dev` which interfaces with the PCI bus.
`Ac97Dev` uses `Ac97` to drive audio functions and emulate the device
registers. Physical Ac97 devices consist of two parts, the bus master
and a mixer. These two sets of registers are emulated by the
`Ac97BusMaster` and `Ac97Mixer` structures.
`Ac97BusMaster` handles audio samples and uses `Ac97Mixer` to determine
the configuration of the audio backend.
BUG=chromium:781398
TEST=crosvm run --disable-sandbox --null-audio --rwdisk gentoo.ext4 -c2
-m2048 -p 'root=/dev/vda snd_intel8x0.inside_vm=1
snd_intel8x0.ac97_clock=48000' vmlinux.bin
and play audio with aplay -d2 -Dhw:0,0 -f dat /dev/urandom
CQ-DEPEND=CL:1402264
CQ-DEPEND=CL:1421588
CQ-DEPEND=CL:1433794
CQ-DEPEND=CL:1432835
Change-Id: I9985ffad753bccc1bf468ebbdacec0876560a5e0
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1366544
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
Each device (Bus, Pci, Proxy, etc), gets a debug label associated with
it. When a child is spawned, the debug label for it is stored in
a map with the child's pid as the key. If a SIGCHLD is handled, this map
is used to print a more helpful message about exactly which child died.
BUG=None
TEST=run with sandboxing and a faulty child device
check logs for message about child died
the child should have a debug label
Change-Id: I61fbbee0a8e701249533a7a3a6a1ad48840f12e5
Reviewed-on: https://chromium-review.googlesource.com/1432835
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This CL adds a "tpm" Cargo cfg to crosvm which enables a TPM device
backed by libtpm2 simulator.
Tested by running the following inside cros_sdk:
LIBRARY_PATH=~/src/minijail LD_LIBRARY_PATH=~/src/minijail \
cargo run --release \
--features tpm \
-- \
run \
-r rootfs.ext4 \
--seccomp-policy-dir seccomp/x86_64/ \
-p init=/bin/bash \
-p panic=-1 \
--disable-sandbox \
vmlinux.bin
with a Linux image built from CL:1387655.
The TPM self test completes successfully with the following output:
https://paste.googleplex.com/5996075978588160?raw
Justin's TPM playground runs with the following trace output.
https://paste.googleplex.com/4909751007707136?raw
Design doc: go/vtpm-for-glinux
TEST=ran TPM playground program inside crosvm
TEST=local kokoro
BUG=chromium:911799
Change-Id: I2feb24a3e38cba91f62c6d2cd1f378de4dd03ecf
Reviewed-on: https://chromium-review.googlesource.com/1387624
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This allows manual resizing of block devices at runtime via the command
line ('crosvm disk resize <index> <size>'). The virtio config interrupt
is asserted when the disk size changes so that the guest driver can
update the block device to the updated size.
Currently, there is no automatic policy for resizing disks - that will
be implemented in another change. Additionally, this resize operation
just changes the size of the block device; the filesystem will need to
be resized by the guest (e.g. via the 'btrfs filesystem resize' command)
as a separate step either before (shrinking) or after (expanding) the
disk resize operation.
BUG=chromium:858815
TEST=Start crosvm with a control socket (-s) and resize the disk with
'crosvm disk resize' from another shell.
Change-Id: I01633a7af04bfbaffbd27b9227274406d2a2b9cb
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394152
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Add GuestMemory::write_all_at_addr, GuestMemory::read_exact_at_addr
which return error if the entire write or read cannot be completed.
Also rename write_slice_at_addr to write_at_addr, read_slice_at_addr to
read_at_addr to make the entire set of four methods consistent in naming
with the methods of std::io::Write and std::io::Read.
Context:
https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1387624/16/devices/src/virtio/tpm.rs#75
TEST=cargo test
Change-Id: Ia0775b75281ccf8030c84b41f9018a511204b8c9
Reviewed-on: https://chromium-review.googlesource.com/1407156
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This will allow the disk size to be changed from the worker thread
during resize operations.
BUG=chromium:858815
TEST=build_test
Change-Id: I0b2e1a057831856b44f19c2ba30b4dd1ffdeafc3
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394151
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This will allow the config space to change when a disk resize takes
place.
BUG=chromium:858815
TEST=Boot Termina on kevin
Change-Id: I115a7923097c3fd1f31535e9c48c87caa32f99d7
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394150
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
On sandboxed will be invoked when the device is sandboxed. Device
implementation could do initialization here. It does not need to return
fd opened here to keep fds.
BUG=None
TEST=local build and run
Change-Id: I42c2b3cae3a87dd54f02e77b8cd10766309a0770
Reviewed-on: https://chromium-review.googlesource.com/1327513
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
In order to properly send dmabufs over the wayland protocol, accurate
buffer metadata is needed in the guest. This change plumbs information
from minigbm allocations to the guest using a virtio-gpu response.
BUG=875998
TEST=wayland-simple-egl
Change-Id: I5c80d539bc7757c302ad7adf56f5d3b011304617
Reviewed-on: https://chromium-review.googlesource.com/1227054
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
We updated the production toolchain from 1.30 to 1.31 in CL:1366446.
This CL does the same upgrade for the local developer toolchain and
Kokoro.
The relevant changes are in rust-toolchain and kokoro/Dockerfile.
The rest are from rustfmt.
