Commit graph

101 commits

Author SHA1 Message Date
Daniel Verkamp
907957accf vm_memory: improve MemoryNotAligned error message
If a guest memory region is misaligned, provide the guest memory address
and size of the region in the error message to make it more useful for
debugging.

BUG=b:358426674

Change-Id: Ia822d568724925b72624213a406a646f3f9e2d70
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5849386
Reviewed-by: maciek swiech <drmasquatch@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2024-09-10 20:06:47 +00:00
Frederick Mayle
49a6c3cf2d aarch64: add cmdline param to control FDT address
On aarch64, we load BIOS payloads at offset 0x200000 because
cuttlefish's u-boot BIOS requires the FDT at offset zero. However, in a
separate use case, we are loading BIOS payloads that are OK with dynamic
FDT addresses, but might use the Gunyah hypervisor, which currently
requires the payload to be loaded at offset zero. One algorithm can't
satisfy both.

Both the u-boot setup and Gunyah ought to be made more flexible, but it
seems useful to make crosvm's behavior configurable. It lets us adjust
those use cases eventually without causing an immediate backwards
incompatability scramble.

A new "after-payload" mode is included that matches crosvm's RISCV FDT
address behavior and potentially helps with the TODO for >4GB VMs.

BUG=b:353758405

Change-Id: I886f47cf8e0a6b02218794615215a0e972a4ace2
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5740018
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
2024-08-06 00:06:52 +00:00
Daniel Verkamp
b06d296a1b base: define ioctls as consts rather than functions
For ioctl numbers that do not require any parameters, make ioctl_io_nr
and related macros generate a constant rather than a function with no
parameters. This makes the code that uses these constants more idiomatic
and also allows using the constants in match statements (see an example
in virtio/fs/passthrough.rs).

BUG=None
TEST=tools/dev_container tools/presubmit

Change-Id: Id52817528d770c5dbbe2ce7928c9f31a15c83d83
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5648647
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2024-06-25 19:17:21 +00:00
Daniel Verkamp
97848ecceb vm_memory: remove unused .enumerate()
Fix clippy::unused_enumerate_index warning

BUG=b:344974550
TEST=tools/clippy

Change-Id: I19ef94ce3a4bca3deae7d9cdbe00d73ef6637257
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5609076
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2024-06-10 20:03:35 +00:00
Daniel Verkamp
52b8e42869 Cargo.toml: avoid "*" versions for external crates
Ensure that every Cargo.toml dependency on a third-party crates.io crate
specifies at least a major version, or a minor version for 0.x crates,
to ensure that if a new major version is published, it cannot cause API
breaks.

The versions are selected to match the ones already in Cargo.lock, so
this should have no functional change, but it will help prevent new "*"
versions from being introduced via copy-and-paste.

For rationale, see the Cargo FAQ:
<https://doc.rust-lang.org/cargo/faq.html#can-libraries-use--as-a-version-for-their-dependencies>

`minijail`, `audio_streams`, and `cras` are left as "*" for now, since
they have unusual situations (imported from a submodule and/or replaced
at build time with ebuild magic).

BUG=None
TEST=tools/dev_container tools/presubmit
TEST=verify Cargo.lock is unchanged

Change-Id: Ifa18199f812f01d2d10bfb4146b3353c1a76527c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5555656
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2024-05-22 01:01:42 +00:00
Daniel Verkamp
92665a611f Cargo.toml: move tempfile to dev-dependencies
The tempfile crate is only used in tests, so it does not need to be in
the main [dependencies] section of any of our first-party crates.

Also fix a couple of [dev_dependencies] instances to the officially
documented [dev-dependencies] name for consistency.

BUG=None
TEST=cargo tree

Change-Id: I1dcb6be10c302baec4e8ebe6f72480f76e4e3760
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5521511
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2024-05-07 20:00:48 +00:00
Frederick Mayle
7eb27dd45b vm_memory: support lz4 compression for RAM snapshot
RAM snapshot size and overall snapshot time for a basic ubuntu VM right
after login:

  * no compression:  619M 0.8s
  * lz4 compression: 175M 1.2s

BUG=b:320753724
TEST=crosvm snapshot take --compress-memory /tmp/crosvm-snapshot /tmp/crosvm-control

Change-Id: I5dff9fe8744847fea872ad78347ac5f7d8b957e3
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5190788
Reviewed-by: Elie Kheirallah <khei@google.com>
Commit-Queue: Frederick Mayle <fmayle@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
2024-03-08 22:51:26 +00:00
Vincent Donnefort
88174c360b arm64: Align RAM region with the block size
The arm64 KVM implementation requires userspace address block alignment
to enable transparent huge-pages.

