Commit graph

621 commits

Author SHA1 Message Date
Daniel Verkamp
186eb8b0db sys_util: wait on specific pid in panic_safe test
The fork::tests::panic_safe unit test has been hanging intermittently in
CQ runs.  The root cause isn't understood yet, but the most likely
explanation seems to be that the wait_process helper is hanging.
There should be only two causes for that hang: either the cloned process
is not exiting, or the wait() call in wait_process is not returning.
The wait() should only hang if another thread has already reaped the
cloned process.

In order to help debug the issue, change the general wait() to a
waitpid() on the specific cloned process ID.  This will give us more
information about what happens when the test fails - if the waitpid()
returns ECHILD instead of hanging, this will indicate that something
else is waiting on our child process and racing with our wait().

BUG=chromium:925725
TEST=cargo test --release -p sys_util panic_safe

Change-Id: Ib25d88b35b16c75d4d8fe62fc779c9470303368a
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1444317
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-30 01:26:15 -08:00
David Riley
d48445eae0 devices: gpu: name gpu thread
BUG=chromium:925590
TEST=pstree

Change-Id: I2f591894db2a40a812f1720e1fc8422049d85902
Reviewed-on: https://chromium-review.googlesource.com/1440031
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
2019-01-30 01:25:56 -08:00
Zach Reizner
f7797d15b4 kvm: take a reference to GuestMemory in Vcpu
Logically, each VCPU is using GuestMemory, which holds a ref count to
the underlying memory mappings. This change formalizes this by giving an
actual reference of GuestMemory to each Vcpu struct.

This change is needed because the Vm can go out of scope and clean up
its reference, but the Vcpus may still be running, triggering an EFAULT
and a lot of confused days spent debugging.

TEST=With the unwind panic handler, trigger a panic right after the
     final vcpu thread barrier. If the VCPU threads do not complain
     about EFAULT (errno 14), this change worked.
BUG=None

Change-Id: I6289147de0adde61c81630357701487937b17ade
Reviewed-on: https://chromium-review.googlesource.com/1441355
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-30 01:25:56 -08:00
Tristan Muntsinger
4133b0120d crosvm: x86_64 guest support for android device-tree
This device tree is derived from the Android fstab file which is
provided via command line flag.

BUG=chromium:922737
TEST=None
CQ-DEPEND=CL:1415390
CQ-DEPEND=CL:1415270

Change-Id: Idd007c844f84cab3ff37be16a718f14e5f630312
Reviewed-on: https://chromium-review.googlesource.com/1370058
Commit-Ready: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-28 14:17:10 -08:00
paulhsia
f052cfefc8 linux: Add ac97 device with CRAS backend
Add an ac97 device that plays audio through CRAS audio server.

BUG=chromium:781398
BUG=chromium:907520
TEST=Test building by $ cargo build
TEST=Deploy crosvm to DUT and test audio functionality
CQ-DEPEND=CL:1429311
CQ-DEPEND=CL:1429542

Change-Id: Ia273d8f1e82c20d1f1882f088886458339399aae
Reviewed-on: https://chromium-review.googlesource.com/1426282
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
2019-01-27 10:43:26 -08:00
Dylan Reid
3082e8e48d linux: add ac97 to the pci bus
Add an ac97 device that plays audio to /dev/null.

BUG=chromium:781398
TEST=Test crosvm with null device

Change-Id: I3849974b732fc1550ec2bf0f805726bf2ca296f6
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1398641
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
2019-01-26 10:43:21 -08:00
Dylan Reid
b58b552940 devices: Add an Ac97 PCI device
The Ac97 device provides the guest with an audio playback device. All
input devices are stubbed out. Only playback at 48kHz is supported.

The device is emulated by `Ac97Dev` which interfaces with the PCI bus.
`Ac97Dev` uses `Ac97` to drive audio functions and emulate the device
registers. Physical Ac97 devices consist of two parts, the bus master
and a mixer. These two sets of registers are emulated by the
`Ac97BusMaster` and `Ac97Mixer` structures.

`Ac97BusMaster` handles audio samples and uses `Ac97Mixer` to determine
the configuration of the audio backend.

