Ensure all of the cfg checks for whpx also validate the target is
Windows when used in generic (non-Windows-platform-specific) code. This
will allow all builds to enable the whpx feature by default.
BUG=b:213151419
TEST=tools/dev_container tools/presubmit --all
Change-Id: I1faebeed227ac5653697195b195b0884e043f110
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3989384
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Trying to reconcile the difference between the linux and windows
implementations.
Code relying on the eventfd count must now use the linux specific
`EventExt` interface.
BUG=b:231344063
TEST=presubmits
Change-Id: I14eb50f7a02d766a00f27aca388823309633e193
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3864030
Commit-Queue: Frederick Mayle <fmayle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Add a mode where the VM is placed in protected mode but the protected
firmware has been provided to crosvm and preloaded at its usual address,
instead of being loaded by the hypervisor at VM boot time. This is
useful for automated testing of firmware builds and development.
BUG=b:243646855
TEST=build
Change-Id: I849f3c6f0de55607893862d1d7739f6e1b410990
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3944853
Commit-Queue: Pierre-Clément Tosi <ptosi@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Andrew Walbran <qwandor@google.com>
Reviewed-by: Jiyong Park <jiyong@google.com>
Introduce a set of helper methods that expose individual characteristics
that particular subsets of the ProtectionType variants share. These will
simplify various match statements into conditionals by encapsulating the
deduction of those characteristics, making the calling code more concise
and robust.
BUG=b:243646855
TEST=build
Change-Id: I65ff3e61c448d90704551b79c21c64d1b4c11dc4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3944852
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Fix a few stray references to "CrosVM" and "CrosVm" so that we refer to
the crosvm project with consistent capitalization.
BUG=None
TEST=None
Change-Id: If5c3c131774d6e5da1d27466810642aec3cb42ac
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3938640
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Add the infrastructre for GDB 'p'/'P' packets, used by the client to get
or set individual registers.
Implement a back-end using KVM_{G,S}ET_ONE_REG on AArch64, enabling the
client to access the architecture's numerous system registers.
Add stubs for x86 to please the compiler; leave them unimplemented as,
although the ioctl is available, the architecture doesn't seem to make
use of it.
BUG=b:222222882
BUG=b:240711627
BUG=chromium:1141812
TEST=tools/dev_container ./tools/run_tests
Change-Id: I01968275e88e9d0098de40b3f78e2cd3a61b75da
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3785468
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
A proposed set of kernel patches makes it possible to map anonymous
MAP_SHARED mappings into the IPA space of a virtual machine with MTE
enabled. With these patches we can use most features of crosvm with the
exception of pmem which relies on being able to make file mappings in the
IPA space. Therefore, we make MTE an opt-in feature via the --mte command
line argument and forbid specifying --mte together with --pmem-device
or --rw-pmem-device.
Bug: b:234779841
Change-Id: I70bf2d0a8c1aff7c5956d6009ca5169a623bc6b2
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3892141
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
This search/replace updates all copyright notices to drop the
"All rights reserved", Use "ChromiumOS" instead of "Chromium OS"
and drops the trailing dots.
This fulfills the request from legal and unifies our notices.
./tools/health-check has been updated to only accept this style.
BUG=b:246579983
TEST=./tools/health-check
Change-Id: I87a80701dc651f1baf4820e5cc42469d7c5f5bf7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3894243
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
We are going to need to start passing a new arch-dependent configuration
parameter to KvmVm::new in addition to protection_type. Since we can't
[cfg] a function argument, and to avoid churning the tests the next time
we need another argument, let's create a hypervisor::Config struct and
start passing protection_type that way.
Bug: b:234779841
Change-Id: I42ce9438b064658ebb9732e78ee5c82dac2636b6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3892140
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
The haxm vcpu code abused MemoryMapping to hold what is effectively a
raw pointer, not something created by mmap()/MapViewOfFile().
Additionally, the MemoryMapping was converted into a pointer and then
into a Rust &ref, which is inappropriate for memory that can be aliased
by the hypervisor.
Use raw pointers instead of unsoundly casting into a reference and add
unsafe blocks as appropriate.
Change-Id: I218093d512419beb1d9f23df9a45c7413c0f83c0
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3827178
Reviewed-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
The functions being called do not have return values (they return the
unit value), so the `let _ =` does nothing and can be removed.
Fixes a new clippy lint:
<https://rust-lang.github.io/rust-clippy/master/index.html#let_unit_value>
BUG=b:243677117
TEST=tools/clippy # with Rust 1.62
Change-Id: I6003b162c36e7be1ee71e3edc4e304c86fdc5676
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3854970
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Turn KvmVcpuRegister into an enum that supports any kvm_regs entry (not
just kvm_regs::regs i.e. user_pt_regs).
Improve the abstraction provided by KvmVcpuRegister through the 2-step
conversion "VcpuRegAArch64 -> KvmVcpuRegister -> u8", which allows more
flexibility when KVM doesn't provide 1-to-1 mappings (CCISDR, SVE, ...)
and when other types (e.g. gdbstub) need to be mapped to KVM_SET_ONE_REG
values.
Introduce the firmware pseudo-register type as a KvmVcpuRegister variant
and use it for KVM_ARM_PSCI_VERSION.
BUG=b:222222882
BUG=chromium:1141812
TEST=tools/dev_container ./tools/run_tests
Change-Id: Id11c427fc48f4b6bef9df607eeb73928aa7f5da7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3785463
Reviewed-by: Takaya Saeki <takayas@chromium.org>
Auto-Submit: Pierre-Clément Tosi <ptosi@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: Pierre-Clément Tosi <ptosi@google.com>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Re-work the API to support non-64-bit registers (e.g. FP & SIMD), as
supported by the architecture and KVM and keep *_u64 helpers for the
common case of 64-bit registers.
Note: no functional change intended.
BUG=b:222222882
BUG=chromium:1141812
TEST=tools/dev_container ./tools/run_tests
Change-Id: I9dd95e96ba4b1f759c603f885ff38aefab52b5cc
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3780661
Auto-Submit: Pierre-Clément Tosi <ptosi@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: Pierre-Clément Tosi <ptosi@google.com>
Commit-Queue: Pierre-Clément Tosi <ptosi@google.com>
Use a single variant to represent a core GPR instead of having one
variant per register. This simplifies manipulating VcpuRegAArch64 at the
expense of needing the instantiating code to ensure that the <u8> is
properly set (i.e. is < 31). This is currently not an issue as the
variant is only instantiated with constant values.
BUG=b:222222882
BUG=chromium:1141812
TEST=tools/dev_container ./tools/run_tests
Change-Id: I0043c101e88794a1661fadbc22b79fc68356270d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3822688
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Auto-Submit: Pierre-Clément Tosi <ptosi@google.com>
Tested-by: Pierre-Clément Tosi <ptosi@google.com>
Allocate the same way as the rest of RAM, whether in
unprotected-with-firmware mode or actually protected mode.
TEST=tools/dev_container tools/run_tests --target=vm:aarch64
Change-Id: Ic0ebc0d90e91bd450af55f3252039ddab8d26443
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3827215
Commit-Queue: Andrew Walbran <qwandor@google.com>
Tested-by: Andrew Walbran <qwandor@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Instead of proxying doorbell MMIO writes via the proxy device in crosvm,
register the vring call eventfds with KVM so that the kernel signals the
sibling directly.
BUG=b:240374485
TEST=boot crostini on brya-manatee
Change-Id: I4e33143a38eb01c50fe900a09e8715164792614f
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3804519
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: David Stevens <stevensd@chromium.org>
Commit-Queue: David Stevens <stevensd@chromium.org>
Rename the confusing GPR variants from the Wn naming convention (defined
by the architecture as the lower 32 bits of the 64-bit register) to Xn,
which the enum variants actually represent.
