This is a reland of commit d39e5811df
This change mark VolatileRef as deprecated instead of removing it
completely. This change also removed all related methods and functions
using VolatileRef that libcras don't use.
Original change's description:
> data_model: remove VolatileRef
>
> All uses except in test code have been eliminated, so we can remove it
> now.
>
> This was an unsafe abstraction, and we have better alternatives (such as
> the read_obj()/write_obj() functions) that do not create a long-lived
> mutable reference that could easily alias other slices.
>
> BUG=None
> TEST=tools/presubmit --all
>
> Change-Id: I84f1e2487d6211ce24b8fc992fa7675765870132
> Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824000
> Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
> Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
> Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
TESTED=CQ
BUG=b:204409584
FIXED=b:236759218
Change-Id: I4019870a2321fcd8610669862b5e6ed9bf7c2282
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4215512
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zihan Chen <zihanchen@google.com>
- Revbum to 0.1.1, 0.1.0-{anything} causes data_model
0.1.0 to be downloaded since it's a higher release number.
- Also, add include LICENSE in the package includes for
data_model.
- Also, use the correct version when not using path in rutabaga_gfx.
BUG=b:173630595
TEST=compile
Change-Id: I68af3eb1fa4ab89a77968f784e388b10c94d8b97
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4209693
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
foz_db_list_path is specified for borealis only Borealis
(http://go/crrv/c/4096059). Utilize this variable to set
MESA_DISK_CACHE_READ_ONLY_FOZ_DBS_DYNAMIC_LIST.
MESA_DISK_CACHE_COMBINE_RW_WITH_RO_FOZ=1 is required so that read-
only SF caches can be used concurrently with the read-write DB
cache.
BUG=b:262181746
TEST=`vmc launch borealis`
Change-Id: Id5b317578c0d8d0a88659968a9d47415658cf2f7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4146458
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Max Lee <endlesspring@google.com>
62e1b362a8 migrated the vm_evt Tubes out
of Config, but it looks like presubmit didn't catch the part that only
builds on WHPX. This CL makes the minor update so it builds again.
BUG=b:267219257
TEST=builds downstream
Change-Id: Ia4202571b95178240510d6fc76ec9f505c196183
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4215672
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Config should contain only configuration data (e.g. flags, paths, etc.),
not objects used at runtime like tubes and events. The Windows code
currently passes a few Tubes from the broker to child processes via
Config, which this patch begins moving to a separate BrokerTubes struct
that will be serialized and sent over the bootstrap tube from the broker
after the Config struct.
This helps clean up the cross-platform Config struct, as well as fixing
the `crosvm run` command (which does not use the broker) on Windows;
previously the vm_evt_wrtube and vm_evt_rdtube were missing in this
case.
BUG=None
TEST=tools/presubmit --all
TEST=Boot x86-64 Linux kernel with crosvm run on Windows
Change-Id: Ida00ec3948f09735fcdc333b3b5f217dca9fdbb9
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4108782
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Add minijail dependency for unix target. This fixes the cargo build
error in glinux as minijail is required by the package "base".
BUG=b:238038707
TEST=cargo run in glinux
Change-Id: I9e56de3dbf162faf57ef2711d85dbd9d4da4971d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4134148
Commit-Queue: Judy Hsiao <judyhsiao@google.com>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
This is a refactoring to use original Error type instead of UffdError
from userfaultfd crate. This helps /dev/userfaultfd support which
returns std::io::Error on opening userfaultfd.
This contains a minor change to move register/unregister helpers to
userfaultfd.rs
BUG=b:266642532
TEST=cargo test -p swap
Change-Id: I24079999b018c0f1683fd7b4ee0f97153bd8914d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4196761
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
This implements the equivalent logic on crosvm as
UFFD_FEATURE_EVENT_FORK. When each device process forks, the ProxyDevice
creates userfaultfd and send it to the monitor process by
SwapController::on_process_forked().
Crosvm does not have any child processes which may access the guest
memory except device processes as of now. Crosvm forks
virgl_render_server, but the mmap is not preserved in the process on
execve(2) since it is a different binary. Also no device process forks
grandchild processes according to the seccomp policy.
We actually can't use UFFD_FEATURE_EVENT_FORK because the feature does
not support non-root user namespace (go/uffd-fork-user-ns) and ARCVM
runs in a non-root user namespace.
