The `convert_to_*` functions take ownership of the passed FDs even
though they should not according to the function's contract. This change
clones the passed FDs so that the caller can retain ownership of its
FDs.
This change also wraps most of the implementations in catch_unwind so
that panics do not unwind past FFI boundaries, which is undefined
behavior.
BUG=chromium:905799
TEST=in crosh: `vmc export <vm name> <file name>`
Change-Id: I2f65ebff51243675d0854574d8fd02cec1b237a4
Reviewed-on: https://chromium-review.googlesource.com/1338501
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The qcow_utils crate is not a dependency of crosvm and should not be
built in the same phase as crosvm. Doing so was harmless before the
recent rustc/cargo changes, which seem to be triggering some kind of
race condition. This change works around the bug.
CQ-DEPEND=CL:1336738
TEST=cargo test --release
BUG=chromium:900366
Change-Id: I01048128b20cf06580e809f6701688ab72e7756d
Reviewed-on: https://chromium-review.googlesource.com/1336737
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Turns out my cargo-fmt binary was being sourced from ~/.cargo/bin, which
was very out of date. Hopefully less formatting issues come out of my
chroot now.
TEST=cargo fmt --all -- --check
BUG=None
Change-Id: I50592e2781835840dc5d589c681b3438d6de3370
Reviewed-on: https://chromium-review.googlesource.com/1324669
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This change includes relevant toolchain versions and some echos
announcing the stages of testing. This should make kokoro's logs a bit
easier to diagnose.
TEST=kokoro_simulator.sh
BUG=None
Change-Id: I6d51d8ae6618a244338605d61882eeedcb1f5b79
Reviewed-on: https://chromium-review.googlesource.com/1324689
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The types from msg_socket were assumed to be in scope for the custom
derive implementation, which would cause mysterious compiler errors if
the custom derive was invoked in a module without msg_socket types in
scope.
This CL uses fully qualified types in the generated output to avoid
these errors.
This change also uses `extern crate msg_socket` in case the call site
doesn't have it in scope.
BUG=None
TEST=cargo test -p msg_on_socket_derive
Change-Id: Ie6443cd4ffc070d27e71de123090a58f19846472
Reviewed-on: https://chromium-review.googlesource.com/1314208
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jingkui Wang <jkwang@google.com>
This matches the definitions from the virtio specification and makes
balloon consistent with the other virtio devices in crosvm.
BUG=None
TEST=build_test.py
Change-Id: I9dd6b6ec981944e28eaf6bc92332db5ec326433b
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1313011
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This patch avoids sendmsg/recvmsg if there is no fd.
BUG=chromium:900962
TEST=build local image and test
Change-Id: I3a5fd52232dc7d98dacd78aa0b383a436056ffb7
Reviewed-on: https://chromium-review.googlesource.com/1313656
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This was split to allow the virtio PCI transition. Now that everything
is moved over, we can put the virtio configuration back into Config.
BUG=None
TEST=Boot crosvm on kevin and verify virtio devices still work
Change-Id: I2411f5131729f84b6820aac67a92d07346f64021
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1281833
Reviewed-by: Dylan Reid <dgreid@chromium.org>
All devices have been converted to PCI, so we don't need MmioDevice.
BUG=chromium:854766
TEST=Boot crosvm on kevin and verify virtio devices still work
Change-Id: Ib6400e15bdb2153d14795de3cb0bfbf1845a8891
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1281832
Reviewed-by: Dylan Reid <dgreid@chromium.org>
It looks like free() will sometimes try to open
/proc/sys/vm/overcommit_memory in order to decide whether to return
freed heap memory to the kernel; change the seccomp filter to fail the
open syscalls with an error code (ENOENT) rather than killing the
process.
Also allow madvise to free memory for the same free() codepath.
BUG=chromium:888212
TEST=Run fio loop test on kevin
Change-Id: I1c27b265b822771f76b7d9572d9759476770000e
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1305756
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Rust 1.30.0 ships a new rustfmt that causes a few more formatting
changes.
BUG=None
TEST=Run kokoro tests with updated Rust version
Change-Id: I803765ec0f3d2447f627b1e990bce438512367f7
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1307816
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Also add g++ to the apt package list, since minijail now requires it.
