Commit graph

22 commits

Author SHA1 Message Date
Shintaro Kawamura
85a4efdbad swap: use create_sandbox_minijail for the monitor process
The monitor process uses the `jail` crate which devices use to create
sandbox.

The syscalls listed in the seccomp filter policy file is originally
generated from a profile by strace. Also there are additional syscalls
from common_device.policy:

* another variant of syscalls in the profile
  * clone, dup, readlinkat
* the basic set which will be added by minijail compiler anyway.
  * restart_syscall, exit, exit_group, rt_sigreturn
* syscalls appears only on DUT (not workstation).
  * set_robust_list, sigaltstack, rseq

Used `common_device.policy` as a reference for syscalls which require
detailed conditions (e.g. clone, mmap, openat, etc).

This adds seccomp filter policy only for x86_64. The policy files for
other architectures will be added later.

BUG=b:258351526
TEST=manually tested

Change-Id: I3e584449ed9330a57ae1d2bd6c56a7554b6584ef
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4253073
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2023-03-02 00:42:35 +00:00
Dennis Kempin
b67eaca468 Use custom test harness for tests using fork
forking a process with multiple threads will lead to
undefined behavior. Unfortunately, newer versions of
libtest will spawn multiple threads even when running
a with --test-threads=1.

This change implements a custom, test harness using
libtest-mimic. It mimics the libtest CLI but enforces
a single threaded test process.

BUG=b:270167741
BUG=b:268496046
TEST=tools/run_tests --dut=host

Change-Id: Icef6a1b65bab7f5cd5021c01fbd94487fa0ca5fb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4295157
Reviewed-by: George Burgess <gbiv@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
2023-03-01 21:46:16 +00:00
Shintaro Kawamura
7654908fec swap: switch page fault logger with compiler feature flag
page fault logger is only for debugging purpose. It has a security
concern about exposing the trigger to enable the logger. The logger will
make the page fault handling slower and consumes disk resources.

Instead, the page fault logger is only enabled by compiler feature flag
like:

```
cargo build --features=swap,swap/log_page_fault
```

Opening a file on the monitor process is blocking the upcoming minijail
migration. Open the log file on the main process and pass the file
descriptor to the monitor process.

BUG=b:269372016
TEST=manual test

Change-Id: I5df2a32da7fb149680fa24617ffd905b2483108b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4253287
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2023-02-15 07:06:22 +00:00
Shintaro Kawamura
832b1f0bef swap: create userfaultfd from /dev/userfaultfd
userfaultfd(2) syscall requires CAP_SYS_PTRACE of root user namespace.
For better permission control /dev/userfaultfd was introduced from Linux
6.1. Since ARCVM runs inside a sandbox user namespace and enabling
/proc/sys/vm/unprivileged_userfaultfd opens up userfaultfd to the entire
system, crosvm for ARCVM has to use /dev/userfaultfd to create a
userfaultfd.

For systems which do not have /dev/userfaultfd, the Factory falls back
to userfaultfd(2).

BUG=b:268145007
BUG=b:266642532
TEST=manual test

Change-Id: I44b657877093d2a75627432619c1233b7ac2464e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4196763
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-02-08 04:18:36 +00:00
Shintaro Kawamura
f05ef071ae swap: move guest memory to staging memory on multi thread
Enabling vmm-swap copies all the guest memory to the staging memory
while freezing whole the crosvm. Reducing the latency of it is
important.

The most time consuming part of enabing vmm-swap is pure memory copy
which easily can be executed on the multi-thread.

BUG=b:263830401
TEST=cargo test -p swap

Change-Id: I307ad1c459158113cc654e7ba1541381a38b65bb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4142083
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-01-23 04:52:02 +00:00
Dennis Kempin
acc162000f Add conditional compilation for unix-only crates
Instead of configuring which crates to --exclude in
test_config.py, we can use conditional compilation to
exclude code that is not supported on windows.

This allows more fine-grained control and also allows
us to use plain cargo for building without complicated
configuration and exclusions.

BUG=b:265829867
TEST=cargo test --lib --bins --workspace
	--target=x86_64-pc-windows-gnu
	--features=all-mingw64

Change-Id: I8422c3f08053bc27d9896b220876a56bd25543d6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4165868
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-01-19 21:21:59 +00:00
Gurchetan Singh
32ec615426 crosvm: pre-release alpha for data_model
data_model is probably going away in the future, but
until we can release it as pre-release alpha for internal
efforts.

