the few uses of rand::thread_rng() have been replaced with either
prngs or reads from /dev/urandom. the implementations are under
the `rand_ish` minicrate.
`protoc-rust` depends on `tempdir`, which relies on rand, so
`tempdir` has been patched with a rewritten version that does not
have rand as a dependency.
BUG=chromium:921795
TEST=cargo test --features plugin
Change-Id: I6f1c7d7a1aeef4dd55ac71e58294d16c291b8871
Reviewed-on: https://chromium-review.googlesource.com/1409705
Commit-Ready: Daniel Prilik <prilik@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This allows manual resizing of block devices at runtime via the command
line ('crosvm disk resize <index> <size>'). The virtio config interrupt
is asserted when the disk size changes so that the guest driver can
update the block device to the updated size.
Currently, there is no automatic policy for resizing disks - that will
be implemented in another change. Additionally, this resize operation
just changes the size of the block device; the filesystem will need to
be resized by the guest (e.g. via the 'btrfs filesystem resize' command)
as a separate step either before (shrinking) or after (expanding) the
disk resize operation.
BUG=chromium:858815
TEST=Start crosvm with a control socket (-s) and resize the disk with
'crosvm disk resize' from another shell.
Change-Id: I01633a7af04bfbaffbd27b9227274406d2a2b9cb
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394152
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Fixes a compiler warning when building with plugin enabled.
BUG=None
TEST='cargo build --features=plugin'
Change-Id: Icbd731b249089d271caca17e192b7a539ba7219c
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1401124
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
The crosvm run --plugin option was behind #[cfg(feature = "plugin")],
but the recently-added --plugin-root and --plugin-mount were not. Add
feature checks around those options as well so that they are only
enabled when the plugin feature is enabled (and so they don't show up in
crosvm run -h for a non-plugin build).
Also allow dead code in struct BindMount, since this is only used for
plugin-enabled builds.
We could wrap all of the plugin-related command line parsing code with
feature checks instead, but that adds a lot of clutter and makes the
code harder to read.
BUG=None
TEST='cargo build' and 'cargo build --features=plugin'
Change-Id: Ieb240cfc55b8cad64748fe39c7de5faa58f1a26c
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1401123
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
The plugin process may need access to writable directories where it can
store its state. Add a plugin-mount option to specify paths that should
be mounted into the plugin's jail.
BUG=b:80150167
TEST=run plugin_adder and plugin_net_config
Change-Id: I2c87d19ab67edaaf99a2cfea6872d3531101d260
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341106
Add support for having the tap fd be passed in on the command line the
same way we do for linux.
BUG=b:80150167
TEST=run plugin_net_config (after changing the expected ip/netmask/mac
address appropriately)
Change-Id: Ic81b167b7bb2caa71ce5931921b87d9eeca69af9
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341105
We use the tap device interface name in some ioctls. When we are
creating a Tap struct from a raw fd make sure that we also grab the
interface name so that these ioctls don't fail later.
BUG=b:80150167
TEST=run the plugin_net_config test
Change-Id: Ic308ebd55d0545c1b445fc6abdf017fdc7ab594b
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341104
When minijail is given a uid/gid map but is not given a uid/gid to
change to, it will default to setting the uid/gid inside the new user
namespace to root. This works fine if crosvm is launched as root but
fails miserably otherwise since we only map the current euid/egid into
the user namespace (and so 0 is not a valid uid/gid).
We would normally want to fix this by having minijail change its uid/gid
to the current euid/egid. However, because of the way minijail is set
up it only attempts to enter a new net namespace after exec-ing the
program to be jailed. Entering a new net namespace requires
CAP_SYS_ADMIN in the current namespace and this capability gets dropped
the moment we switch to a non-root user.
So to deal with this we map root inside the namespace to the crosvm user
outside the namespace. This allows us to enter a new net namespace and
we already tell minijail to drop all caps so the plugin will not have
any caps when it actually runs.
BUG=b:80150167
TEST=run plugin_adder
Change-Id: I10c9e6bef859fd787dd6e17d5cf2ff3e552501fb
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341103
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Mounting a filesystem with the `exec` flag has required CAP_SYS_ADMIN in
the init namespace since February 2018.
