The arm64 kernel header contains an 'image_size' field indicating the
minimum size of the reserved memory region into which the kernel is
loaded. This is larger than the size of the Image file, as it also takes
into account NOBITS sections such as the .bss, which will be zeroed
during boot.
Although crosvm parses the kernel header, it fails to take 'image_size'
into account and can end up loading the initrd over the .bss if the
section is large enough to cross the next 16MiB alignment boundary after
the end of the Image.
Size the memory reservation according to the 'image_size' field in the
arm64 kernel Image header, warning if it's zero and falling back to the
current behaviour.
BUG=b:322966413
TEST=tools/dev_container tools/run_tests --platform=aarch64
Change-Id: I23316f201d8a7fd9025762be518aa505e716c642
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5249889
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Will Deacon <willdeacon@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Kernel images are often stored compressed because they can take up a
significant amount of disk space. One of the popular formats for this is
LZ4. Even though it does not offer the best compression ratio, it excels
at decompression speeds.
On arm64, kernels do not come with their own decompressor like they do
on x86. Instead, it is the job of the bootloader to decompress the
kernel before it is executed.
To this end, add crosvm support for LZ4 decompression of kernel images,
via the Rust-safe lz4_flex library. LZ4 file format is detected
automatically via one of its magic numbers. Otherwise crosvm will fall
back to loading the kernel as a raw image.
Some rough numbers using Android's Generic Kernel Image on Pixel 8:
* compresion rate: 49% (33MB -> 16MB)
* decompression time: 20-30ms
Given that the total VM boot takes about 1.5s, the overhead is more than
acceptable.
BUG=b:315141974
TEST=tools/dev_container tools/run_tests --platform=aarch64
Change-Id: I1030abe6fdf7087603cea9ac5273bf9136bad693
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5110323
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: David Brazdil <dbrazdil@google.com>
The obsolete KVM_SET_MEMORY_ALIAS ioctl was removed from the kernel; it
was already unused in crosvm, so remove the corresponding ioctl macro.
Change-Id: I1ecfce4b8df886680154c567f82ab7f006fbfd1f
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5178535
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
This removes some auto-generated safety comments, but should otherwise
be a no-op.
Change-Id: Ibfcf75c6e296367fe1a6114ce2047fb79e34041b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5178534
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
IoBuf is defined in a platform-specific way (it is either iovec on unix
or WSABUF for windows), so it fits into the mission statement of the
base crate, which is meant to be *the* platform abstraction layer in
crosvm.
IoBufMut and VolatileMemory/VolatileSlice are defined in terms of IoBuf,
so they are also moved into base for consistency. Every crate that uses
these types already depended on base, so no extra dependencies are
added, and a few can be removed.
BUG=b:312312646
TEST=tools/dev_container tools/presubmit
Change-Id: I4dddc55d46906dfc55b88e8e6a967d7e1c1922dd
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5046605
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
These duplicate existing VolatileSlice and FileReadWriteAtVolatile
functionality. Removing them means that they don't need to be
reimplemented separately for each platform's MemoryMapping.
BUG=b:309020556
TEST=tools/dev_container tools/presubmit
Change-Id: Ia4332159461efc001b4e980fdb2a9984e852c931
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5019440
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Rather than using MaybeUninit to create a zeroed instance of a type and
std::slice::from_raw_parts_mut() to get a mutable &[u8] referring to it,
we can use the zerocopy 0.7 FromZeroes trait new_zeroed() function and
the AsBytes + FromBytes as_bytes_mut() function to read from the reader
into the type as a mutable &[u8].
This removes all of the unsafe code in the zerocopy_from_reader()
function.
BUG=None
TEST=tools/dev_container tools/presubmit
Change-Id: I76b12b69b02e807a3e52ac9b9e7e7165ee1f55f4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4939612
Reviewed-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
In particular, this fixes the Clone impl for __BindgenUnionField, which
triggers clippy's incorrect_clone_impl_on_copy_type in Rust 1.73.
Additionally, --size_t-is-usize became the default and the option was
removed in bindgen 0.65.0, so the flag is dropped from our bindgen
command line.
BUG=None
TEST=tools/bindgen-all-the-things
Change-Id: I40a26cd4a9e2897af8a354f454f4909429d2feda
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4927831
Reviewed-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
zerocopy 0.7.x has finally released as a stable version, uprev it
to allow some remaining structs to be derivable.