Note: no functional change intended.
BUG=b:222222882
BUG=chromium:1141812
TEST=tools/dev_container ./tools/run_tests
Change-Id: I510b93f8aea901dc3707016368c9871392701f51
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3780660
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Auto-Submit: Pierre-Clément Tosi <ptosi@google.com>
Commit-Queue: Pierre-Clément Tosi <ptosi@google.com>
Tested-by: Pierre-Clément Tosi <ptosi@google.com>
Expose HWP (HW P-State) feature to the guest if enable-hwp is present
and implement these dependencies:
- enable-hwp depends on host-cpu-topology option
- itmt depends on enable-hwp option
Group the CPU configuration entries to a new struct CpuConfigArch,
to simplify APIs in the vCPU configuration path.
BUG=b:199380745
TEST=boot Redrix manatee and verified that intel_pstate driver works
Change-Id: Icdd19190f6a7518492ff5fc54708af40288a1422
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3771065
Commit-Queue: Dmitry Torokhov <dtor@chromium.org>
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: Dmitry Torokhov <dtor@chromium.org>
Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
- Compiles out pvclock, sandbox and slirp (thereby net device)
- Disables default features on windows (audio and gpu are not ready yet)
- Enables unit tests for crosvm
BUG=b:213146388
TEST=presubmit
Change-Id: I5f4b3d8bf44d9c571c3a191a632e09550a4f1869
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3807045
Tested-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Vikram Auradkar <auradkar@google.com>
Ran clippy with features that are enabled downstream. Those features
will be enabled upstream in later cls when crosvm starts building.
BUG=b:213146388
TEST=presubmit
Change-Id: I67cb74127a349b572e573c350d69d1611533d961
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3793690
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
Tested-by: Vikram Auradkar <auradkar@google.com>
crosvm is switching the import style to use one import per line.
While more verbose, this will greatly reduce the occurence of merge
conflicts going forward.
Note: This is using a nightly feature of rustfmt. So it's a one-off
re-format only. We are considering adding a nightly toolchain to
enable the feature permanently.
BUG=b:239937122
TEST=CQ
Change-Id: Id2dd4dbdc0adfc4f8f3dd1d09da1daafa2a39992
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3784345
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
These are only used in KVM, not the other x86 hypervisors, and they
don't really fit into the same category as the rest of Sregs. The
apic_base can be set via set_msrs(), and the interrupt_bitmap is
part of the irqchip state.
To enable this removal, we change the KVM set_sregs() call to retrieve
the current state and use the existing apic_base and interrupt_bitmap.
BUG=b:237095693
TEST=Boot x86-64 kernel on KVM
Change-Id: I275eec83b74f1c364b7a543882f3ac5960201143
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3728988
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Now that we have a Default implementation of Sregs that sets the
architecturally defined reset values, we can initialize the Sregs values
during build_vm(). This allows removal of the set_reset_vector()
function, as all of the values it set are now the defaults in Sregs and
Regs.
This also lets us set up the page tables and GDT only once during
build_vm() instead of rewriting them for every configure_vcpu() call.
This allows consolidation of the BIOS and non-BIOS configure_vcpu()
code.
BUG=b:237095693
TEST=Boot x86-64 Linux kernel
TEST=Boot --bios u-boot.rom
Change-Id: Ief19f983fd252dffa668ff2cfe96a64298e06cf2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3723802
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Replace the Sregs Default implementation with one that provides the
register values at reset, based on the Intel software developer
manual.
The x86_64 tests need to be adjusted to only check the CR0 bits they
intend to match, since the default Sregs value now includes other set
bits.
BUG=b:237095693
TEST=Boot x86-64 Linux kernel
TEST=cargo test -p x86_64
Change-Id: If966941df43225572e79ebd9213671348e2846f4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3735640
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This matches the reset value of the registers defined by the Intel
manuals. It is currently overwritten on all paths initializing Regs, but
it will be used in an upcoming commit to simplify the BIOS boot path.
BUG=b:237095693
TEST=Boot x86_64 Linux
TEST=cargo test -p x86_64
Change-Id: I7a96882fad05440c98bde2fad7ad15c0890f1cfa
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3735639
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The MTRR-related MSR setup is split out into its own pub function for
clarity and to allow future reuse. The maximum variable MTRR check is
split out so we can generate MTRRs before having a valid VCPU object.
This unifies the MSR set calls in configure_vcpu() so that the BIOS and
non-BIOS cases use the same code.
BUG=b:237095693
TEST=Boot x86-64 Linux kernel
TEST=Boot x86 u-boot.rom
Change-Id: Ifa0020257a043190de69b7192c2d6b35c01d216e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3723800
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
All tests pass on kvm.
`read_only_memory` test does not pass on whpx and haxm, there is a bug
tracking its resolution.
BUG=b:213151455
TEST=Ran `cargo test -p hypervisor` on linux.
Change-Id: Ieb8042c9eb964873b685437f94802fae83765a43
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3739488
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
The registers for cpuid got refactored into a new `cpuid` member. Update
the haxm tests to work with the new structure.
TEST=Ran `tools/run_tests --target=host --arch=win64` by temporarily
TEST=enabling `haxm` in `Cargo.toml`.
Change-Id: I6a70be72fc49015ed2301b422a18b88b374e17c1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3737458
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
Windows serializes/deserializes these types to send over a Tube.
BUG=b:213146388
TEST=built on downstream windows and presubmit
Change-Id: Ib9ca4cbb2758a997788c4bab46d573a532e8e3d4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3735635
Commit-Queue: Vikram Auradkar <auradkar@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Implement Default for Fpu to initialize the floating point registers to
their officially documented reset values, and use the default Fpu values
to initialize all VCPU floating point state.
These are the same values as used in the previous setup_fpu() function,
so there is no change in behavior. (We now set the FPU state for both
BIOS and non-BIOS, but since the FPU values should match the ones used
at CPU reset, it should not cause any actual behavior change.)
BUG=b:237095693
TEST=boot x86-64 Linux kernel
Change-Id: I4eb656822d8fa4730203970aee178043c19af9ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3723799
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Rather than having a single vcpu_init instance that is used for all
VCPUs, make vcpu_init into a Vec so it can store different initial state
for each VCPU. This allows us to set up e.g. bootstrap processor state
differently than other processors, and it also means that the VcpuInit
struct doesn't need to be Copy.
BUG=b:237095693
TEST=Boot Linux with >1 CPU
Change-Id: I0ebfdc2dbd84d0817e3f75c2c852e4320b9e77c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3723798
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
At one point the capability was a VmCap and not a HypervisorCap. Because
we don't build these files on Windows yet, this wasn't immediately
obvious. This CL cleans up the issue.
BUG=b:213152505
TEST=fixes applied downstream.
Change-Id: Icdf0c3292ff976ddb74791a158bb65380f1697d5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3732380
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Similar to WHPX, haxm requires an accurate (calibrated) leaf value to
make the guest clocksource work accurately.
BUG=b:213152505
TEST=battle tested downstream
Change-Id: I55a45c00758b2112aced6185970ad43df060d0ba
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3731287
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Reviewed-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
There have been two evolutions of providing the TSC cpuid leaf
(aka 0x15) to the guest.
a) For CrosVM on Windows, we have been providing the leaf
unconditionally. Furthermore, we've not been using the
exact host leaf; instead, we calibrate the TSC frequency
and provide that value in the leaf. This was done because
the actual cpuid leaf values are not as accurate as
we needed them to be to drive a guest clocksource.
b) In CrosVM mainline, 4080aaf9b3
introduced the flag enable_pnp / enable_pnp_data, and
provides the exact host 0x15 leaf to the guest if the
flag is enabled.
