This is a regression from the control socket refactoring. The removal of
the control socket receiver class, whose drop impl handled the removal
of the socket's files, meant that no code took care of cleaning them up.
BUG=None
TEST=Run with `-s./` and after a clean exit, make sure there is no
*.sock files in the current directory.
Change-Id: I0064900f4eec6d054d174d59a4aefdf36ab4d3b3
Reviewed-on: https://chromium-review.googlesource.com/642510
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Problems that were fixed:
- gcc crate deprecated compile_library
- `cargo test -p kvm` had a compile error
- `cargo test -p kvm_sys` failed to link with libc
- main.rs failed to include `getpid` and had dead code
- fork.rs had a warning in `cargo test -p sys_util`
- unused const in serial.rs
BUG=None
TEST=sudo cargo test -p data_model -p io_jail -p kernel_loader -p kvm \
-p kvm_sys -p net_sys -p net_util -p syscall_defines -p sys_util \
-p virtio_sys -p vhost -p x86_64 -p crosvm
Change-Id: Iaf0389013fbcdfbfaa7cf37ea1a1fc045f480ada
Reviewed-on: https://chromium-review.googlesource.com/642509
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
A large portion of the VhostNet implementation is common to all vhost
devices. Create a new Vhost trait that encapsulates this behavior and
split the network specific bits into a new Net type and implement the
Vhost trait for it.
BUG=chromium:708267
TEST=build and run with a VHOST_NET enabled kernel and see that
everything still works fine
Change-Id: Ia6b7591f9428c1fba1e13b11791fe40e1bd3942b
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/630060
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
These functions are trivially safe and by adding them to sys_util, we
can remove some unsafe blocks from crosvm. This CL also replaces the
unsafe call sites with the safe alternatives.
There are no previous usages of gete{g,u}id(2), but they will be needed
in a future change.
TEST=None
BUG=None
Change-Id: Ief8787b298cfaa5b7fd1b83f0eba6660369e687d
Reviewed-on: https://chromium-review.googlesource.com/634268
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL adds VM request capabilities to the control socket. These
requests include the basic exit as well as the essential ioeventfd and
irqfd requests. For virtio wayland, the register/unregister device
memory request was added.
TEST=cargo test
BUG=chromium:738638
Change-Id: I0cbf62d85a299cf454bcf6924a4e1d52d5b7183f
Reviewed-on: https://chromium-review.googlesource.com/602593
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
While vhost_net can provide better performance than a userspace
virtio device, it also requires a kernel module to function. This
also prevents jailing the virtio device, since virtqueue operations
(which necessarily touch guest memory) will be running directly
in the kernel.
Add a userspace virtio net device that can be jailed and works
without vhost support in the kernel.
BUG=chromium:703920
TEST=networking works
Change-Id: I468114b48abd8e30e967ff16329a5dce6a75018f
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/604937
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
We have to guarantee that all the descriptor writes are visible to the
guest before the index update is.
Change-Id: I35f1c8d3f5fc9a6ac54de1eb4be66e1c5ac81fc8
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/611215
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Provide the guest OS with /dev/random.
Change-Id: I1323836392f3f1d59a6be276ce495e0d78ea9669
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/603531
Reviewed-by: Zach Reizner <zachr@chromium.org>
The queue's next index, as set by the kernel, will increase
monotonically to the limit of a u16 and then wrap back to zero. In
contrast, Rust will panic when its internal counter reaches the limit.
This change enables the wrapping behavior that we want.
TEST=run a kernel that uses a queue >0xffff times
BUG=None
Change-Id: I24101dfb137a1350fd93d1b378840b72431764ea
Reviewed-on: https://chromium-review.googlesource.com/598502
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Add an option for allowing a writable disk.
Allow specifying multiple disks.
Don't assume the path to the root device, force the user to specify a
correct command line option.
Change-Id: I87dea1152e1f81c0cde45ad47e2c4cf0f187918e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/569450
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Fill the upper for bytes of the disk size configuration. The size is a
64bit value accessed with two 32bit reads.
The guest is permitted to read at any byte offset in the config space.
Allow it to do so, even if it doesn't make much sense.
Change-Id: I5d02620a8751b31784e419ae6a57173a2e212b8f
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/569359
Reviewed-by: Zach Reizner <zachr@chromium.org>
vhost_net is an in-kernel implementation of a virtio_net device. This device
implementation is responsible only for negotiating features and setting up
vhost_net to point to the virtqueues in the guest.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=chromium:738639
TEST=boot with networking enabled and ping host
Change-Id: I9192765b9348528a8a7a7f273e9522c2373d22fb
Reviewed-on: https://chromium-review.googlesource.com/538106
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
According to the Virtio specification, all MMIO register access must be
32-bit wide and aligned. However, this restriction is not true in
general for the config space. This change relaxes the restriction for
accesses to config space.
This change also checks that each queue is valid before activating a
device.
