Move GuestAddress and GuestMemory to a new crate for VM memory. This
will make separating sys_util and crosvm independent making it easier
to use sys_util functions outside of crosvm.
Change-Id: I12e14948ea85754dfa6267b3a3fb32b77ef6796e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2311251
Auto-Submit: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
This was introduced in a CL that did not use it, so it seems to be
unnecessary (maybe copy-pasted from another error enum).
Fixes a clippy warning:
error: variant is never constructed: `Unsupported`
BUG=None
TEST=bin/clippy
Change-Id: Iaccf6c86a5ef9e36efad1053776b6ee2db53a2cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2316379
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Lingfeng Yang <lfy@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Currently the PIT creates a thread when the Pit object is instantiated,
but this is a problem when sandboxing is enabled, because minijail does
not want to fork when there is more than one thread.
This change updates the PIT to only create the woker thread once the PIT
has been read from or written to.
Split irqchip mode still does not seem to quite work in sandbox mode,
there appears to be some other sort of bug, but when run with the
hypervisor abstraction it does run. So this fix is mostly applicable
once hypervisor abstraction has been integrated.
BUG=chromium:1077058
TEST=ran test VM with --split-irqchip without --disable-sandbox and it
gets further than before, plus ran cargo test -p devices.
Change-Id: Idf511bde825d4a004f1492dcbd27f6829e872735
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2304258
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Udam Saini <udam@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
In some methods the context was queried several times, which complicates
the code a bit and potentially generates error-handling code that cannot
possibly be used once the context has been successfully obtained once.
Merge all these context requests into a single one for each method.
BUG=b:161774071
TEST=crosvm builds
Change-Id: Ia4a5036a0ed0fd20a928c448e62fdd8e37e8a914
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2311497
Tested-by: Alexandre Courbot <acourbot@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Alex Lau <alexlau@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Needed for syncfd support (transfer doesnt come with fence
import/export)
Needed for address space graphics protocol on virtio-gpu
BUG=b/156130048
Change-Id: If6f55985f04fd8a2862650b2cbd37a3ab816fb90
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2224015
Commit-Queue: Lingfeng Yang <lfy@google.com>
Tested-by: Lingfeng Yang <lfy@google.com>
Reviewed-by: Jason Macnak <natsu@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Blobs contain explicit metadata about scanout buffers that is
only inferred otherwise. This is useful for possible YUV with
virtio-gpu-2d or compressed 3d formats. The format modifier is
intentionally left out since virtualized KMS can not guarantee
that the host compositor will support a certain modifier at any
particular moment -- this can be queried from virglrenderer if
need be.
BUG=chromium:924405
TEST=compile and test
Change-Id: I3130df18378f40193118b78d03f564b7f5984d67
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2250460
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
The new get_bars() function will be used to find all of the memory
and/or I/O BARs that need to be added to or removed from the bus objects
(mmio_bus and io_bus) and KVM mappings to handle guest-initiated
remapping of BAR locations.
BUG=None
TEST=cargo test -p devices
TEST=Boot vm_kernel in crosvm
Change-Id: Ic559abc2a22dee7c3d5c96d242ceaf2154135eb0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2300693
Reviewed-by: Tomasz Jeznach <tjeznach@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This simplifies the code that wants to access per-BAR properties like
size and type; rather than recalculating it from PCI register contents,
it can directly access the data that is already in the desired Rust
types.
BUG=None
TEST=cargo test -p devices pci
Change-Id: I073d39c605899053ad3497c4d0140432b343b793
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2308075
Reviewed-by: Tomasz Jeznach <tjeznach@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
PCI BARs have a minimum size based on the number of bits reserved for
the type bitfield, which is stored in the low bits of each BAR. The
minimum size is derived from the number of bits used to store the type:
2 bits (4-byte minimum) for I/O bars and 4 bits (16-byte minimum) for
memory BARs.
Previously, since the minimum size was not enforced, callers could
create invalid configurations that would allow the guest to overwrite
the type bits of the BARs. Luckily, this only happened in the unit
tests, which are fixed in this change.
BUG=None
TEST=cargo test -p devices
Change-Id: I30d65485254b49655c9ad7bec51e43533fe2c01d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2300692
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Decoder currently ends up converting from H264 baseline profile provided
by virtio-video to H264 main profile to libvda.