This CL adds a new hypervisor capability (CalibratedTscLeafRequired) to control
whether or not the calibrated TSC leaf should be used, in addition to a new CLI
option to force it on hypervisors where it isn't enabled by default. The new
option is `--force_calibrated_tsc_leaf`.
BUG=b:213152505
TEST=builds upstream, battletested downstream on WHPX.
Change-Id: I611422808a9e10578c0ddcbd211ae902f937685f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3698993
Commit-Queue: Noah Gold <nkgold@google.com>
Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
This allows passing the entry point of the kernel as the initial
instruction pointer value to each vcpu initialization call.
BUG=b:234155022
TEST=Boot vmlinux ELF kernel on x86-64
Change-Id: I6e7bd710ff304601dc6ec56acc0380cbef72c055
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3711619
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Replace the automatically derived Default with a manual implementation
so we can set bit 1 of the flags register to 1. This is architecturally
defined to be an always-1 bit (for reasons dating back to 8080/8085
source-level compatibility on the 8086), so we should not create a value
where bit 1 isn't set.
BUG=b:234155022
TEST=tools/presubmit
Change-Id: I7835e5a04385654a667b55e2e2ea2121b5807288
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3717524
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
So that a copy becomes a straightforward copy.
We were copy-pasting eax ebx ecx edx many times here.
BUG=None
TEST=build
Change-Id: Ibdabdd0da3876159bda3d29aa2a3927b9a3f40ae
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3717927
Commit-Queue: Junichi Uekawa <uekawa@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
We depend on both lazy_static and once_cell, which do basically the same
thing.
The once_cell crate has a few advantages:
- once_cell is on track to be included into libstd.
(https://github.com/rust-lang/rust/issues/74465)
- once_cell doesn't require macro magic.
Replace the uses of lazy_static with their once_cell equivalents so we
don't need to pull in both crates.
BUG=b:236191006
TEST=tools/presubmit --all
TEST=tools/run_tests --target=host --arch=win64 --build-only
TEST=cargo test --features=plugin
Change-Id: I7cabcd837ef4878e8e8ae635bb4f235a58e4cae3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3707624
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Arc::as_ptr() is only available as an associated function.
Fixes compile error:
error[E0599]: no method named `as_ptr` found for struct
`Arc<bindings::WHV_RUN_VP_EXIT_CONTEXT>` in the current scope
BUG=b:213151419
TEST=tools/run_tests --target=host --arch=win64 --build-only
Change-Id: Icc6753e4109b54ca507bb91bc89abd80fae098b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3707626
Reviewed-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
These are currently guarded by a feature flag check that was only
enabled for haxm.
BUG=b:213151419
TEST=tools/run_tests --target=host --arch=win64 --build-only
Change-Id: Id40a29ffd63e378ce1583e56ca0f23914705b6fb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3707625
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
This will be used to pass the initial register values for each vcpu.
Each architecture can define its own variant of the initial vcpu state.
BUG=b:234155022
TEST=tools/presubmit --all
Change-Id: I696a5ecda202c1ff0681f0b89b89b9eec11e27e7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3673615
Reviewed-by: Anton Romanov <romanton@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Add `whpx` and `whpx_sys` modules that allow using Hyper-V platform as a
hypervisor on Windows. This has been tested running on Windows 19H1 and
above.
BUG=b:213151419
TEST=Compiled and tested on Windows.
Change-Id: If91ea6337876b85c9fdafe6ae4ad39fba40c4979
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3700983
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
The haxm hypervisor introduced a common helper function for this which
is identical to the KVM implementation, so use that everywhere to avoid
duplication.
BUG=None
TEST=cargo build
Change-Id: I346c721cc39b7efdd39f7bb34f78bca203e5a744
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3693051
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Use the upstream style for adding module specific file in the crate
instead of adding a `mod.rs`.
TEST=compiled.
Change-Id: I2225f6615b68738cd3e1cdce68b4d011dfaab790
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3700982
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
The `haxm` implementation depends on `win_util` and `winapi` crates
which are only required on Windows. The `tempfile` crate is used in
testing.
Move `kvm` and `kvm_sys` dependencies for non-windows builds.
BUG=b:213151459
TEST=Compiled on linux.
Change-Id: I55b8ee4ac5da953a17e8bdd063e5ed488e3f53f2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3684929
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Don't use box and just use an array.
BUG=b:229770963
TEST=build
Change-Id: I8121e4809e418d7f3e1aa876d567e543ee50693c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3675887
Commit-Queue: Junichi Uekawa <uekawa@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
The support is behind a feature flag `haxm`. Only tested and works on
Windows. However, it should be easy to make it work on other supported
OSes as well.
This includes the sys bindings for the HAXM interface. Requires that the
haxm driver is already installed on the host.
BUG=b:213151459
BUG=b:213151458
TEST=Compiled
Change-Id: Ifa9ec9236f84156f61443819f97f5d5754e77b93
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3630701
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
turbostat shows cpu freq/c-state/thermal statistics data by reading
some related MSRs. Unfortunately some MSRs such as MSR_IA32_POWER_CTL
are already emulated by KVM. The emulated value are not what we want
to expose to Chrome OS guest. KVM_X86_SET_MSR_FILTER ioctl provides
a way to skip KVM's emulation and let user space handle the MSR.
We added two MSR actions "MsrPassthroughFilter" and "MsrEmulateFilter"
to indicate the corresponding MSR needs to be filtered.
BUG=b:229770963
TEST=Run "turbostat" in Chrome OS guest and show correct value.
Change-Id: I5920ddba091589170dc326e10187aec66f75df79
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3641465
Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
Commit-Queue: Junichi Uekawa <uekawa@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
The methods names got switched in commit https://crrev.com/c/3640424.
Switch them to the right names.
BUG=b:213150327
TEST=compiled.
Change-Id: I7f8df13367abc2314f26c9da206bcbd9665e8ba5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3654202
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
Reviewed-by: Colin Downs-Razouk <colindr@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Anton Romanov <romanton@google.com>
Some hypervisors (e.g. whpx) require that VM need to initialize their
`CPUID` early i.e. during VM creation. In this case, there is no
per-vcpu initialization of `CPUID`.
Allow this quirk through another entry in `VmCap` that avoids `CPUID`
initialization at vCPU creation time.
BUG=b:213150327
TEST=Compiled.
Change-Id: Ia74434ead1fff244042d03347c82cb73f243bdbb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3654206
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
Add to the `trait Vm` 2 new methods that allow more control for
hypervisors when dealing with memory (un)mapping. This is intended for
dealing with expanding and releasing memory from `virtio-balloon`.
For windows based hypervisors, balloon expansion triggers OS interaction
with reclaiming memory pages, which is automatically managed in KVM.
Similarly, a balloon deflation will cause OS interaction for releasing
memory back to the OS.
Update the error return for `remove_mapping` when `madvise` call fails.
BUG=b:213150327
TEST=compiled.
Change-Id: I6ac04d27ac06ea97825f4d22e36543b5dde5b032
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3640424
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
For handling HYPERV hypercalls, the exit reason needs to be checked
against KVM_EXIT_HYPERV.
TEST=Compiled.
Change-Id: Ib11d558e25e2c5fd037e1bc6ca88a454e957a1c8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3639149
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
There are 3 new methods added to the trait:
- `handle_cpuid`
- `get_tsc_offset`
- `set_tsc_offset`
These methods allow handling of cpu exit for reading CPUID which is
required for Hyper-V support. The other 2 methods related to TSC are
required for special Hyper-V handling.