BUG=None
TEST=Rebuild Docker container and run tests
Change-Id: I3d5cee0fa626e840037ae83537bdf891b4489a49
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1307815
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Legacy PCI interrupts should be level triggered, not edge triggered.
The reverted change was done as part of a series of patches during
debugging of virtio-pci differences from virtio-mmio, but this was not
the actual root cause of the problems.
BUG=None
TEST=Boot crosvm on x86-64 and verify virtio devices still work
This reverts commit 9357ceab6a.
Change-Id: If1bf6e48d63fe352f0b914f5bdb2e346ab210369
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1297840
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Register the irqfd with resample support so that we can correctly
emulate level-triggered interrupts. This requires each PciDevice to
listen for interrupt_resample events and re-assert the IRQ eventfd if it
should still be active.
BUG=None
TEST=Boot crosvm on x86-64 and arm devices
Change-Id: I5cf8d1d1705cf675b453962c00d2d606801fee91
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1298654
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
File exposes sync_all() and sync_data() functions, which map to fsync()
and fdatasync(), but these functions are not in a trait (they are just
implemented directly on File), so they can't be implemented and used in
a generic way for QcowFile.
Add a new trait, FileSync, that exposes a fsync() function that may be
used in the virtio block model. Previously, we were translating a block
flush request into a call to File's flush() function, but this just
flushes internal Rust library buffers to the file descriptor; it didn't
actually result in a fsync() call. Using the new trait, we can cause an
actual fsync() to occur for raw files, as intended. QcowFile was
already safe, since its flush() function actually calls sync_all() under
the hood.
BUG=None
TEST=sync with raw disk and verify fsync() in strace output
Change-Id: I9bee2c0d2df3747aac1e7d9ec7d9b46a7862dc48
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1297839
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Also add the standard Chromium copyright header to make the pre-submit
check happy.
BUG=None
TEST=Run manually with docker and verify it catches incorrect formatting
Change-Id: I85b7736e9efe97e56bde99eee0f23b213d3b7523
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1296984
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This command line option was unwired a while back, so this option is not
needed.
TEST=./build_test
BUG=None
Change-Id: Ie5a8e305958fd710fc8edc67e33772ed38c7711c
Reviewed-on: https://chromium-review.googlesource.com/1058713
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
If a BackBuffer has some gpu_renderer_resource, attach the backing
through to virgl to allow resources to be transfered in the future.
BUG=chromium:892261
TEST=eglgears_x11, xterm, xeyes
Change-Id: I9c4310da8eba73ec69dbaeba340b362c22fb21a0
Reviewed-on: https://chromium-review.googlesource.com/1288960
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This is needed to make sure seccomp work with glibc 2.27
BUG=chromium:897477
TEST=None
Change-Id: I101aa07bffd8db2b449be1a697dafcd7d6f1cb58
Reviewed-on: https://chromium-review.googlesource.com/1294729
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This adds openat to a seccomp policy file if open is already there.
We need this because glibc 2.25 changed it system call for open().
BUG=chromium:894614
TEST=None
Change-Id: Ie5b45d858e8d9ea081fd7bfda81709bda048d965
Reviewed-on: https://chromium-review.googlesource.com/1292129
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Make the Minijail part of the PCI device tuple optional so that an empty
jail is not created for --disable-sandbox.
BUG=None
TEST=Boot crosvm in both --multiprocess and --disable-sandbox modes
Change-Id: Ibb3f2dbf33ca19910ee7448ea823b2772e09ecc5
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1290289
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Make --disk and --rwdisk automatically distinguish between qcow2 and raw
disk images. --qcow and --rwqcow are kept as aliases for compatibility.
BUG=chromium:893380
TEST=Boot crosvm with both raw and qcow2 disk images.
Change-Id: I5b572626ca5ab894c78454f59355f27d552cbf7d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1275185
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Our branch of the 3.18 kernel has FALLOC_FL_PUNCH_HOLE disabled for the
ext4 filesystem, which means that systems running that kernel always
take the fallback path of writing buffers full of zeroes. This is not
necessary for the Discard command, since it is just a hint and is not
required to actually zero the blocks.
Split the WriteZeroes trait up into a new PunchHole trait, which
corresponds to fallocate() with FALLOC_FL_PUNCH_HOLE, and use the new
trait to implement the virtio block Discard command.
