Commit graph

291 commits

Author SHA1 Message Date
Shintaro Kawamura
2914297216 swap: prefetch pages in swap file to page cache while swap in
Pre-populating page cache improves the latency of swap-in which I/O wait
mostly have taken up. This was because page cache populations were
triggered on page fault basis. Since swap-in operation moves pages
sequentially, pre-populating has a benefit on the latency.

MADV_WILLNEED causes the kernel to asynchronously start populating the
pages, and MLOCK_ONFAULT ensures that the data remains in the page cache
until it is UFFD_COPYed. mlock(2) without MLOCK_ONFAULT is not
applicable because it blocks the calling thread until populated.

MADV_DONTNEED is also important in terms of the swap-in latency. It
frees the page cache which is already UFFD_COPYed to be reused for later
readaheading swap file. Otherwise the memory pressure from the swap file
page cache population triggers system-wide page frame collection which
is heavy.

Pre-populating page cache alone is actually not enough to improve the
swap-in latency without swapping in on a background thread
(https://crrev.com/c/4317028).

BUG=b:265606668
TEST=cargo test -p swap

Change-Id: I2069c1260d0cf45499298999a71621e563f28f30
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4314186
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-03-22 06:01:44 +00:00
Zihan Chen
96b24f0ccc crosvm: Convert DataInit to zerocopy 9/n
This CL introduced a negligible amount of overhead as some read
operations on some tiny data strucutres (acpi netlink events) are
converted from zerocopy to single copy.

Also fixed a naming mistake around PCI MSI and manually added
padding to allow AsBytes to be derived.

TEST=CQ

BUG=b:204409584

Change-Id: Ibafe4c413fbed50e61c54433d495ff024fe60da4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4348712
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-03-20 22:17:26 +00:00
Daniel Verkamp
875a1d7d30 base: net: use tempfile::tempdir() in tests
Avoid the possibility of tests reusing the same socket path by using a
known unique directory from tempfile::tempdir().

BUG=b:274145919
TEST=tools/dev_container tools/presubmit

Change-Id: I883e223617fb465cdfbff5a45509098487b62b3b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4348699
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-03-17 20:02:44 +00:00
Daniel Verkamp
7e803c87ca base: use SafeDescriptor in unix socket wrappers
The SafeDescriptor type manages the lifetime of the file descriptor,
which simplifies the socket wrappers (each wrapper no longer needs to
manually implement Drop to close the descriptor, for example).

Also remove unneeded RawFd-related functions, replacing them with
RawDescriptor and SafeDescriptor equivalents.

BUG=None
TEST=tools/dev_container tools/presubmit

Change-Id: I634a19922ec24d06071b21247c79761cfc21a79a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4322266
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
2023-03-17 18:12:49 +00:00
Elliot Berman
d88d67c39b base: Move BlockedSignal to base sys
Move generic implementation of BlockedSignal to base sys.

Change-Id: I459ca424a633dc3fc2a5dec625dde8e5878132c0
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
(cherry picked from commit 5f51fa4ae3b979972d273dff4c224c1999b6e641)
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4346950
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-03-16 18:16:28 +00:00
Elliot Berman
e3d71786c2 sys_util: Cast ioctl_expr inputs to IoctlNr
If the input to ioctl_expr is a u8, it cannot be implicitly upcast to
u32. Cast the inputs, not the output, to IoctlNr.

Change-Id: I2bce639bd13f49c92fadedb146ef09171b7128ef
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
(cherry picked from commit 585dbff782e96d0531734d37ec2dae958f6ff6c1)
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4346949
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-03-16 18:16:28 +00:00
Steven Moreland
d86a1ff9c7 Revert "base: Cast ioctl_expr inputs to IoctlNr"
This reverts commit 3216994fd6.

Change-Id: I0109a3270e492be0feb6dd1430c159be2bbeb4ff
(cherry picked from commit deb06d8a71b17b83e382e998c77674cfd0d7428f)
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4346934
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-03-16 18:16:28 +00:00
Steven Moreland
6a524c08b0 Revert "base: Move BlockedSignal to base sys"
This reverts commit 92ffa564c4.