BUG=b:80150167
TEST=run the plugin_adder test plugin
Change-Id: Ibf3fdf52314d15f0154742e1b6c11f73155d2d59
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341102
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
validate_raw_fd is needed for the plugin crate. Move it into a common
location so that it can be shared by both the linux and plugin code.
BUG=b:80150167
TEST=manual
Change-Id: I427e10716e75b2619fd0f4ba6725fa40446db4af
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341101
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The expressions that are being converted to usize are already naturally
usize without the casts.
BUG=None
TEST=build_test
Change-Id: Ifb8553e20a3d57cb5edb38dcfcd423edf12a1a28
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1396483
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The balloon socket interface was changed to take an absolute number of
pages in a u64 in commit 448516e3f9 ("balloon: Implement device
policy"), but the 'crosvm balloon' command wasn't updated to match. Fix
the crosvm front-end to send a u64 as expected by the command socket
reader instead of the i32 it was sending previously, and change the
parameter to bytes instead of pages to match the receiving end as well.
BUG=None
TEST=crosvm balloon a running VM to various sizes
Change-Id: I265bee55c06809de7559a79a5eb6d0d094533993
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394157
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
We updated the production toolchain from 1.30 to 1.31 in CL:1366446.
This CL does the same upgrade for the local developer toolchain and
Kokoro.
The relevant changes are in rust-toolchain and kokoro/Dockerfile.
The rest are from rustfmt.
TEST=cargo fmt --all -- --check
TEST=as described in kokoro/README.md
Change-Id: I3b4913f3e237baa36c664b4953be360c09efffd4
Reviewed-on: https://chromium-review.googlesource.com/1374376
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This change uses the resource bridge between virtio-gpu and virtio-cpu
to send resources over the host wayland connection that originated from
the virtio-gpu device. This will help support gpu accelerated wayland
surfaces.
BUG=chromium:875998
TEST=wayland-simple-egl
Change-Id: I3340ecef438779be5cb3643b2de8bb8c33097d75
Reviewed-on: https://chromium-review.googlesource.com/1182793
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This CL adds a crate `sync` containing a type sync::Mutex which wraps
the standard library Mutex and mirrors the same methods, except that
they panic where the standard library would return a PoisonError. This
API codifies our error handling strategy around poisoned mutexes in
crosvm.
- Crosvm releases are built with panic=abort so poisoning never occurs.
A panic while a mutex is held (or ever) takes down the entire process.
Thus we would like for code not to have to consider the possibility of
poison.
- We could ask developers to always write `.lock().unwrap()` on a
standard library mutex. However, we would like to stigmatize the use
of unwrap. It is confusing to permit unwrap but only on mutex lock
results. During code review it may not always be obvious whether a
particular unwrap is unwrapping a mutex lock result or a different
error that should be handled in a more principled way.
Developers should feel free to use sync::Mutex anywhere in crosvm that
they would otherwise be using std::sync::Mutex.
TEST=boot linux
Change-Id: I9727b6f8fee439edb4a8d52cf19d59acf04d990f
Reviewed-on: https://chromium-review.googlesource.com/1359923
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
I noticed this questionable loop that never loops in CL:1357700. Purely
guessing as to what it was supposed to do -- I have not tested this
codepath.
TEST=cargo check
Change-Id: I4560b80f080112a78adf440a663341f4fb0f1070
Reviewed-on: https://chromium-review.googlesource.com/1359010
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The `while sig_ok` in the original code suggests that `sig_ok` would be mutated
by the loop body, but it was not. Really `while sig_ok` was being used to mean
`if sig_ok { loop { ... } }`, with breaks to exit the loop body.
I replaced `while sig_ok` with `if sig_ok` containing `loop`. Since this is an
extra layer of indentation, I removed two layers of indentation by flattening a
a nested match so the new code is overall less indented than before.
Clippy flags such loops in which the loop condition never changes as high
confidence of being a bug or at least misleading:
https://rust-lang.github.io/rust-clippy/master/index.html#while_immutable_condition
TEST=run linux
Change-Id: Ib925bbedbdda11bb50e47f8dd55c2f5af7c53698
Reviewed-on: https://chromium-review.googlesource.com/1357699
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Hopefully the changes are self-explanatory and uncontroversial. This
eliminates much of the noise from `cargo clippy` and, for my purposes,
gives me a reasonable way to use it as a tool when writing and reviewing
code.
