userfaultfd is not available in unit test environment but only in
integration tests. Use FakeDeadUffdChecker for unit testing.
BUG=b:266898615
TEST=./tools/run_tests2
Change-Id: I146ee5b798304c5a7f898fa4c39a466055fe3ed8
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4562369
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Ningyuan Wang <ningyuan@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
We will add unit tests for UffdList. Having a single file for UffdList
is easier to write unit tests.
This adds a minor refactoring to register the main uffd to WaitContext
within UffdList logic. Also removed the comment for the main uffd
registeration due to blocking on fork because it is obsolete since we
don't use the fork feature of userfaultfd(2).
BUG=b:266898615
TEST=./tools/run_tests2
Change-Id: I53f6d9944d282f7a7528dd6882cd7527031af1b8
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4562368
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Ningyuan Wang <ningyuan@google.com>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Hotplug devices are forked from JailWarden process due to minijail
workaround. It is possible to pass `&mut SwapController` to the
JailWarden process on forking, but the ownership of the reference is not
clear. The actual ownership of the object is cloned when forking at the
higher call stack, however it is not clear for readers.
Introduce swap::SwapDeviceHelper to make the ownership clear. The
JailWarden process will hold the ownership of swap::SwapDeviceHelper.
BUG=b:266898615
TEST=./tools/run_tests2
Change-Id: I64edf9e41a70edfd156bcca060656b5641d785fb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4560804
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Ningyuan Wang <ningyuan@google.com>
When a hot plug device is detached, its uffd becomes dead. This commit
adds a garbage collector to remove dead uffds and prevent the uffd list
and obsolete opened file descriptors from growing indefinitely.
BUG=b:267124393
BUG=b:281791015
BUG=b:266898615
TEST=https://crrev.com/c/4562369
Change-Id: I11d3298b8e4838bbb843e4dc10f29f32a02b0646
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4525480
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Change-Id: Ifb67cf5320b965d58eac96c7eee17f38b0863dd7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4567113
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
Auto-Submit: Frederick Mayle <fmayle@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The Windows version of IoBuf uses the WSABUF structure, which represents
len as a 32-bit value. Previously, larger len values would be silently
truncated; this change makes those conversions using try_into() instead.
We have no easy way to report failure of this usize -> u32 conversion,
so for now, just unwrap() to cause a panic if the length ever overflows
so it will at least produce a crash report and be noticed.
A possible future enhancement could be to make all relevant IoBuf and
IoBufMut functions return Result<...> so the error could be propagated
back to the caller.
BUG=None
TEST=tools/dev_container tools/presubmit
Change-Id: I79270a7e8af01827ef0d1bafaa98c5d7f4b53b73
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4567110
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Most of the IoBufMut code is generic and doesn't need to be implemented
for each platform. Factor out the sys-specific parts into a new trait,
PlatformIoBuf, that contains the minimal accessor functions for getting
and setting address and length.
BUG=None
TEST=tools/dev_container tools/presubmit
Change-Id: If647dd268f8ccdb8ecba2dcf5b12711363a32c69
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4559526
Reviewed-by: Zihan Chen <zihanchen@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Allow running `compile_seccomp_policy` script in parallel in build.rs so
the build time would change from 19 sec to 1.6 sec on my Linux
workstation.
With combinining with crrev.com/c/4546480, time of clean build of crosvm
changed from 73.5 sec to 67.8 sec.
BUG=b:283197076
TEST=cargo build
Change-Id: I60197e29d623ccc3638fc464373fdf1d71b00ae1
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4546818
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
This is just a clean up CL to introduce parallelism in the next CL.
BUG=b:283197076
TEST=cargo build
Change-Id: I5118f08a9671b32bbebf850764d627fb32db7383
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4567763
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Allow virglrenderer to implicitly spawn a render_server process when a
render_server_socket is not provided and sandboxing is disabled.
BUG=None
TEST=cargo build --features=gpu,x,wl-dmabuf,virgl_renderer,virgl_renderer_next
Change-Id: Icb682ffbf5812675d3c0c8e5a3d11006ecd53e8d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4563457
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Ryan Neph <ryanneph@google.com>
Reviewed-by: Yiwei Zhang <zzyiwei@chromium.org>
Reduce the number of parameters passed down multiple levels of the call
stack.