Change-Id: I98ce7763a5dba804ebbe17a78a9a0af35daca52e
(cherry picked from commit 8558a5dfaee0ef5f683cf932f5abcb197afd730d)
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4346933
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-03-16 18:16:28 +00:00
Isaac Bosompem
59ee40f04c crosvm: Add vGPU/vGPUserver cgroup support
Adds command line options to move the vGPU threads housed within crosvm
and the vGPUserver threads housed externally into separate cgroups.

This will give us the ability to perform some tweaks/experiments
with the affinity masks of these threads as a group.

BUG=b:269139377
TEST=Launch Borealis VM, ensure command line options work as expected.

Change-Id: I558673e616e0344bae2407db1ff693902816daac
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4304743
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Isaac Bosompem <mrisaacb@google.com>
2023-03-15 16:25:49 +00:00
Zihan Chen
abd53b6a1f crosvm: Trace seccomp filter usage precisely by filename
Add multiple log points to dump minijail's internal data structure
address, this allowes precise tracking of which minijail seccomp
filter is applied to which process/pid.

TESTED=CROSVM_CARGO_TEST_E2E_WRAPPER_CMD="strace -ff --output=/workspace/stracetest" CROSVM_CARGO_TEST_LOG_LEVEL_DEBUG=1 CROSVM_CARGO_TEST_LOG_FILE=/workspace/logtest.log ./tools/bench boot

BUG=b:258316090

Change-Id: Ibc2b66bf18b8af004bb30fd53523161bc9ca1ec4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4316958
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>
Auto-Submit: Zihan Chen <zihanchen@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-03-14 23:18:39 +00:00
Daniel Verkamp
0d069fc1e6 base: remove unsafe Tube FromRawDescriptor impl
Nothing calls this code, so it should be okay to remove it.

BUG=None
TEST=tools/dev_container tools/presubmit

Change-Id: I5f079dc9e6e15178506b801b7266d8bd0351ddbb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4321329
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
2023-03-14 20:17:25 +00:00
Noah Gold
7e22d900e0 base: fix unsafe overlapped read/write marked safe.
The overlapped wrappers on PipeConnection are unsafe, but they were
marked as safe. There are no actual unsafe production uses of them
because the conventions for overlapped IO generally make that hard to
do. That being said, these wrappers MUST be marked unsafe. This CL does
so and updates the callers with safety statements.

BUG=b:272812234
TEST=presubmit

Change-Id: I0def7056431d5b3b70eb4ce7c6ac8b44aef0a4cc
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4330490
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Noah Gold <nkgold@google.com>
2023-03-14 18:42:38 +00:00
Noah Gold
29e018652f base: move read/write wrappers to their own module.
In the future we'll be using read/write wrappers in multiple places,
but the wrapping code currently lives in the named pipe implementation.
This CL pulls it out to its own module. It also brings in some other
code in win_util that wasn't upstreamed.

BUG=b:272614458
TEST=presubmit

Change-Id: I6871f3db6991336f42706652b69935755bf2fbc3
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4326942
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-03-14 18:24:44 +00:00
Vikram Auradkar
948735a289 base: upstream overlapped send recv message functions
Upstreams blocking overlapped read/write commmands to base.
These funtions will be used by the broker to forward messages exchanged
between main and service.

Bug: 269191436
Test: none
Change-Id: I029e8c440bb6b8234fe2d1ca3b1dd5ddb408d814
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4329913
Auto-Submit: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
2023-03-10 23:01:40 +00:00
Maciek Swiech
d7bfa2dc54 crosvm: reland socket control mechanism
crrev.com/v/4237140 was reverted in crrev.com/c/4310064 due to the
generated header file not defining the RegisteredEvent type. along with
re-reverting the original cl (and corresponding bugfix cl) this patch
introduces a RegisteredEventFfi type which mirrors the original
RegisteredEvent type but should be exposed in the generated header file.