TEST=cargo fmt --all -- --check
TEST=as described in kokoro/README.md
Change-Id: I3b4913f3e237baa36c664b4953be360c09efffd4
Reviewed-on: https://chromium-review.googlesource.com/1374376
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This change uses the resource bridge between virtio-gpu and virtio-cpu
to send resources over the host wayland connection that originated from
the virtio-gpu device. This will help support gpu accelerated wayland
surfaces.
BUG=chromium:875998
TEST=wayland-simple-egl
Change-Id: I3340ecef438779be5cb3643b2de8bb8c33097d75
Reviewed-on: https://chromium-review.googlesource.com/1182793
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This CL adds a crate `sync` containing a type sync::Mutex which wraps
the standard library Mutex and mirrors the same methods, except that
they panic where the standard library would return a PoisonError. This
API codifies our error handling strategy around poisoned mutexes in
crosvm.
- Crosvm releases are built with panic=abort so poisoning never occurs.
A panic while a mutex is held (or ever) takes down the entire process.
Thus we would like for code not to have to consider the possibility of
poison.
- We could ask developers to always write `.lock().unwrap()` on a
standard library mutex. However, we would like to stigmatize the use
of unwrap. It is confusing to permit unwrap but only on mutex lock
results. During code review it may not always be obvious whether a
particular unwrap is unwrapping a mutex lock result or a different
error that should be handled in a more principled way.
Developers should feel free to use sync::Mutex anywhere in crosvm that
they would otherwise be using std::sync::Mutex.
TEST=boot linux
Change-Id: I9727b6f8fee439edb4a8d52cf19d59acf04d990f
Reviewed-on: https://chromium-review.googlesource.com/1359923
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Hopefully the changes are self-explanatory and uncontroversial. This
eliminates much of the noise from `cargo clippy` and, for my purposes,
gives me a reasonable way to use it as a tool when writing and reviewing
code.
Here is the Clippy invocation I was using:
cargo +nightly clippy -- -W clippy::correctness -A renamed_and_removed_lints -Aclippy::{blacklisted_name,borrowed_box,cast_lossless,cast_ptr_alignment,enum_variant_names,identity_op,if_same_then_else,mut_from_ref,needless_pass_by_value,new_without_default,new_without_default_derive,or_fun_call,ptr_arg,should_implement_trait,single_match,too_many_arguments,trivially_copy_pass_by_ref,unreadable_literal,unsafe_vector_initialization,useless_transmute}
TEST=cargo check --features wl-dmabuf,gpu,usb-emulation
TEST=boot linux
Change-Id: I55eb1b4a72beb2f762480e3333a921909314a0a2
Reviewed-on: https://chromium-review.googlesource.com/1356911
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
These duplicate the doc comments found in `trait PciDevice`. I am
removing them because a sensible reader would already assume that they
have fallen out of sync with the doc comments in the trait, and thus
refer to the trait definition anyway.
TEST=none
Change-Id: Id86936a6f2a1b6c78a000b107bb4fc8ed78e40f9
Reviewed-on: https://chromium-review.googlesource.com/1355350
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Our virtio devices are all "modern" (no legacy/transitional support).
Add VIRTIO_F_VERSION_1 to the features() handler for all virtio devices
that didn't already have it.
This lets us remove the hack that forced VIRTIO_F_VERSION_1 on for all
devices.
BUG=None
TEST=build_test; boot crosvm on kevin
Change-Id: I008926a9075679aae46069aa37a14504f10e8584
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1313013
Reviewed-by: Zach Reizner <zachr@chromium.org>
When wl-dmabuf is not enabled, rustc complains about unused imports and
enum values. Add compiler directives to silence the warnings.
BUG=None
TEST='cargo build', 'emerge-nami crosvm'
Change-Id: Ib39735d329f8aa835c0b5842b10bfe78d0e578d9
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1327827
The virtio specification only defines feature bits in the 0-63 range
currently, so we can represent the features as a u64. The Linux kernel
makes the same simplifying assumption, and very few features have been
defined beyond the first 32 bits, so this is probably safe for a while.
This allows the device models to be simplified, since they no longer
need to deal with the features paging mechanism (it is handled by the
generic virtio transport code).
BUG=None
TEST=build_test; boot termina on kevin
Change-Id: I6fd86907b2bdf494466c205e85072ebfeb7f5b73
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1313012
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Refactor existing code to use msg_socket.
BUG=None
TEST=local build and run
Change-Id: Iee72326b330e035303f679e1aedd6e5d18ad4f8a
Reviewed-on: https://chromium-review.googlesource.com/1260260
Commit-Ready: Jingkui Wang <jkwang@google.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This matches the definitions from the virtio specification and makes
balloon consistent with the other virtio devices in crosvm.
BUG=None
TEST=build_test.py
Change-Id: I9dd6b6ec981944e28eaf6bc92332db5ec326433b
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1313011
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
All devices have been converted to PCI, so we don't need MmioDevice.
BUG=chromium:854766
TEST=Boot crosvm on kevin and verify virtio devices still work
Change-Id: Ib6400e15bdb2153d14795de3cb0bfbf1845a8891
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1281832
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Rust 1.30.0 ships a new rustfmt that causes a few more formatting
changes.
BUG=None
TEST=Run kokoro tests with updated Rust version
Change-Id: I803765ec0f3d2447f627b1e990bce438512367f7
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1307816
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Register the irqfd with resample support so that we can correctly
emulate level-triggered interrupts. This requires each PciDevice to
listen for interrupt_resample events and re-assert the IRQ eventfd if it
should still be active.