(context: https://fxbug.dev/114169)

BUG=b:173630595
TEST=compile

Change-Id: Ie13ec3ab9083d315c78a035b532132296a8fb651
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4082333
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
2023-01-13 17:23:23 +00:00
Shintaro Kawamura
0ee28131a2 swap: add helpers for pagesize
Using the cached page size shift has several performance benefits listed
at the comment of the file.

BUG=b:260543132
TEST=cargo test -p swap

Change-Id: Ic7a19135b7a2e29c032c73fa7dca1d853cdb5e48
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4125177
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2023-01-10 03:10:00 +00:00
Daniel Verkamp
ac0fc378a3 Fix remaining Chrome/Chromium OS instances
These should be written as ChromeOS and ChromiumOS (without the space)
to match the updated branding. The copyright headers were already
migrated to the new style (https://crrev.com/c/3894243), but there were
some more instances left over.

BUG=None
TEST=tools/cargo-doc

Change-Id: I8c76aea2eb33b2e370ab71ee9b5cc0a4cfd00585
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4129934
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-01-03 22:14:30 +00:00
Federico 'Morg' Pareschi
912b70b741 cros_trace: Add initial trace_marker backend
This CL adds a new backend for the cros_tracing crate. This backend can
be enabled by building crosvm with the trace_marker feature enabled.
When the feature is not enabled, no extra overhead incurs as the default
NOOP cros_tracing crate will be compiled in instead.

BUG=b:259501910
TEST=compiled and ran crosvm with and without `--features trace_marker`

Change-Id: Ia4b929b042712a458b7d54c0362d6fda90db9e9f
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4075413
Reviewed-by: Christian Blichmann <cblichmann@google.com>
Auto-Submit: Morg <morg@chromium.org>
Commit-Queue: Morg <morg@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
2022-12-23 06:21:24 +00:00
Daniel Verkamp
d570328520 swap: remove Cargo.toml data_model patch
Fixes compiler warning:

  warning: patch for the non root package will be ignored, specify patch
  at the workspace root:
  [...]/src/platform/crosvm/swap/Cargo.toml
  [...]/src/platform/crosvm/Cargo.toml

The top-level crosvm/Cargo.toml already specifies the patch, so we can
just remove it from swap/Cargo.toml

BUG=None
TEST=cargo build --features=swap
TEST=emerge-brya crosvm

Change-Id: Icdb9c7745478552ac01f07bdd5c799feff3f69a0
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4062050
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2022-11-29 23:33:36 +00:00
Shintaro Kawamura
bcf9339387 swap: log page fault event
The new command "crosvm swap log_pagefault <socket>" starts logging
page fault events. The log file "page_fault.log" will be located under
the swap directory.

Pagefault event log help up debugging the vmm-swap feature and
understand the memory usage of the guest os.

design document: go/tanooki-phase1-dd

BUG=b:253555760
TEST=manually tested. this is debug feature.

Change-Id: I13e36cef873cd83179032fe8a289c8df71384644
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3954806
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2022-11-17 02:48:04 +00:00
Hikaru Nishida
2b35bf353b swap: add commands for vmm-swap out
Added new crosvm commands "crosvm swap enable" and "crosvm swap status".

swap crate exposes SwapController to control the vmm-swap feature.

When vmm-swap is enabled, all the pages on the GuestMemory are swapped
out to a file and are freed to give a lot of memory back to OS.

design document: go/tanooki-phase1-dd

BUG=b:215093219
TEST=manually tested

Change-Id: Ideb10b0119edd9f47b66c8ac61add21ac08181d4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3871758
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2022-11-17 02:39:55 +00:00
Shintaro Kawamura
4196632a3e Reland "swap: suspend device processes using SIGSTOP signal"
origin:
https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3932497

ProcessesGuard stops all the crosvm processes except the caller process
using SIGSTOP signal because we must guarantee that no one changes the
guest memory contents while vmm-swap out.

This is a short term solution and will be replaced with device
suspension feature later.

