Posix acls are a truly incredible example of API design. The presence
of a default posix acl in a directory completely changes the meaning of
the `mode` parameter for all system call that create inodes. However,
this new behavior only applies when the inode is first created and not
for any subsequent operations that use the mode, like fchmod.
When a directory has a default posix acl, all inodes created in that
directory get the permissions specified in the default acl. The mode
parameter is treated like a umask where any permissions allowed by the
default acl that are not allowed by the mode parameter are blocked. The
actual umask is ignored in this case.
So to handle this properly we need to set FUSE_DONT_MASK to prevent the
kernel driver from preemptively applying the umask. Then we have to
check if the parent directory has a default posix acl and only apply the
umask to the mode if it does not. This also means that we cannot use
`mkdtemp` because that always creates directories with a mode of 0o700
and since the default posix acl calculation only applies on creation and
not on later operations, we need to apply the proper mode in the very
beginning.
BUG=b:159285544,b:152806644
TEST=vm.Virtiofs. Use a test program to create files/directories in
directories that have a default acl and ones that don't, and verify
that the mode is correctly set after creation
Change-Id: Ieca8ac9db391feebe5719630c5f3b57b04b71533
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2260253
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
On ARM32 systems with 64 bit guests, the regions in guest memory can be
mapped above the range of a u32, use a u64 instead of usize to hold the
offset.
TEST=runs on kevin-5.6 using mem regions an uring
Change-Id: Ib12db0b8056dd126c5ed2e6be35da96c1a12f750
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2268977
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
We were previously building the Docker image on top of Debian Stretch,
which is now the oldstable distribution. Upgrade to Buster to get newer
versions of various host packages; in particular, this gets us a newer
libc.
BUG=None
TEST=docker/build_crosvm_base.sh && docker/wrapped_smoke_test.sh
Change-Id: Ie9b92d7e053239234cc79936c9a2804560bba18a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2267689
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Update the Cargo.lock file by running `cargo build` to match the latest
changes to Cargo.toml.
BUG=None
TEST=kokoro
Change-Id: I7e30c03fe1713c6da4042539f6579b5f6b29f92f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2270766
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Convert the FD executor to have a more similar interface to the
uring_executor. This has two benefits.
1) This allows a single wrapper `PollOrRing` to be used. It will select
uring or fd transparent to the user, allowing users to get the benefits
of uring when available without changing their code.
2) Having the `PendingWaker` and Registered source manage FD lifetime
removes the need for custom drop implementations for each Future. This
simplifies things so much there is no longer need for the async_core
crate which is removed.
Change-Id: Ic6c84c4e668cbfe5eddeb75129b34d77f66b096d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2227087
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
io_jail has been migrated to aosp/external/minijail/rust/minijail.
This removes the crosvm copy and updates the references to use the new
location.
BUG=chromium:1096175
TEST=cargo test
Cq-Depend: chromium:2254418
Change-Id: I29d5c6178b6faf5e52671cfbe6fc7e51f0d21dd2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2254298
Tested-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Allen Webb <allenwebb@google.com>
Needed by arcvm.
BUG=b:159297591
TEST=run a test program that calls the ioctl
Change-Id: I1f8c17fa2b2457f5a9e73045c3dbee3440eb943d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2265932
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Using AT_EMPTY_PATH with linkat requires the caller to have
CAP_DAC_READ_SEARCH in the init user namespace. Since the fs device
isn't going to have this when run in a sandbox, switch to using
/proc/self/fd with AT_SYMLINK_FOLLOW instead, which is documented in the
manpage as an alternative to AT_EMPTY_PATH.
BUG=b:159861594
TEST=`touch foo; ln foo bar` succeeds
Change-Id: I944d80d955742d653e36d245024adc48cf77d77e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2265933
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Modified ioapic implementation for the hypervisor abstraction layer.
This implementation has the same functionality and tests as the existing
one, but accepts a vec of resample_events instead of a GsiRelay. It also
takes a list of irqfds instead of creating them itself.
This will be used by the KvmSplitIrqChip, and will eventualy be modified
again to support an ApicBus when we want to support a UserspaceIrqChip.
Bug: chromium:1077058
Test: cargo test -p hypervisor -p devices
Change-Id: I306724266511a7975a25a34955651ea6f53e1c4c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2255303
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Copied and slightly modified pic implementation in the irqchip
submodule. It uses the PicState defined in the hypervisor crate and has
a register_resample_events function instead of a register_relay
function.