This also adds syscalls to seccomp policies for devices to allow the
processes to create and setup a userfaultfd.
BUG=b:266641923
TEST=manually tested
Change-Id: Ide3088e1e95ae3c8259e3f4324124b3376e760b7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4194228
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Adds a new hypervisor capability that causes crosvm to statically
allocate the location of the swiotlb buffer.
This will be used by the gunyah hypervisor.
BUG=b:244630071,b:232360323
Change-Id: Ia2f379bb6f2fa89167ddc73d65ec1b8c5494bdf6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4197001
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Frederick Mayle <fmayle@google.com>
No behavior change intended.
We'd like to make some aspects of the guest memory layout dependent on
hypervisor capabilities in future commits.
Note for x86_64: `Arch::guest_memory_layout` initializes some global
state so some care is needed when moving it relative to other code. In
this case it is safe because the only code being moved before
`Arch::guest_memory_layout` is `get_default_hypervisor`, which is
currently a constant, and `Kvm::new_with_path`, which just performs an
`open` syscall and wraps it in a `Kvm` struct. Neither depend on the
x86_64 specific global state.
BUG=b:232360323,b:244630071
Change-Id: I8bf70bb18e56dd7e7ac78c615fdb9877a87b66c4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4197000
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
if the call to protoc_rust::Codegen::run() fails, it fails silently (or
rather, with a println! that is not displayed unless `cargo build` is
invoked more verbosely) which can result in errors later on during
compilation, making it hard to track the root cause. this change adds an
expect call to make the code panic on error.
however, due to various cfg and other changes, there can be the
expectation of an `out/generated.rs` file still existing when no protos
have been compiled, so we also add a quick guard for empty proto paths
in the generation code.
BUG=none
TEST=cargo build
Change-Id: If5a67a45a5de937b6569c1f631a180401b860cee
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4210068
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Maciek Swiech <drmasquatch@google.com>
Fix some typos and a few nits.
BUG=None
TEST=cd docs/book/ && mdbook build
Change-Id: I904b9b0286a7ae0a6e8e434896c6bed7c382ac9e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4205152
Commit-Queue: Elie Kheirallah <khei@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
With crrev.com/c/4111635, PassthroughFS specifies O_PATH to open files
with no read permission so unreadable (but visible) files are exposed to
the guest. However, FUSE's *xattr request such as getxattr for such
files weren't supported because f*xattr() won't work for an FD with O_PATH.
This CL supports FUSE's getxattr requests for such FDs with O_PATH by
calling getxattr() syscall against `self/fd/{FD}` instead of calling
fgetxattr() against the FD directly. Also, it supports other
similar *xattr requests.
As a result, when you run `ls -lZ` in the guest, xattrs are shown
properly even for unreadable files.
BUG=b:265627547, b:262189957
FIXED=b:265627547
TEST=Run `ls -lZ /var/run/arc/media/removable` on ARCVM and confirm that
SELinux attribute `media_rw_data_file` is shown for directories that
chronos cannot read.
Change-Id: I0afdd088883a1601906646e3aa58de771673a882
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4173359
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Since fchdir is a per-process operation, we need a mutex to prevent
multiple threads from calling it at the same time.
BUG=none
TEST=start ARCVM
Change-Id: I072f500f6aa5bb5afb4983cd092f4994d31fa9c4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4194229
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
The default behavior when handling a panic in a multi-threaded Rust
program is to terminate only the thread that panicked; other threads
continue running.
In order to get a crash dump (and to prevent the program from continuing
to run in an inconsistent state), add a call to abort the whole program
at the end of the panic hook installed by install_memfd_handler().
The crosvm panic hook configured by set_panic_hook() already behaves
this way, but adding this behavior to install_memfd_handler() will cause
it to be used in all ChromeOS Rust programs that use the hook from
libchromeos.
Test program:
```
fn main() {
println!("hello world");
install_memfd_handler();
thread::Builder::new()
.name("crashtest".into())
.spawn(|| {
println!("about to panic");
panic!("test panic");
})
.unwrap();
}
println!("continuing to run main");
thread::sleep(Duration::from_secs(1));
}
```
BUG=b:234093439
TEST=panic in multithreaded test program; observe core
Change-Id: I2340b2f54607651fe577ebf44a0ecb12e409cef4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4190031
Reviewed-by: Allen Webb <allenwebb@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
We can move open() to be a generic method of StreamMetadataState if its
generic argument implement a trait for providing the necessary
information.
