"enable" feature in swap crate was set as default to run
unit/integration tests of the crate. https://crrev.com/c/4486546
However missing `default-features = false` at non-root Cargo.toml cause
other crates (e.g. x86_64) installing userfaultfd always.
This makes the swap/enable non-default. CQ still runs unit/integration tests of the swap crate on aarch64 and x86_64.
BUG=b:281935498
TEST=cargo test -p swap --features=swap/enable
Change-Id: I57436c3cb8cbdfac04c3145cc599261b89cf4e0e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4518090
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Status does not depend on any swap related feature. Exposing Status to
all variants is easy to implement swap status FFI at crosvm_control.
The new "swap/enable" feature switches the actual vmm-swap functionality
to be compiled. The feature is enabled by default on "swap" crate but
disabled on the root package for test dependency.
Vmm-swap feature is enabled by `--features=swap` flag on cargo build as
before.
swap/src/controller.rs is copied from swap/src/lib.rs.
BUG=b:265386761
TEST=tools/dev_container tools/run_tests2
Change-Id: Ifc2539a62d0f594fd5bbb41623c735ea2621f7b6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4486546
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: David Stevens <stevensd@chromium.org>
The monitor process uses the `jail` crate which devices use to create
sandbox.
The syscalls listed in the seccomp filter policy file is originally
generated from a profile by strace. Also there are additional syscalls
from common_device.policy:
* another variant of syscalls in the profile
* clone, dup, readlinkat
* the basic set which will be added by minijail compiler anyway.
* restart_syscall, exit, exit_group, rt_sigreturn
* syscalls appears only on DUT (not workstation).
* set_robust_list, sigaltstack, rseq
Used `common_device.policy` as a reference for syscalls which require
detailed conditions (e.g. clone, mmap, openat, etc).
This adds seccomp filter policy only for x86_64. The policy files for
other architectures will be added later.
BUG=b:258351526
TEST=manually tested
Change-Id: I3e584449ed9330a57ae1d2bd6c56a7554b6584ef
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4253073
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
forking a process with multiple threads will lead to
undefined behavior. Unfortunately, newer versions of
libtest will spawn multiple threads even when running
a with --test-threads=1.
This change implements a custom, test harness using
libtest-mimic. It mimics the libtest CLI but enforces
a single threaded test process.
BUG=b:270167741
BUG=b:268496046
TEST=tools/run_tests --dut=host
Change-Id: Icef6a1b65bab7f5cd5021c01fbd94487fa0ca5fb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4295157
Reviewed-by: George Burgess <gbiv@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
page fault logger is only for debugging purpose. It has a security
concern about exposing the trigger to enable the logger. The logger will
make the page fault handling slower and consumes disk resources.
Instead, the page fault logger is only enabled by compiler feature flag
like:
```
cargo build --features=swap,swap/log_page_fault
```
Opening a file on the monitor process is blocking the upcoming minijail
migration. Open the log file on the main process and pass the file
descriptor to the monitor process.
BUG=b:269372016
TEST=manual test
Change-Id: I5df2a32da7fb149680fa24617ffd905b2483108b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4253287
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
userfaultfd(2) syscall requires CAP_SYS_PTRACE of root user namespace.
For better permission control /dev/userfaultfd was introduced from Linux
6.1. Since ARCVM runs inside a sandbox user namespace and enabling
/proc/sys/vm/unprivileged_userfaultfd opens up userfaultfd to the entire
system, crosvm for ARCVM has to use /dev/userfaultfd to create a
userfaultfd.
For systems which do not have /dev/userfaultfd, the Factory falls back
to userfaultfd(2).
BUG=b:268145007
BUG=b:266642532
TEST=manual test
Change-Id: I44b657877093d2a75627432619c1233b7ac2464e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4196763
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Enabling vmm-swap copies all the guest memory to the staging memory
while freezing whole the crosvm. Reducing the latency of it is
important.
The most time consuming part of enabing vmm-swap is pure memory copy
which easily can be executed on the multi-thread.
BUG=b:263830401
TEST=cargo test -p swap
Change-Id: I307ad1c459158113cc654e7ba1541381a38b65bb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4142083
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Instead of configuring which crates to --exclude in
test_config.py, we can use conditional compilation to
exclude code that is not supported on windows.
This allows more fine-grained control and also allows
us to use plain cargo for building without complicated
configuration and exclusions.
BUG=b:265829867
TEST=cargo test --lib --bins --workspace
--target=x86_64-pc-windows-gnu
--features=all-mingw64
Change-Id: I8422c3f08053bc27d9896b220876a56bd25543d6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4165868
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
data_model is probably going away in the future, but
until we can release it as pre-release alpha for internal
efforts.