BUG=chromium:781398
TEST=crosvm run --disable-sandbox --null-audio --rwdisk gentoo.ext4 -c2
-m2048 -p 'root=/dev/vda snd_intel8x0.inside_vm=1
snd_intel8x0.ac97_clock=48000' vmlinux.bin
and play audio with aplay -d2 -Dhw:0,0 -f dat /dev/urandom
CQ-DEPEND=CL:1402264
CQ-DEPEND=CL:1421588
CQ-DEPEND=CL:1433794
CQ-DEPEND=CL:1432835

Change-Id: I9985ffad753bccc1bf468ebbdacec0876560a5e0
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1366544
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
2019-01-26 10:43:20 -08:00
Dylan Reid
1f909a21ba kokoro: Move the crosvm workdir
After trying symlinks and bind-mounts and various other shenanigans,
give up and move the crosvm working directory to a relative path that is
the same as in the chrome OS chroot.

This allows other crates in the cros checkout to find the crosvm crates
they depend on.

Signed-off-by: Dylan Reid <dgreid@chromium.org>
Change-Id: I643497f08c59328e02775ad3ac0ef9feafbf2930
Reviewed-on: https://chromium-review.googlesource.com/1436595
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-26 00:59:57 -08:00
Zach Reizner
3ba0098d67 crosvm: add debug labels to devices for improved SIGCHLD logs
Each device (Bus, Pci, Proxy, etc), gets a debug label associated with
it. When a child is spawned, the debug label for it is stored in
a map with the child's pid as the key. If a SIGCHLD is handled, this map
is used to print a more helpful message about exactly which child died.

BUG=None
TEST=run with sandboxing and a faulty child device
     check logs for message about child died
     the child should have a debug label

Change-Id: I61fbbee0a8e701249533a7a3a6a1ad48840f12e5
Reviewed-on: https://chromium-review.googlesource.com/1432835
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2019-01-26 00:59:57 -08:00
Dylan Reid
1be25dc3d2 kokoro: Add a symlink to crosvm for other crates
Some crates that are needed for crosvm need crates that live inside the
crosvm directory. To allow those crates to be used, add a symlink that
allows access to the crosvm source code from a path equivalent to that
used inside the Chrome OS chroot.

In particular, the cras crate is needed by devices and devices needs the
data_model and sys_util crates. Creating a platform/crosvm directory
parallel to the third_party/adhd directory lets the build of the cras
crates find their dependencies.

Signed-off-by: Dylan Reid <dgreid@chromium.org>
Change-Id: I2a1e28638e80c8008b1ecc29c2b0b69cba1c13e2
Reviewed-on: https://chromium-review.googlesource.com/1433518
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
2019-01-24 07:43:34 -08:00
David Tolnay
de6b29ab9d tpm: Virtio tpm device
This CL adds a "tpm" Cargo cfg to crosvm which enables a TPM device
backed by libtpm2 simulator.

Tested by running the following inside cros_sdk:

    LIBRARY_PATH=~/src/minijail LD_LIBRARY_PATH=~/src/minijail \
        cargo run --release \
        --features tpm \
        -- \
        run \
        -r rootfs.ext4 \
        --seccomp-policy-dir seccomp/x86_64/ \
        -p init=/bin/bash \
        -p panic=-1 \
        --disable-sandbox \
        vmlinux.bin

with a Linux image built from CL:1387655.

The TPM self test completes successfully with the following output:

    https://paste.googleplex.com/5996075978588160?raw

Justin's TPM playground runs with the following trace output.

    https://paste.googleplex.com/4909751007707136?raw

Design doc: go/vtpm-for-glinux

TEST=ran TPM playground program inside crosvm
TEST=local kokoro
BUG=chromium:911799

Change-Id: I2feb24a3e38cba91f62c6d2cd1f378de4dd03ecf
Reviewed-on: https://chromium-review.googlesource.com/1387624
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-24 07:43:30 -08:00
David Tolnay
5c8dae6ad7 kokoro: Avoid docker build from stdin to support COPY
Under the old command, the build would fail with:

    Step 15/25 : COPY pkgconfig/* /usr/lib/pkgconfig
    COPY failed: no source files were specified

The Docker documentation at
https://docs.docker.com/v18.03/engine/reference/builder/
explains:

    Note: If you build using STDIN (docker build - < somefile), there is
    no build context, so COPY cant be used.