BUG=chromium:896314
TEST=`mkfs.btrfs /dev/vdb` and verify the desired fallocate() is used
and no write() calls are issued when inducing a failure
Change-Id: I67fd9a132758d8d766531ccca8358c7fe67b0460
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1286224
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This will be used in vm_concierge's ExportDiskImage function in order to
allow a minimal qcow2 image to be written on the fly (containing only
the required clusters in a tightly-packed image file). It also allows
future flexibility to change the underlying disk image file format while
still exporting qcow2 images (e.g. via `vmc export`).
For testing, add a qcow_img `convert` command, which can convert
between raw and qcow2 as both source and destination.
BUG=None
TEST=Use qcow_img to convert a raw image to qcow2 and back and verify
its contents are the same as the original.
Change-Id: I74167aca9a9c857d892e24adf5ee17afc0f6e6b5
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1272060
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Allow seeking to the next hole or data region in File and QcowFile.
BUG=None
TEST=None
Change-Id: I16e77e4791aa85b4cc96f38327026cd93f02b7e1
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1274147
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
A few non-rustfmt changes slipped in since the tree-wide formatting
pass.
BUG=None
TEST=Re-run `cargo fmt` and verify that it makes no further changes.
Change-Id: Ic5afb20dabc1087e5d6f54862e6b8b47c5f5608d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1287369
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This will harden crosvm against potential integer overflow leading to
unsafe behavior in unsafe blocks.
TEST=cargo test --release
BUG=None
Change-Id: Ie750906d04c6ef8cb9400b976827c2abeab2ab56
Reviewed-on: https://chromium-review.googlesource.com/1282064
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Rather than using the default BufWriter capacity (currently 8K),
calculate the exact size required to contain the table. This further
consolidates the write() system calls to the minimum required.
BUG=chromium:891335
TEST=Manually verify expected write() calls with strace
Change-Id: I9ade77024e60a92d30b65beb07c2385e5dacc167
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1250035
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Some filesystems do not support FALLOC_FL_ZERO_RANGE; in particular,
encrypted files on ext4 fail this request with -EOPNOTSUPP. Use
fallocate with FALLOC_FL_PUNCH_HOLE instead, which is more widely
supported.
BUG=None
TEST=strace crosvm using qcow files on encrypted ext4 and verify that
fallocate(FALLOC_FL_PUNCH_HOLE) is issued when required.
Change-Id: Idffabc75ea0e1153efbb13cec8b4a25570427235
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1250022
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The "reboot" option is specific to x86 (reboot=k forces use of the i8042
keyboard controller to initiate a reset). Remove the unnecessary option
from the aarch64 command line.
BUG=None
TEST=Stop and restart VM on Kevin
Change-Id: Ic91c9a03491a6620d6f88ea0ada12f637f402840
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1279268
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
This reverts commit c8986f14a8.
Re-land the virtio PCI conversion after the preceding fixes.
BUG=chromium:854766
TEST=Boot crosvm on nami and kevin
Change-Id: I3699e3ed1a45cecc99c51e352d0cf0c32bc4116f
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1265862
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Wire up the serial device interrupt on aarch64 so stdin works.
BUG=chromium:890956
TEST=Verify serial console works on kevin
Change-Id: Ifcafecb10d443f0100f047d0a2ec545c24e718af
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1115728
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
The virtio PCI spec (4.1.4.5.1 Device Requirements: ISR status
capability) says:
"The device MUST reset ISR status to 0 on driver read."
BUG=chromium:854766
TEST=None
Change-Id: I92a1ddccfc8e44bed7f4a16e3cfd11b946629e22
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1260252
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The virtio PCI spec (4.1.5.2 Notifying The Device) says:
"The driver notifies the device by writing the 16-bit virtqueue index
of this virtqueue to the Queue Notify address."
We were previously registering the notify address specifying
NoDatamatch; switch this to a 16-bit match of the queue index to follow
the specification.
BUG=chromium:854766
TEST=Boot crosvm with virtio devices converted to PCI
Change-Id: Ic950a8c7751268f7fcc21d5c37b0afc859f1e6d0
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1265861
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This allows the caller to specify the full range of datamatch options
defined in the KVM ioeventfd API, including matching accesses of a
particular size with or without matching a specific data value.
BUG=None
TEST=cargo test -p kvm
Change-Id: I28b543f7c0b35eb2a6d47a14a33145ea00d09d1d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1271836
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>