BUG=b:278011447
Change-Id: I8b5c579dabb8397a7a6341bb80425ea515306157
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5272439
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2024-02-23 23:32:08 +00:00
Noah Gold
cbf9381c58 vm_control: snapshot fragments use IO traits.
The current SnapshotReader/Writer interface returns Files for raw
fragments. When we add snapshot encryption, we will need to return an
encrypting or decrypting streaming wrapper, and this won't be a File.
This CL changes the interface to return impl Read or impl Write. As
part of that, we also had to make a significant safety change to
how memory snapshots are taken.

Memory snapshots used to be written with FileReadWriteVolatile. This is
because we assume GuestMemory is always mutably borrowed by the guest,
and it is UB to have aliased references in Rust. While formally
undefined, the rough reasoning for this is that LLVM optimizations
assume noalias on mutable references, and if that is violated at
runtime, optimizations can result in changed behavior. In the snapshot &
restore case though, we know the guest is not running because its VCPUs
are stopped, so its mutable reference can be ignored (temporal overlap
for aliasing is required for UB to occur). Luckily for us, the host code
will never alias guest memory because up until this CL, we assumed that
was never safe.

Credit: thanks to fmayle@, who originally proposed using Read/Write in this
manner in a CL that added snapshot compression.

BUG=b:326170473
TEST=builds

Change-Id: Iafd9175f684bc197329a0f5aae57685f5cfd677e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5313630
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
2024-02-22 20:48:37 +00:00
Frederick Mayle
c696448435 base: emit Result from FileDataIterator
If the data iterator hits an error, then we probably shouldn't continue
as if there was no remaining data.

BUG=b:307603892

Change-Id: Iad75974c3801d00acc95201d0686aa5f58cb6ea8
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5214579
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
Reviewed-by: Shin Kawamura <kawasin@google.com>
2024-01-23 01:23:53 +00:00
Frederick Mayle
f1c1a2443d vm_memory: memory snapshot code cleanup
Addressing post-submit comments on https://crrev.com/c/5182033.

BUG=b:307603892

Change-Id: Ibcb94b2da898494a5f8248bac802b896542ee1e5
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5214786
Reviewed-by: Shin Kawamura <kawasin@google.com>
2024-01-23 01:23:53 +00:00
Frederick Mayle
c29032e8dc vm_memory: skip holes when snapshotting RAM
On linux, we can use `lseek`'s `SEEK_DATA` and `SEEK_HOLE` features to
skip hole in files. On a freshly booted VM, it is common that much of
the RAM is untouched. For an Ubuntu test VM 8 GiB RAM, this reduced the
snapshot size from 8 GiB to 655 MiB and the snapshot time from 12s to
270ms. Restore time is tricky to measure exactly, but it feels much
faster.

BUG=b:307603892

Change-Id: I28b67557c4b6faec9c829345447395832d290d1c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5182033
Reviewed-by: Elie Kheirallah <khei@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
2024-01-17 19:43:06 +00:00
Daniel Verkamp
ae33ac2934 bindgen: regenerate all bindings with bindgen 0.68.1
This removes some auto-generated safety comments, but should otherwise
be a no-op.

Change-Id: Ibfcf75c6e296367fe1a6114ce2047fb79e34041b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5178534
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2024-01-09 00:37:43 +00:00
Vikram Auradkar
2768f223ee clippy: enforce safety block comments
BUG=b:316174930
TEST=none

Change-Id: I5c7811b2c548155aa003e4b71a54bbc16e2f2588
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5120567
Commit-Queue: Vikram Auradkar <auradkar@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-12-14 18:21:54 +00:00
Daniel Verkamp
fcc28f5573 data_model: move IoBuf and VolatileMemory to base
IoBuf is defined in a platform-specific way (it is either iovec on unix
or WSABUF for windows), so it fits into the mission statement of the
base crate, which is meant to be *the* platform abstraction layer in
crosvm.