BUG=b:213150327
TEST=Compiled crosvm
Change-Id: Ibc95163d9625883521a56ec9a1573725d0f41711
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3630709
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
No functional changes.
Add trait changes to allow upstreaming hypervisor implementations. This
change differentiates between the hypervisor related data structures
from the VM specific actions to take. The format chosen is using a FnMut
that gets passed to hypervisor handler which contains the VM specific
actions.
BUG=b:213150327
TEST=Compiled crosvm.
Change-Id: I05fde5ff3d6b5f42684c7bfe8a135b6805c9dc06
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3606975
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vaibhav Nagarnaik <vnagarnaik@google.com>
This runs an unprotected VM but uses the same memory layout as for a
protected VM, loads pVM firmware, disables the same devices as for
protected mode. This is useful for debugging pVM firmware and other
protected VM issues.
TEST=crosvm --extended-status run --disable-sandbox --serial=stdout,hardware=serial,num=1 --unprotected-vm-with-firmware=pvmfw --bios=test_bootloader
TEST=tools/dev_container tools/run_tests --target=vm:aarch64
BUG=b:230475926
Change-Id: I9a8077d76874f10221071ea312291659d81da3d5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3623760
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Andrew Walbran <qwandor@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
As with any other CPU feature, if pointer authentication is supported
on the host, we should also support it in guests.
Change-Id: Ia09ba9e3b48a88a280bd1922e976393e10545ba2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3622797
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Add a kvm capability config helper. This helper controls wheter
MSR_PLATFORM_INFO can be read in kernel space.
With this helper, we can ask RDMSR of MSR_PLATFORM_INFO traps to
userspace and emulate this RDMSR in crosvm.
BUG=b:225375705
TEST=Cargo build
Change-Id: Ic3444e678b124c19b600d8b31062a2cbe3a65156
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3575510
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
Commit-Queue: Junichi Uekawa <uekawa@chromium.org>
Commit-Queue: Zhao Liu <zhao1.liu@intel.corp-partner.google.com>
At present, crosvm can support handle RDMSR in userspace by read MSR of
Host directly. This is the RDMSR passthrough in userpace.
This patch adds more MSR handler support, including:
- WRMSR passthrough: write the corresponding MSR of Host directly in
userspace; The control of MSR will work on host;
- RDMSR emulation: crosvm uses a dummy MSR value to let Guest reads on.
This value can be different with real MSR of Host;
- WRMSR emulation: crosvm uses a dummy MSR value to let Guest writes
into. This means the control of MSR won't really work (on Host).
BUG=b:225375705
TEST=Set `--userspace-msr=0x1a2,type=r,action=pass,from=cpu0`
Change-Id: I3276dd651464ef7b695e2ddd433793d59128af9b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3575508
Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Junichi Uekawa <uekawa@chromium.org>
Remove KVM-specific code from the generic aarch64 module by providing a
generic enum for hypervisor-specific vCpus to use instead:
VCpuRegAArch64.
Change-Id: Idd7379ad35943622c534b5e0d954ec15f9d15b41
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3586723
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Moreland <smoreland@google.com>
This lets us remove the wrap_descriptor() calls.
A few other places around the tree need to be updated to use Descriptor
instead of RawFd to match the new API.
BUG=None
TEST=tools/presubmit
Change-Id: Ie290f082b50bcf6ae8f77ce6a8b7615fad1be480
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3572770
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Add basic support so that it is possible to pass through some MSR from
the host, like the temperature and C state counters.
BUG=b:215297064
TEST=iotools rdmsr 0 0x1a2
Change-Id: Ie7bfdc00dfaac1e097a29f3a8fe58efc84510a62
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3499759
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Junichi Uekawa <uekawa@chromium.org>
The PSCI standard defines a PSCI version as a 32-bit non-negative signed
integer but one is currently being built from a 64-bit unsigned value.
Add a constructor and implement TryFrom<u32>::try_from() to encapsulate
those conditions being checked in the struct's impl.
Provide a macro wrapping the constructor for compile-time constant
versions.
Make PsciVersion Ord to allow comparison again versions of interest.
Reject cases where KVM reports versions of PSCI that are currently not
supported by crosvm.
BUG=b:227142928
TEST=tools/dev_container tools/run_tests --target=vm:aarch64
TEST=booted a protected VM from the AOSP fork
Change-Id: I2989f4703b1d18970aff396cda0b6a63ca0f6e4f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3560155
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Andrew Walbran <qwandor@google.com>
Commit-Queue: Pierre-Clément Tosi <ptosi@google.com>
Turn the match with branch on any Err into an if-let-else expression.
Note: No functional change intended.
BUG=b:227142928
TEST=booted a protected VM from the AOSP fork
Change-Id: I213d7023fb63f4b2e504bd049d5bebbd26bd04a2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3560153
Reviewed-by: Andrew Walbran <qwandor@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Pierre-Clément Tosi <ptosi@google.com>
Chrome OS does not currently package memoffset-0.6.5 (only 0.6.4), so
building within cros_sdk will fail to find the expected crate. We don't
need any API requirements past what is provided by 0.6, so just request
that. At the same time, upgrade the cros_asyncv2 memoffset from 0.5 to
0.6 so we don't need two separate versions. (The crosvm ebuild was not
requiring a 0.5 version, so this was technically a bug.)
BUG=None
TEST=cargo build
TEST=emerge-hatch crosvm
Change-Id: I2b6c778cdbf57977e6fffd73867e0c4818c44a61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3502625
Auto-Submit: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
When Crosvm receives a KVM_SYSTEM_EVENT_S2IDLE event, it means the
guest VM is entering s2idle suspend state, and it's requesting the
host to put the whole system in the same state.
If hypervisor sends the request on behalf of a privileged VM, Crosvm
can initiate s2idle suspend on the host since it's been granted with
system power management privileges.
BUG=b:199383670
TEST=trigger s2idle from ChromeOS guest
Change-Id: I589a7e1d93abb5ab971fd58de94ee75df48c3c6d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3414635
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dmytro Maluka <dmaluka@google.com>
Commit-Queue: Allen Webb <allenwebb@google.com>
These may be used by the pVM firmware or bootloader for protected VMs on
Android to indicate the reason why a VM failed to boot, such as a
verification failure, and so we want to have them in the logs for
debugging.
BUG=b:220084045
Change-Id: I449873fb85d590d9e7978a93648e90586ecfff10
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3473452
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Andrew Walbran <qwandor@google.com>
Run tests for sys_util_core, poll_token_derive and balloon_control on
windows.
Using dotfiles to disable/serialize test runs of a subset of crates does
not work well with third party crates as it forces us to commit the dot
file to the crate.
The patch modifies and uses the script that runs linux tests.
This patch also allows us to
- build/test child crate even if parent crate has disabled build/test.
- avoid building crosvm if it is not explicitly specified.
RIP short lived .windows_build_test_skip. You allowed us to run noop
kokoro tests.
Test: py .\tools\impl\test_runner.py --arch x86_64
Bug: b:215610772
Change-Id: Icc6d04ffd7c0c33d4f60aeac16fc7d23881c387d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3459809
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
This should have been updated with the pKVM ABI change in
https://crrev.com/c/3330204, as protected mode is now selected when
creating the VM, and pVM firmmware is optional.
BUG=b:209794844
Change-Id: I2850b4c2ef523a15b8215df070eb9da066a67cb5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3420330
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Andrew Walbran <qwandor@google.com>
It's a simple enum, so it should be Copy.