TEST=it built successfully

Change-Id: I4d9fcb085009f4a47d7caecabf6eb711f5cab6b7
Reviewed-on: https://chromium-review.googlesource.com/1431356
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2019-01-24 00:51:51 -08:00
Miriam Zimmerman
d3144f7a52 Add FakeClock and FakeTimerFd for use in tests.
Together, these allow tests to create a FakeTimerFd that they can
trigger at a particular point in the test code, without having to rely
on sleep()s or other racy methods.

BUG=None
TEST=Unit tests for FakeTimerFd + dependent CL.

Change-Id: I14381272a6d75bebcdedb0a329a017a2131a3482
Reviewed-on: https://chromium-review.googlesource.com/1413830
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Miriam Zimmerman <mutexlox@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-24 00:51:49 -08:00
Dmitry Torokhov
39f93db2a4 kvm: annotate tests for x86-specific APIs
Not all tests can run on arches other than x86, annotate them
accordingly.

BUG=None
TEST=cargo test -p kvm

Change-Id: I38c90f1431b7fbd9059f5c309dc28264bbbcdb99
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1419206
Tested-by: kokoro <noreply+kokoro@google.com>
2019-01-24 00:51:40 -08:00
Daniel Verkamp
7a08fa7cd5 readme: default mode is multiprocess
Update the readme to indicate that crosvm starts in multiprocess mode by
default.

Also fix a few typos I spotted while skimming the rest of the document.

BUG=None
TEST=None

Change-Id: Ia3992ec7cbf27be984269f5399d48e7fd5c6fc8f
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1428339
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-24 00:51:35 -08:00
paulhsia
230b0cdacf sys_util: Fix unit test error in arm
`libc::c_char` is `u8` instead of `i8` in arm, the test should use
`libc::c_char` directly.
Test unit tests with different architectures.

BUG=chromium:907520
TEST=$ FEATURES=test emerge-{kevin,eve} sys_util

Change-Id: Ie70da89470487d95675cb06b761e9ae9057bc38f
Reviewed-on: https://chromium-review.googlesource.com/1430400
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-23 20:40:46 -08:00
Zach Reizner
795355a423 crosvm/linux: use kvmclock_ctrl to signal that VCPU was suspended
On KVM implementations that use a paravirtualized clock (e.g. x86), a flag
must be set to indicate to the guest kernel that a VCPU was suspended. The
guest kernel will use this flag to prevent the soft lockup detection from
triggering when this VCPU resumes, which could happen days later in real time.

BUG=chromium:920875
TEST=inside VM `sha256sum /dev/urandom`, `crosvm suspend`, wait 30
     seconds, `crosvm resume`

Change-Id: Id479ec0c26c17499ce0d638185a79e7b19ccc69c
Reviewed-on: https://chromium-review.googlesource.com/1417190
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-23 20:40:39 -08:00
Zach Reizner
f1a3375725 kvm: add wrapper for KVM_KVMCLOCK_CTRL VM ioctl
This ioctl will be used to resolve an issue where the jump forward in
kvmclock on suspended VCPUs upon resume triggers the soft lockup
detection. Using this ioctl prevents this detection from triggering,
preventing a kernel panic on resume.

TEST=cargo test -p kvm
BUG=chromium:920875

Change-Id: Id1402a9d67d790e5e7e8655f2e5916210cc6e7cc
Reviewed-on: https://chromium-review.googlesource.com/1415849
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-23 20:40:38 -08:00
Zach Reizner
6a8fdd9f8e crosvm: add suspend/resume commands
This change adds the suspend and resume commands to crosvm, as well as
corresponding VmRequest variants and VCPU loop support. When a request
triggers a VmRunMode change, the Mutex guarded shared VmRunMode variable
is mutated and the associated Condvar is notified. Each VCPU thread is
interrupted to kick it out of the KVM_RUN call and checks the VmRunMode,
If the VCPU was already suspended by waiting for the Condvar, the
notify_all call will wake up the thread, upon which the VCPU thread can
respond to the new mode.

TEST=crosvm suspend/crosvm resume
BUG=chromium:920875

Change-Id: Ibbeb748ab0d64402c7196890815e8e1cb4dfca38
Reviewed-on: https://chromium-review.googlesource.com/1416317
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-23 20:40:38 -08:00
Zach Reizner
5694c62885 sync: add Convar wrapper that panics instead of returning Result
The Condvar wrapper exposed by this change is analogous to the Mutex
wrapper in this crate. Instead of a Result being returned in the case of
a poisoned Mutex, a panic is triggered.

