This CL fixes four cases of what I believe are undefined behavior:
- In vhost where the original code allocates a Vec<u8> with 1-byte
alignment and casts the Vec's data pointer to a &mut vhost_memory
which is required to be 8-byte aligned. Underaligned references of
type &T or &mut T are always undefined behavior in Rust.
- Same pattern in x86_64.
- Same pattern in plugin::vcpu.
- Code in crosvm_plugin that dereferences a potentially underaligned
pointer. This is always undefined behavior in Rust.
TEST=bin/clippy
TEST=cargo test sys_util
Change-Id: I926f17b1fe022a798f69d738f9990d548f40c59b
Reviewed-on: https://chromium-review.googlesource.com/1566736
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
To avoid wasting time re-sorting these things (CL:1492612).
https://docs.rs/remain
Disclaimer: I wrote the macro.
This CL adds #[sorted] attributes to those Error enums that seemed to
have made some effort to be in sorted order.
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
TEST=emerge-nami crosvm
TEST=local kokoro
CQ-DEPEND=CL:1524247
Change-Id: I89685ced05e2f149fa189ca509bc14c70aebb531
Reviewed-on: https://chromium-review.googlesource.com/1515998
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
This may help reduce cases of conflicts between independent CLs each
appending a dependency at the bottom of the list, of which I hit two
today rebasing some of my open CLs.
TEST=cargo check --all-features
Change-Id: Ief10bb004cc7b44b107dc3841ce36c6b23632aed
Reviewed-on: https://chromium-review.googlesource.com/1557172
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Separated out of CL:1513058 to make it possible to land parts
individually while the affected crate has no other significant CLs
pending. This avoids repeatedly introducing non-textual conflicts with
new code that adds `use` statements.
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: Iec5cc762f38f18196a6147473ac093f474b00794
Reviewed-on: https://chromium-review.googlesource.com/1520075
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
To support eclass migration for crosvm ebuild from crate to cros-rust.
This CL need to be built with cros-rust version crosvm ebuild.
- Upgrage crate cc from 1.0.15 to 1.0.25.
- Change local tempdir version from 0.3.5 to 0.3.7 for ebuild
integration.
- Remove 9s directory since it's moved to platform2.
BUG=chromium:781398
BUG=chromium:907520
TEST=Run $ FEATURES=test emerge-eve crosvm
in a clean chroot
CQ-DEPEND=CL:1421303
Change-Id: Iab615b555a51f8020e5efae1cc40ac6b54ea87f2
Reviewed-on: https://chromium-review.googlesource.com/1421237
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This CL adds a crate `sync` containing a type sync::Mutex which wraps
the standard library Mutex and mirrors the same methods, except that
they panic where the standard library would return a PoisonError. This
API codifies our error handling strategy around poisoned mutexes in
crosvm.
- Crosvm releases are built with panic=abort so poisoning never occurs.
A panic while a mutex is held (or ever) takes down the entire process.
Thus we would like for code not to have to consider the possibility of
poison.
- We could ask developers to always write `.lock().unwrap()` on a
standard library mutex. However, we would like to stigmatize the use
of unwrap. It is confusing to permit unwrap but only on mutex lock
results. During code review it may not always be obvious whether a
particular unwrap is unwrapping a mutex lock result or a different
error that should be handled in a more principled way.
Developers should feel free to use sync::Mutex anywhere in crosvm that
they would otherwise be using std::sync::Mutex.
TEST=boot linux
Change-Id: I9727b6f8fee439edb4a8d52cf19d59acf04d990f
Reviewed-on: https://chromium-review.googlesource.com/1359923
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This reverts commit c8986f14a8.
Re-land the virtio PCI conversion after the preceding fixes.
BUG=chromium:854766
TEST=Boot crosvm on nami and kevin
Change-Id: I3699e3ed1a45cecc99c51e352d0cf0c32bc4116f
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1265862
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This reverts commit d635acbaf3.
This commit seems to be responsible for introducing hung tasks in tests,
so let's revert it for now to get the tests green and debug it offline.
BUG=chromium:891806
TEST=None
Change-Id: I83504058baeae00909d9fb4f4bb704a144a0dfaf
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1259408
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Change the main create_virtio_devs() function to create virtio devices
using the PCI transport rather than MMIO.
BUG=chromium:854766
TEST=Boot crosvm and verify that all virtio devices still work
Change-Id: I9a6e60b21edea1e5ac2b3ae5c91793d45cf5063a
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1241541
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The fix passes through cache-related CPU entries 2, 4, 0x80000005
and 0x80000006 similar to how QEMU does it.
Note passing this cpuid info itself is not sufficient unless
CPU vendor is something Linux kernel recognizes. Therefore, I am
removing cute spoofing of the vendor id, allowing host value to
pass through.
I believe it is generally a bad idea to spoof vendor id as lots of
kernel and user space code gets confused and may take unoptimized paths.
The corollary is that removing the spoofing may have unintended
consequences correctness- and performance-wise. I would appreciate
recommendation on additional testing.
BUG=chromium:859678
TEST=lscpu in Guest, 'cargo test'
Change-Id: I6963b00d9eecf49fb4578bcc75ad744c3099f045
Reviewed-on: https://chromium-review.googlesource.com/1125529
Commit-Ready: Slava Malyugin <slavamn@chromium.org>
Tested-by: Slava Malyugin <slavamn@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Allow IRQs to be assigned before creating device manager.
For PCI, we need to add devices with interrupts before MMIO setup. Add
the ability to tell the architecture device manager about IRQs that we
have stolen.
There was only one function in device_manager and all of its state is
now delegated to the resource allocator, remove it.
Change-Id: I9afa0e3081a20cb024551ef18ae34fe76a1ef39d
Reviewed-on: https://chromium-review.googlesource.com/1089720
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
This creates a trait that different architectures can implement to
support running Linux VMs.
In the implementation on X86 we remove some error and return errors
from lower-level modules as appropriate. These modules now implement
the Error trait so we can get meaningful descriptions without an extra
error from the calling function. This still keeps all the ifdefs in
linux.rs for now until we have another implementation to use for ARM.
BUG=chromium:797868
TEST=./build_test passes on all architectures
TEST=crosvm runs on caroline
Change-Id: If24bcc83e25f9127d6aea68f9272e639296aad8b
Reviewed-on: https://chromium-review.googlesource.com/952368
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This is in preparation to make different architectures implement a
trait, but for now it's just moving code out of linux.rs and into
x86_64 trait. A few new functions were required which will become
part of the trait interface. There's still a lot of ugly ifdefs
everywhere that should go away in subsequent CLs.
BUG=chromium:797868
TEST=./build_test
TEST=run crosvm on caroline
Change-Id: Ifc95d4eb84f64ebacb4481a172524d94dc96b7bb
Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/942084
Reviewed-by: Zach Reizner <zachr@chromium.org>
Not all types are safe to read from guest memory. Any type with a
reference or pointer will be initialized to random bits that don't refer
to a valid address. This can cause dangling pointer and general
unsafe behavior.
To fix this, limit types that can be read with read_obj to those that
implement the unsafe trait `DataInit`. Provide implementations of
`DataInit` for intrinsic types that are obviously safe to initialize
with random data.
Implement the needed traits for bootparam types as they are read from
the kernel image directly.
Change-Id: I1040f5bc1b2fc4c58c87d8a2ce3f618edcf6f9b1
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/540750
Reviewed-by: Zach Reizner <zachr@chromium.org>