Here is the Clippy invocation I was using:
cargo +nightly clippy -- -W clippy::correctness -A renamed_and_removed_lints -Aclippy::{blacklisted_name,borrowed_box,cast_lossless,cast_ptr_alignment,enum_variant_names,identity_op,if_same_then_else,mut_from_ref,needless_pass_by_value,new_without_default,new_without_default_derive,or_fun_call,ptr_arg,should_implement_trait,single_match,too_many_arguments,trivially_copy_pass_by_ref,unreadable_literal,unsafe_vector_initialization,useless_transmute}
TEST=cargo check --features wl-dmabuf,gpu,usb-emulation
TEST=boot linux
Change-Id: I55eb1b4a72beb2f762480e3333a921909314a0a2
Reviewed-on: https://chromium-review.googlesource.com/1356911
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Refactor existing code to use msg_socket.
BUG=None
TEST=local build and run
Change-Id: Iee72326b330e035303f679e1aedd6e5d18ad4f8a
Reviewed-on: https://chromium-review.googlesource.com/1260260
Commit-Ready: Jingkui Wang <jkwang@google.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This was split to allow the virtio PCI transition. Now that everything
is moved over, we can put the virtio configuration back into Config.
BUG=None
TEST=Boot crosvm on kevin and verify virtio devices still work
Change-Id: I2411f5131729f84b6820aac67a92d07346f64021
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1281833
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This command line option was unwired a while back, so this option is not
needed.
TEST=./build_test
BUG=None
Change-Id: Ie5a8e305958fd710fc8edc67e33772ed38c7711c
Reviewed-on: https://chromium-review.googlesource.com/1058713
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Make the Minijail part of the PCI device tuple optional so that an empty
jail is not created for --disable-sandbox.
BUG=None
TEST=Boot crosvm in both --multiprocess and --disable-sandbox modes
Change-Id: Ibb3f2dbf33ca19910ee7448ea823b2772e09ecc5
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1290289
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Make --disk and --rwdisk automatically distinguish between qcow2 and raw
disk images. --qcow and --rwqcow are kept as aliases for compatibility.
BUG=chromium:893380
TEST=Boot crosvm with both raw and qcow2 disk images.
Change-Id: I5b572626ca5ab894c78454f59355f27d552cbf7d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1275185
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This reverts commit c8986f14a8.
Re-land the virtio PCI conversion after the preceding fixes.
BUG=chromium:854766
TEST=Boot crosvm on nami and kevin
Change-Id: I3699e3ed1a45cecc99c51e352d0cf0c32bc4116f
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1265862
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This allows the caller to specify the full range of datamatch options
defined in the KVM ioeventfd API, including matching accesses of a
particular size with or without matching a specific data value.
BUG=None
TEST=cargo test -p kvm
Change-Id: I28b543f7c0b35eb2a6d47a14a33145ea00d09d1d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1271836
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Now that cargo fmt has landed, run it over everything at once to bring
rust source to the standard formatting.
TEST=cargo test
BUG=None
Change-Id: Ic95a48725e5a40dcbd33ba6d5aef2bd01e91865b
Reviewed-on: https://chromium-review.googlesource.com/1259287
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This reverts commit d635acbaf3.
This commit seems to be responsible for introducing hung tasks in tests,
so let's revert it for now to get the tests green and debug it offline.
BUG=chromium:891806
TEST=None
Change-Id: I83504058baeae00909d9fb4f4bb704a144a0dfaf
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1259408
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Change the main create_virtio_devs() function to create virtio devices
using the PCI transport rather than MMIO.
BUG=chromium:854766
TEST=Boot crosvm and verify that all virtio devices still work
Change-Id: I9a6e60b21edea1e5ac2b3ae5c91793d45cf5063a
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1241541
Reviewed-by: Dylan Reid <dgreid@chromium.org>
passing everything in to the pci code is getting annoying. Instead build
it up in arch which already has access to all the needed resources.
Change-Id: If42f994443c4f11152fca8da16f27fa4cd80580d
Reviewed-on: https://chromium-review.googlesource.com/1237357
Commit-Ready: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
For example, if the wayland socket is given as /run/wayland-0, the
entire /run/ directory will be bind mounted into the sandbox as
/wayland/. The wayland device will then be told to open the socket at
/wayland/wayland-0. If the /run/wayland-0 file is removed and a new
socket is opened in its place, as in a chrome crash, the
/wayland/wayland-0 socket will open the new socket rather than the one
belonging to the expire process.