BUG=None
TEST=Boot crosvm on x86-64 and arm devices
Change-Id: I5cf8d1d1705cf675b453962c00d2d606801fee91
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1298654
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
File exposes sync_all() and sync_data() functions, which map to fsync()
and fdatasync(), but these functions are not in a trait (they are just
implemented directly on File), so they can't be implemented and used in
a generic way for QcowFile.
Add a new trait, FileSync, that exposes a fsync() function that may be
used in the virtio block model. Previously, we were translating a block
flush request into a call to File's flush() function, but this just
flushes internal Rust library buffers to the file descriptor; it didn't
actually result in a fsync() call. Using the new trait, we can cause an
actual fsync() to occur for raw files, as intended. QcowFile was
already safe, since its flush() function actually calls sync_all() under
the hood.
BUG=None
TEST=sync with raw disk and verify fsync() in strace output
Change-Id: I9bee2c0d2df3747aac1e7d9ec7d9b46a7862dc48
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1297839
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
If a BackBuffer has some gpu_renderer_resource, attach the backing
through to virgl to allow resources to be transfered in the future.
BUG=chromium:892261
TEST=eglgears_x11, xterm, xeyes
Change-Id: I9c4310da8eba73ec69dbaeba340b362c22fb21a0
Reviewed-on: https://chromium-review.googlesource.com/1288960
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Make the Minijail part of the PCI device tuple optional so that an empty
jail is not created for --disable-sandbox.
BUG=None
TEST=Boot crosvm in both --multiprocess and --disable-sandbox modes
Change-Id: Ibb3f2dbf33ca19910ee7448ea823b2772e09ecc5
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1290289
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Our branch of the 3.18 kernel has FALLOC_FL_PUNCH_HOLE disabled for the
ext4 filesystem, which means that systems running that kernel always
take the fallback path of writing buffers full of zeroes. This is not
necessary for the Discard command, since it is just a hint and is not
required to actually zero the blocks.
Split the WriteZeroes trait up into a new PunchHole trait, which
corresponds to fallocate() with FALLOC_FL_PUNCH_HOLE, and use the new
trait to implement the virtio block Discard command.
BUG=chromium:896314
TEST=`mkfs.btrfs /dev/vdb` and verify the desired fallocate() is used
and no write() calls are issued when inducing a failure
Change-Id: I67fd9a132758d8d766531ccca8358c7fe67b0460
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1286224
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The virtio PCI spec (4.1.4.5.1 Device Requirements: ISR status
capability) says:
"The device MUST reset ISR status to 0 on driver read."
BUG=chromium:854766
TEST=None
Change-Id: I92a1ddccfc8e44bed7f4a16e3cfd11b946629e22
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1260252
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The virtio PCI spec (4.1.5.2 Notifying The Device) says:
"The driver notifies the device by writing the 16-bit virtqueue index
of this virtqueue to the Queue Notify address."
We were previously registering the notify address specifying
NoDatamatch; switch this to a 16-bit match of the queue index to follow
the specification.
BUG=chromium:854766
TEST=Boot crosvm with virtio devices converted to PCI
Change-Id: Ic950a8c7751268f7fcc21d5c37b0afc859f1e6d0
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1265861
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Now that cargo fmt has landed, run it over everything at once to bring
rust source to the standard formatting.
TEST=cargo test
BUG=None
Change-Id: Ic95a48725e5a40dcbd33ba6d5aef2bd01e91865b
Reviewed-on: https://chromium-review.googlesource.com/1259287
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
capset2 has many new features. We currently hardcode num_capsets
to 1, however our Mesa/guest kernel/virglrenderer are new enough
to support caps v2.
We could attempt to do negotiation (see virtio_gpu_virgl_get_num_capset
in QEMU), but virtio::gpu::Gpu::get_config actually comes before
virtio::gpu::Gpu::activate. To support older Mesa/guest kernel/virglrenderer
configurations, this must be refactored.
BUG=none
TEST=get a gles31 context on tatl
Change-Id: I8d9ed54774a63da2ec5a4ba86187330521785566
Reviewed-on: https://chromium-review.googlesource.com/1258323
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
The virtio PCI transport requires that the queue_size configuration
value returns the maximum supported queue size on reset; it uses 0 to
indicate an unavailable queue.
Queue::size is write-only via the existing MmioDevice (the driver must
always write a queue size during initialization), so there should be no
difference in behavior when using MMIO virtio devices.
Change-Id: I5b77e0d84f0bc7b854e33aaeb34ff011af226103
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1237363
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This will be used on ARM.
Change-Id: I61206b761f49f963f0cce706268379ceae1a0239
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1241540
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The current PciRoot is only workable for the legacy I/O port 0xCF8
access mechanism; factor out the config access mechanism part of PciRoot
into PciConfigIo so that we can add a MMIO-based access mechanism for
ARM.
Change-Id: I87756b0ab31070d8717c76d419957bf5ea5d75ad
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1241539
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Most of PCI configuration space should be read only; initialize the
writable_bits field accordingly.
Change-Id: I67f93d81cfbac6000db51663bdf76e54aeac08f3
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1240659
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The add_capability() function was using the normal PCI configuration
write_byte() function, which enforces read-only regions. This won't
work once the appropriate regions of config space are marked as read
only in the following commit, so add an internal-only helper function to
access bytes without applying writable_bits.
Change-Id: If61f79cd80950bf517d69c18aaf98c2e76841a56
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1240658
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Return the BAR number rather than the register offset within PCI config
space.