TEST=CQ
BUG=b:300969352
FIXED=b:300969352
Change-Id: I90f0dfb09494f875fef1cd11bfcbd48030846092
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4878761
Auto-Submit: Zihan Chen <zihanchen@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zihan Chen <zihanchen@google.com>
Previously all of the zerocopy imports just used "*", but there are
API changes in zerocopy 0.7, so ensure we get a compatible version by
depending on 0.6 everywhere.
This is a no-op since Cargo.lock already specifies a 0.6.x version, but
it will prevent accidentally upgrading to 0.7.x without updating to the
new API.
BUG=b:301283548
TEST=cargo build
Change-Id: Ifd702d982a09b5083dddd666dc6f3052cba22214
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4878502
Reviewed-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
We are down to only 30 `unsafe impl DataInit` across our repo now!
TEST=CQ
BUG=b:204409584
Change-Id: I1b6cf95b2a15eac194f3b464330009fd898a0bfa
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4356907
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Switch to the ChromeOS v6.1 branch and regenerate all affected bindings
in the crosvm tree.
Some minor fixes were required in users of the bindings:
- KVM_SYSTEM_EVENT_RESET_FLAG_PSCI_RESET2 is available in the kernel now
and was removed from the manually-added section of kvm_sys.
- The KVM system_event now contains an anonymous union, requiring a few
renames.
- IORING_OP_* were moved into an enum, which required the enum name to
be prefixed to the uses of those values.
BUG=None
TEST=tools/presubmit --all
Change-Id: I84568fb76658832130e2e9a631495ba82fd4c3ed
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4285742
Reviewed-by: Elie Kheirallah <khei@google.com>
Reviewed-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Thie effort is splitted into multiple CLs, to reduce change size
and also make bisecing breakages easier.
TESTED=CQ only
BUG=b:204409584
Change-Id: Ie90f171bd5f74b732df3129e94733f3b34621092
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4210751
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>
This interprets the p_paddr field of ELF program headers as an offset
into physical RAM on aarch64 systems, which is a change in behavior. We
pass an offset of 0 on x86-64, so it makes no difference there.
BUG=b:254601048
BUG=b:255697205
TEST=cargo test -p kernel_loader
Change-Id: I9ebaa285c4cde1f70cb7752e91ff4520e06dc82f
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4035738
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The new load_arm64_kernel() function loads and validates the Linux arm64
image format. This allows detecting whether the magic number and other
fields are valid, similar to the existing ELF loader.
BUG=b:254601048
TEST=Boot Crostini on arm
Change-Id: I62dc4670c2a216aa9a062f6d57ff945162e26037
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3976062
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
This will allow them to be used in a non-ELF kernel loader without being
misleading.
BUG=b:254601048
TEST=cargo test -p kernel_loader
Change-Id: I47e632e16b242813ffebcab88285b284cafcb6c2
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3995582
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
While we are tweaking all of the copyright headers, let's take the
opportunity to ensure there is always a blank line after the copyright
header for consistency. (Almost all files already follow this style.)
This includes a slightly ugly regex to allow the end of a C-style
comment block after the end of the copyright:
/*
* Example comment block
*/ <-- this line
Change-Id: Idfd0855861e5ecb3d33afae942fdba908af0dcff
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3892521
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
This search/replace updates all copyright notices to drop the
"All rights reserved", Use "ChromiumOS" instead of "Chromium OS"
and drops the trailing dots.
This fulfills the request from legal and unifies our notices.
./tools/health-check has been updated to only accept this style.
BUG=b:246579983
TEST=./tools/health-check
Change-Id: I87a80701dc651f1baf4820e5cc42469d7c5f5bf7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3894243
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
crosvm is switching the import style to use one import per line.
While more verbose, this will greatly reduce the occurence of merge
conflicts going forward.
Note: This is using a nightly feature of rustfmt. So it's a one-off
re-format only. We are considering adding a nightly toolchain to
enable the feature permanently.
BUG=b:239937122
TEST=CQ
Change-Id: Id2dd4dbdc0adfc4f8f3dd1d09da1daafa2a39992
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3784345
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Loading 32-bit images is needed for kvm-unit-tests.