TEST=vmc start termina; chrome://inducebrowsercrashforrealz;
vsh termina; start wayland application
BUG=chromium:884398
Change-Id: I259eb2f7e29ee6b61836133ec1c3a110c5575957
Reviewed-on: https://chromium-review.googlesource.com/1227063
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The Scm object was made to reduce the number of heap allocations in
the hot paths of poll loops, at the cost of some code complexity. As it
turns out, the number of file descriptors being sent or received is
usually just one or limited to a fixed amount that can easily be covered
with a fixed size stack allocated buffer.
This change implements that solution, with heap allocation as a backup
in the rare case that many file descriptors must be sent or received.
This change also moves the msg and cmsg manipulation code out of C and
into pure Rust. The move was necessary to allocate the correct amount
of buffer space at compile time. It also improves safety by reducing the
scope of unsafe code. Deleting the code for building the C library is
also a nice bonus.
Finally, the removal of the commonly used Scm struct required
transitioning existing usage to the ScmSocket trait based methods. This
includes all those changes.
TEST=cargo test
BUG=None
Change-Id: If27ba297f5416dd9b8bc686ce740866912fa0aa0
Reviewed-on: https://chromium-review.googlesource.com/1186146
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Sandboxing only works when started as chronos via concierge client. If
started directly via crosvm as root, the jail will not have proper group
permissions to access the Wayland socket.
BUG=chromium:837073
TEST=build with --features=gpu; null_platform_test without --disable-sandbox
CQ-DEPEND=CL:1213779
Change-Id: I6331f7ae1f5b99d31ad44cf158f72337294771f0
Reviewed-on: https://chromium-review.googlesource.com/1181168
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
When setting up IO, accept an optional PciRoot device to put on the IO
bus.
For aarch64, it's currently ignored. For x86_64, it will be added at
0xcf8.
break up mmio device creation and registration
Moving forward registration will be handled by the architecture specific
code. However, creation will be handled by the common code. To make that
easier split up the two steps so a list of devices is created, then each
is registered later.
Start moving to a model where the configuration generates a set of
components that are passed to the architecture. The architecture will
crate a VM from the components.
Break up the big run_config function and move architecture specific
parts to the various architectures.
This doesn't refactor the function calls each architecture makes, but
moves the setup flow in to the arch impls so that they can diverge in
the future.
Change-Id: I5b10d092896606796dc0c9afc5e34a1b288b867b
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1099860
Commit-Ready: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
The virtio block specification defines the VIRTIO_BLK_F_RO feature bit
to indicate read-only block devices. Plumb the read-only status of
block devices from the crosvm frontend into the virtio block device and
populate the flag when appropriate.
BUG=chromium:872973
TEST=Verify lsblk output in guest has the correct RO values
Change-Id: I23af87cce8020641cd702adca6e8ff9fdd2b8220
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1170306
Reviewed-by: Zach Reizner <zachr@chromium.org>
This is more consistent with the way it will be used in the virtio-blk
device model.
BUG=chromium:872973
TEST=cargo test
Change-Id: I28c5d007a7f3864ef6e18e9b343d263123302484
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1170304
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Implement a new virtio_9p device to be used for sharing directories with
the VM.
BUG=chromium:703939
TEST=mount inside a VM and run `bonnie++ -r 256`
Append the shared directory to the crosvm command line:
--shared-dir /path/to/dir:test_9p
Then mount in the guest:
mkdir /tmp/9p
mount -t 9p -o trans=virtio test_9p /tmp/9p -oversion=9p2000.L
Or for a 9p root:
run --shared-dir /mnt/vm_root:/dev/root -p 'root=/dev/root ro rootflags=ro,trans=virtio,version=9p2000.L,cache=loose rootfstype=9p' vmlinux.bin
CQ-DEPEND=CL:1065170
Change-Id: I41fc21306ab5fa318a271f172d7057b767b29f31
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1065173
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
In future changes this state will be generated by the architecture, so
make it easier to pass around than 11 variable individually.
Change-Id: If2c5f15b429ef7b651f88bfa50aabcf47757c02b
Reviewed-on: https://chromium-review.googlesource.com/1099855
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Implement a policy for the balloon device so that it starts taking
memory away from the VM when the system is under low memory conditions.
