Use ok_or to remove the match witch was harder to read. No functional
change. Pull the check in to a function so that it only needs to be
right once.
Change-Id: I0e5801d9e7e82994e7f1fbda0d2692a4afd59d99
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/850850
Reviewed-by: Zach Reizner <zachr@chromium.org>
The other functions in mmap check that the offset doesn't overflow. The
kernel_loader fuzzer found that read forgot to check.
Change-Id: Ifc89dbe40345c5923a5cf29c9f29e810e9e1a1e8
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/850542
Reviewed-by: Zach Reizner <zachr@chromium.org>
The syslog subsystem tries to figure out the file descriptor for the
connection to the system logger so that it can ensure that it doesn't
get closed in each device process.
However, the check does not work properly if there was already an open
connection to the system logger. In this case the openlog call does not
do anything and we end up guessing the wrong file descriptor number for
the syslog connection.
Work around this by adding a closelog() call before attempting all of
this cleverness. In the long run this should be fixed properly by just
bind mounting /dev/log into each device process's jail.
BUG=none
TEST=Running crosvm under minijail0 does not cause an InvalidFd error.
Change-Id: Iffd535d62acdf8053817af74b9e97444c746a0cf
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/851271
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Getting and settings seals is useful to ensure the size of files
underlying memory mappings doesn't shrink, which can trigger a SIGBUS on
access to the truncated pages.
This also bumps the libc version to get MFD_ALLOW_SEALING.
TEST=cargo test
BUG=None
CQ-DEPEND=CL:850535
Change-Id: Ifbe1ec2c47d3d5c51b63472f545acc10d3c8eed2
Reviewed-on: https://chromium-review.googlesource.com/849488
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This is needed to support the plugin process API, which may register
guest memory mapped at an offset from the beginning of a file.
TEST=cargo test
BUG=None
Change-Id: Idf1e9f0287df5510728ab2bcf4dd090f9e81a5bf
Reviewed-on: https://chromium-review.googlesource.com/849495
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The old sequence used tail cails to foward resources to the next stage
of the process, making it cumbersome to add new resources to earlier
stages. Certain tasks, such as IO port bus creation or irqfd
registration, were delayed to late stages for no good reason, causing
the stage names to have no correspondence with their contents.
The new sequence organizes setup into logical functions that only receive
and return resources that make sense for their operations.
BUG=None
TEST=./build_test; cargo run
Change-Id: Idaf1488da515e2473125333bf997638da60fa992
Reviewed-on: https://chromium-review.googlesource.com/822927
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The old DeviceManager made changes to VM indirectly using VM control
messages. This change gives the DeviceManager a VM reference to make
changes directly. This simplifies things by removing the need for an
extra loop to pending VM control messages.
BUG=None
TEST=./build_test
Change-Id: I6866015ddf3216a1f03d6ac0431548e3b827b750
Reviewed-on: https://chromium-review.googlesource.com/823263
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This is needed for plugin process style executions because they don't
register guest memory though the GuestMemory interface. Their memory is
more dynamic and ill-suited to the GuestMemory abstraction.
TEST=./build_test
BUG=None
Change-Id: I250b0b874ef6a0e342fd6e659301f389d01a4cda
Reviewed-on: https://chromium-review.googlesource.com/848018
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Re-generated the bindings for x86_64 and arm which now use union types
so a little bit of code in the library also changed, and adds bindings
for aarch64 which are required to run an aarch64 guest.
Also, I manually fixed the zero-length array cases where rust bindgen
doesn't properly align the structs. See rust bindgen bug 684.
BUG=chromium:797868
TEST=run crosvm on x86_64, ensure networking works
TEST=./build_test passes on x86
Change-Id: Iab2193a8f1d4c68bd3346ae683c74bbf16fe45d4
Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/845519
Reviewed-by: Zach Reizner <zachr@chromium.org>
The balloon device is used to take regions of unused memory from the
guest and allow other host processes to use that memory.
Change-Id: I06c821365a58672d605fc7555beaec599cae1b15
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/759306
Reviewed-by: Stephen Barber <smbarber@chromium.org>
This is to clearly separate the Linux VM setup code from main's argument
parsing logic. This will also make it easier to add other kinds of VM
setup code without littering main or the Linux setup sequence.