TEST=tools/dev_container tools/run_tests
TEST=tools/dev_container tools/run_tests --target=vm:aarch64
Change-Id: Ieeacedb10fa6a93d6cdd9878097c66aa936f8e30
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3420329
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Andrew Walbran <qwandor@google.com>
The patch also adds files to skip building and testing crates on
windows. When we run
```
tools/windows/build_test.py --skip_file_name .windows_build_test_skip
```
the build/test succeeds without actually doing anything as build/test
for all crates is skipped by creating '.windows_build_test_skip'.
Bug: 213170957
Test: Ran script on downstream repo
Change-Id: Iebd2cea463ee722be4feaed88229e1fb5e9fd6c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3417918
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Vikram Auradkar <auradkar@google.com>
The newly-added KVM_CHECK_EXTENSION call to retrieve
KVM_CAP_ARM_VM_IPA_SIZE was checking for errors by looking for return
values less than 0, but KVM_CHECK_EXTENSION returns 0 for unknown
extensions (e.g. on older kernels before this extension was introduced).
Treat 0 as unsupported as well so the default 40-bit size is returned in
this case.
BUG=b:215174283
BUG=b:210727578
TEST=Boot crosvm on kevin (arm device with 4.4 host kernel)
Fixes: 891ea3e88a ("aarch64: limit high MMIO addresses to VM phys addr range")
Change-Id: I19a3ae00862882c030c1e776cb3ca10edeffd339
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3399344
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The high MMIO region of the system allocator was previously set up with
the upper limit of 2**64 - 1, but physical addresses on actual systems
are not that large. Now that pmem allocates from the upper end of the
high MMIO region, the size of the allocator actually matters.
Limit the aarch64 high MMIO allocator to the VM's physical address size
so that addresses at the end of the allocation range are usable and pmem
devices can be created on aarch64.
BUG=b:210727578
TEST=Boot with pmem device on aarch64
Change-Id: I67962c2b03f0f265349ae889c988eb69ef526f4a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3366858
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Andrew Walbran <qwandor@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Add a function that returns the size of guest physical addresses. This
wraps KVM_CAP_ARM_VM_IPA_SIZE on aarch64 and CPUID to query host
physical address size on x86_64. This replaces the phy_max_address_bits
function from x86_64, and all callers are migrated to use the new Vm
function instead.
BUG=b:210727578
TEST=check on trogdor64 with debug prints
Change-Id: I3107fe6357fcf166b7ad0e2a7c55919705da3b0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3364971
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Andrew Walbran <qwandor@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This is useful mostly for development and testing.
BUG=b:209795495
Change-Id: Ie8c4dfade2cbc770daa7d97e22b1574fdf895a19
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3330210
Reviewed-by: Will Deacon <willdeacon@google.com>
Reviewed-by: Chirantan Ekbote
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This involves two main changes:
* Protected VMs must be created with KVM_VM_TYPE_ARM_PROTECTED.
* pVM firmware is now loaded by IPA rather than memslot ID.
There are also a lot of trivial changes because the ProtectionType enum
was moved from the devices crate to the hypervisor crate.
BUG=b:209794844
TEST=Will tested manually with patched kernel and dummy firmware
Change-Id: I1dd75e20063ca4736f155292ca5f70b94664fdd9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3330204
Auto-Submit: Andrew Walbran <qwandor@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
As before, some are automatically fixed by clippy, some manually
fixed.
BUG=b:192373803
TEST=./tools/presubmit
Change-Id: Ifcab4cf60775ee6bb7d4530af6406a74958432ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3283683
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Developers may need to manually clean up the common/enumn directory - it
will be left behind if there are build artifacts (Cargo.lock, target
directory, etc.):
rm -rf common/enumn
BUG=b:205344148
TEST=cargo build
TEST=tools/presubmit
TEST=emerge-hatch crosvm # with https://crrev.com/c/3265967
Change-Id: I1af3bdd22f40e87895a78a5cbc8033476058c927
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3278774
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The value 0 passed to KVM_CREATE_VM has a special meaning for KVM/arm64.
It indicates that the VM is configured with a 40bit IPA space.
However, not all HW support such an IPA space, and the KVM_CREATE_VM
call fails on these systems.
In order to maximize compatibility, we can ask KVM for the maximum
supported IPA size, and use that as an input to KVM_CREATE_VM, at
which point the kernel will instantiate a VM with that IPA size.
This enables crosvm on exotic hardware such as the Apple-M1.
TEST=tools/run_tests
Change-Id: I7ea39ac6e5de6a1389c0c30cdfeb7c970c411589
Signed-off-by: Marc Zyngier <mzyngier@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3124677
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
This change contains the results of running
./tools/contib/cargo_refactor.py
This will break the next uprev, and needs to be synchronizized
with the corresponding ebuild changes in https://crrev.com/c/3248925
BUG=b:195126527
TEST=./tools/run_tests
Change-Id: Ied15a1841887bb8f59fba65b912b81acf69beb73
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3248129
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
If we need descriptor for things that aren't file or other shared_memory objects, we can create a separate descriptor change, but it shouldn't be the default.
This reverts commit 533c5c8258.
Reason for revert: this causes conflicts with other platforms.
Original change's description:
> vm_memory: Add from_desciptor() in MemoryMappingBuilder
>
> MemoryMappingBuilder had `from_file()` and `from_shared_memory`, which
> are almost the same. So, this commit adds `from_descriptor()` to replace
> both of the two.
>
> BUG=b:194137301
> TEST=build
>
> Change-Id: Ia13f5e8e0f95a5c32e47dc9b3be13b7a7fa510bf
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3159881
> Tested-by: kokoro <noreply+kokoro@google.com>
> Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Bug: b:194137301
Change-Id: Ie203ee3eb3dcddd41c5e55b6980dc6292eb24f85
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3183183
Auto-Submit: Udam Saini <udam@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Udam Saini <udam@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
MemoryMappingBuilder had `from_file()` and `from_shared_memory`, which
are almost the same. So, this commit adds `from_descriptor()` to replace
both of the two.
BUG=b:194137301
TEST=build
Change-Id: Ia13f5e8e0f95a5c32e47dc9b3be13b7a7fa510bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3159881
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
On all architectures, KVM_CREATE_VM takes an argument known
as the 'machine type identifier'. This machine type is
architecture dependent, and the documentation helpfully says:
You probably want to use 0 as machine type.
So let's do that.
Change-Id: I8a8a0f7b78e32012c5ab841097c05a02fe0532ff
Signed-off-by: Marc Zyngier <mzyngier@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3124676
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Andrew Walbran <qwandor@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tree-wide cleanup of new clippy warning in Rust 1.54 that warns about
needless borrows:
error: this expression borrows a reference (`&...`) that is
immediately dereferenced by the compiler
https://rust-lang.github.io/rust-clippy/master/index.html#needless_borrow
BUG=b:197251702
TEST=bin/clippy # with rust-toolchain = 1.54.0
Change-Id: Ib702ec524d4623d264a00ec11dbc2150c411a67b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108321
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Tomasz Jeznach <tjeznach@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The conversion code for KVM <-> hypervisor representation of the Local
APIC state used the unsafe mem::transmute() function to view an array of
i8 as u8 instead for use with the Rust endian conversion functions.
Casting between integer types of the same size with `as` is defined in
Rust as a "no-op" (the bitwise representation is preserved), just like
in C, so transmuting at the slice level is not needed. These can instead
be written as simple loops to avoid the unsafe code.
To ensure this does not regress code quality, I have compared the code
generated for the x86-64 release build. The kvm_lapic_state to
LapicState conversion compiles to identical code, and the reverse
compiles to slightly different code (the compiler decides to emit a loop
instead of unrolling the 64-element copy), but the conversion of each
element still compiles down to a pair of MOV instructions.