BUG=None
Test=cargo build --features=gpu,x,wl-dmabuf,virgl_renderer,virgl_renderer_next,gfxstream
Change-Id: Iac4436e391b2d246b5ab7aecf04fd48d523fac78
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4563456
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Ryan Neph <ryanneph@google.com>
The new toolchain is now used in CI and as default for developer builds.
The mingw ldd hack is no longer needed as debian has released a fixed
package.
BUG=None
TEST=CQ
Change-Id: I713d2901165ec33efe301e79819ef31ab86fee48
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4568145
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The new rust toolchain comes with improved clippy warnings that
catch more unnecessary casts than before.
Some cases have to be whitelisted since libc types have varying size
based on the architecture we are compiling for.
BUG=None
TEST=presubmit
Change-Id: Ia473b0bfe6e74bdb7b0d4ca15d2c9fb410fc353e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4568144
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
It looks like WHPX isn't building fully upstream since there were a few
type errors that came up when I was testing. This CL fixes them.
BUG=none
TEST=builds
Change-Id: I406c4103cfa9e23dc27cb01b56fd91150c0f28de
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4556837
Reviewed-by: Frederick Mayle <fmayle@google.com>
Reviewed-by: Elie Kheirallah <khei@google.com>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Move the snapshot logic to a function similar to do_restore.
BUG=N/A
Test=presubmit
Change-Id: I73787a89e8ec6051fd10c6e5a3ea64eabc461017
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4550001
Commit-Queue: Elie Kheirallah <khei@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
We need to use fully qualified crate names for things like Ordering when
we use them inside macros.
BUG=None
TEST=built crosvm with tracing and checked macros work without imports
Change-Id: I7cae94822ca5c3ef188e8e46e79edfb6bd0fca5b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4560807
Auto-Submit: Morg <morg@chromium.org>
Commit-Queue: Takaya Saeki <takayas@chromium.org>
Commit-Queue: Morg <morg@chromium.org>
Reviewed-by: Takaya Saeki <takayas@chromium.org>
With the server support in place, we can connect to the control socket
just like unix does (albeit a named pipe instead of a UDS).
BUG=b:276361599
TEST=tested snapshot commands on Windows.
Change-Id: I874463026e3b4504009c6a19d7ba9ffb8fa169fa
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4558308
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
If --socket is specified on a non-prod build, we will run a named pipe
server on that socket which will soon service requests like pressing the
power button, etc.
BUG=b:276361599
TEST=builds + later CLs in the chain.
Change-Id: I0be227f5e915feb29ab2883ab3bceb85a50cfc92
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4558307
Reviewed-by: Richard Zhang <rizhang@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Implements a control socket adapter for named pipes that will allow
run_control to listen for control socket connections on Windows just
like it does on unix.
BUG=b:276361599
TEST=unit test
Change-Id: I3b2453e3b066a565cab64fc69ba19e960c3a806a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4558304
Reviewed-by: Richard Zhang <rizhang@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Detecting if a Tube is disconnected used to be a little painful since
we'd have to extract the underlying io::Error and check for BrokenPipe.
On unix it wasn't ever this hard since Error::Disconnected exists for
the Tube Error type. On Windows it looks like we just forgot to
implement this.
This CL makes all broken pipes on Tube read/write return Disconnected
instead of a generic IO error.
BUG=b:276361599
TEST=manual run of VM.
Change-Id: I422951b770fd966d6d5e9618c3b756bb2ab5ef7d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4558305
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
StreamChannel notifications were not properly handling broken pipes
when fetching the number of bytes available during the notification
sync. This is because the PeekNamedPipe call comes after the final read
call that drains the named pipe, and at this point the pipe is broken.
This CL fixes the problem by treating the byte count as zero if the
pipe is broken, which is technically true (it has no data).
BUG=b:279840868
TEST=manual
Change-Id: Ib563c7e5e426524f666ff191ec3774a4b40f59a0
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4556842
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
base:🧵:spawn_with_timeout was stricter than
std:🧵:spawn, which wasn't really helpful.
(In prod code we use std:🧵:spawn, so being
stricter than that isn't useful or safer in a meaningful
way.)