TEST=cargo build
BUG=chromium:920875

Change-Id: Id8bd6bc2891bfc5c8ce334fbdb482ef40500f2d7
Reviewed-on: https://chromium-review.googlesource.com/1416316
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-23 20:40:38 -08:00
Dylan Reid
448e20b2b0 kokoro: Add adhd repo
A future change will allow crosvm to play audio through cras. To do that
it needs to use some crates that live in the adhd repository. Add the
repository to the kokoro image at a path where Cargo can find the
crates.

Change-Id: I1542090ba0db6fd0f3ac60dcc2e7bb35502a4944
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1429311
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
2019-01-23 10:47:34 -08:00
Dmitry Torokhov
2c7e88199e plugin: allow retrieving and setting VM clock
Add crossvm plugin API to allow reading and setting guest clock.

BUG=b:122878975
TEST=cargo test -p kvm; cargo test --features=plugin

Change-Id: I3fd656c06b0e7e43ac88a337ac5d0caec8c59dba
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1419373
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-22 21:05:18 -08:00
Dmitry Torokhov
5d471b454a kvm: plumb accessors for KVM_GET_CLOCK/KVM_SET_CLOCK
Plumb in KVM_GET_CLOCK and KVM_SET_CLOCK to allow clients synchronize
timers handled by KVM (LAPIC, PIT) with timers handled by the virtual
device layer.

BUG=b:122878975
TEST=cargo test -p kvm

Change-Id: I2f8867918b82f8ac303e6b60fce2736e38ce2883
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1419372
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-22 21:05:18 -08:00
paulhsia
b6d842fa56 crosvm: Support cros-rust version crosvm ebuild
To support eclass migration for crosvm ebuild from crate to cros-rust.
This CL need to be built with cros-rust version crosvm ebuild.

- Upgrage crate cc from 1.0.15 to 1.0.25.
- Change local tempdir version from 0.3.5 to 0.3.7 for ebuild
integration.
- Remove 9s directory since it's moved to platform2.

BUG=chromium:781398
BUG=chromium:907520
TEST=Run $ FEATURES=test emerge-eve crosvm
     in a clean chroot
CQ-DEPEND=CL:1421303

Change-Id: Iab615b555a51f8020e5efae1cc40ac6b54ea87f2
Reviewed-on: https://chromium-review.googlesource.com/1421237
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-22 16:53:13 -08:00
David Tolnay
284fcac560 kokoro: Document command for publishing image
TEST=I ran it

Change-Id: Ib34e45f9d64561e318e4fbc78758d3a0dc191e87
Reviewed-on: https://chromium-review.googlesource.com/1422682
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
2019-01-19 13:27:55 -08:00
Jingkui Wang
db36427cd8 sys_util: refactor pollcontext to decouple events from epoll fd.
PollContext is not thread safe while the underlying epoll is thread
safe. This is because PollContext owns EpollEvents, to offer an easy to
use interface. User of this package might want a thread safe version of Epoll.

This CL decouples events from epoll fd, thus providing thread safe epoll.

BUG=None
TEST=cargo build and run

Change-Id: I786b1d186664fdb4a95ce4d3062b044d27b74d40
Reviewed-on: https://chromium-review.googlesource.com/1320429
Commit-Ready: Jingkui Wang <jkwang@google.com>
Tested-by: Jingkui Wang <jkwang@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-19 00:14:07 -08:00
David Tolnay
d5a9552d72 build: Restore ability to compile data_model and sys_util in isolation
CL:1385972 breaks building these crates because they are not in the
workspace of the top level Cargo.toml so the patch.crates-io setting of
the top level Cargo.toml does not take effect. They end up looking for
their dependencies on crates.io rather than in the parent directory.

Being able to build just data_model and sys_util on their own is useful
when iterating on a change in one of them and needing to run `cargo
test` (as I tried to do today). The errors without this CL are like
this:

    error: no matching package named `assertions` found
    location searched: registry `https://github.com/rust-lang/crates.io-index`
    required by package `data_model v0.1.0 (/path/to/crosvm/data_model)`

BUG=chromium:916921
TEST=cargo check in data_model and sys_util
TEST=cargo test as well
TEST=emerge-amd64-generic crosvm
TEST=FEATURES=test emerge-amd64-generic data_model, sys_util
CQ-DEPEND=CL:1409854

Change-Id: I7bd34f38507c1cea72380f515ce2dd0835aec4fa
Reviewed-on: https://chromium-review.googlesource.com/1403887
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
2019-01-18 00:46:02 -08:00
Daniel Verkamp
c195616e3f arch: add generic image loading function
Factor out the common parts of kernel loading code from x86_64 and
aarch64.  This will be used to load initrds as well.