The corresponding unit test has also been updated to avoid transmute, as
it was unnecessary there - the individual array element can be cast with
the `as` operator rather than transmuting the whole array.
BUG=None
TEST=cargo test -p hypervisor
Change-Id: I7e792b5507235e5234afe114a1ca744931e047d5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2947934
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
ARM supports paravirtual clocks or "stolen time" accounting by
allocating a page of memory in the guest memory map for a pvtime
structure and then sharing that address with the guest and updating it
in the host to tell the guest about how much time has been stolen from
the guest because the guest hasn't been running. Read all about it
here[1]. Add support to crosvm to allocate this page (for now a 64K size
chunk of memory that all VCPUs share access to) and then set the address
of the page in each VCPU when starting up.
[1] https://www.kernel.org/doc/html/latest/virt/kvm/arm/pvtime.html#stolen-time
BUG=chromium:1130828, b:169094241
TEST=emerge-trogdor crosvm && cros deploy $DUT crosvm && \
tast run $DUT crostini.Basic.buster_stable;
dmesg | grep pv # in the guest shows "steal time"
Change-Id: Ie3497bb22fb0e38eeff8ebac14b4213824bb6ca6
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2871394
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Enable support for runtime verification of number
of irqchip kernel emulated inputs, up to 120 pins.
KVM implementation supporting extended input pins shall
report KVM_CHECK_EXTENSION/KVM_CAP_IOAPIC_NUM_PINS value.
BUG=b:179648314
TEST=On systems with 24/120 pin IOAPIC kvm emulation.
Change-Id: I80063216310e427d664e3eaca3aba27e8a972cde
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2893366
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Tomasz Jeznach <tjeznach@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
This CL addresses some minor issues with the existing interface:
1. from_descriptor is too generic for some platforms that require
special handling for file/File backed mappings.
2. Nearly all call sites pass either File or SharedMemory. Now
we just have from_ methods for those types to preserve type
information.
3. Other platforms require additional fields in MemoryMapping, so a
tuple struct no longer makes sense.
4. The mmap syscall error message was misleading as we use it for more
than just the mmap syscall.
BUG=None
TEST=builds
Change-Id: I74c41bad52bb81880a11231cd18f47e233548a24
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2815614
Reviewed-by: Udam Saini <udam@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Allowing each region to have a separate backing FD will make it possible
to build GuestMemory from the vhost `SET_MEM_TABLE` message that
transmits the memory regions for virtio queues in vhost-user devices.
Change-Id: I6f9bc6136915da9d873ea896823e3b8f426ca69d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2795282
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Some judgement calls were made about unnecessary wrapping. Usually they
would get resolved by removing the wrapping or returning a convenient
error, but the ones that returned results for consistency with other
functions were added to the allow list.
The error handling in the usb code had a lot of unit error types which
is now a clippy lint. This was resolved by either removing the result
entirely or returning a convenient error.
The field_reassign_with_default lint is faulty and was added to the list
of supressions. This affected virtio-wayland code.
BUG=b:179277332
TEST=cargo clippy with rustc 1.50+
Change-Id: Ie812cdeaf7c42f4f2b47b1dc87f05a7c87a60f8f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2757510
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Auto-Submit: Zach Reizner <zachr@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
For some PCI device, its MMIO bar size may not be page size aligned.
When setting user memory region for such bar with not aligned size, KVM
will report failure back and failed to map that bar. As current crosvm
can continue run with this failure, the performance will be hurt as each
time when guest is accessing this bar, it will trap to hypervisor.
To resolve this, extend the size to be page size aligned when setting
user memory region in KVM and do DMA map. This should be safe to extend
because the mmap actually rounds up the mmap size to be page aligned.
BUG=None
TEST=boot vm with a passthrough device whose bar has unaligned size
Change-Id: Ic816984ec503edf7f12da4893b78d996ebf93976
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2717448
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
More recent Intel IO-APICs can support more than 24 interrupt
lines. This change enables variable size of IO-APIC lines for
user level IO-APIC emulation code (split-irqchip).
Reported version and supported IO-APIC registes matching ICH10
implementation of IO-APIC device.
BUG=b:181795297
TEST=boot and allocate irq from upper range.
Change-Id: I56480befb39c4c268266f04e4a93105402248772
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2733579
Tested-by: Tomasz Jeznach <tjeznach@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Tomasz Jeznach <tjeznach@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Most users will want to keep the default `/dev/kvm` path. However, in
certain environments, namely Borg, the KVM device node may be located
elsewhere.
This is the first of a set of related changes that will make hard-coded
device paths configurable.
BUG=None
TEST=./ci/builder --vm ./run_tests
Change-Id: I6087879c535be3779e20eff1f8fb5080f80cf020
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2736520
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
The args may be interpreted as pointers for some capabilities, so the
caller must ensure that any such pointers are allocated appropriately.
BUG=b:181564686
TEST=cargo test
Change-Id: I244f4d9417e588a6be5681f4718bb9ad7b262c3e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2726709
Auto-Submit: Andrew Walbran <qwandor@google.com>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
- Add an address space region for the protected KVM firmware.
- Query firmware size, mmap something that size and create a memslot.
BUG=b:163789172
TEST=cargo test
Change-Id: I054cf5d763c980d073c17bce70e85a781816b64d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2623942
Auto-Submit: Andrew Walbran <qwandor@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Andrew Walbran <qwandor@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Support virtio-fs's DAX (direct memory access) operation which allows the guest
to directly access file pages.
Specifically, FUSE_SETUP_MAPPING and FUSE_REMOVE_MAPPING operations are
supported.
This option can be used by specifing `dax` option when mount a file system in
the guest.
The DAX optoin improved file I/O performance in most cases.
In Fio tests, both of read and write score were improved by 1.3-14x depending on
test cases.
In Blogbench tests, which create many small files, DAX improved the write score
by 1.5x while the read score was reduced to ~25% (20391 -> 4593).
Here is an excerpt of results:
Fio
* seq_read: 10.2x (143528 -> 1464911)
* seq_write: 3.3x (61253 -> 896791)
* rand_read: 11.6x (138753 -> 1612739)
* rand_write: 14.6x (61253 -> 896791)
* surfing_read: 1.3x (98473 -> 127907)
* surfing_write: 1.3x (83309 -> 108089)
Blogbench
* read: 0.23x (20391 -> 4593)
* write: 1.50x (248 -> 373)
BUG=b:147341783
TEST=Run vm.{Blogbench, Fio} with CL:2291856
Change-Id: I4a47c601412ed32d926de6304337e1594252d258
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2108315
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Call KVM_REG_ARM_PSCI_VERSION to see the PSCI version and use the value
when creating a device-tree node.
Also stop setting PSCI constants which are ignored by kernel.
BUG=chromium:1141902
TEST=run crosvm on krane and check /proc/device-tree/psci/compatible
Change-Id: I4b8ed7620d7f0e2205b84b5f08cfaa5ae8d94339
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2529289
Tested-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Regenerate bindings.rs for kvm and add comments about how to generate it.
As a result, manually-added hack related to zero-sized arrays' alignment
was removed, as the bug had been fixed:
https://github.com/rust-lang/rust-bindgen/issues/684
BUG=none
TEST=build_test
Change-Id: I257975ce3cd4667b39381ddafd8b08d9e91de655
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2532546
Tested-by: Keiichi Watanabe <keiichiw@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
New Vcpu methods get the vcpu ID for a vcpu and the current thread.
A new VcpuX86_64 method injects NMIs. request_interrupt_window now
takes a bool parameter, so the request window flag can be turned off.