Change-Id: I6e965c5fe7218abe6986b461731f18abb34894c1
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1240653
Reviewed-by: Dylan Reid <dgreid@chromium.org>
VirtioDevices and potentially others need to register ioeventfds that
will be triggered when guests write to certain addresses. Allow
PciDevices to return an array of ioeventfds that the VM can install.
Change-Id: I2524c4e8c04f75a8d7868cac998304aecbb29c40
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1237360
Commit-Ready: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
PciDevice implementations will have file descriptors that need to be
preserved across the minijail fork.
Change-Id: I0b1f5b827b55c4d8960ffa95331b82f9c692f304
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1237359
Reviewed-by: Dylan Reid <dgreid@chromium.org>
PCI class codes are made up of three fields: class, subclass, and
programming interface. Some class/subclass combinations do not define
any programming interfaces, so add an optional parameter to specify the
value and use 0 if it is not provided.
Change-Id: Ib4000eafe2d7d003ed5753d7b0ea05e16fd06130
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1237358
Reviewed-by: Dylan Reid <dgreid@chromium.org>
passing everything in to the pci code is getting annoying. Instead build
it up in arch which already has access to all the needed resources.
Change-Id: If42f994443c4f11152fca8da16f27fa4cd80580d
Reviewed-on: https://chromium-review.googlesource.com/1237357
Commit-Ready: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Rather than querying the flush timerfd state repeatedly on every write,
just track the state in a variable. This avoids an extra
timerfd_gettime() syscall on every write.
BUG=None
TEST=Verify that the flush timer still fires via strace
Change-Id: I5437d26570de466f05b496d3e0dce08a521c4fde
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1247443
Reviewed-by: Dylan Reid <dgreid@chromium.org>
To fully meet the requirements laid out by the virtio specification, we
need to fail write commands for devices that expose VIRTIO_BLK_F_RO with
a specific error code of VIRTIO_BLK_S_IOERR. Pipe the read_only status
down into the worker and the request execute function so that it can be
checked and return the correct error code.
BUG=chromium:872973
TEST=Attempt to write to read-only /dev/vda in termina
Change-Id: I98c8ad17fde497e5a529d9e65096fb4ef022fd65
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1211062
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Otherwise, the flush timer case of the PollContext continues to fire
repeatedly, since the timerfd remains readable.
BUG=None
TEST=Verify that crosvm virtio_blk thread no longer pins the CPU after
writes are done
Change-Id: I693346c078e07b97e30083f34d00be75fa93841d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1232295
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The Scm object was made to reduce the number of heap allocations in
the hot paths of poll loops, at the cost of some code complexity. As it
turns out, the number of file descriptors being sent or received is
usually just one or limited to a fixed amount that can easily be covered
with a fixed size stack allocated buffer.
This change implements that solution, with heap allocation as a backup
in the rare case that many file descriptors must be sent or received.
This change also moves the msg and cmsg manipulation code out of C and
into pure Rust. The move was necessary to allocate the correct amount
of buffer space at compile time. It also improves safety by reducing the
scope of unsafe code. Deleting the code for building the C library is
also a nice bonus.
Finally, the removal of the commonly used Scm struct required
transitioning existing usage to the ScmSocket trait based methods. This
includes all those changes.
TEST=cargo test
BUG=None
Change-Id: If27ba297f5416dd9b8bc686ce740866912fa0aa0
Reviewed-on: https://chromium-review.googlesource.com/1186146
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
If the guest doesn't issue a flush command after a write, insert one.
This will mainly help qcow backed files. However, it is a good idea for
block devices as well, it narrows the window for data loss.
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Change-Id: I1d6eaeda6fd5038ec994ed882e870ae025e3c151
Reviewed-on: https://chromium-review.googlesource.com/1211126
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Sandboxing only works when started as chronos via concierge client. If
started directly via crosvm as root, the jail will not have proper group
permissions to access the Wayland socket.
BUG=chromium:837073
TEST=build with --features=gpu; null_platform_test without --disable-sandbox
CQ-DEPEND=CL:1213779
Change-Id: I6331f7ae1f5b99d31ad44cf158f72337294771f0
Reviewed-on: https://chromium-review.googlesource.com/1181168
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The virtio PCI specification places requirements on the PCI subsystem
IDs, so allow PCI devices to specify them in PciConfiguration.
Change-Id: I70bc6ad4333ba3601db2831fef03483bcaea70ff
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1208156
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The status register is actually the high 16 bits of register index
STATUS_REG (1). Adjust the STATUS_REG_CAPABILITIES_USED_MASK value
accordingly so it is bit 4 within the high 16 bits.
Change-Id: I3fb695a577bae754eda5640224ef335c44b119eb
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1208152
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Currently VirtioDevice was only used by MmioDevice. Move it to a
separate file to allow it to be used by a PCI implementation in the
following commits.
Change-Id: Ie2de92d8876fdaa31d71341714681212d52a618c
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1208690
Commit-Ready: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Discard and Write Zeroes commands have been added to the virtio block
specification:
88c8553838
Implement both commands using the WriteZeroes trait.
BUG=chromium:850998
TEST=fstrim within termina on a writable qcow image
Change-Id: I33e54e303202328c10f7f2d6e69ab19f419f3998
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1188680
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Also fix the misleading add_capability() comment. The standard PCI
capability header is just two bytes (capability type and next pointer);
the length byte is only part of the vendor-specific capability (09h).