BUG=b:161421220
BUG=b:140082257
TEST=cargo clippy
TEST=emerge-$BOARD dev-rust/libvda crosvm, start arcvm and play video in YouTube
Cq-Depend: chromium:2299802, chromium:2299604
Change-Id: I946af99b918b22b4dcb0e9ebab044c83f39ed9bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2301325
Tested-by: Alex Lau <alexlau@chromium.org>
Commit-Queue: Alex Lau <alexlau@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Add missing virtio-video profiles and convert to them from libvda profiles.
BUG=b:161261612
BUG=b:140082257
TEST=cargo clippy
TEST=emerge-$BOARD dev-rust/libvda crosvm, start arcvm and play video in YouTube
Cq-Depend: chromium:2299802, chromium:2301325
Change-Id: I061c7eddc881eb785aa7c06cf587cc747007cb74
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2299604
Reviewed-by: Alex Lau <alexlau@chromium.org>
Tested-by: Alex Lau <alexlau@chromium.org>
Commit-Queue: Alex Lau <alexlau@chromium.org>
Fixes for several bugs found in the KvmKernelIrqChip and the
KvmSplitIrqChip that were found while testing the hypervisor abstraction
layer integration:
- Fixed determination of which routes are MSI routes when setting
routes in KVM.
- Fixed issue with setting conflicting routes.
- Updated service_irq_event to read the associated EventFd that
triggered the irq event, and updated the documentation. Also updated
KvmKernelIrqChip's implementation to simply print an error because
that function should never be called on KvmKernelIrqChip.
- Fixed a bug with add_vcpu in both KvmKernelIrqChip and
KvmSplitIrqChip.
BUG=chromium:1077058
TEST=added a new test, ran devices tests, ran a VM with abstraction
integration changes with both irqchips
Change-Id: I255fbe498f6586d90cb196ff173a574a2cae0453
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2300843
Reviewed-by: Udam Saini <udam@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
This will allow it to be disabled for Protected KVM usecases on Android.
BUG=b:158290206
TEST=cargo test
Change-Id: Ibddd8a98c42bb0847aba804f5e33df29feedd783
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2292372
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Andrew Walbran <qwandor@google.com>
Implementation of a KVM split irqchip. KVM's "split irqchip"
functionality only works for x86/x86_64 so this is implemented in the
kvm/x86_64.rs sub-module. The chip has a userspace Pic, Ioapic, and Pit.
This change necessitated a couple modifications to the irqchip traits:
- The create_pit function has been removed, and it's now implied that
the creation of the irqchip handles the creation of the pit.
- A finalize_devices function has been added. This function will need
to be called on the irqchip after all devices have been setup. The
purpose of finalize_devices is to allow the irqchip to register any
userspace devices with the io_bus or mmio_bus, and for the irqchip to
supply any necessary EventFds to these devices.
- A service_irq_event function has been added. This function works a
lot like the service_irq function, except it's specifically designed
to work the same way an IRQFD works: it first asserts then immediately
deasserts the line. If a resamplefd is associated with the irq line,
the deassert doesn't happen immediately, but happens when an EOI
occurs for a vector associated with the line. The service_irq function
will still exist for unittests.
- A process_delayed_irq_events function has been added. There
is a case where a deadlock can occur if the main thread blocks on
locking the ioapic in order to service an irq event, while a vcpu
thread holding the ioapic lock waits on the main thread to process the
addition of a MSI route. So the irqchip delays the servicing of irq
events if it finds a locked ioapic, and the
process_delayed_irq_events function should be called regularly
by the main thread in order to re-try servicing any delayed irq events.
Bug: chromium:1077058
Test: split irqchip runs all available x86-specific irqchip tests.
Also added some tests specific for the split irqchip. Ran these tests
and cargo test -p hypervisor -p devices
Change-Id: I14866645b86b3bf318440051069ff165e2cf9d88
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2290192
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Add a gpu argument to control whether vulkan support should be enabled
for gfxstream backend. Default to enabled.
BUG=None
TEST=launch_cvd
Change-Id: Icf9b24890f7c0da30f6c64326391037c6df1c853
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2286238
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Kaiyi Li <kaiyili@google.com>
Reviewed-by: Lingfeng Yang <lfy@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Added get/set_lapic_state functions to KvmKernelIrqChip and KvmVcpu.
Added tests for the KvmKernelIrqChip.