IoBufMut and VolatileMemory/VolatileSlice are defined in terms of IoBuf,
so they are also moved into base for consistency. Every crate that uses
these types already depended on base, so no extra dependencies are
added, and a few can be removed.

BUG=b:312312646
TEST=tools/dev_container tools/presubmit

Change-Id: I4dddc55d46906dfc55b88e8e6a967d7e1c1922dd
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5046605
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-11-27 21:42:49 +00:00
Alyssa Ross
d9bc6e99ff Fix tests with non-4K pages
Change-Id: Ifc242d81fbaa7022554b96a9bb181ae390f231d7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5017868
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-11-10 23:26:00 +00:00
Daniel Verkamp
be33277580 base: remove read_from/write_to_memory
These duplicate existing VolatileSlice and FileReadWriteAtVolatile
functionality. Removing them means that they don't need to be
reimplemented separately for each platform's MemoryMapping.

BUG=b:309020556
TEST=tools/dev_container tools/presubmit

Change-Id: Ia4332159461efc001b4e980fdb2a9984e852c931
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5019440
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-11-10 18:41:10 +00:00
Daniel Verkamp
3c1d96ac07 Fix unnecessary vec![]
Change-Id: I8df666fbd1df47c0ca3231091aff0aab2c663106
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5005515
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-11-06 21:08:56 +00:00
A. Cody Schuffelen
9776cbb257 Remove some platform-specific re-exports from base::
base::Pid is explicitly added since every platform has a process id
type.

Bug: 233233301
Test: tools/dev_container ./tools/presubmit
Change-Id: Id0d54fe06981c1dcbdee3f73b1241af74a26300f
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4909061
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Cody Schuffelen <schuffelen@google.com>
2023-10-30 23:48:49 +00:00
Daniel Verkamp
472cf2ce3b base: rename SharedMemoryUnix to SharedMemoryLinux
This matches its new location in sys/linux, and it also more accurately
describes the trait, since the sealing functionality is specific to
Linux, not available on any other Unix-like platform.

Change-Id: If06fb7b6aacac80968c0b40bc4b48e62988c93a9
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4969179
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-10-23 21:48:52 +00:00
A. Cody Schuffelen
4748c54b95 Rename "unix" to "linux" in code and docs
$ for DIR in $(find . -name "unix"); do mv $DIR $(echo $DIR | sed "s/unix/linux/"); done
$ for FILE in $(find . -name "unix.rs"); do mv $FILE $(echo $FILE | sed "s/unix/linux/"); done
$ find . -type f -not -path '*/\.git/*' | xargs -I {} sed -E -i "s/mod unix/mod linux/g" {}
$ find . -type f -not -path '*/\.git/*' -not -path '*/third_party/perfetto/*' | xargs -I {} sed -E -i "s/([^o][^s])::unix/\1::linux/g" {}
$ find . -type f -not -path '*/\.git/*' | xargs -I {} sed -E -i "s/use unix::/use linux::/g" {}
$ find . -type f -not -path '*/\.git/*' -not -path '*/third_party/perfetto/*' | xargs -I {} sed -E -i "s/sys::unix/sys::linux/g" {}
$ find . -type f -not -path '*/\.git/*' | xargs -I {} sed -E -i "s/use unix as platform/use linux as platform/g" {}

Test: ./tools/dev_container ./tools/presubmit
Bug: b/298269162
Change-Id: I2c8acb14d77a5588dab4eae124f4a9afbb9025f5
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4909060
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Cody Schuffelen <schuffelen@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
2023-10-11 01:15:07 +00:00
A. Cody Schuffelen
97dff044f8 Replace #[cfg(unix)] with #[cfg(any(target_os = "android", target_os = "linux"))]
Updates are made to source and documentation.

This more accurately represents the currently supported platforms of
Android/Linux and Windows, without unexpectedly including other
unix-like operating systems.

Command to reproduce:
$ find . -type f -not -path '*/\.git/*' | xargs -I {} sed -i 's/cfg(unix)/cfg(any(target_os = "android", target_os = "linux"))/g' {}
$ cargo fmt

md files manually updated to fix line lengths.

Renaming `unix` modules to `linux` will be done in a later CL.