More importantly, the current implementation of add_capability() already
inserts the two-byte standard header, so the caller should not provide
it as part of cap_data.
BUG=None
TEST=cargo test -p devices
Change-Id: Id3517d021bfe29d08ff664d66455b15cf07af1d1
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1197069
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The virtio 1.0 feature flag is defined as a shift count, not a mask.
While we're at it, change the virtio gpu features() function to the
avail_features style used in other devices for consistency.
BUG=None
TEST=None
Change-Id: I704d9676cfe5f13d9a2f83eb9160937e94070d1e
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198224
Reviewed-by: Zach Reizner <zachr@chromium.org>
Define a struct to represent the virtio block configuration as defined
in the current revision of the specification. Only the capacity field
is set; all other fields are defaulted to 0, which should be safe, since
they are all controlled by feature flags that our device does not
advertise.
This is prep work for adding discard/write zeroes support to the block
device, since these commands require additional config fields that will
be added at the end of the config struct.
BUG=chromium:850998
TEST=cargo test -p devices; verify that container still boots and
reports the correct size
Change-Id: I8beb76195e446eb3dcbf1a99cc246ddd8cc8a7df
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1175235
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The virtio block specification defines the VIRTIO_BLK_F_RO feature bit
to indicate read-only block devices. Plumb the read-only status of
block devices from the crosvm frontend into the virtio block device and
populate the flag when appropriate.
BUG=chromium:872973
TEST=Verify lsblk output in guest has the correct RO values
Change-Id: I23af87cce8020641cd702adca6e8ff9fdd2b8220
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1170306
Reviewed-by: Zach Reizner <zachr@chromium.org>
This matches other virtio device models (net, p9, vsock) and makes it
easier to add flags conditionally at device creation time.
BUG=chromium:872973
TEST=cargo test -p devices
Change-Id: I65b3f37c220fae44a3f6b397acc6c0eec2b70bf2
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1170305
Reviewed-by: Zach Reizner <zachr@chromium.org>
Convert the definition of VIRTIO_BLK_F_FLUSH to a shift count instead of
a bitmask. This matches the way the features are defined in the virtio
spec and makes block consistent with other device models, such as p9.
BUG=chromium:872973
TEST=cargo test -p devices
Change-Id: Iece974c6f4d826b7bb76622973f08469a7936234
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1170303
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Implement a new virtio_9p device to be used for sharing directories with
the VM.
BUG=chromium:703939
TEST=mount inside a VM and run `bonnie++ -r 256`
Append the shared directory to the crosvm command line:
--shared-dir /path/to/dir:test_9p
Then mount in the guest:
mkdir /tmp/9p
mount -t 9p -o trans=virtio test_9p /tmp/9p -oversion=9p2000.L
Or for a 9p root:
run --shared-dir /mnt/vm_root:/dev/root -p 'root=/dev/root ro rootflags=ro,trans=virtio,version=9p2000.L,cache=loose rootfstype=9p' vmlinux.bin
CQ-DEPEND=CL:1065170
Change-Id: I41fc21306ab5fa318a271f172d7057b767b29f31
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1065173
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Ensure eglImage is not destroyed until the referencing resource is dropped.
BUG=None
TEST=build with --features=gpu; null_platform_test
Change-Id: I55c33344f46b08f846e094451516fcd16c9d16ae
Reviewed-on: https://chromium-review.googlesource.com/1073958
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
In preparation of adding fence support, allow process_descriptor to
defer returning the descriptor until later by returning None.
BUG=None
TEST=build with --features=gpu; null_platform_test
Change-Id: I57e4dc438e7f5a925c870e0bd596f89a2ed4e083
Reviewed-on: https://chromium-review.googlesource.com/1073957
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Add serial bus subclass
BUG=chromium:831850
TEST=cargo test
Change-Id: Iffd7a27b5cb423c928f0108b16fb58558cf7bcd4
Reviewed-on: https://chromium-review.googlesource.com/1152212
Commit-Ready: Jingkui Wang <jkwang@google.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Implement a policy for the balloon device so that it starts taking
memory away from the VM when the system is under low memory conditions.
There are a few pieces here:
* Change the madvise call in MemoryMapping::dont_need_range to use
MADV_REMOVE instead of MADV_DONTNEED. The latter does nothing when
the memory mapping is shared across multiple processes while the
former immediately gives the pages in the specified range back to the
kernel. Subsequent accesses to memory in that range returns zero
pages.
* Change the protocol between the balloon device process and the main
crosvm process. Previously, the device process expected the main
process to send it increments in the amount of memory consumed by the
balloon device. Now, it instead just expects the absolute value of
the memory that should be consumed. To properly implement the policy
the main process needs to keep track of the total memory consumed by
the balloon device so this makes it easier to handle all the policy in
one place.
* Add a policy for dealing with low memory situations. When the VM
starts up, we determine the maximum amount of memory that the balloon
device should consume:
* If the VM has more than 1.5GB of memory, the balloon device max is
the size of the VM memory minus 1GB.
* Otherwise, if the VM has at least 500MB, the balloon device max is
50% of the size of the VM memory.
* Otherwise, the max is 0.
The increment used to change the size of the balloon is defined as
1/16 of the max memory that the balloon device will consume. When the
crosvm main process detects that the system is low on memory, it
immediately increases the balloon size by the increment (unless it has
already reached the max). It then starts 2 timers: one to check for
low memory conditions again in 1 seconds (+ jitter) and another to
check if the system is no longer low on memory in 1 minute (+ jitter)
with a subsequent interval of 30 seconds (+ jitter).