BUG=b:269609274
TEST=sidecar process (patch: crrev.com/c/4276642)
TEST=cargo build, header file inspection

Change-Id: I4a17163e36eb466a540a72d2bb4356419739c974
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4311831
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Maciek Swiech <drmasquatch@google.com>
2023-03-10 18:49:13 +00:00
Shin Kawamura
0ce2557fc5 Revert "balloon: add event registration mechanism for sidecar processes."
This reverts commit 2404c5ed44.

Reason for revert: This fails to build crosvm C interface and blocking ChromeOS CQ.

Original change's description:
> balloon: add event registration mechanism for sidecar processes.
>
> this patch introduces a mechanism for so-called 'sidecar processes' to
> register as event listeners, consuming events that are generated in
> various parts of crosvm. in this patch we focus on events that enable
> roziere cooperative ballooning, but lay the groundwork for a more
> general framework.
>
> the general idea is that a sidecar process would open a listening socket
> and register the path with crosvm for a specific event. crosvm will pass
> along a handle to a registered event tube to the appropriate device (or
> other internal component) which would then be responsible for passing
> along events. once events arrive back in the crosvm control loop, an
> attempt is made to dispatch the events to any registered sockets.
>
> BUG=b:269609274
> TEST=sidecar program that performs registration and receives events
>
> Change-Id: Iaff41aad8f862ed99a104c75623caaabc53e9e88
> Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4237140
> Commit-Queue: Maciek Swiech <drmasquatch@google.com>
> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>

Bug: b:269609274
Change-Id: I135e0d55bb296cf591548b7bd4feffc7ff9f3447
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4310064
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
2023-03-06 06:51:35 +00:00
Maciek Swiech
2404c5ed44 balloon: add event registration mechanism for sidecar processes.
this patch introduces a mechanism for so-called 'sidecar processes' to
register as event listeners, consuming events that are generated in
various parts of crosvm. in this patch we focus on events that enable
roziere cooperative ballooning, but lay the groundwork for a more
general framework.

the general idea is that a sidecar process would open a listening socket
and register the path with crosvm for a specific event. crosvm will pass
along a handle to a registered event tube to the appropriate device (or
other internal component) which would then be responsible for passing
along events. once events arrive back in the crosvm control loop, an
attempt is made to dispatch the events to any registered sockets.

BUG=b:269609274
TEST=sidecar program that performs registration and receives events

Change-Id: Iaff41aad8f862ed99a104c75623caaabc53e9e88
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4237140
Commit-Queue: Maciek Swiech <drmasquatch@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-03-02 20:50:18 +00:00
Daniel Verkamp
05dea3bb70 base: syslog: do not attempt to reconnect socket
The device process sandbox does not allow connect(), so if the syslog
connection is closed for any reason and then a device tries to log
something, calling connect() in the retry loop would kill the process
since connect is not allowed in the seccomp policy.

BUG=b:259860758
TEST=kill -9 $(pgrep rsyslogd); resize disk to get a log

Change-Id: Ic3d44543edbc6ab63e41f4589f77630620b4eca5
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4245440
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Nicholas Verne <nverne@chromium.org>
2023-03-02 00:04:47 +00:00
Dennis Kempin
b67eaca468 Use custom test harness for tests using fork
forking a process with multiple threads will lead to
undefined behavior. Unfortunately, newer versions of
libtest will spawn multiple threads even when running
a with --test-threads=1.

This change implements a custom, test harness using
libtest-mimic. It mimics the libtest CLI but enforces
a single threaded test process.

BUG=b:270167741
BUG=b:268496046
TEST=tools/run_tests --dut=host

Change-Id: Icef6a1b65bab7f5cd5021c01fbd94487fa0ca5fb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4295157
Reviewed-by: George Burgess <gbiv@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
2023-03-01 21:46:16 +00:00
Zihan Chen
e670159c2e crosvm: Add seccomp_trace feature
Add a minijail's mode of operation where an always-allow seccomp
filter is attached to forked device processes. This facilitates
capturing seccomp filters used by each device process separately.