BUG=chromium:1077058
TEST=added associated tests for get/set_lapic_state
Change-Id: I0f1cebd9db370b5453a951f7827de511399cddf4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2260929
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Added an emum for MPState, and functions to translate between MPState
and kvm_mp_state. Added get_mp_state and set_mp_state functions to KvmVm
and the IrqChip interface.
BUG=chromium:1077058
TEST=added associated tests for get/set_mp_state
Change-Id: I0825f81b1b4d85884690606d691e8b88e8306ae1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2261293
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
In preparation of the KvmSplitIrqChip, moving tests out of the
irqchip::kvm module and into the irqchip::x86_64 module. This is because
the tests should be valid for any implementation of the IrqChipX86_64
trait.
Bug: chromium:1077058
Test: cargo test -p devices -p hypervisor
Change-Id: I57a15b275bce5e7d96f2736367b7aaef6b069fec
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2276322
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Update the pit to have get/set functions so it can be used as part of an
irqchip. Some of this translation is imprecise because we use a rust
Instant for storing the timer start time, where the PitState expects it
in terms of the host's monotonic clock, but it shouldn't really matter
because getting/setting the pit is only exposed as a plugin feature.
This also required adding some convenience functions to the sys_util
Clock.
Bug: chromium:1077058
Test: cargo test -p devices
Change-Id: I761747cd03ed123a2d2e685e0679a3d025a165ae
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2265043
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Instead of coupling the reading of the event fd and the resampling of
the interrupt, add a separate member to just do the resample.
This will be used by async code that waits for and reads the event fd in
one step.
Change-Id: Ic5b1fd9adf8e32a572f31dc1c0c5ab32e94f4981
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2268978
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Posix acls are a truly incredible example of API design. The presence
of a default posix acl in a directory completely changes the meaning of
the `mode` parameter for all system call that create inodes. However,
this new behavior only applies when the inode is first created and not
for any subsequent operations that use the mode, like fchmod.
When a directory has a default posix acl, all inodes created in that
directory get the permissions specified in the default acl. The mode
parameter is treated like a umask where any permissions allowed by the
default acl that are not allowed by the mode parameter are blocked. The
actual umask is ignored in this case.
So to handle this properly we need to set FUSE_DONT_MASK to prevent the
kernel driver from preemptively applying the umask. Then we have to
check if the parent directory has a default posix acl and only apply the
umask to the mode if it does not. This also means that we cannot use
`mkdtemp` because that always creates directories with a mode of 0o700
and since the default posix acl calculation only applies on creation and
not on later operations, we need to apply the proper mode in the very
beginning.
BUG=b:159285544,b:152806644
TEST=vm.Virtiofs. Use a test program to create files/directories in
directories that have a default acl and ones that don't, and verify
that the mode is correctly set after creation
Change-Id: Ieca8ac9db391feebe5719630c5f3b57b04b71533
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2260253
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
io_jail has been migrated to aosp/external/minijail/rust/minijail.
This removes the crosvm copy and updates the references to use the new
location.
BUG=chromium:1096175
TEST=cargo test
Cq-Depend: chromium:2254418
Change-Id: I29d5c6178b6faf5e52671cfbe6fc7e51f0d21dd2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2254298
Tested-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Allen Webb <allenwebb@google.com>
Needed by arcvm.
BUG=b:159297591
TEST=run a test program that calls the ioctl
Change-Id: I1f8c17fa2b2457f5a9e73045c3dbee3440eb943d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2265932
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Using AT_EMPTY_PATH with linkat requires the caller to have
CAP_DAC_READ_SEARCH in the init user namespace. Since the fs device
isn't going to have this when run in a sandbox, switch to using
/proc/self/fd with AT_SYMLINK_FOLLOW instead, which is documented in the
manpage as an alternative to AT_EMPTY_PATH.
BUG=b:159861594
TEST=`touch foo; ln foo bar` succeeds
Change-Id: I944d80d955742d653e36d245024adc48cf77d77e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2265933
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Modified ioapic implementation for the hypervisor abstraction layer.
This implementation has the same functionality and tests as the existing
one, but accepts a vec of resample_events instead of a GsiRelay. It also
takes a list of irqfds instead of creating them itself.
This will be used by the KvmSplitIrqChip, and will eventualy be modified
again to support an ApicBus when we want to support a UserspaceIrqChip.