BUG=None
TEST=Boot termina on kevin

Change-Id: I0f61fdaf1067311d25393e8d64340f570f5a6ed7
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1407220
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-18 00:45:57 -08:00
David Tolnay
68d0e7237e kokoro: Install libtpm2
Required for CL:1387624 which uses libtpm2 as a TPM simulator.

BUG=chromium:911799
TEST=build kokoro image, test master as well as TPM CL in it

Change-Id: I636be593a245ecd7ac10bc71319dee48e6511e97
Reviewed-on: https://chromium-review.googlesource.com/1419397
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
2019-01-18 00:45:57 -08:00
Daniel Prilik
2200604d9c remove rand crate
the few uses of rand::thread_rng() have been replaced with either
prngs or reads from /dev/urandom. the implementations are under
the `rand_ish` minicrate.

`protoc-rust` depends on `tempdir`, which relies on rand, so
`tempdir` has been patched with a rewritten version that does not
have rand as a dependency.

BUG=chromium:921795
TEST=cargo test --features plugin

Change-Id: I6f1c7d7a1aeef4dd55ac71e58294d16c291b8871
Reviewed-on: https://chromium-review.googlesource.com/1409705
Commit-Ready: Daniel Prilik <prilik@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-17 20:20:50 -08:00
Daniel Verkamp
a4d5bd4bc2 kokoro: install libfdt-dev
This is needed to build CL:1370058 on x86-64 platforms.

BUG=None
TEST=Rebuild kokoro docker image and build proposed CL.

Change-Id: I86694140649eb9a2957122f8a2af35fdc4bd4faf
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1415390
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-17 05:16:23 -08:00
Daniel Verkamp
1c9e1cce16 kernel_loader: fix ELF Phdr p_type comparison
The program header p_type field is an enumerated value, not a bitfield.

BUG=None
TEST=Boot a kernel

Change-Id: I5327cc8de9d8401a74c86fd4f3deab9f390c0924
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1412835
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-16 01:46:56 -08:00
Daniel Verkamp
92f73d73d0 devices: block: add resize VmControl request
This allows manual resizing of block devices at runtime via the command
line ('crosvm disk resize <index> <size>').  The virtio config interrupt
is asserted when the disk size changes so that the guest driver can
update the block device to the updated size.

Currently, there is no automatic policy for resizing disks - that will
be implemented in another change.  Additionally, this resize operation
just changes the size of the block device; the filesystem will need to
be resized by the guest (e.g. via the 'btrfs filesystem resize' command)
as a separate step either before (shrinking) or after (expanding) the
disk resize operation.

BUG=chromium:858815
TEST=Start crosvm with a control socket (-s) and resize the disk with
'crosvm disk resize' from another shell.

Change-Id: I01633a7af04bfbaffbd27b9227274406d2a2b9cb
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394152
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-16 01:46:54 -08:00
Maksim Sisov
5342950983 crosvm: use updated minigbm APIs.
This change makes the crosvm use updated minigbm
APIs after https://crrev.com/c/1162170 and
https://crrev.com/c/1170773

Change-Id: Ia568d3ae53659ded6afc19073e124a1dc2cf0b13
Reviewed-on: https://chromium-review.googlesource.com/1400583
Commit-Ready: Maksim Sisov <msisov@igalia.com>
Tested-by: Maksim Sisov <msisov@igalia.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-14 03:31:38 -08:00
David Tolnay
bf72b21f6f tpm: Add safe TPM simulator binding
This CL adds a TPM simulator based on tpm2-sys, similar to the one in
trunks:

    e4cf13c057/trunks/tpm_simulator_handle.cc

Intended usage:

    let mut simulator = tpm2::Simulator::singleton_in_current_directory();

    let command = &[ /* ... */ ];
    let response = simulator.execute_command(command);
    println!("{:?}", response);

TEST=cargo test
TEST=emerge-amd64-generic crosvm
BUG=chromium:911799

Change-Id: I142db1b7961f64f1765417533b8379b2601e20e0
Reviewed-on: https://chromium-review.googlesource.com/1396281
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-13 13:52:16 -08:00
Daniel Verkamp
0e9f4e132f resources: re-alphabetize imports
After removing a #[macro_use], rustfmt wants to reorder the block of
'extern crate' statements.