TESTED=./tools/build_release -- --features seccomp_trace && strace -ff crosvm --log-level debug run <args>

BUG=b:258316090

Change-Id: Ic4d3f5178e6a2dcbd748d101db43574f3224ff78
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4289510
Commit-Queue: Zihan Chen <zihanchen@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-03-01 19:18:12 +00:00
Shintaro Kawamura
99900d234a devices: use fork_process() from ProxyDevice::new()
This is a refactoring of ProxyDevice and fork_process().

ProxyDevice did not have `ExitGuard`, but it should have it.

BUG=none
TEST=manual test

Change-Id: I19020b7ce1704638b16e544f0c4863a35c652d47
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4230551
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2023-02-27 02:46:48 +00:00
Shintaro Kawamura
fc3e5c9b80 disk: add PunchHoleMut trait
PunchHole should be originally immutable method since the
file_punch_hole() for both unix and windows are immutable function which
do not change the underlining file offset.

QcowFile is the only object which requires mutability to punch a hole to
its file.

This commit introduce a new PunchHoleMut and the existing PunchHole
traits and make PunchHole trait immutable. This unblocks b/269981962
which tries to punch a hole to non-mut reference File.

This also remove useless top level defined functions in base crate.

BUG=b:269981962
TEST=cargo build --feature=qcow
TEST=./tools/run_test2

Change-Id: I8333d13f4adc6dff319c0ddababe400d5e995141
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4269718
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2023-02-22 01:53:38 +00:00
Daniel Verkamp
4a61fb87bb base: add WorkerThread abstraction
WorkerThread provides a mechanism to start a thread that can be stopped
by sending an event from another thread. It also handles automatically
stopping the thread if the WorkerThread object is dropped.

BUG=b:269187468
TEST=tools/presubmit --all

Change-Id: Ifeef3f34f75fcd0496e87e038b60fa9e5e60a681
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4237530
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Frederick Mayle <fmayle@google.com>
2023-02-17 22:47:37 +00:00
Frederick Mayle
85eda99bd4 vm_memory: option to set MADV_DONTFORK on guest memory
This is admittedly an odd feature with a narrow use case. It will lower
the risk of crash analysis tools accidentally trying to read guest
memory that has been unshared from the host (i.e. in a protected VM).

Hoperfully we'll eventually have a better solution, where we only mmap
the memory regions that are shared with the host. There is no hypervisor
support for that yet.

BUG=b:238324526

Change-Id: Iac7ed38aa52778a43ac5ba22bab5a3df7a554ee6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4251719
Commit-Queue: Frederick Mayle <fmayle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-02-16 18:23:47 +00:00
Daniel Verkamp
232406ee94 base: windows: implement terminal raw mode
This roughly matches the unix::terminal interface and can be used
to configure the terminal for use with a serial console (no line
buffering, interpret ANSI escapes, and so on).

BUG=b:264428954
TEST=tools/presubmit --all

Change-Id: I7efa8c405b44dadec55e08993b5f7a4c0236cf69
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4200971
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-02-15 18:14:46 +00:00
Clarissa Garvey
4b0a3d88f7 base/src: Fix and update mmap.rs doctests
Prior to this CL, the doctest for write_obj_volatile() was failing on
a Windows device, and the doctest for read_obj_volatile() called
read_obj() rather than read_obj_volatile(), not testing the correct
function. After this CL, both tests pass on Linux and Windows, and the
doctest for read_obj_volatile() correctly tests the volatile version of
the function.

TEST=cargo test --doc in base/src, CQ

Change-Id: I4d3fd77a7ededed12231c980899187d747b61234
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4247139
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Clarissa Garvey <clarissagarvey@chromium.org>
2023-02-13 23:42:21 +00:00
Zihan Chen
4acc0186ad devices: Clean up DataInit (7/n)
With the previous CLs migrating many functions and types to use
zerocopy, finally we can do a big clean up of`unsafe impl DataInit`.
We are down to 93 instances now from 230 at 5th CL in this series.