BUG=b:233317135
TEST=boots, new unit tests
Change-Id: I6ba63255e0e2993f3735ef81489f64dbd0bb6374
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3764465
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Steven Richman <srichman@google.com>
Tested-by: Steven Richman <srichman@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Previously, we were loading ELF kernels at the provided kernel_start
address plus the p_paddr (physical address) field of each program
header. This resulted in the kernel being loaded after a big gap of
zero bytes, which accidentally worked on x86_64 because 0x00 0x00
encodes a valid instruction, and the entry point was at the beginning of
the first section, so execution would effectively "nop slide" its way
from the supposed entry point all the way to the actual beginning of the
correct code. In addition, the Linux kernel entry point is compiled as
position-independent code, so the mismatched address did not matter.
Fix this by loading ELF kernels at whatever physical address they
specify, without adding any extra offset. The load_kernel() function
still accepts a start address, but this is now used simply to verify
that the ELF file does not try to load any sections outside of the
desired kernel region.
As a demonstration, we can look at the instructions at the kernel's
declared entry point (0x1000000 for a normal x86-64 Linux kernel in ELF
format) by attaching to the gdb stub and running:
(gdb) disas 0x1000000,+8
With the old behavior, we get purely 0x00 0x00 opcodes, decoding as:
0x0000000001000000: add BYTE PTR [rax],al
0x0000000001000002: add BYTE PTR [rax],al
0x0000000001000004: add BYTE PTR [rax],al
0x0000000001000006: add BYTE PTR [rax],al
With the new behavior, we get the correct entry point instructions:
0x0000000001000000: lea rsp,[rip+0x1203f51] # 0x2203f58
0x0000000001000007: lea rdi,[rip+0xfffffffffffffff2] # 0x1000000
BUG=b:234155022
TEST=cargo test -p kernel_loader
TEST=Boot x86-64 ELF vmlinux kernel
Change-Id: Iae4c8db022674e6311e54dffe479a1ed430a1ef4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3673612
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Anton Romanov <romanton@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
The new LoadedKernel structure also splits out the size and end address,
which are both used in different places (x86_64 wants end, aarch64 wants
both).
BUG=b:234155022
TEST=tools/presubmit
TEST=cargo test -p kernel_loader
Change-Id: I86a7e412c983f29a2c614cc9e6896aa11db6ba94
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3673611
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Check in the source to generate the test binary, and make it a minimal
x86-64 ELF binary that can actually work inside crosvm. The new version
uses the COM1 serial port to print a hello message.
This provides a proper test for the ELF loader, including a binary that
is linked with the appropriate physical address fields in its program
headers.
The resulting binary is checked in rather than generated by tbe build
system since we want a consistent file that can be verified against
known good constants in the tests.
BUG=b:234155022
TEST=cargo test -p kernel_loader
Change-Id: I772b4d7e1fcb2b420acd454dc40764943bf975b1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3673610
Reviewed-by: Anton Romanov <romanton@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This provides at least a minimal one-line description to show what each
crate is about.
BUG=None
TEST=tools/cargo-doc
Change-Id: I26732e8c29062e622d5be09bdc120a49d564b9fd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3630422
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Run tests for sys_util_core, poll_token_derive and balloon_control on
windows.
Using dotfiles to disable/serialize test runs of a subset of crates does
not work well with third party crates as it forces us to commit the dot
file to the crate.
The patch modifies and uses the script that runs linux tests.
This patch also allows us to
- build/test child crate even if parent crate has disabled build/test.
- avoid building crosvm if it is not explicitly specified.
RIP short lived .windows_build_test_skip. You allowed us to run noop
kokoro tests.
Test: py .\tools\impl\test_runner.py --arch x86_64
Bug: b:215610772
Change-Id: Icc6d04ffd7c0c33d4f60aeac16fc7d23881c387d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3459809
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
The patch also adds files to skip building and testing crates on
windows. When we run
```
tools/windows/build_test.py --skip_file_name .windows_build_test_skip
```
the build/test succeeds without actually doing anything as build/test
for all crates is skipped by creating '.windows_build_test_skip'.
Bug: 213170957
Test: Ran script on downstream repo
Change-Id: Iebd2cea463ee722be4feaed88229e1fb5e9fd6c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3417918
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
As before, some are automatically fixed by clippy, some manually
fixed.