BUG=None
TEST=cargo fmt --all -- --check

Change-Id: I3489d7253bca4abcf7c01494f32a92a3ce46c6f8
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1407209
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
2019-01-13 13:52:15 -08:00
David Tolnay
c49ef3e03b tpm: Add tpm2-sys crate
This CL adds a tpm2-sys crate that builds libtpm2 from source (from a
git submodule) using the existing Makefile and then links the generated
static library as -ltpm2.

For production builds there is a flag `RUSTFLAGS='--cfg hermetic'` to
disallow building our own libtpm2. Instead it will expect to find
libtpm2 installed in the standard system location. Building from the
libtpm2 submodule is a convenience only intended for developer
environments.

The functions exposed by tpm2-sys are the ones that will be necessary to
initialize a TPM simulator in crosvm and execute TPM commands. Trunks
uses the same functions for its simulator mode here:

    e4cf13c057/trunks/tpm_simulator_handle.cc

Tested by running:

    fn main() {
        unsafe {
            tpm2_sys::TPM_Manufacture(1);
        }
    }

inside cros_sdk. Libtpm2 cannot be built outside of cros_sdk because it
requires openssl 1.0.2p, whereas dev machines come with openssl 1.1.0j.

I have not yet added any dependency on tpm2-sys from crosvm, but when it
does get added it will be behind a tpm feature flag so that crosvm can
continue to build outside of cros_sdk just without tpm support.

I published num_cpus version 1.9.0 to chromeos-localmirror.

TEST=running the code snippet above as described
BUG=chromium:911799

Change-Id: I097729bc447f9dc95e39959a426d1ac42f46b16d
Reviewed-on: https://chromium-review.googlesource.com/1396280
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-13 03:23:13 -08:00
David Tolnay
4adfdc0322 memory: Add methods to return error on short writes and reads
Add GuestMemory::write_all_at_addr, GuestMemory::read_exact_at_addr
which return error if the entire write or read cannot be completed.

Also rename write_slice_at_addr to write_at_addr, read_slice_at_addr to
read_at_addr to make the entire set of four methods consistent in naming
with the methods of std::io::Write and std::io::Read.

Context:
https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1387624/16/devices/src/virtio/tpm.rs#75

TEST=cargo test

Change-Id: Ia0775b75281ccf8030c84b41f9018a511204b8c9
Reviewed-on: https://chromium-review.googlesource.com/1407156
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-13 03:23:13 -08:00
Dylan Reid
f3d39e2f1b resources: data_model is not used, don't depend on it
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Change-Id: I7bbef003a77aae7303940ef183de14950e47453b
Reviewed-on: https://chromium-review.googlesource.com/1403893
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2019-01-11 13:32:34 -08:00
Daniel Verkamp
8f701dc344 Remove unused #[macro_use] attributes
This removes two unused import warnings.

BUG=None
TEST=cargo build produces no warnings

Change-Id: I0d1ac9d13d6ae0fc620b9c2d561972f23cdc27e3
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1394724
Reviewed-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-10 23:22:49 -08:00
paulhsia
1d44223f9d sys_util: Add net module includes UnixSeqpacket
std::os::net only supprts UnixDatagram and UnixStream, so we need this to
support the connection to socket opened with SOCK_SEQPACKET flag.
It only supports public API connect, write, try_clone, and read now.

BUG=chromium:907520
TEST=Use
     $ FEATURES=test emerge-eve sys_util
     to run unit tests.