Bug: chromium:1077058
Test: cargo test -p hypervisor -p devices
Change-Id: I306724266511a7975a25a34955651ea6f53e1c4c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2255303
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Copied and slightly modified pic implementation in the irqchip
submodule. It uses the PicState defined in the hypervisor crate and has
a register_resample_events function instead of a register_relay
function.
Some function signatures have been slightly changed to take &self and
&mut self where before they would take a PicState. This was done so
that the Pic struct itself would be the only object that needs access
to the resample_events rather than each PicState needing it's own copy
or clone.
This will later be used by the the KvmSplitIrqChip.
Test: cargo test -p devices -p hypervisor
Bug: chromium:1077058
Change-Id: Ia15ea1800b4339d3ad38d88d8ec6ace8ca5ea67a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2255302
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Vcpus are created on the Vm object, instead of with Vcpu::new. Vm keeps
a copy of the Hypervisor to support create_vcpu. Otherwise the methods
are the same as the kvm crate.
BUG=chromium:1077058
TEST=cargo test
Change-Id: I6fbd0e5fb5d81d4362a259e85eb392d8edbfff1f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2247366
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Advertise that we support posix acls in the response to the init
message. Since the VM does access checks before sending the request to
the server, having this disabled meant that the VM was rejecting
requests that should have been allowed to succeed.
BUG=b:159285544
TEST=touch test
setfacl -m u:crosvm:rw test
su -s /bin/bash -c 'echo hello > test' crosvm
cat test # check that it contains "hello"
Change-Id: I047b590e4caf0f2883b3f6198b9bc071e9e40a93
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253494
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
The switch to 2 stage mkdir + create broke setgid bit handling on
directories. When this bit is set in a directory all inodes in that
directory should be created with the gid of that directory rather than
the gid of the process that made the call.
BUG=b:152806644
TEST=Set the sgid bit on a directory and verify that new files and
directories inherit the directory's group rather than the group of
the process that created them.
Change-Id: Iafce9fbb4281b2dc84e052e0a703745dde4b817b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253493
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
We don't set FUSE_DONT_MASK so the guest kernel will apply the umask
to the mode before sending the request. Just pass it on unmodified.
BUG=b:152806644
TEST=vm.Virtiofs
Change-Id: Id0c138e9ccc3a361a2772ac144f1d3413b545d99
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253492
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Mostly to stop using virtio-fs region IDs in virtio-gpu.
From the spec:
"A device may have multiple shared memory regions associated with
it. Each region has a shmid to identify it, the meaning
of which is device-specific."
BUG=chromium:924405
TEST=compile and test
Change-Id: I5b938a1dbe8747812d77384f1781ccc1bd883e9f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2160030
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Implemented the remaining IrqChip trait functions for the
KvmKernelIrqChip, including register/unregister_irq_event and irq
routing functions.
Added some irqchip tests for setting irq routes and servicing irq lines.
Also added tests for registering irq events.
BUG=chromium:1077058
TEST=cargo test -p devices -p hypervisor
Change-Id: Ia04c927b663ebdcacc88bc61d746077aa5b02514
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2246648
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Writing xattrs in the security namespace requires CAP_SYS_ADMIN in the
namespace that mounted the file system. The fs device doesn't have this
capability when run in a sandbox (and in the case of the /home directory
on chrome os, will never be able to gain it).
We've been able to set selinux xattrs so far because the selinux module
relaxes the capability check in favor of an selinux-based MAC check.
However, android also wants to be able to set the "security.sehash"
xattr, which is described in the manpage as a "performance optimization"
when recursively relabeling files.
Unfortunately since the android team nacked the kernel patch[1] that
would have relaxed the requirements for just the "security.sehash"
xattr, the only option for us is to rewrite the xattr name and prefix it
with "user.virtiofs" so that it ends up in the "user." xattr namespace.
The server should always have permission to create xattrs there.
BUG=b:155443663
TEST=start a vm and successfully set the security.sehash xattr then
check on the host side that it is actually stored as
user.virtiofs.security.sehash
[1]: https://www.spinics.net/lists/selinux/msg32330.html
Change-Id: Icd17b76c946c92d92009f0cc2b8b50c92ac580c6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2243111
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Arcvm needs this ioctl for looking up the project id of an inode.
BUG=b:157189438
TEST=Call the ioctl inside a vm and verify that it succeeds
Change-Id: Ib178cf32b09056f9b1e9acedb49de068d5525a66
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2214964
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Matthias Springer <springerm@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Split the KvmKernelIrqchip struct definition and constructor between
x86_64 and aarch64 because aarch64 has an extra fd for the vgic device.