TEST=crosvm run
BUG=None
Change-Id: I10228d99992576837ff505aad56fefbc4d8eff78
Reviewed-on: https://chromium-review.googlesource.com/578314
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Use signalfd to catch SIGCHLD, which will notify the main process when a
device process has died, e.g. it crashed or violated seccomp policy. The
main process will then exit gracefully.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=none
TEST=block a syscall and run with multiprocess; ensure no defunct
processes are hanging around
Change-Id: Ief8a94576ad9eeb032f45ce8491fcfe23a971473
Reviewed-on: https://chromium-review.googlesource.com/557460
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
In preparation for adding a net device, factor out some of the common code
for setting up an mmio device and jailing it.
Signed-off-by: Stephen Barber <smbarber@chromium.org>
BUG=none
TEST=cargo test
Change-Id: I94f02e56a2b0938d860322b731d8b17a25357128
Reviewed-on: https://chromium-review.googlesource.com/543910
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The cpus option is now used.
Change-Id: I64bcc7cf27427f20b093c70eec3b58cd2c55e290
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/569098
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The `clone_process` function was created to safely encapsulate
fork/clone usage for the proxy device. This patch changes proxy device
to do utilize that.
TEST=cargo run -- -u <other crosvm args>...
BUG=None
Change-Id: I2d9f1794be61be31f3aae21037c7df14b7691172
Reviewed-on: https://chromium-review.googlesource.com/518935
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
A VirtioDevice should expose its type so that the guest can probe it
correctly.
BUG=none
TEST=boot with block device
Change-Id: I6a8cae3afbdc5ae9f6af23eea928c83e67719c12
Reviewed-on: https://chromium-review.googlesource.com/538104
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Run with the new seccomp filter and drop all capabilities. In addition enter a
new user, mount, network, and ipc namespace. Leave the mount namespace empty
after pivot-rooting to an empty directory.
Change-Id: Iee583cf260ede8ca13f005836684eb80c2c3ac3e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/515603
There were a few cases of a write into the serial device that would
panic because the registers were read-only. This change simply ignores
those writes instead of raising a panic.
This is also the first bug that was found by cargo-fuzz! Wohoo!
TEST=None
BUG=None
Change-Id: I8b6805617ac3dcfddd0555c1bb394a7bc1a7cf6d
Reviewed-on: https://chromium-review.googlesource.com/518445
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This program is used to boot a 64-bit kernel elf. It has support for
basic devices that are exposed to the kernel, including a block device.
TEST=cargo test;
cargo run -- -m 512 -c 4 -d rootfs.squashfs -u -p "init=/bin/bash" vmlinux
BUG=chromium:712319
Change-Id: I25a8349a4624d8643fefe2ad70e517fe03b16b8c
Reviewed-on: https://chromium-review.googlesource.com/514417
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This change adds the control socket, a unix domain socket on the
filesystem that other programs can use to control the operation of
crosvm during runtime. Currently only shutdown is supported.
BUG=None
TEST=cargo test
Change-Id: Ic5f91647e28d279debaa2f9f7dbcb606ca96439b
Reviewed-on: https://chromium-review.googlesource.com/514416
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This CL takes the handle_intr!() macro, changes its name to
handle_eintr!(), and overloads it so it can handle EINTR embedded in
other kinds of Result types.
BUG=None
TEST=cargo test
Change-Id: I920ea7d9f156137f42e9e8ea44a3e6946d06b746
Reviewed-on: https://chromium-review.googlesource.com/556348
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The kernel command line is dynamically built up based on what devices
are added and what extra parameters are passed in my the user. The
module this CL adds ensures the kernel command line that is built is a
valid one.
TEST=None
BUG=None
Change-Id: Ia2b7b9fae7eb29140ae25ab34119d050984f8ef2
Reviewed-on: https://chromium-review.googlesource.com/514689
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This device is useful for exposing a block device, for example a rootfs
image, to the guest.
TEST=None
BUG=None
Change-Id: Ida0d24ed57602f25352563893a1c85b171771c7a
Reviewed-on: https://chromium-review.googlesource.com/514688
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The MMIO transport, along with PCI, is a standard transport for
discovering and configuring virtio devices and their associated queues.
MMIO is by far easier and simpler and so gets implemented first.
BUG=None
TEST=None
Change-Id: Icdaa02284aedf8ec726199784da45d22c8dbab87
Reviewed-on: https://chromium-review.googlesource.com/514687
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The queue module is for navigating virtio queues using guest memory. It
is the basis of the virtio protocol post-configuration.
TEST=None
BUG=None
Change-Id: I2e6f9a1398ee06f3e766fe5edcb1c4283ebe7be8
Reviewed-on: https://chromium-review.googlesource.com/514686
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
The purpose of the child process is to enable an extra layer of
isolation between the emulated devices, which have to deal with much
more untrusted guest memory, and the main process which has access to
the kernel's KVM ioctls.
BUG=None
TEST=None
Change-Id: I13c1fcf29e6da88a8a390e1cb174915fa2d86596
Reviewed-on: https://chromium-review.googlesource.com/514685
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The Bus object is meant to be useful for arbitrary address space access
routing. In practice, this is used for MMIO and I/O ports.
TEST=None
BUG=None
Change-Id: I1ac7f231ac630a29195773425ce461fa7ade1753
Reviewed-on: https://chromium-review.googlesource.com/514684
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