These methods are to support the userspace irqchip. The thread-local
vcpu ID will help route MMIO requests to the appropriate APIC. Clearing
the interrupt window request is needed because KVM won't clear the
flag if the kernel APIC is disabled.
BUG=chromium:1077058
TEST=boots with KVM kernel irqchip, KVM split irqchip
Change-Id: I2a08988e71663f0d2a63985f3239568c7a9befea
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2419673
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
For hypervisors that do not handle ioevents in-kernel, we need to make
some minor adjustments to the hypervisor abstraction api:
- register/unregister_ioevents needs &mut self instead of &self
- move handle_io_events from Vcpu to Vm, because the ioevents are
registered on the Vm not the Vcpu.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: Iddd61502a716143e117c454e64a9c9bd2578148d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2405299
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
This involves removing RawFd trait implementations from
Event and Timer, and resolving the echoing dependencies from
there.
Ultimately, this results mostly in changes across ioctl
(new thin layer in base), kvm, msg_on_socket, and a few other
areas. As usual, most changes are negligible.
BUG=b:162363783
TEST=./build_test
Change-Id: I47dec94666bc3430fed627b4767919c9cb4fce6f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2462330
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Michael Hoyle <mikehoyle@google.com>
Move MemSlotOrd out of the kvm hypervisor implementation so other
implementations can share the same struct.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I9d992699defab53e32517bb40e29192e31c45983
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2405301
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
This allows code to create references to traits such as `&dyn Vcpu` for
`&dyn IrqChip`. This also allows keeping such traits inside of opaque
`Box` like wrappers.
To achieve this, trait methods referencing `Self` have an additonal
`where` clause that restricts them to sized types. Associated types are
removed and replaced with their trait equivalents (as parameters) or an
opaque Box (as return values).
To work around certain cases where a concrete type is needed, such as
for KVM based `IrqChip` impls, the `downcast_rs` trait is used to allow
`dynamic_cast` style casting.
The binary size impact of this change is small. For comparison, here is
the size change with this commit:
armv7a -0.49% (-9 kiB)
aarch64 -0.17% (-3 kiB)
x86_64 +1.77% (+40 KiB)
BUG=None
TEST=build_test
Cq-Depend: chromium:2466660
Change-Id: I1a408734832d2971ea2979c1bc64b2ffe051b02d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2439298
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Note the CL size is large entirely due to the rename,
the changes are mostly negligible.
Also making a few small additional changes in sys_util
areas that don't need much attention in base. This includes
typedefing and adding specific imports for areas that don't
require significant interface changes.
BUG=b:162363783
TEST=./build_test
Change-Id: I4a2c9c4cdce7565806ed338e241c6b8c82c855c7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2415180
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Michael Hoyle <mikehoyle@google.com>
This removes RunnableVcpu as an associated type on Vcpu traits, instead
using the new VcpuRunHandle type to enforce the same guarantees. This
simplifies implementations of Vcpu becuase only one impl is needed with
all the methods provided.
The other advantage to removing RunnableVcpu was that a Vcpu could be
try_cloned, defeating the purpose of consuming the Vcpu in the first
place with to_runnable. The type system and ownership model gave a false
sense of compile time safety. The usage of VcpuRunHandle is more
consistent with the fact that it is a runtime check that the programmer
is doing the safe thing. It's also consistent with all hypervisor impls.
BUG=None
TEST=./build_test
Change-Id: I14bbc5d939744cb92fb9cb3152edb82603cadd11
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2442096
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Zach Reizner <zachr@chromium.org>
This is very largely boilerplate, but changes some interfaces
to accept different parameters, esp using Descriptor.
BUG=b:162363783
TEST=./build_test
Change-Id: I81b513c0de9448c2de505fe5d3a61a29f4eccb78
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2342591
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Michael Hoyle <mikehoyle@google.com>
Calls to the kvm crate have been replaced by calls to hypervisor and
devices::irqchip. Plugin is unchanged and still KVM-specific.
x86 creates and configures vcpus on the vcpu thread instead of the main
thread.
Code that still depends on kvm or kvm_sys:
- crosvm_plugin, plugin, and protos use kvm and kvm_sys if built with
the plugin feature
- devices::VfioGroup does a kvm_sys ioctl
- devices::irqchip and hypervisor use kvm_sys. hypervisor uses
kvm::Cap and kvm::CpuId internally for now.
BUG=chromium:1077058
TEST=runs es2gears_wayland on kukui
TEST=runs evince on amd64-generic with kernel and split irqchip
TEST=build_test excluding tpm2
TEST=cargo check --features plugin
Change-Id: I0068e34da6a5ff0079b1237be1958933bf12ffe4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2307711
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
For now, this crate simply re-exports all of sys_util, but it will
be updated to provide new interfaces when needed. This is the
first step to making crosvm not directly depend on sys_util, so
that we can make the interface changes we need without fear of
negatively affecting (i.e. completely breaking) other usages
within chromeos.
BUG=b:162363783
TEST=./build_test
Change-Id: I7d0aa3d8a1f66af1c7fee8fd649723ef17027150
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2325168
Tested-by: Michael Hoyle <mikehoyle@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Michael Hoyle <mikehoyle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Run unit tests for the old ioapic only on x86. Fixes use statements in
hypervisor tests. Run the hypervisor vcpu enable_feature test only on
x86, like in the kvm crate.
TEST=cargo test --no-run --target=aarch64-cros-linux-gnu
TEST=cargo test --no-run --target=aarch64-cros-linux-gnu -p devices
TEST=cargo test --no-run --target=aarch64-cros-linux-gnu -p hypervisor
BUG=1112839
Change-Id: Ie8dc152de6acd37b93e394642208a86a746c9308
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2337151
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Steven Richman <srichman@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Move GuestAddress and GuestMemory to a new crate for VM memory. This
will make separating sys_util and crosvm independent making it easier
to use sys_util functions outside of crosvm.
Change-Id: I12e14948ea85754dfa6267b3a3fb32b77ef6796e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2311251
Auto-Submit: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
When a memory region is added to the guest, ownership is passed to the
Vm object. However, it was not possible to get the memory region back
when removing it from the Vm. Update the return type of
remove_memory_region so that the original boxed memory region can be
returned to the caller.
BUG=None
TEST=cargo test -p kvm
Change-Id: Ie39a57e0c037ed25a603865cb3dce1af1478e143
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2300840
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Tomasz Jeznach <tjeznach@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Implementation of a KVM split irqchip. KVM's "split irqchip"
functionality only works for x86/x86_64 so this is implemented in the
kvm/x86_64.rs sub-module. The chip has a userspace Pic, Ioapic, and Pit.
This change necessitated a couple modifications to the irqchip traits:
- The create_pit function has been removed, and it's now implied that
the creation of the irqchip handles the creation of the pit.
- A finalize_devices function has been added. This function will need
to be called on the irqchip after all devices have been setup. The
purpose of finalize_devices is to allow the irqchip to register any
userspace devices with the io_bus or mmio_bus, and for the irqchip to
supply any necessary EventFds to these devices.
- A service_irq_event function has been added. This function works a
lot like the service_irq function, except it's specifically designed
to work the same way an IRQFD works: it first asserts then immediately
deasserts the line. If a resamplefd is associated with the irq line,
the deassert doesn't happen immediately, but happens when an EOI
occurs for a vector associated with the line. The service_irq function
will still exist for unittests.
- A process_delayed_irq_events function has been added. There
is a case where a deadlock can occur if the main thread blocks on
locking the ioapic in order to service an irq event, while a vcpu
thread holding the ioapic lock waits on the main thread to process the
addition of a MSI route. So the irqchip delays the servicing of irq
events if it finds a locked ioapic, and the
process_delayed_irq_events function should be called regularly
by the main thread in order to re-try servicing any delayed irq events.