Some function signatures have been slightly changed to take &self and
&mut self where before they would take a PicState. This was done so
that the Pic struct itself would be the only object that needs access
to the resample_events rather than each PicState needing it's own copy
or clone.
This will later be used by the the KvmSplitIrqChip.
Test: cargo test -p devices -p hypervisor
Bug: chromium:1077058
Change-Id: Ia15ea1800b4339d3ad38d88d8ec6ace8ca5ea67a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2255302
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Vcpus are created on the Vm object, instead of with Vcpu::new. Vm keeps
a copy of the Hypervisor to support create_vcpu. Otherwise the methods
are the same as the kvm crate.
BUG=chromium:1077058
TEST=cargo test
Change-Id: I6fbd0e5fb5d81d4362a259e85eb392d8edbfff1f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2247366
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
There were some duplicate enum values for x86 which caused build
failure. Updating the names to match the Linux table fixes this.
Also updated awk command in comment to produce matching output.
BUG=None
TEST=cd syscall_defines; cargo build && cargo build --target i686-unknown-linux-gnu
Change-Id: I99032352332281566f8e8322fadec73ca916d31d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2260597
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Andrew Walbran <qwandor@google.com>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Andrew Walbran <qwandor@google.com>
MALI GPU driver calls this for printing debug information. Just
enable it since it could help debug.
BUG=None
TEST=manual - Run ARCVM on kukui with debug build of mali driver
Change-Id: If65121520071a1df9b8ba932272428cbac844984
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2262176
Tested-by: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Lepton Wu <lepton@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Commit-Queue: Lepton Wu <lepton@chromium.org>
Vm capability checking has been split into two functions: one for a
small set of hypervisor-agnostic caps, and one for hypervisor-specific
u32 constants to support the plugin.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I17fb6804f0fa7114f39c5016da430afa75179919
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202848
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Devices may not have access to /dev/urandom so refactor the random
string generation code so that it can also be used by SimpleRng. Also
implement Iterator for SimpleRng to make the string generator
implementation easier.
BUG=b:152806644,b:159285544
TEST=unit tests
Change-Id: I245c90dc44cfa53a7e12343925b1e04a5df55255
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2260252
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
This matches the version of libc in the Chrome OS tree (dev-rust/libc).
Fixes non-Portage builds due to a change in the type of S_ISGID:
457b0f9902
Previously this would fail compilation with an error about "no
implementation for `u32 & i32`".
Updated with:
cargo update -p libc --precise 0.2.65
BUG=None
TEST=bin/clippy
Change-Id: Ibe3043162a5af7c69168ec61fee3f4cdc35044e8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2258621
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
uring.rs wraps the kernel io_uring interfaces that provide C-style raw
pointers, which requires casting a *u8 into other types with stricter
alignment requirements. All of these casts are based on the base mmap()
pointer (which is always page aligned) or offsets within an mmap
provided by the kernel, so we can assume they are safe to cast to the
relevant more-aligned types.
Fixes clippy warnings of the form:
casting from `*mut u8` to a more-strictly-aligned pointer (`*const
std::sync::atomic::AtomicU32`) (1 < 4 bytes)
BUG=None
TEST=bin/clippy
Change-Id: Ibef32bb8529d34ece79f089992ad8bd880c5030b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253068
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Since the call sites for some of these functions are not checked in yet,
add a blanket #![allow(dead_code)] to the relevant files. These should
be removed as soon as the users are committed to avoid other unused code
slipping through later.
BUG=None
TEST=bin/clippy
Change-Id: Id11ad91542eb7fa60979dae76301a4c9ce0701ae
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253067
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Move the Ok(()) return value to a separate expression.
uring_executor::add_future returns (), so this is effectively the same,
but clippy complains about the previous form:
error: passing a unit value to a function
BUG=None
TEST=bin/clippy
Change-Id: I8a05ae340568fa4ce94b35f9bf3dbd426a83219e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253066
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
clippy warns about the redundant 'static lifetime, which is implied for
const.
BUG=None
TEST=bin/clippy
Change-Id: I1d4dca90de359857ec947e12ae47858785d8867c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253065
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Advertise that we support posix acls in the response to the init
message. Since the VM does access checks before sending the request to
the server, having this disabled meant that the VM was rejecting
requests that should have been allowed to succeed.
BUG=b:159285544
TEST=touch test
setfacl -m u:crosvm:rw test
su -s /bin/bash -c 'echo hello > test' crosvm
cat test # check that it contains "hello"
Change-Id: I047b590e4caf0f2883b3f6198b9bc071e9e40a93
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253494
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
The switch to 2 stage mkdir + create broke setgid bit handling on
directories. When this bit is set in a directory all inodes in that
directory should be created with the gid of that directory rather than
the gid of the process that made the call.