See the "Write back atomicity" section in go/tanooki-phase1-dd

BUG=b:215093219
TEST=cargo build --features=swap

Change-Id: I34e528bf318e5ff9277048f3daf8608e7b09ddc7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4016145
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2022-11-14 06:14:07 +00:00
Shintaro Kawamura
9f962de130 Reland "swap: add swap file"
origin:
https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3930082

SwapFile saves the active pages in the memory region to a file.

design document: go/tanooki-phase1-dd

BUG=b:215093219
TEST=cargo test -p swap

Change-Id: Idce637ed069665e174b36c21a32afdad2f00fea1
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4016143
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2022-11-14 06:14:07 +00:00
Shintaro Kawamura
67390a05fb Reland "swap: add userfaultfd wrapper"
origin:
https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3895235

userfaultfd enables applications to handle page faults on designated
memory area.

vmm-swap feature uses userfaultfd to catch page fault event and swap
in the guest memory from the swap file.

design document: go/tanooki-phase1-dd

BUG=b:215093219
TEST=cargo build --features=swap

Change-Id: I36ecfe9be988a4bc451f8edaf2ab48e25c6600f4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4016142
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2022-11-14 06:14:07 +00:00
Shin Kawamura
eb5c9ffef9 Revert "swap: add userfaultfd wrapper"
Revert submission 3935683

Reason for revert: userfaultfd-sys fails to build on windows
Reverted Changes:
Icf46cfb26:swap: add PageHandler
I408dbfa4d:base: unix: add fork_process
Ie62a0cf53:swap: suspend device processes using SIGSTOP signa...
I4ce16eef3:swap: add swap file
I13ae09cd9:swap: add userfaultfd wrapper

Change-Id: Ic815d0a73a0b2db6a33ed9d87025643a106183d2
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4015885
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
2022-11-09 06:02:39 +00:00
Shin Kawamura
35c9c13c65 Revert "swap: add swap file"
Revert submission 3935683

Reason for revert: userfaultfd-sys fails to build on windows
Reverted Changes:
Icf46cfb26:swap: add PageHandler
I408dbfa4d:base: unix: add fork_process
Ie62a0cf53:swap: suspend device processes using SIGSTOP signa...
I4ce16eef3:swap: add swap file
I13ae09cd9:swap: add userfaultfd wrapper

Change-Id: I6f323046726edf0d2006de99a2c07ee2956efda6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4015884
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
2022-11-09 06:02:39 +00:00
Shin Kawamura
55d99500a9 Revert "swap: suspend device processes using SIGSTOP signal"
Revert submission 3935683

Reason for revert: userfaultfd-sys fails to build on windows
Reverted Changes:
Icf46cfb26:swap: add PageHandler
I408dbfa4d:base: unix: add fork_process
Ie62a0cf53:swap: suspend device processes using SIGSTOP signa...
I4ce16eef3:swap: add swap file
I13ae09cd9:swap: add userfaultfd wrapper

Change-Id: Ia3675a8e0439de38db55a8cd0098bbc331230e8b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4015882
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
2022-11-09 06:02:39 +00:00
Shintaro Kawamura
427f1becb9 swap: suspend device processes using SIGSTOP signal
ProcessesGuard stops all the crosvm processes except the caller process
using SIGSTOP signal because we must guarantee that no one changes the
guest memory contents while vmm-swap out.

This is a short term solution and will be replaced with device
suspension feature later.

See the "Write back atomicity" section in go/tanooki-phase1-dd

BUG=b:215093219
TEST=cargo build --features=swap

Change-Id: Ie62a0cf537a045128c0d298e7a73d222fea96ef0
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3932497
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2022-11-09 05:24:08 +00:00
Shintaro Kawamura
e8aaafffcf swap: add swap file
SwapFile saves the active pages in the memory region to a file.

design document: go/tanooki-phase1-dd

BUG=b:215093219
TEST=cargo test -p swap

Change-Id: I4ce16eef36ace832d26622e44444f7549299c1e7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3930082
Reviewed-by: David Stevens <stevensd@chromium.org>
2022-11-09 05:24:08 +00:00
Shintaro Kawamura
b75d3bc45e swap: add userfaultfd wrapper
userfaultfd enables applications to handle page faults on designated
memory area.

vmm-swap feature uses userfaultfd to catch page fault event and swap
in the guest memory from the swap file.

design document: go/tanooki-phase1-dd

BUG=b:215093219
TEST=cargo build --features=swap

Change-Id: I13ae09cd97e4215b00e5d834d4f97eb6b507b892
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3895235
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2022-11-09 05:24:08 +00:00