Test: ./tools/dev_container ./tools/presubmit
Bug: b/298269162
Change-Id: I42c1bf0abf80b9a0df25551613910293217c7295
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4909059
Commit-Queue: Cody Schuffelen <schuffelen@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
2023-10-11 00:43:29 +00:00
Zihan Chen
cbba480ebe crosvm: Uprev zerocopy to 0.7.x
zerocopy 0.7.x has finally released as a stable version, uprev it
to allow some remaining structs to be derivable.

TEST=CQ

BUG=b:300969352
FIXED=b:300969352

Change-Id: I90f0dfb09494f875fef1cd11bfcbd48030846092
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4878761
Auto-Submit: Zihan Chen <zihanchen@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-10-10 17:34:32 +00:00
Daniel Verkamp
03dd1feab7 Cargo.toml: depend on zerocopy 0.6 explicitly
Previously all of the zerocopy imports just used "*", but there are
API changes in zerocopy 0.7, so ensure we get a compatible version by
depending on 0.6 everywhere.

This is a no-op since Cargo.lock already specifies a 0.6.x version, but
it will prevent accidentally upgrading to 0.7.x without updating to the
new API.

BUG=b:301283548
TEST=cargo build

Change-Id: Ifd702d982a09b5083dddd666dc6f3052cba22214
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4878502
Reviewed-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-09-20 21:28:58 +00:00
Frederick Mayle
5acb340d04 vm_memory: replace GuestMemory::with_regions with iterator
No behavior change intended.

Change-Id: I49e19b420528b1b99532feb941f762ca93524578
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4844639
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
2023-09-06 18:14:16 +00:00
Daniel Verkamp
ce5a78e83b clippy fixes for Rust 1.70 and 1.71
Change-Id: If86c6cd531b854293a93208de5254664f5ee6bec
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4637612
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-07-13 20:29:05 +00:00
Daniel Verkamp
b714d56d3e vm_memory: make unchecked_add actually unchecked
GuestAddress::unchecked_add() previously used a normal + operator to add
the two values, which got converted into a checked addition even in
release mode due to our use of `overflow-checks = true`. Explicitly call
the wrapping_add() function instead to ensure we get the natural binary
integer behavior, which can be compiled into a simple add instruction
without any extra checks.

Additionally, mark the function as #[inline] - even though the function
body is quite small, in practice, I observed the compiler emitting a
call instead of simply inlining the single instruction (at least in
non-LTO release builds).

This probably has very little impact in practice, but it should slightly
improve codegen in some critical paths for virtio descriptor processing.

BUG=None
TEST=tools/dev_container tools/presubmit
TEST=cargo build --release and observe no call in SplitQueue::add_used

Change-Id: Idad5acccf56b4428f8db890576e37e470e61584d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4679849
Reviewed-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-07-12 23:15:54 +00:00
Andrew Walbran
1661dfca89 Update bitflags dependency to 2.2.1.
This is a new major version, and requires some code changes.

Change-Id: I294ce3604aad6e6dc5f50e33246b690e883c1e36
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4481294
Auto-Submit: Andrew Walbran <qwandor@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-04-27 17:22:36 +00:00
Daniel Verkamp
2c1d17fe41 tree-wide: remove unnecessary casts
Fixes clippy lint in Rust 1.68

BUG=b:276487055
TEST=tools/clippy # with rust 1.68

Change-Id: Ib9d83b8dc15a93e815600391e93b8bb1788f7dc4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4391107
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-04-17 23:43:59 +00:00
Daniel Verkamp
10a487a725 tree-wide: replace manual enum Defaults with derive
This is supported since Rust 1.62.

Fixes the new derivable_impls clippy lint, added in Rust 1.67.

BUG=b:276487055
TEST=tools/clippy # with rust 1.68

Change-Id: I3696dd3cf4acbf9b5a2cfa8c2046e7656e13dbbd
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4390735
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-04-04 22:12:39 +00:00
Elliot Berman
ef7b7b75ee vm_memory: guest_memory: Add MemoryRegionOptions
Gunyah needs explicit knowledge about which memory is used for protected
firmware, static swiotlb, or general purpose guest memory.
Hypervisor-agnostic, architecture-specific code creates the memory map
for guest VMs and doesn't presently have any mechanism pass this
information about the memory regions to the hypervisor.