Change-Id: I61a9acd4fa2e601e93b1f76dc1758cb61a433205
Reviewed-on: https://chromium-review.googlesource.com/1390077
Commit-Ready: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-10 13:58:41 -08:00
David Riley
78af239a92 devices: wl: add resource bridge to fds to keep when jailed
BUG=chromium:837073
TEST=vmc start --enable-gpu tatl; lxc start stretch-x; xterm && glxgears

Change-Id: Id8890ce23ed4202ab1cc698ca00a9d8017f24113
Reviewed-on: https://chromium-review.googlesource.com/1401112
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-09 19:52:09 -08:00
David Riley
b2f03f10c9 devices: gpu: add resource bridge to fds to keep when jailed
BUG=chromium:837073
TEST=vmc start --enable-gpu tatl; lxc start stretch-x; xterm && glxgears

Change-Id: I3730fd8f2fc9d0ea4c0180d43f3253246fabd14a
Reviewed-on: https://chromium-review.googlesource.com/1401111
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-09 19:52:08 -08:00
David Riley
84c13ec890 devices: gpu: add lstat to gpu device seccomp
BUG=chromium:837073
TEST=vmc start --enable-gpu tatl; lxc start stretch-x; xterm && glxgears

Change-Id: I42a096384cb536ec835de69b34db9b9a941bfeaf
Reviewed-on: https://chromium-review.googlesource.com/1401110
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2019-01-09 19:52:08 -08:00
Daniel Verkamp
4896cb2a08 plugin: remove unused EDEADLK import
Fixes a compiler warning when building with plugin enabled.

BUG=None
TEST='cargo build --features=plugin'

Change-Id: Icbd731b249089d271caca17e192b7a539ba7219c
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1401124
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
2019-01-09 06:26:06 -08:00
Daniel Verkamp
bd1a0843bc main: only show plugin options when feature is on
The crosvm run --plugin option was behind #[cfg(feature = "plugin")],
but the recently-added --plugin-root and --plugin-mount were not.  Add
feature checks around those options as well so that they are only
enabled when the plugin feature is enabled (and so they don't show up in
crosvm run -h for a non-plugin build).

Also allow dead code in struct BindMount, since this is only used for
plugin-enabled builds.

We could wrap all of the plugin-related command line parsing code with
feature checks instead, but that adds a lot of clutter and makes the
code harder to read.

BUG=None
TEST='cargo build' and 'cargo build --features=plugin'

Change-Id: Ieb240cfc55b8cad64748fe39c7de5faa58f1a26c
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1401123
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
2019-01-08 23:25:55 -08:00
Chirantan Ekbote
d41d726c2f Add support for plugin mounts
The plugin process may need access to writable directories where it can
store its state.  Add a plugin-mount option to specify paths that should
be mounted into the plugin's jail.

BUG=b:80150167
TEST=run plugin_adder and plugin_net_config

Change-Id: I2c87d19ab67edaaf99a2cfea6872d3531101d260
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341106
2019-01-07 19:40:15 -08:00
Chirantan Ekbote
c1a40a7414 plugin: Add support for tap fd on the command line
Add support for having the tap fd be passed in on the command line the
same way we do for linux.

BUG=b:80150167
TEST=run plugin_net_config (after changing the expected ip/netmask/mac
     address appropriately)

Change-Id: Ic81b167b7bb2caa71ce5931921b87d9eeca69af9
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341105
2019-01-07 19:40:15 -08:00
Chirantan Ekbote
49fa08f17b net_util: Get tap interface name when using a raw fd
We use the tap device interface name in some ioctls.  When we are
creating a Tap struct from a raw fd make sure that we also grab the
interface name so that these ioctls don't fail later.

BUG=b:80150167
TEST=run the plugin_net_config test

Change-Id: Ic308ebd55d0545c1b445fc6abdf017fdc7ab594b
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341104
2019-01-07 19:40:14 -08:00
Chirantan Ekbote
7a97366e96 plugin: Fix uid and gid maps
When minijail is given a uid/gid map but is not given a uid/gid to
change to, it will default to setting the uid/gid inside the new user
namespace to root.  This works fine if crosvm is launched as root but
fails miserably otherwise since we only map the current euid/egid into
the user namespace (and so 0 is not a valid uid/gid).

We would normally want to fix this by having minijail change its uid/gid
to the current euid/egid.  However, because of the way minijail is set
up it only attempts to enter a new net namespace after exec-ing the
program to be jailed.  Entering a new net namespace requires
CAP_SYS_ADMIN in the current namespace and this capability gets dropped
the moment we switch to a non-root user.

So to deal with this we map root inside the namespace to the crosvm user
outside the namespace.  This allows us to enter a new net namespace and
we already tell minijail to drop all caps so the plugin will not have
any caps when it actually runs.

BUG=b:80150167
TEST=run plugin_adder

Change-Id: I10c9e6bef859fd787dd6e17d5cf2ff3e552501fb
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1341103
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2019-01-07 19:40:14 -08:00