Under persistent low memory conditions the balloon device will consume
the maximum memory after 16 seconds. Once there is enough available
memory the balloon size will shrink back down to 0 after at most 9
minutes.
BUG=chromium:866193
TEST=manual
Start 2 VMs and write out a large file (size > system RAM) in each.
Observe /sys/kernel/mm/chromeos-low_mem/available and see that the
available memory steadily decreases until it goes under the low memory
margin at which point the available memory bounces back up as crosvm
frees up pages.
CQ-DEPEND=CL:1152214
Change-Id: I2046729683aa081c9d7ed039d902ad11737c1d52
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1149155
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Descriptor chains of three descriptors were not having the last
descriptor parsed correctly which resulted in some commands not
properly being responded to.
BUG=None
TEST=build with --features=gpu; null_platform_test
Change-Id: Ia77c7ca485ded7cdcb71fd62e8f6be5c226df1bf
Reviewed-on: https://chromium-review.googlesource.com/1073956
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The original methods for reading and writing to GPU buffers naively
assumed that the mappings returned by GBM were to the first byte in the
buffer. In fact, the returned mapping is to the first pixel of the
mapped rectangle. This would lead to segaults when the copy routine
would breeze past the end of the mapping into segault territory.
This change fixes the read and write algorithms and adds lots more guard
rails in to prevent future undefined behavior (hopefully).
TEST=boot kernel with VT and VIRTIO_GPU
BUG=None
Change-Id: Ia7c968b6dd274551b6d218e2f0b255af6e55bd35
Reviewed-on: https://chromium-review.googlesource.com/1102110
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Basic 2D and 3D support is there. The drm_cursor_test and
null_platform_test in drm-tests should run to completion.
The extra device is hidden behind both a build time feature called 'gpu'
and the device is only added to a VM if the '--gpu' flag is given.
TEST=build with --features=gpu;
drm_cursor_test && null_platform_test
BUG=chromium:837073
Change-Id: Ic91acaaebbee395599d7e1ba41c24c9ed2d84169
Reviewed-on: https://chromium-review.googlesource.com/1036862
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
`PciRoot` represents the root PCI bridge for the system and manages PCI
devices attached to it. The root bridge has its own set of configuration
registers.
Change-Id: I2b15630cf5a0fc5938e66986a65782c6939fcf55
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1072577
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
PCI adds a configuration space to the existing memory mapped IO
supported by BusDevices.
Add the ability to set configuration space as optional to the BusDevice
trait so that ProxyDevice can be shared.
PCI devices can have more than one memory mapped region. Expand the bus
so that it has the ability to pass an absolute address instead of an
offset. This will allow the PCI device to know which BAR is being
written to.
Change-Id: I055cd516c49a74316a9547df471290f05d865b0a
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1103663
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
ARM cares about the status so we need to parse the request correctly and
fill in the status.
Change-Id: I1ffabf556424184017eb64d3b9c68c72b75d0a26
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1139584
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The "supports flush" bit wasn't set in the device features, so the guest
wasn't syncing. Handle the request, which is 0 length so needs special
casing in the `parse` function.
Change-Id: I079611df912cd077362b2ee9925cf730ba86d9e5
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1135940
PciConfiguration manages the PCI configuration space registers for a PCI
device or bridge. Add accessors and setters for the registers that need
to be modified for basic PCI device enumeration.
Change-Id: I4a5a71d55a3c5f7fb52ce81acef51cb4291130c8
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1072574
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Start PCI work by defining an enum to represent the four PCI interrupt
lines.
Change-Id: Ib95a4e4a03f0d6917ed2bed4b1afb97d18ff4f9e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1072573
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Combine GPU buffer allocation with the system resource allocator making
life easier as only one allocator needs to get passed to the execute
function.
Change-Id: I199eb0fd6b99b629aaec1ae3295e8a1942da5309
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1099856
This function will be used elsewhere in gpu_display.
TEST=None
BUG=None
Change-Id: I58b820511ea5a55a53ad640fdfe7c96d2dbdc73b
Reviewed-on: https://chromium-review.googlesource.com/1105481
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This provides proper synchronization for guest access to
DMABufs.
Virtio wayland device is given access to the DMA_BUF_SYNC ioctl
in order to implement this. Being able to use this directly in
the virtio wayland device process is important as these calls
can sometimes be relatively expensive and they are frequent
enough that avoiding another context switch is useful for good
performance.
TEST=cache-line artifacts no longer noticeable
BUG=chromium:837209
Change-Id: Ibb8d7c01f70ed5b74afd69288015a65186fec52a
Reviewed-on: https://chromium-review.googlesource.com/1076928
Commit-Ready: David Reveman <reveman@chromium.org>
Tested-by: David Reveman <reveman@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Add a way to iterate over all the descriptors in a descriptor chain.
This is different from AvailIter, which iterates over all the descriptor
chain heads in a queue.
The new iterator struct provides readable() and writable() methods for
iterating over just the readable or writable descriptors, respectively.
BUG=chromium:703939
TEST=none
Change-Id: Iea3fa5bb7662146a2d156a49ce8bb8ef00c522da
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1065172
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Add an is_read_only method to the DescriptorChain struct. This is
easier to read at a glance than `!is_write_only()`, which looks almost
the same as `is_write_only()`.