BUG=b:152806644
TEST=Set the sgid bit on a directory and verify that new files and
directories inherit the directory's group rather than the group of
the process that created them.
Change-Id: Iafce9fbb4281b2dc84e052e0a703745dde4b817b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253493
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
We don't set FUSE_DONT_MASK so the guest kernel will apply the umask
to the mode before sending the request. Just pass it on unmodified.
BUG=b:152806644
TEST=vm.Virtiofs
Change-Id: Id0c138e9ccc3a361a2772ac144f1d3413b545d99
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253492
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Mostly to stop using virtio-fs region IDs in virtio-gpu.
From the spec:
"A device may have multiple shared memory regions associated with
it. Each region has a shmid to identify it, the meaning
of which is device-specific."
BUG=chromium:924405
TEST=compile and test
Change-Id: I5b938a1dbe8747812d77384f1781ccc1bd883e9f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2160030
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Implemented the remaining IrqChip trait functions for the
KvmKernelIrqChip, including register/unregister_irq_event and irq
routing functions.
Added some irqchip tests for setting irq routes and servicing irq lines.
Also added tests for registering irq events.
BUG=chromium:1077058
TEST=cargo test -p devices -p hypervisor
Change-Id: Ia04c927b663ebdcacc88bc61d746077aa5b02514
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2246648
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Helper to run a single future in either the uring or the fd executor.
Change-Id: I383f5b85245470153f328fde9176988238e7018d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2227085
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Instead of referencing the re-export in the crate, use UnitFutures
directly from the executor module. This will allow the re-export to be
removed.
Change-Id: I392be8efabe0bf8f47d904107fcb9c8c9424557f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2227084
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Add an executor, similar to `fd_executor`, except driven by io_uring
instead of `PollContext`. This will allow for queueing actions instead
of waiting for 'ready' from poll. This reduces the number of syscalls
and increases the parallelism possible when doing IO.
Change-Id: Ie2e69cb09ee3ab1086ef31d5ebd0169843a8228d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2227083
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Writing xattrs in the security namespace requires CAP_SYS_ADMIN in the
namespace that mounted the file system. The fs device doesn't have this
capability when run in a sandbox (and in the case of the /home directory
on chrome os, will never be able to gain it).
We've been able to set selinux xattrs so far because the selinux module
relaxes the capability check in favor of an selinux-based MAC check.
However, android also wants to be able to set the "security.sehash"
xattr, which is described in the manpage as a "performance optimization"
when recursively relabeling files.
Unfortunately since the android team nacked the kernel patch[1] that
would have relaxed the requirements for just the "security.sehash"
xattr, the only option for us is to rewrite the xattr name and prefix it
with "user.virtiofs" so that it ends up in the "user." xattr namespace.
The server should always have permission to create xattrs there.
BUG=b:155443663
TEST=start a vm and successfully set the security.sehash xattr then
check on the host side that it is actually stored as
user.virtiofs.security.sehash
[1]: https://www.spinics.net/lists/selinux/msg32330.html
Change-Id: Icd17b76c946c92d92009f0cc2b8b50c92ac580c6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2243111
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Arcvm needs this ioctl for looking up the project id of an inode.
BUG=b:157189438
TEST=Call the ioctl inside a vm and verify that it succeeds
Change-Id: Ib178cf32b09056f9b1e9acedb49de068d5525a66
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2214964
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Matthias Springer <springerm@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Split the KvmKernelIrqchip struct definition and constructor between
x86_64 and aarch64 because aarch64 has an extra fd for the vgic device.
Constructor on x86_64 simply calls create_irq_chip while aarch64
constructor needs to call create_device and configure that device.
Also needed to split the try_clone implementation because the structs
have different fields.
Bug: chromium:1077058
Test: ran build_test, but I haven't been able to actually run the tests
on aarch64
Change-Id: I20e81a7ccedaf077d682055717caf05a94d54423
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2239976
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Add Vm::create_device to create kernel virtual devices, currently for
VFIO, ARM VGIC v2, and ARM VGIC v3.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I83c9c367c2b2674c3faaae9e4ae09919adfe34b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202846
Reviewed-by: Udam Saini <udam@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
A recent change to sys_util moved the definition of 'as_ptr' for an mmap
to a new trait, include that trait here.