Also fixes a bug introduced previously in this series where I set
the trait bound of a few write_at_addr unsafe functions to
`FromBytes` when `AsBytes` should also be required.

TEST=CQ

BUG=b:204409584

Change-Id: I6658dd246a8932493ef6a652054a23ecfde76198
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4237765
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-02-13 19:26:45 +00:00
Zihan Chen
7e346a6a91 x86_64: Convert all DataInit to zerocopy
TEST=CQ

BUG=b:204409584

Change-Id: Ic05209ebca76e97a0851b939083d73d5ad0a3f4b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4234064
Commit-Queue: Zihan Chen <zihanchen@google.com>
Reviewed-by: Zihan Chen <zihanchen@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-02-09 22:59:10 +00:00
George Burgess IV
64c178e9b7 crosvm: skip single-threaded tests
The Rust uprev breaks some assumptions these make. Sounds best from
discussion on the CL to temporarily disable them.

BUG=b:266817148, b:268496046
TEST=emerge-nocturne crosvm-base

Change-Id: If86eb23200b5af4be8221bacc42954b3dfc25aeb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4218895
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: George Burgess <gbiv@chromium.org>
2023-02-09 20:21:23 +00:00
Dennis Kempin
a3e2d8da3f Fix clippy errors on aarch64/armhf
We will enable clippy checks on those platforms in CI soon.

BUG=b:268356784
TEST=tools/clippy --platform=aarch64/armhf

Change-Id: Icfefdbce7498731d78448b00c7c21a0f86639dff
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4233580
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-02-09 00:09:02 +00:00
Zihan Chen
28ce4e5423 crosvm: Uprev rust toolchain and dev container
- Rust toolchain is updated to 1.65.0
- Catapult dashboard upload tool is added to dev_container
- Bindgen is updated to latest version to support custom derive
- Derive Eq when PartialEq is derived as required by new Clippy

TEST=CQ, bindgen-all-the-things

FIXED=b:260784028
BUG=b:257303497

Change-Id: I2034cd09e0aed84d4e9b30f2e85d84d94a442ea4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4228427
Auto-Submit: Zihan Chen <zihanchen@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-02-08 20:26:30 +00:00
Shintaro Kawamura
832b1f0bef swap: create userfaultfd from /dev/userfaultfd
userfaultfd(2) syscall requires CAP_SYS_PTRACE of root user namespace.
For better permission control /dev/userfaultfd was introduced from Linux
6.1. Since ARCVM runs inside a sandbox user namespace and enabling
/proc/sys/vm/unprivileged_userfaultfd opens up userfaultfd to the entire
system, crosvm for ARCVM has to use /dev/userfaultfd to create a
userfaultfd.

For systems which do not have /dev/userfaultfd, the Factory falls back
to userfaultfd(2).

BUG=b:268145007
BUG=b:266642532
TEST=manual test

Change-Id: I44b657877093d2a75627432619c1233b7ac2464e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4196763
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-02-08 04:18:36 +00:00
Noah Gold
c7041e707c base: fix mmap doc test on Windows.
MemoryMappingBuilder on Windows has to be built from SharedMemory. On
Linux we can build without one. We should fix this API discrepency at
some point, but for the moment let's get the test working again.

BUG=b:267219257
TEST=the fixed test passes downstream.

Change-Id: If9728f2b73465a30aa324549fbc10e189737b420
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4220528
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
2023-02-03 23:16:52 +00:00
Elie Kheirallah
4c80811b91 base: Add custom_serde lib for custom serializers
Add custom_serde to base
Move serialize_* functions from devices/lib to base/custom_serde
Made serialize_arr accept generic sized types and different sizes

BUG=b:232437513
TEST=./tools/presubmit --all

Change-Id: I5c686f4ff4235141e48764001aedc7a18d9dbbf9
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4210069
Commit-Queue: Elie Kheirallah <khei@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
2023-02-02 22:38:31 +00:00
Zihan Chen
8a7550c40a crosvm: Partially convert DataInit to zerocopy (1/n)
Thie effort is splitted into multiple CLs, to reduce change size
and also make bisecing breakages easier.