(context: https://fxbug.dev/114169)
BUG=b:173630595
TEST=compile
Change-Id: Ie13ec3ab9083d315c78a035b532132296a8fb651
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4082333
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Using the cached page size shift has several performance benefits listed
at the comment of the file.
BUG=b:260543132
TEST=cargo test -p swap
Change-Id: Ic7a19135b7a2e29c032c73fa7dca1d853cdb5e48
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4125177
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Shin Kawamura <kawasin@google.com>
These should be written as ChromeOS and ChromiumOS (without the space)
to match the updated branding. The copyright headers were already
migrated to the new style (https://crrev.com/c/3894243), but there were
some more instances left over.
BUG=None
TEST=tools/cargo-doc
Change-Id: I8c76aea2eb33b2e370ab71ee9b5cc0a4cfd00585
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4129934
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This CL adds a new backend for the cros_tracing crate. This backend can
be enabled by building crosvm with the trace_marker feature enabled.
When the feature is not enabled, no extra overhead incurs as the default
NOOP cros_tracing crate will be compiled in instead.
BUG=b:259501910
TEST=compiled and ran crosvm with and without `--features trace_marker`
Change-Id: Ia4b929b042712a458b7d54c0362d6fda90db9e9f
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4075413
Reviewed-by: Christian Blichmann <cblichmann@google.com>
Auto-Submit: Morg <morg@chromium.org>
Commit-Queue: Morg <morg@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Fixes compiler warning:
warning: patch for the non root package will be ignored, specify patch
at the workspace root:
[...]/src/platform/crosvm/swap/Cargo.toml
[...]/src/platform/crosvm/Cargo.toml
The top-level crosvm/Cargo.toml already specifies the patch, so we can
just remove it from swap/Cargo.toml
BUG=None
TEST=cargo build --features=swap
TEST=emerge-brya crosvm
Change-Id: Icdb9c7745478552ac01f07bdd5c799feff3f69a0
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4062050
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The new command "crosvm swap log_pagefault <socket>" starts logging
page fault events. The log file "page_fault.log" will be located under
the swap directory.
Pagefault event log help up debugging the vmm-swap feature and
understand the memory usage of the guest os.
design document: go/tanooki-phase1-dd
BUG=b:253555760
TEST=manually tested. this is debug feature.
Change-Id: I13e36cef873cd83179032fe8a289c8df71384644
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3954806
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Added new crosvm commands "crosvm swap enable" and "crosvm swap status".
swap crate exposes SwapController to control the vmm-swap feature.
When vmm-swap is enabled, all the pages on the GuestMemory are swapped
out to a file and are freed to give a lot of memory back to OS.
design document: go/tanooki-phase1-dd
BUG=b:215093219
TEST=manually tested
Change-Id: Ideb10b0119edd9f47b66c8ac61add21ac08181d4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3871758
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
origin:
https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3932497
ProcessesGuard stops all the crosvm processes except the caller process
using SIGSTOP signal because we must guarantee that no one changes the
guest memory contents while vmm-swap out.
This is a short term solution and will be replaced with device
suspension feature later.
See the "Write back atomicity" section in go/tanooki-phase1-dd
BUG=b:215093219
TEST=cargo build --features=swap
Change-Id: I34e528bf318e5ff9277048f3daf8608e7b09ddc7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4016145
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
ProcessesGuard stops all the crosvm processes except the caller process
using SIGSTOP signal because we must guarantee that no one changes the
guest memory contents while vmm-swap out.
This is a short term solution and will be replaced with device
suspension feature later.
See the "Write back atomicity" section in go/tanooki-phase1-dd
BUG=b:215093219
TEST=cargo build --features=swap
Change-Id: Ie62a0cf537a045128c0d298e7a73d222fea96ef0
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3932497
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
SwapFile saves the active pages in the memory region to a file.
design document: go/tanooki-phase1-dd
BUG=b:215093219
TEST=cargo test -p swap
Change-Id: I4ce16eef36ace832d26622e44444f7549299c1e7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3930082
Reviewed-by: David Stevens <stevensd@chromium.org>
userfaultfd enables applications to handle page faults on designated
memory area.
vmm-swap feature uses userfaultfd to catch page fault event and swap
in the guest memory from the swap file.
design document: go/tanooki-phase1-dd
BUG=b:215093219
TEST=cargo build --features=swap
Change-Id: I13ae09cd97e4215b00e5d834d4f97eb6b507b892
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3895235
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>