Change-Id: Ib48113738fdace50e2dc7f72a5107dd95db867f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2241590
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
- Reduces code duplication between MMIO and mmap arenas
- Makes adding future types easier
- Makes upcoming deprecation of kvm crate easier
- Use BTreeMap instead of HashMap since it's more efficient
BUG=chromium:924405
TEST=compile and test
Change-Id: I520abed0926489e64aac046e0dc0cfeb72fae7b2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2216446
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Gurchetan Singh <gurchetansingh@chromium.org>
Support a case where a guest client who may use arbitrary numbers of
buffers. (e.g. C2V4L2Component with default pool in ARCVM)
Such a client is valid as long as it uses at most 32 buffers at the same
time.
More specifically, this CL allows the guest to call ResourceCreate for an
output resource_id which was already processed by the host. Such
ResourceCreate calls will be handled as reassignment of DMAbuf to a
FrameBufferId.
BUG=b:157702336
TEST=Play a YouTube video on ARCVM w/ C2V4L2Component using default pool
Change-Id: Ie9c457867abd91b6b7a17a5bca4a1a1e9f53c1ae
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2198327
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Tested-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
The separate Vm functions for MemoryMappings and MemoryMappingArenas
have been combined and now use a MappedRegion trait that the mappings
implement. msync_memory_region replaces the get_mmap_arena function,
which is used by VmMsyncRequest. Since Vm uses mutexes for cloning, it
can't return mem region references.
BUG=chromium:1077058
TEST=cargo test, cargo test -p sys_util, cargo test -p hypervisor
Change-Id: If257b16ee34d07820ae7ebdb9a3a598a41df013c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202845
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Implemented get/set_pic/ioapic/pit functions for the KvmKernelIrqchip.
Added respective functions on KvmVm for interacting with the underlying
KVM API.
Added associated tests for get/set functions.
BUG=chromium:1077058
TEST=ran devices tests and added get/set function tests
Change-Id: I66a29828fe2f1fbdf54d7325656a003ac09e36d0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2219422
Reviewed-by: Udam Saini <udam@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Change-Id: Ia86cb49ffc89ad66fe67698e05968e6d6f19f743
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2231364
Auto-Submit: Andrew Walbran <qwandor@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
The pointer passed to the kernel for the iovecs must remain valid until
the operation completes. This is true even if the kernel copies the sqe
containing the pointer, that isn't a deep copy. If the iovecs are freed
before the kernel actually processes the op, it will fail with a bad
address error.
Move the responsibility for maintaining the list in memory from the
caller to io_uring itself. This mean io_uring must allocate. Taking
iterators for IoSlice/IoSliceMut, means that the caller doesn't need to
allocate as well if there isn't a Vec already allocated.
Change-Id: I63a009d8ab543c8bac4132809fb851536d4ad82c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2227082
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
This trait handles the x86-specific features of an irqchip, including
getting and setting the state of the pic, ioapic, lapics, and pit.
Also includes an empty implementation of this trait for the
KvmKernelIrqChip.
BUG=chromium:1077058
TEST=cargo test -p devices
Change-Id: I36034661f4a2baedc7ac2b8f311cab6327afefba
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2197717
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
When creating a file or directory the virtio-fs server changes its
effective uid and gid to the uid and gid of the process that made the
call. This ensures that the file or directory has the correct owner and
group when it is created and also serves as an access check to ensure
that the process that made the call has permission to modify the parent
directory.
However, this causes an EACCES error when the following conditions are
met:
* The parent directory has g+rw permissions with gid A
* The process has gid B but has A in its list of supplementary groups
In this case the fuse context only contains gid B, which doesn't have
permission to modify the parent directory.
Unfortunately there's no way for us to detect this on the server side so
instead we just have to rely on the permission checks carried out by the
kernel driver. If the server receives a create call, then assume that
the kernel has verified that the process is allowed to create that
file/directory and just create it without changing the server thread's
uid and gid.
Additionally, in order to ensure that a newly created file appears
atomically in the parent directory with the proper owner and group,
change the create implementation to use `O_TMPFILE` and `linkat` as
described in the open(2) manpage. There is no `O_TMPFILE` equivalent
for directories so create a "hidden" directory with a randomly generated
name, modify the uid/gid and mode, and then rename it into place.
BUG=b:156696212
TEST=tast run $DUT vm.Virtiofs
TEST=Create a test directory with group wayland and permissions g+rw.
Then run `su -s /bin/bash -c 'touch ${dir}/foo' - crosvm` and
`su -s /bin/bash -c 'mkdir ${dir}/bar' - crosvm`.
Change-Id: If5fbcb1b011664c7c1ac29542a2f90d129c34962
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2217534
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