Constructor on x86_64 simply calls create_irq_chip while aarch64
constructor needs to call create_device and configure that device.
Also needed to split the try_clone implementation because the structs
have different fields.
Bug: chromium:1077058
Test: ran build_test, but I haven't been able to actually run the tests
on aarch64
Change-Id: I20e81a7ccedaf077d682055717caf05a94d54423
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2239976
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Support a case where a guest client who may use arbitrary numbers of
buffers. (e.g. C2V4L2Component with default pool in ARCVM)
Such a client is valid as long as it uses at most 32 buffers at the same
time.
More specifically, this CL allows the guest to call ResourceCreate for an
output resource_id which was already processed by the host. Such
ResourceCreate calls will be handled as reassignment of DMAbuf to a
FrameBufferId.
BUG=b:157702336
TEST=Play a YouTube video on ARCVM w/ C2V4L2Component using default pool
Change-Id: Ie9c457867abd91b6b7a17a5bca4a1a1e9f53c1ae
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2198327
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Tested-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
The separate Vm functions for MemoryMappings and MemoryMappingArenas
have been combined and now use a MappedRegion trait that the mappings
implement. msync_memory_region replaces the get_mmap_arena function,
which is used by VmMsyncRequest. Since Vm uses mutexes for cloning, it
can't return mem region references.
BUG=chromium:1077058
TEST=cargo test, cargo test -p sys_util, cargo test -p hypervisor
Change-Id: If257b16ee34d07820ae7ebdb9a3a598a41df013c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202845
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Implemented get/set_pic/ioapic/pit functions for the KvmKernelIrqchip.
Added respective functions on KvmVm for interacting with the underlying
KVM API.
Added associated tests for get/set functions.
BUG=chromium:1077058
TEST=ran devices tests and added get/set function tests
Change-Id: I66a29828fe2f1fbdf54d7325656a003ac09e36d0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2219422
Reviewed-by: Udam Saini <udam@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
This trait handles the x86-specific features of an irqchip, including
getting and setting the state of the pic, ioapic, lapics, and pit.
Also includes an empty implementation of this trait for the
KvmKernelIrqChip.
BUG=chromium:1077058
TEST=cargo test -p devices
Change-Id: I36034661f4a2baedc7ac2b8f311cab6327afefba
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2197717
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
When creating a file or directory the virtio-fs server changes its
effective uid and gid to the uid and gid of the process that made the
call. This ensures that the file or directory has the correct owner and
group when it is created and also serves as an access check to ensure
that the process that made the call has permission to modify the parent
directory.
However, this causes an EACCES error when the following conditions are
met:
* The parent directory has g+rw permissions with gid A
* The process has gid B but has A in its list of supplementary groups
In this case the fuse context only contains gid B, which doesn't have
permission to modify the parent directory.
Unfortunately there's no way for us to detect this on the server side so
instead we just have to rely on the permission checks carried out by the
kernel driver. If the server receives a create call, then assume that
the kernel has verified that the process is allowed to create that
file/directory and just create it without changing the server thread's
uid and gid.
Additionally, in order to ensure that a newly created file appears
atomically in the parent directory with the proper owner and group,
change the create implementation to use `O_TMPFILE` and `linkat` as
described in the open(2) manpage. There is no `O_TMPFILE` equivalent
for directories so create a "hidden" directory with a randomly generated
name, modify the uid/gid and mode, and then rename it into place.
BUG=b:156696212
TEST=tast run $DUT vm.Virtiofs
TEST=Create a test directory with group wayland and permissions g+rw.
Then run `su -s /bin/bash -c 'touch ${dir}/foo' - crosvm` and
`su -s /bin/bash -c 'mkdir ${dir}/bar' - crosvm`.
Change-Id: If5fbcb1b011664c7c1ac29542a2f90d129c34962
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2217534
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Now that the ioctl number method is const we can use a match statement
rather than a series of if-else expressions.
BUG=b:157189438
TEST=unit tests
Change-Id: I9839f2de842ec512811101c07445ca5f99f3fe2f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2214963
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The Error type is not used, remove it.
Change-Id: Ibcc1328b62635dd62a666412eb0f56a8c2f4fc93
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2224013
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