TESTED=CQ only

BUG=b:204409584

Change-Id: Ie90f171bd5f74b732df3129e94733f3b34621092
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4210751
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-02-02 19:28:57 +00:00
Daniel Verkamp
924f5a29ef data_model: Deprecate VolatileRef
This is a reland of commit d39e5811df

This change mark VolatileRef as deprecated instead of removing it
completely. This change also removed all related methods and functions
using VolatileRef that libcras don't use.

Original change's description:
> data_model: remove VolatileRef
>
> All uses except in test code have been eliminated, so we can remove it
> now.
>
> This was an unsafe abstraction, and we have better alternatives (such as
> the read_obj()/write_obj() functions) that do not create a long-lived
> mutable reference that could easily alias other slices.
>
> BUG=None
> TEST=tools/presubmit --all
>
> Change-Id: I84f1e2487d6211ce24b8fc992fa7675765870132
> Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824000
> Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
> Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
> Reviewed-by: Alexandre Courbot <acourbot@chromium.org>

TESTED=CQ

BUG=b:204409584
FIXED=b:236759218

Change-Id: I4019870a2321fcd8610669862b5e6ed9bf7c2282
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4215512
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-02-01 23:40:54 +00:00
Daniel Verkamp
2e1dabaa1a base: panic_handler: abort in memfd panic hook
The default behavior when handling a panic in a multi-threaded Rust
program is to terminate only the thread that panicked; other threads
continue running.

In order to get a crash dump (and to prevent the program from continuing
to run in an inconsistent state), add a call to abort the whole program
at the end of the panic hook installed by install_memfd_handler().

The crosvm panic hook configured by set_panic_hook() already behaves
this way, but adding this behavior to install_memfd_handler() will cause
it to be used in all ChromeOS Rust programs that use the hook from
libchromeos.

Test program:

```
fn main() {
    println!("hello world");
    install_memfd_handler();

    thread::Builder::new()
        .name("crashtest".into())
        .spawn(|| {
            println!("about to panic");
            panic!("test panic");
        })
        .unwrap();
    }

    println!("continuing to run main");
    thread::sleep(Duration::from_secs(1));
}
```

BUG=b:234093439
TEST=panic in multithreaded test program; observe core

Change-Id: I2340b2f54607651fe577ebf44a0ecb12e409cef4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4190031
Reviewed-by: Allen Webb <allenwebb@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-01-27 20:39:43 +00:00
Elliot Berman
92ffa564c4 base: Move BlockedSignal to base sys
Move generic implementation of BlockedSignal to base sys.

Change-Id: Ib6b0aae7cf9e1405c83f8b91131e04c765482d9a
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4174622
Commit-Queue: Frederick Mayle <fmayle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Frederick Mayle <fmayle@google.com>
2023-01-20 18:26:56 +00:00
Elliot Berman
3216994fd6 base: Cast ioctl_expr inputs to IoctlNr
If the input to ioctl_expr is a u8, it cannot be implicitly upcast to
u32. Cast the inputs, not the output, to IoctlNr.

Change-Id: Id28dfabb7eb80b7fb54d83024386fa149d14d009
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4174621
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
2023-01-18 18:49:24 +00:00
Daniel Verkamp
bf001d3889 base: move file_traits out of sys
Move the non-platform-specific parts of file traits out of sys and into
the top-level base crate.

BUG=b:263815124
TEST=tools/presubmit --all

Change-Id: I57ca309af29b3ce2702c34a946f738cf417eaa71
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4126568
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-01-12 19:33:35 +00:00
Daniel Verkamp
5c1f06dc81 Fix new Rust 1.65 clippy warnings
A few more needless_borrow and needless_return warnings slipped in since
the last round of Rust 1.65 clippy fixes.