Bug: chromium:1077058
Test: split irqchip runs all available x86-specific irqchip tests.
Also added some tests specific for the split irqchip. Ran these tests
and cargo test -p hypervisor -p devices
Change-Id: I14866645b86b3bf318440051069ff165e2cf9d88
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2290192
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
In particular, Android targets use c_int whereas normal Linux targets
use c_ulong. An ioctl number should always fit in 16 bits, so casting
from c_uint (as bindgen uses for the constants) to either other type
should be safe.
BUG=b:158290206
TEST=cargo test
Change-Id: I3d808ba9a5588a75c029a299e3609d97e328e3cc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2288229
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Andrew Walbran <qwandor@google.com>
Commit-Queue: Andrew Walbran <qwandor@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Add VcpuAArch64::set_one_reg, init, and init_pmu. init combines
arm_preferred_target and arm_vcpu_init from the kvm crate.
BUG=chromium:1077058
TEST=cargo test -p hypervisor, ARM build
Change-Id: I5005d568c2337da3b9a96ec05ca9865c6ddbab74
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2247369
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Move try_clone from Kvm to Hypervisor, and add try_clone to Vcpu.
Include a flags field in CpuIdEntry, since it's used by KVM_SET_CPUID2.
Tighten the bounds on Vcpu::Runnable so it derefs to the same type as
Vcpu.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I451f9156210eae342122f97fedfad630b89a7645
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2274837
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Udam Saini <udam@google.com>
These functions are mostly unchanged from the kvm crate. Error code
checks were tweaked for consistency.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: Ib4b30281eed877efcb4b55332f1f588213b98918
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2247370
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
set_msrs, which had used std::alloc in x86_64/src/regs.rs, now uses
vec_with_array_field to allocate the msr struct like get_msrs.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I288bb18cc9e9ebf3e52b4ac46e36d03013b620ea
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2246654
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Added get/set_lapic_state functions to KvmKernelIrqChip and KvmVcpu.
Added tests for the KvmKernelIrqChip.
BUG=chromium:1077058
TEST=added associated tests for get/set_lapic_state
Change-Id: I0f1cebd9db370b5453a951f7827de511399cddf4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2260929
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Added an emum for MPState, and functions to translate between MPState
and kvm_mp_state. Added get_mp_state and set_mp_state functions to KvmVm
and the IrqChip interface.
BUG=chromium:1077058
TEST=added associated tests for get/set_mp_state
Change-Id: I0825f81b1b4d85884690606d691e8b88e8306ae1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2261293
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Add methods for making RunnableVcpus, requesting vmexits on a vcpu,
injecting interrupts, and setting I/O data. This code is unchanged
from the kvm crate.
A new Vcpu::handle_io_events method delivers pending IO events. This is
for hypervisors that handle IO events in userspace. On KVM it's a
no-op.
Delete integration tests, which were for showing how the hypervisor
traits fit together.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: Ie9eb6dd38f168031bc0ae1b3c44638e8930284a3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2247367
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
These functions are mostly unchanged from the kvm crate.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I819e34b2d7895b10658ca7d8870b64435220ea9f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202847
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Use a MemSlot type alias for memory region slots instead of u32, for
better type checking and self-documentation.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I0ee790f2eba432a6569c720a216d5bd5a66b07ab
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2253336
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Modified ioapic implementation for the hypervisor abstraction layer.
This implementation has the same functionality and tests as the existing
one, but accepts a vec of resample_events instead of a GsiRelay. It also
takes a list of irqfds instead of creating them itself.
This will be used by the KvmSplitIrqChip, and will eventualy be modified
again to support an ApicBus when we want to support a UserspaceIrqChip.
Bug: chromium:1077058
Test: cargo test -p hypervisor -p devices
Change-Id: I306724266511a7975a25a34955651ea6f53e1c4c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2255303
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Copied and slightly modified pic implementation in the irqchip
submodule. It uses the PicState defined in the hypervisor crate and has
a register_resample_events function instead of a register_relay
function.
Some function signatures have been slightly changed to take &self and
&mut self where before they would take a PicState. This was done so
that the Pic struct itself would be the only object that needs access
to the resample_events rather than each PicState needing it's own copy
or clone.
This will later be used by the the KvmSplitIrqChip.
Test: cargo test -p devices -p hypervisor
Bug: chromium:1077058
Change-Id: Ia15ea1800b4339d3ad38d88d8ec6ace8ca5ea67a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2255302
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Vcpus are created on the Vm object, instead of with Vcpu::new. Vm keeps
a copy of the Hypervisor to support create_vcpu. Otherwise the methods
are the same as the kvm crate.
BUG=chromium:1077058
TEST=cargo test
Change-Id: I6fbd0e5fb5d81d4362a259e85eb392d8edbfff1f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2247366
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Vm capability checking has been split into two functions: one for a
small set of hypervisor-agnostic caps, and one for hypervisor-specific
u32 constants to support the plugin.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I17fb6804f0fa7114f39c5016da430afa75179919
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202848
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Implemented the remaining IrqChip trait functions for the
KvmKernelIrqChip, including register/unregister_irq_event and irq
routing functions.
Added some irqchip tests for setting irq routes and servicing irq lines.
Also added tests for registering irq events.
BUG=chromium:1077058
TEST=cargo test -p devices -p hypervisor
Change-Id: Ia04c927b663ebdcacc88bc61d746077aa5b02514
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2246648
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
Add Vm::create_device to create kernel virtual devices, currently for
VFIO, ARM VGIC v2, and ARM VGIC v3.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I83c9c367c2b2674c3faaae9e4ae09919adfe34b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202846
Reviewed-by: Udam Saini <udam@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
- Reduces code duplication between MMIO and mmap arenas
- Makes adding future types easier
- Makes upcoming deprecation of kvm crate easier
- Use BTreeMap instead of HashMap since it's more efficient
BUG=chromium:924405
TEST=compile and test
Change-Id: I520abed0926489e64aac046e0dc0cfeb72fae7b2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2216446
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Steven Richman <srichman@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Gurchetan Singh <gurchetansingh@chromium.org>
The separate Vm functions for MemoryMappings and MemoryMappingArenas
have been combined and now use a MappedRegion trait that the mappings
implement. msync_memory_region replaces the get_mmap_arena function,
which is used by VmMsyncRequest. Since Vm uses mutexes for cloning, it
can't return mem region references.
BUG=chromium:1077058
TEST=cargo test, cargo test -p sys_util, cargo test -p hypervisor
Change-Id: If257b16ee34d07820ae7ebdb9a3a598a41df013c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202845
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Implemented get/set_pic/ioapic/pit functions for the KvmKernelIrqchip.
Added respective functions on KvmVm for interacting with the underlying
KVM API.
Added associated tests for get/set functions.
BUG=chromium:1077058
TEST=ran devices tests and added get/set function tests
Change-Id: I66a29828fe2f1fbdf54d7325656a003ac09e36d0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2219422
Reviewed-by: Udam Saini <udam@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Colin Downs-Razouk <colindr@google.com>
The clock functions on the Vm trait are for any arch, to support
hypervisors that might have ARM pv clocks. The KVM implementation (x86
only) is mostly the same as before, but uses a hypervisor-agnostic
ClockState struct instead of the KVM struct.
BUG=chromium:1077058
TEST=cargo test -p hypervisor
Change-Id: I0e77ae997d6a30851d28aeb5f73c9ef8ebc464a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202742
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Steven Richman <srichman@google.com>