BUG=None
TEST=./build_test; cargo run
Change-Id: I8e28720df760357cf00c9711ca5f1f8d6c077844
Reviewed-on: https://chromium-review.googlesource.com/823610
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
/var/empty always exists on cros devices and is commonly used by recent
minijail configs throughout the system. Using it here saves several
variables and removes some error paths.
Leave the wayland root as it needs to be owned by the wayland group.
Change-Id: I261915f4419cadb3f121e9c423c79e467b014700
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/816536
Reviewed-by: Zach Reizner <zachr@chromium.org>
Add functions to let the kernel know a given range of memory isn't
needed currently. This function will result in `madvise(DONTNEED)`.
The ability to signal memory as not needed will be used by the balloon
driver to allow system memory to be redistributed away from the VM.
Change-Id: I4ca56e09010eec33989824f5738db4a4be0ec428
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/759305
Reviewed-by: Zach Reizner <zachr@chromium.org>
Recent Linux kernel's fail to start if the mptable is at the start of
RAM (address 0x00). Avoid putting the mptable there so that crosvm can
boot 4.14+ kernels. The kernel scans the last kilobyte of RAM after the
first, move the mptable there.
Change-Id: Ia00f49e7a4cbd0fb3719c21b757e8fdca65584e8
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/780045
Making the project a workspace allows running all local libs unit tests
from the main build.
Change-Id: Ib531dd10c21f324c7d25af69ad12b95c7bc8f3bc
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/759597
Reviewed-by: Zach Reizner <zachr@chromium.org>
The table grew with the addition of the 16 mpc_intsrc structures.
Correct the `compute_mp_size` function, the end check, and add a unit
test for the not having enough memory.
Change-Id: I1ff268629a47a422f50aefef9d6aa95121b94d59
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/777710
Reviewed-by: Slava Malyugin <slavamn@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
There were remnants of using `minijail_enter`, switch them to
`minijail_fork`.
Change-Id: I5c695cbc3bfd6868f25f46f785a2f96391744d90
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/759598
Reviewed-by: Stephen Barber <smbarber@chromium.org>
On older kernels, the memfd_create syscall isn't available. Skip shm
tests if that is the case.
Change-Id: I39c1f1779f1f02e90df727c6ca18b5bdae52e855
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/768102
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The mptable inherited from kvmtool had some missing pieces. On top of that,
crosvm does not use KVM_SET_GSI_ROUTING. The addresses makes mptable match
the default routing in host kernel and removes "noapic".
TEST=cargo build (--release). tatl boot tested on 4.4.0 and 4.4.9
Change-Id: Ibc55abf245cd9d8fca601da204d5a189321c09c7
Reviewed-on: https://chromium-review.googlesource.com/772820
Commit-Ready: Slava Malyugin <slavamn@google.com>
Tested-by: Slava Malyugin <slavamn@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This change is to support a related kernel change but is backwards
compatible with kernels without that change.
BUG=chromium:782474
TEST=None
Change-Id: Ic1224b65ed9685f246002f946cfc6bfa2dbb2856
Reviewed-on: https://chromium-review.googlesource.com/770593
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Suspend/resume can cause syscall restarts and will cause KVM_RUN ioctls
to return with EINTR. Handle these so the VM doesn't shut down.
BUG=none
TEST=vm survives suspend/resume
Change-Id: I1fab624cb8fe0949d341408f0c962c859a034205
Reviewed-on: https://chromium-review.googlesource.com/750054
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This also updates the `build_test.py` to use the command line option to
run certain certain test modules serially.
TEST=./build_test
BUG=None
Change-Id: I8a498514cb6b89fab01f02d0ef8faf39629f717c
Reviewed-on: https://chromium-review.googlesource.com/748824
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
If reading from stdin returns EOF or an error, remove it from the list
of pollables.
BUG=none
TEST=`vm_launcher start` and check that crosvm no longer pegs CPU
Change-Id: I7971058701e6145884de9c52a8dd5b829373637b
Reviewed-on: https://chromium-review.googlesource.com/745961
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
crosvm spawns a lot of processes/threads, and having these all use the same
name as the original process can be confusing. So at least in the instances
where Rust threads are spawned (vs. minijail_fork()), use a thread::Builder
to allow setting the thread name.