BUG=b:192373803
TEST=./tools/presubmit
Change-Id: Ifcab4cf60775ee6bb7d4530af6406a74958432ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3283683
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This change contains the results of running
./tools/contib/cargo_refactor.py
This will break the next uprev, and needs to be synchronizized
with the corresponding ebuild changes in https://crrev.com/c/3248925
BUG=b:195126527
TEST=./tools/run_tests
Change-Id: Ied15a1841887bb8f59fba65b912b81acf69beb73
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3248129
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Rust bindgen now supports --allowlist and --blocklist option names as of
https://github.com/rust-lang/rust-bindgen/pull/1990 - use them in the
various bindgen invocations in scripts and comments.
BUG=b:178821708
TEST=../dev/contrib/search_blocked_words.sh unblocked_terms.txt
Change-Id: I9797f049999a01ab2c41617823463236b4d03cbb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3243012
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Use the crates.io implementation of tempfile instead of our own version.
Our reimplementation is kept in the tree for now in case of dependencies
outside of the crosvm tree; it can be removed later once those are fully
switched over to the crates.io implementation.
BUG=b:199204746
TEST=emerge-hatch crosvm
Change-Id: I07d3404239302ab9a17f4ddc82a9479b256e4eb4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3209839
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Replace the uses of read_struct() and read_struct_slice() with the
safe DataInit::from_reader() implementation.
BUG=b:197263364
TEST=./test_all
TEST=Boot bzImage kernel
TEST=Boot raw ELF kernel extracted with extract_vmlinux
Change-Id: I80f98243bfb58a7ae93e1686bc4d92b0cd485cda
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108249
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
This is very largely boilerplate, but changes some interfaces
to accept different parameters, esp using Descriptor.
BUG=b:162363783
TEST=./build_test
Change-Id: I81b513c0de9448c2de505fe5d3a61a29f4eccb78
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2342591
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Michael Hoyle <mikehoyle@google.com>
For now, this crate simply re-exports all of sys_util, but it will
be updated to provide new interfaces when needed. This is the
first step to making crosvm not directly depend on sys_util, so
that we can make the interface changes we need without fear of
negatively affecting (i.e. completely breaking) other usages
within chromeos.
BUG=b:162363783
TEST=./build_test
Change-Id: I7d0aa3d8a1f66af1c7fee8fd649723ef17027150
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2325168
Tested-by: Michael Hoyle <mikehoyle@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Michael Hoyle <mikehoyle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Move GuestAddress and GuestMemory to a new crate for VM memory. This
will make separating sys_util and crosvm independent making it easier
to use sys_util functions outside of crosvm.
Change-Id: I12e14948ea85754dfa6267b3a3fb32b77ef6796e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2311251
Auto-Submit: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Fixes warnings of the form "returning an `Err(_)` with the `?` operator"
from clippy.
BUG=None
TEST=bin/clippy
Change-Id: Ied9c0bfbd71ad825fe88c861160e59db491efdd3
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1896086
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
The new constructors are shorter and omit the bare `None` in the `anon`
call sites which gave no clues to the reader what the effect of that
`None` was. This should improve readability.
TEST=./build_test
BUG=None
Change-Id: I2e34e7df9a4ccc5da50edf4e963a6a42e3d84b22
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1797188
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
The mem_offset + phdr.memsz addition is using untrusted input
(phdr.memsz) and can overflow; add an explicit check to avoid panics on
invalid values.
BUG=None
TEST=/usr/libexec/fuzzers/crosvm_zimage_fuzzer in cros_fuzz shell
Change-Id: Ie6f7f27bd00958ff85201cecaa75ce2b19779b8b
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1674664
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
This manifested itself in a couple places that were turning shared
memory buffers into slices for the purposes of passing these slices to
`Read` and `Write` trait methods.
However, this required the removal of the methods that took `Read` and
`Write` instances. This was a convenient interface but impossible to
implement safely because making slices from raw pointers without
enforcing safety guarantees causes undefined behaviour in Rust. It turns
out lots of code in crosvm was using these interfaces indirectly, which
explains why this CL touches so much.
TEST=crosvm run
BUG=chromium:938767
Change-Id: I4ff40c98da6ed08a4a42f4c31f0717f81b1c5863
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1636685
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Zach Reizner <zachr@chromium.org>
A few files were missing license blurbs at the top, so update them all
to include them.
BUG=none
TEST=none
Change-Id: Ida101be2e5c255b8cffeb15f5b93f63bfd1b130b
Reviewed-on: https://chromium-review.googlesource.com/1577900
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>