BUG=b:276361599
TEST=builds
Change-Id: I4197d3ac082af4077f82d7d70a11869b0a886238
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4556841
Reviewed-by: Richard Zhang <rizhang@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
* Sometimes we want to split a Tube end into a reader & writer so
those responsibilities can be handled separately. This is what
`split_to_send_recv` does.
* On Windows, making a Tube directly attached to a named pipe will be
needed for the control client. This is what `PipeTube` implements.
Just like a raw named pipe, it has no notification support, and so it
hides those elements of the Tube API.
* On Windows, we need a way to ensure a Tube is flushed before it is
dropped so that a disconnecting client can ensure the server has read
its messages before the pipe is dropped / EPIPE happens.
Paradoxically, the "flush" can only be implemented on the server end
of a pipe, so in CrosVM, our "clients" are actually the server end of
pipes.
BUG=b:276361599
TEST=tested in future CL in the chain.
Change-Id: I70a7badc92461d49b9f08a5f997157b0698cff24
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4556840
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
In our overlapped read helper API, ERROR_MORE_DATA was considered to be
a fatal error (if returned from the initial call to ReadFile). It looks
like this might only happen for message mode pipes, which probably
weren't used with this function until an upcoming CL. This error would
cause us to return early and leave the OverlappedWrapper in use. Leaving
the wrapper in use is still possible, so that's a bug (b/279459822).
BUG=b:276361599
TEST=future CLs in the chain.
Change-Id: Icc8dff9b83542365336664ee1219654cb3ec1eef
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4556839
Reviewed-by: Richard Zhang <rizhang@google.com>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Similar to our other overlapped utility functions for read, this CL adds
one for the named pipe equivalent of accept (ConnectNamedPipe).
BUG=b:276361599
TEST=unit tests
Change-Id: I30780fbfea6ff57aaf4bb3176f400f5b5e5fb9de
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4556838
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
For snapshotting, we want to save/restore *all* MSRs rather
than a one or two specific MSRs. To accomplish this, we're
implementing get_all_msrs for WHPX.
BUG=b:269705560
TEST=unit tests
Change-Id: I706c3bd1d9d11ca58c709e1a19e0184dc560f193
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4546271
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
After running into issues with MSRs, it seemed advisable to have a smoke
test for these functions too.
BUG=b:269705560
TEST=unit test
Change-Id: I2017dc95c19a7097a4be17099cd33ae75bf7c6f6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4546270
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Reviewed-by: Steven Moreland <smoreland@google.com>
According to man 7 signal:
> On Linux, even in the absence of signal handlers, certain blocking
> interfaces can fail with the error EINTR after the process is stopped
> by one of the stop signals and then resumed via SIGCONT. This
> behavior is not sanctioned by POSIX.1, and doesn't occur on other
> systems.
>
> The Linux interfaces that display this behavior are:
>
> • "Input" socket interfaces, when a timeout (SO_RCVTIMEO) has
> been set on the socket using setsockopt(2): accept(2), recv(2),
> recvfrom(2), recvmmsg(2) (also with a non-NULL timeout argument),
> and recvmsg(2).
> • "Output" socket interfaces, when a timeout (SO_RCVTIMEO) has been
> set on the socket using setsockopt(2): connect(2), send(2),
> sendto(2), and sendmsg(2), if a send timeout (SO_SNDTIMEO) has
> been set.
The swap feature sends SIGSTOP and SIGCONT to crosvm processes. The
balloon command tube and the proxy devices fall into this category.
BUG=b:259621330
TEST=tools/dev_container tools/run_tests2
Change-Id: I34535430d6fcde4eaf3d2b21acf9ee444baad42c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4547741
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
It is confusing that `Tube::recv()` may return `Error::Send`. This was
because `TubeError::Recv` accepts `std::io::Error` only while socket
related raw function in base crate returns `base::Error`.
`TubeError::Recv` and `Tube::Send` should accept either of `base::Error`
or `std::io::Error` but the same one.
`std::io::Error` is preferred because send/recv on `ScmSocket` are I/O.
`std::io::Error::raw_os_error()` always returns `Some` if the error was
constructed via `std::io::Error::last_os_error()`.
BUG=b:276384648
TEST=tools/dev_container tools/run_tests2
Change-Id: I73509c7173b4b0e5e7ed939ef20e36db2f16ade3
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4546494
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Shin Kawamura <kawasin@google.com>