BUG=none
TEST=start crosvm, check thread names with top
Change-Id: I6e55ff5fd60f258880bda8e656ab7f9da82c656e
Reviewed-on: https://chromium-review.googlesource.com/742394
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
There is a low limit on the maximum memory slot number imposed by the
kernel. On x86_64, that limit is 509. In order to delay hitting that
limit, we attempt to use the lowest unused slot number. As memory
regions are removed from the VM, the slot for that region is stored in a
heap so that that slot number can quickly be reused next time a memory
region is added.
BUG=None
TEST=finish a game of gnome-mahjong using virtio-wayland
Change-Id: I786c2e2b8ff239c19b3c8a18bd0f6e8f8dc2acbf
Reviewed-on: https://chromium-review.googlesource.com/740102
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Add a wayland-sock argument for specifying the path to the
wayland socket. Also add a wayland-group argument for specifying
the group that has access to that socket.
BUG=none
TEST=crosvm starts with wayland
Change-Id: I3e53eb697951200340613663dc3e4ed28d8ed7f8
Reviewed-on: https://chromium-review.googlesource.com/733732
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Using minijail_fork removes the need to manage user and pid namespace
explicitly in crosvm and removes some parent/child synchonization
requirements too.
Change-Id: I47f9d39527d0a3ccf625600e9bfc2cccc3cb27ca
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/719443
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Since /var/run is a symlink to /run, and we want to avoid going
through the stateful /var whenever possible, use the direct path.
BUG=chromium:699880
TEST=precq passes
Change-Id: I5d95f5358c1fb0cb2ca73f9c4b145d8e36b4a361
Reviewed-on: https://chromium-review.googlesource.com/734225
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Mutable references being declared mutable themselves is unnecessary and
now generates a warning.
Change-Id: I29c7652fb86e17a8eda21efc728dd09b726c304f
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/717733
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Moving the devices to their own module makes it easier to add tests that
use them.
Change-Id: I61bfef4037d16b20145b5fddce604835cdc4f67b
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/706559
Reviewed-by: Zach Reizner <zachr@chromium.org>
Break out vm_control to a crate that will be able to used by more
modules. Having vm_control usable from outside crosvm makes it possible
to move the devices out of crosvm in a later commit.
Change-Id: I1f060700ed49b5d77519d55efa2430490d521256
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/706558
Reviewed-by: Zach Reizner <zachr@chromium.org>
Change the default option to use a sanboxxed process for each device.
The old behavior can be re-enabled with the `--disable-sandbox` flag.
Change-Id: I65762a6cb52afac210fc0e683d999f20fe67a57e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/696715
Reviewed-by: Zach Reizner <zachr@chromium.org>
The other options all user hyphens.
Change-Id: I7f0ab307fd5e50deea8c276bc7a73e43cf692195
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/696714
Reviewed-by: Stephen Barber <smbarber@chromium.org>
All seccomp policy files get installed in /usr/share/policy on chrome
os. Load the virtio device seccomp policy files from there as well.
BUG=none
TEST=run crosvm under strace -e trace=open and verify that it is loading
the policy files from /usr/share/policy
Change-Id: I87fa3c57babfd256fb1ac1a827337a95e9c003ad
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/630059
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
To ensure dependencies don't accidentally get updated, their versions are
fixed using the equals constraint. The Cargo.lock file is also checked in
so that the registry won't need to be downloaded by cargo.
These changes are needed so that the crosvm ebuild will not need to
download anything outside of its list of source packages.
TEST=./build_test
BUG=None
Change-Id: Iae8472de77e3589a453685717b26fb1ceb44e257
Reviewed-on: https://chromium-review.googlesource.com/674092
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The compiler was complaining about std::fmt::Debug being an unused
import. Remove the import.
BUG=none
TEST=build_test and see no warnings about unused imports
Change-Id: I5e606982dffee575b3048b6c45cb5222e63ae3dc
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/669305
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Implement the virtual sockets device using vhost subsystem of the host
kernel to handle data transfer.
BUG=chromium:708267
TEST=build and run maitred in guest VM without issue
Change-Id: I35b542c0fc7e0fd9296f7ba3e1dfce60bf524d15
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/638838
Reviewed-by: Stephen Barber <smbarber@chromium.org>