BUG=chromium:703939
TEST=none
Change-Id: I0cb3b17c30e38804a21d3e63e975157c96879cb4
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1067703
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Allow DescriptorChain to be cloned. This will enable devices to
maintain a read head and write head in the same DescriptorChain.
BUG=chromium:703939
TEST=clone the DescriptorChain in a method
Change-Id: I1d775a9e0b7ed42052272f22a9b308ad4d108e45
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1065171
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Allow the process that spawned crosvm to pass in a configured tap file
descriptor for networking. If this option is provided then crosvm will
ignore the other networking related command line flags (like mac
address, netmask, etc).
Passing in a configured tap device allows us to run crosvm without
having to give it CAP_NET_ADMIN.
BUG=none
TEST=Start a container and verify that networking still works
Change-Id: I70b9e6ae030d66c4882e4e48804dc2f29d9874ba
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1081394
Reviewed-by: Zach Reizner <zachr@chromium.org>
Before this CL, the WlState object would close VFDs that had been hungup
on the remote end as a means to removing the underlying FD from the
PollContext. However, this has some unintended side-effects. For one,
the guest would later try to delete the VFD after it was closed, which
was a double-free. Another was that every pending message that was
waiting to enter the virtio queue would get dropped if it was destined
for the closed VFD. This was especially bad if the virtio queue became
full because data would get dropped when a VFD was hungup before the
guest had any chance to read it.
This CL leaves the hungup VFDs (and therefore their pending message) as
is, but removes it from the PollContext if there is nothing left to read.
No data is removed until after the guest explicitly closes the VFD.
TEST=paste 100k characters into a guest app from Chrome
BUG=chromium:849317
Change-Id: I20e3bc7c32c3f654f88f6ef9cdfcb853f2d52f09
Reviewed-on: https://chromium-review.googlesource.com/1088308
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: David Reveman <reveman@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Multi-plane DMABufs are useful for efficient video playback. The
guest can already use this but has to guess the stride and offsets
for the second and third plane as they are not passed by virtwl
to the guest kernel.
This extracts the correct strides and offsets for each buffer and
passes them back to the guest in the allocation response message.
BUG=chromium:837209
TEST=sommelier can use nv12 buffers without guessing stride/offset
Change-Id: I36ae2fad6605293c907802121676296cbc607a57
Reviewed-on: https://chromium-review.googlesource.com/1070799
Commit-Ready: David Reveman <reveman@chromium.org>
Tested-by: David Reveman <reveman@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This implements DMABuf allocation type in the virtio wayland
device.
We attempt to locate a supported DRM device prior to engaging
the device jail. If found, the DRM device is passed to the
wayland device code and used to serve DMABuf allocations.
DMABuf support can be disabled by not providing crosvm with
access to any DRM device nodes.
The guest is expected to handle the case when DMABuf allocation
fails and fall-back to standard shared memory.
This initial change uses DRM directly but is structured in a
way that would allow the allocator to be replaced by minigbm
with minimal effort.
BUG=chromium:837209
TEST=crosvm finds drm device and returns valid dmabufs to guest
Change-Id: Ic1fd776dfdfefae2d7b321d449273ef269e9cc62
Reviewed-on: https://chromium-review.googlesource.com/1034088
Commit-Ready: David Reveman <reveman@chromium.org>
Tested-by: David Reveman <reveman@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This adds a very simple RTC device and implements reading the time of
day based on the host's time of day. It currently doesn't support
setting the time or wake up alarms but could do so in the future.
Also instantiate it and add the appropriate nodes to the device-tree
for ARM guests.
BUG=chromium:833825
TEST=manual test on kevin, date is properly set when VM is started
Change-Id: I032ec7df2cba9e9016966eb4160b413fec9a40ba
Reviewed-on: https://chromium-review.googlesource.com/1038801
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This would have been useful in figuring out recent bugs in the block
sub system.
BUG=chromium:837453
TEST=manual test on kevin with qcow device
Change-Id: I3e3360bb0226e3cd7052e0431ce555cfef5e091b
Reviewed-on: https://chromium-review.googlesource.com/1034013
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
It is essential that paste operations on the guest receive a hangup
letting them know that there is no more data to read. This change fixes
that behavior, which was broken by thew new PollContext based logic,
which separates out the readable and hungup code paths.
TEST=finished wayland pastes receive EOF
BUG=chromium:835112
Change-Id: I764124ab2eabb32d8cc25a3a4c0dfbe49b26e799
Reviewed-on: https://chromium-review.googlesource.com/1031292
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: David Reveman <reveman@chromium.org>
Reviewed-by: David Reveman <reveman@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The wl device was the last user of the old Poller.
BUG=chromium:816692
TEST=run wayland under crosvm
Change-Id: I6c1c1db2774a6e783b7bd1109288328d75ad2223
Reviewed-on: https://chromium-review.googlesource.com/1000102
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Pipe VFDs are used to send and recieve data offer bytes, often used for
copy/paste and drag/drop operations.
TEST=use copy/paste with wayland app
BUG=chromium:793688
Change-Id: Ifc3f231dcdf90ce6791a98039405c7c404cf6942
Reviewed-on: https://chromium-review.googlesource.com/983037
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Switching to PollContext so that there is one less user of Poller, which
will be removed.