There are a few pieces here:
* Change the madvise call in MemoryMapping::dont_need_range to use
MADV_REMOVE instead of MADV_DONTNEED. The latter does nothing when
the memory mapping is shared across multiple processes while the
former immediately gives the pages in the specified range back to the
kernel. Subsequent accesses to memory in that range returns zero
pages.
* Change the protocol between the balloon device process and the main
crosvm process. Previously, the device process expected the main
process to send it increments in the amount of memory consumed by the
balloon device. Now, it instead just expects the absolute value of
the memory that should be consumed. To properly implement the policy
the main process needs to keep track of the total memory consumed by
the balloon device so this makes it easier to handle all the policy in
one place.
* Add a policy for dealing with low memory situations. When the VM
starts up, we determine the maximum amount of memory that the balloon
device should consume:
* If the VM has more than 1.5GB of memory, the balloon device max is
the size of the VM memory minus 1GB.
* Otherwise, if the VM has at least 500MB, the balloon device max is
50% of the size of the VM memory.
* Otherwise, the max is 0.
The increment used to change the size of the balloon is defined as
1/16 of the max memory that the balloon device will consume. When the
crosvm main process detects that the system is low on memory, it
immediately increases the balloon size by the increment (unless it has
already reached the max). It then starts 2 timers: one to check for
low memory conditions again in 1 seconds (+ jitter) and another to
check if the system is no longer low on memory in 1 minute (+ jitter)
with a subsequent interval of 30 seconds (+ jitter).
Under persistent low memory conditions the balloon device will consume
the maximum memory after 16 seconds. Once there is enough available
memory the balloon size will shrink back down to 0 after at most 9
minutes.
BUG=chromium:866193
TEST=manual
Start 2 VMs and write out a large file (size > system RAM) in each.
Observe /sys/kernel/mm/chromeos-low_mem/available and see that the
available memory steadily decreases until it goes under the low memory
margin at which point the available memory bounces back up as crosvm
frees up pages.
CQ-DEPEND=CL:1152214
Change-Id: I2046729683aa081c9d7ed039d902ad11737c1d52
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1149155
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
The size is specified in bytes, correct the help messages.
Change-Id: I386b329123bbfc9dfdaf073eb345c4554ade4982
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1145763
Reviewed-by: Stephen Barber <smbarber@chromium.org>
PCI devices will require interrupts, allow this by passing a vector of
IRQs to the mptable so the guest kernel can find the IRQs.
Change-Id: I9fa8a2ed0a34089e631441570521082ffde9c4ef
Reviewed-on: https://chromium-review.googlesource.com/1072578
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Basic 2D and 3D support is there. The drm_cursor_test and
null_platform_test in drm-tests should run to completion.
The extra device is hidden behind both a build time feature called 'gpu'
and the device is only added to a VM if the '--gpu' flag is given.
TEST=build with --features=gpu;
drm_cursor_test && null_platform_test
BUG=chromium:837073
Change-Id: Ic91acaaebbee395599d7e1ba41c24c9ed2d84169
Reviewed-on: https://chromium-review.googlesource.com/1036862
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
PCI adds a configuration space to the existing memory mapped IO
supported by BusDevices.
Add the ability to set configuration space as optional to the BusDevice
trait so that ProxyDevice can be shared.
PCI devices can have more than one memory mapped region. Expand the bus
so that it has the ability to pass an absolute address instead of an
offset. This will allow the PCI device to know which BAR is being
written to.
Change-Id: I055cd516c49a74316a9547df471290f05d865b0a
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1103663
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
All qcow clusters need to have their refcounts set. Add a `new` method
to `Qcowfile` and use it instead of just headers from the library.
The new method will loop over the initial clusters and initialize their
refcounts.
Add a `create_qcow2` option to the main executable so there is a way to
test image creation that doesn't require DBUS and Concierge.
BUG=none
TEST='crosvm create_qcow2 /tmp/file.qcow2 1000000'
'qemu-img check /tmp/file.qcow2'
no errors reported.
Change-Id: I8798df5942fb23f79cc7ca86820d0783d1f2b608
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1136900
Reviewed-by: Stephen Barber <smbarber@chromium.org>