BUG=b:260784028
TEST=tools/clippy # with Rust 1.65

Change-Id: Iefceab6f1ec1c460e92b49f9cd21cfb79569f04a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4133516
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-01-05 23:08:09 +00:00
Daniel Verkamp
061e6d03c4 base: unix: remove kernel_has_memfd()
This function was used to check if the memfd_create() function worked in
order to skip tests on very old kernels (before Linux 3.17 from 2014).

All kernels older than 3.17 are EOL now, so we can reasonably require a
more recent kernel version.

Removing the checks will ensure that all tests actually pass rather than
being silently skipped.

BUG=None
TEST=crosvm CQ
TEST=tools/presubmit --all

Change-Id: I92695127061406901bb02b1012f2c14ee9afc705
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4126247
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-01-05 17:57:57 +00:00
Daniel Verkamp
ac0fc378a3 Fix remaining Chrome/Chromium OS instances
These should be written as ChromeOS and ChromiumOS (without the space)
to match the updated branding. The copyright headers were already
migrated to the new style (https://crrev.com/c/3894243), but there were
some more instances left over.

BUG=None
TEST=tools/cargo-doc

Change-Id: I8c76aea2eb33b2e370ab71ee9b5cc0a4cfd00585
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4129934
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-01-03 22:14:30 +00:00
Vikram Auradkar
b375cbf575 crosvm: reduce kiwi feature flag usage
BUG=b:260601120
TEST=NONE

Change-Id: I7b0de67b21d981fd446c32abc0380f0a50e2cfeb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4126246
Reviewed-by: Richard Zhang <rizhang@google.com>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-01-03 17:31:31 +00:00
Elie Kheirallah
e1715c9814 base: sys: unix: change rlim64_t to u64
libc lacks rlim64_t for Android.
The rlim64_t definition can be found as type rlim64_t = u64;
This seems redundant since we transform a u64 to rlim64_t.

BUG=b:255594691
TEST=tools/presubmit --all

Change-Id: I9095dc48fe4669b936f88633c2c6f8b4f822825a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4105122
Reviewed-by: Frederick Mayle <fmayle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Elie Kheirallah <khei@google.com>
Commit-Queue: Elie Kheirallah <khei@google.com>
2022-12-14 01:00:15 +00:00
Daniel Verkamp
a506de7ee6 Reformat with nightly rustfmt
BUG=None
TEST=tools/fmt --nightly

Change-Id: I7c74b9190bf28e3d7e3ac4401a2b79800a9e4b76
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4087003
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2022-12-07 19:33:09 +00:00
Dennis Kempin
9a5dcbc68d base: Spawn separate process for executing process tests
These tests will use fork, which does not work in a multi-threaded
process. This is currently enforced by passing --test-threads 1 to
this test, but that won't work with cargo nextest.

To ensure that the test process is single-threaded, re-execute the
test binary as a child process.

BUG=b:261600801
TEST=presubmit

Change-Id: I1762ebbae66331895f84df9daa484468f1fe086d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4086902
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Dennis Kempin <denniskempin@google.com>
2022-12-07 19:19:46 +00:00
Shintaro Kawamura
dff87912c6 base: timer: remove timeout from timer
No one use Timer::wait_for() with timeout.

Removing timeout consideration makes it easier to wrap it with
handle_eintr_errno! macro.

BUG=b:259621330
TEST=cargo test -p base

Change-Id: Ief81ae7306e77c014240bcbd3e58befab4b630a8
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4060414
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2022-12-02 04:00:56 +00:00
Daniel Verkamp
10990c89af Rust 1.65: Fix clippy derive_partial_eq_without_eq lints
BUG=b:260784028
TEST=tools/clippy

Change-Id: Ib2b595385ed04b9480b22549334ce798d980d347
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4064717
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
2022-12-01 01:32:30 +00:00
Daniel Verkamp
dfe9869d6c Rust 1.65: Fix clippy borrow_deref_ref, needless_borrow, and explicit_auto_deref lints
BUG=b:260784028
TEST=tools/clippy

Change-Id: I85cd5e096bc7b977fe1d9b231c08338b65e71780
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4064714
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2022-11-30 19:33:31 +00:00