TEST=run any vm with a block device
BUG=chromium:816692
Change-Id: I2e1301ea9d66012262f1fcb69eaeee9f7464f3b3
Reviewed-on: https://chromium-review.googlesource.com/983036
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
The kernel driver currently short circuits the check for empty queue
entries if the entry arrives empty. Ordinarily the check is run every
time data is taken out of a queue entry and would recycle the entry once
empty. The short circuiting is being fixed in the kernel, but this
device change fixes the unnecessary empty queue entries from happening
in the first place.
BUG=chromium:791724
TEST=test code from the BUG
Change-Id: I5b72aac843def052bfe1234dfbde236274ae02bb
Reviewed-on: https://chromium-review.googlesource.com/974883
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Clippy only has 6 lints that are defaulted to deny, which this CL fixes.
The first step to running clippy and establishing our own set of default
deny lints, is to ensure we aren't running afoul of the most common
deny lints.
BUG=None
TEST=cargo clippy --all
Change-Id: I225801357d76a8a9e246e3842bc9bf550fcd7207
Reviewed-on: https://chromium-review.googlesource.com/952045
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Harmonize small 8042 implementation with kvmtool by making read from
port 0x61 return 0x20. This prevents infinite loop in
pit_calibrate_tsc() on small Intel cores.
BUG=none
TEST=reproduced problem on Celeraon N3150 (Braswell), verified
VM boots further with the fix
Change-Id: Ifbee2bc72c4f5acd2551d8dcab466dc5f4907975
Reviewed-on: https://chromium-review.googlesource.com/938759
Commit-Ready: Slava Malyugin <slavamn@chromium.org>
Tested-by: Slava Malyugin <slavamn@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Allow get/set for the host mac on the tap interface. Also add read accessors
for the host IP address and netmask, and make using IFF_VNET_HDR optional.
BUG=none
TEST=./build_test
Change-Id: I9999bf5aa8aa35b8cae702d9bc6f94602d6fe32e
Reviewed-on: https://chromium-review.googlesource.com/918406
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Adding the size and offset of a read or write makes errors easier to
reproduce.
Change-Id: Ia1c07f831dc6fb6f08acb87a30459713d0f706c0
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/907420
Reviewed-by: Stephen Barber <smbarber@chromium.org>
This slightly advances the use of fakes to test higher level
application logic. The fakes are rudimentary at this point, but I
wanted to get feedback on the addition of generics in order to
facilitate swaping concrete implementations out with fakes in higher
level code.
BUG=none
TEST=./build_test and
cargo test -p crosvm -p data_model -p syscall_defines -p kernel_loader
-p net_util -p x86_64 -p virtio_sys -p kvm_sys -p vhost -p io_jail -p
net_sys -p sys_util -p kvm
Change-Id: Ib64581014391f49cff30ada10677bbbcd0088f20
Reviewed-on: https://chromium-review.googlesource.com/689740
Commit-Ready: Jason Clinton <jclinton@chromium.org>
Tested-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
We want to be able to run 64-bit ARM kernels using a 32-bit version of
crosvm, to make it more consistent use a u64 to represent
GuestAddress.
BUG=chromium:797868
TEST=./build_test passes on all architectures
TEST=crosvm runs on caroline
Change-Id: I43bf993592caf46891e3e5e05258ab70b6bf3045
Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/896398
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Don't allow AvailIter to loop forever if there is malformed input.
Making sure that the queue has less than queue_len entries prevents
array out of bounds panics when fuzzing.
Change-Id: Ibceadff19a1026bf5d68e05008c48ce9c85c52a3
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/882618
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
There's no need to provide direct access to /dev/random to all guests,
and we don't want them to be able to drain entropy from other VMs and
from the host itself.
BUG=chromium:800520
TEST=precq passes
Change-Id: I94ea0755123ee7479ca83c07525ca870d42c637f
Reviewed-on: https://chromium-review.googlesource.com/872890
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Allow block to take anything that satisfies the traits it uses. This
will allow for different backends to be used in addition to normal
files. The first new backend will be qcow2 added in subsequent commits.
Change-Id: I571ffc8ad4b5d56f286e134f47a60261d639b160
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/862627
Reviewed-by: Zach Reizner <zachr@chromium.org>
The balloon device is used to take regions of unused memory from the
guest and allow other host processes to use that memory.
Change-Id: I06c821365a58672d605fc7555beaec599cae1b15
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/759306
Reviewed-by: Stephen Barber <smbarber@chromium.org>
This change is to support a related kernel change but is backwards
compatible with kernels without that change.
BUG=chromium:782474
TEST=None
Change-Id: Ic1224b65ed9685f246002f946cfc6bfa2dbb2856
Reviewed-on: https://chromium-review.googlesource.com/770593
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
crosvm spawns a lot of processes/threads, and having these all use the same
name as the original process can be confusing. So at least in the instances
where Rust threads are spawned (vs. minijail_fork()), use a thread::Builder
to allow setting the thread name.
BUG=none
TEST=start crosvm, check thread names with top
Change-Id: I6e55ff5fd60f258880bda8e656ab7f9da82c656e
Reviewed-on: https://chromium-review.googlesource.com/742394
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Using minijail_fork removes the need to manage user and pid namespace
explicitly in crosvm and removes some parent/child synchonization
requirements too.
Change-Id: I47f9d39527d0a3ccf625600e9bfc2cccc3cb27ca
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/719443
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Moving the devices to their own module makes it easier to add tests that
use them.
Change-Id: I61bfef4037d16b20145b5fddce604835cdc4f67b
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/706559
Reviewed-by: Zach Reizner <zachr@chromium.org>