BUG=b:214478588
TEST=cargo test --features vaapi -p cros-codecs
Change-Id: I51efcd7e116accf5532f34de5884a988dc1d0cab
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4123656
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.corp-partner.google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Since we can now get the maximum number of DPB frames from the Sps
itself, we don't need that extra argument. This aligns the H.264 backend
with the others and will be helpful for the unification of code.
BUG=b:214478588
TEST=cargo test --features vaapi -p cros-codecs
Change-Id: Ia00a7cc2994497ef9c0d85567875bb920a861029
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4123659
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.corp-partner.google.com>
Move `max_dpb_frames` from Decoder to Sps, where it can be more useful.
This requires moving the Profile and Level enums to the parser module,
which is also a better place for them since they are part of the Sps.
This allows us to validate the Level during parsing and not every time
it is queried. Profile unfortunately is more tricky so let's leave it
untouched for now.
BUG=b:214478588
TEST=cargo test --features vaapi -p cros-codecs
Change-Id: I9ca908ef1f646c26e312449c76c2062ecb45af20
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4123658
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.corp-partner.google.com>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
This information is obtained from the stream metadata, so it should
belong here. Besides doing this makes the open() methods rely only on
metadata_state, which will allow us to factorize them on the next CL.
BUG=b:214478588
TEST=cargo test --features vaapi -p cros-codecs
Change-Id: Ie4cdf1e27ca47a6c1d85334ab17d685d5aacb705
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4123655
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.corp-partner.google.com>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Move some methods that are common for all codecs from the `HandleType`
type from StatelessDecoderBackend to VideoDecoderBackend.
This makes the `StatelessDecoderBackend` traits implement the
codec-specific part of the backend (which requires a custom interface),
while the `VideoDecoderBackend` trait implements the shared behavior
of the backend, regardless of the underlying codec.
This separation will also allow us to factorize the implementations of
these methods further down this series.
BUG=b:214478588
TEST=cargo test --features vaapi -p cros-codecs
Change-Id: Id9f6874a1a57531ff092975f3692b10f7c1afcae
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4123654
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.corp-partner.google.com>
In order to split cros-codecs out of the crosvm repo, we need to make
sure that there won't be any ownership issue about the video files we
host. Remove all test files not belonging to Chromium to make sure there
won't be any problem.
BUG=b:214478588
TEST=cargo test --features vaapi -p cros-codecs
TEST=`cargo test --features vaapi -p cros-codecs -- --ignored` passes on Brya
Change-Id: Ia7d168934e1a9708857052ba66b83b02e1eaa593
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4170418
Reviewed-by: Daniel Almeida <daniel.almeida@collabora.corp-partner.google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Add sleep and wake for devices in crosvm.
Bat: Add sleep/wake.
Debugcon: No thread is started, empty sleep/wake implementations.
ioapic: No thread is started, empty sleep/wake implementations.
pic: No thread is started, empty sleep/wake implementations.
userspace: Add sleep/wake. Sleep retrieves information from the thread
back to the userspace object.
pvpanic: Added Suspendable implementation. Empty sleep/wake.
vfio_pci: Add sleep/wake. Sleep retrieves information from the thread
back to the VfioPciDevice object.
pflash: No thread is started, empty sleep/wake implementations.
pit: Add sleep/wake.
vmwdt: Add sleep/wake.
Bug=b:232437513
Test=tools/presubmit --all
Change-Id: I30cd19a0c02939fd78cb6d58832ca49314e73982
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4184257
Reviewed-by: Steven Moreland <smoreland@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Elie Kheirallah <khei@google.com>
In cargo nextest, tests will be executed in a separate process for
each test.
This means we cannot use in-process locks or counters to ensure
tests will not conflict with each other.
BUG=b:261600801
TEST=CQ
Change-Id: Ifb5d16295fa2ec76a4036222961769dfaea18a32
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4190035
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Zihan Chen <zihanchen@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
If a guest cycled the virtio-blk on and off (e.g. activate, reset,
activate), then android-sparse files would start to be treated like raw
files.
BUG=b:266440668,b:219595052
Change-Id: I9ca00668ba7a7c820a177309edf320426feba81a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4195519
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Frederick Mayle <fmayle@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