Introduce MemoryRegionOptions which can be supplied by arch-specific
code. Subsequent commits will switch Arch code to use
new_with_options().

In the future, MemoryRegionOptions can be extended to support
guest memory layout decisions about whether the memory should be backed
by a restricted_memfd.

BUG=b:232360323

Change-Id: Id26bd645cb857accd69bb2db128c4874ce5c3e6f
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4379523
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-03-29 00:52:24 +00:00
Elliot Berman
a92cfe8cb6 vm_memory: Convert GuestMemory::with_regions to use struct argument
Introduce a struct argument, MemoryRegionInformation, for use with
with_regions.

No functional change intended.

BUG=b:232360323

Change-Id: Icd40630c32878b3bd185aeeedcf9e1e9de20e20b
Suggested-by: Frederick Mayle <fmayle@google.com>
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4379522
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-03-29 00:52:24 +00:00
Daniel Verkamp
083dcf75f4 tree-wide: apply nightly rustfmt
BUG=None
TEST=tools/fmt --nightly

Change-Id: Ifb08dd55ccf2a74ef739d7517a64970d24a82405
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4375640
Auto-Submit: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-03-27 21:30:45 +00:00
Frederick Mayle
85eda99bd4 vm_memory: option to set MADV_DONTFORK on guest memory
This is admittedly an odd feature with a narrow use case. It will lower
the risk of crash analysis tools accidentally trying to read guest
memory that has been unshared from the host (i.e. in a protected VM).

Hoperfully we'll eventually have a better solution, where we only mmap
the memory regions that are shared with the host. There is no hypervisor
support for that yet.

BUG=b:238324526

Change-Id: Iac7ed38aa52778a43ac5ba22bab5a3df7a554ee6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4251719
Commit-Queue: Frederick Mayle <fmayle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-02-16 18:23:47 +00:00
Zihan Chen
4acc0186ad devices: Clean up DataInit (7/n)
With the previous CLs migrating many functions and types to use
zerocopy, finally we can do a big clean up of`unsafe impl DataInit`.
We are down to 93 instances now from 230 at 5th CL in this series.

Also fixes a bug introduced previously in this series where I set
the trait bound of a few write_at_addr unsafe functions to
`FromBytes` when `AsBytes` should also be required.

TEST=CQ

BUG=b:204409584

Change-Id: I6658dd246a8932493ef6a652054a23ecfde76198
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4237765
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-02-13 19:26:45 +00:00
Zihan Chen
7e346a6a91 x86_64: Convert all DataInit to zerocopy
TEST=CQ

BUG=b:204409584

Change-Id: Ic05209ebca76e97a0851b939083d73d5ad0a3f4b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4234064
Commit-Queue: Zihan Chen <zihanchen@google.com>
Reviewed-by: Zihan Chen <zihanchen@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-02-09 22:59:10 +00:00
Frederick Mayle
19f4b1243c devices: snapshot and restore for guest memory
`crosvm snapshot take ...` will write the contents of guest memory to a
file and `crosvm restore apply ...` will read that file to overwrite
guest memory.

To start with, the file is chosen by adding a ".mem" extension to the
snapshot file path. We should consider a better approach in the future,
maybe put them both in a tar file or have the user supply a directory
instead of a file path.

BUG=b:266514791

Change-Id: Ic05f94223fb74674bd57dcd2f848055b31eb5fdc
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4215313
Reviewed-by: Elie Kheirallah <khei@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Frederick Mayle <fmayle@google.com>
2023-02-06 22:44:17 +00:00
Zihan Chen
8a7550c40a crosvm: Partially convert DataInit to zerocopy (1/n)
Thie effort is splitted into multiple CLs, to reduce change size
and also make bisecing breakages easier.

TESTED=CQ only

BUG=b:204409584

Change-Id: Ie90f171bd5f74b732df3129e94733f3b34621092
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4210751
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-02-02 19:28:57 +00:00
Daniel Verkamp
924f5a29ef data_model: Deprecate VolatileRef
This is a reland of commit d39e5811df

This change mark VolatileRef as deprecated instead of removing it
completely. This change also removed all related methods and functions
using VolatileRef that libcras don't use.

Original change's description:
> data_model: remove VolatileRef
>
> All uses except in test code have been eliminated, so we can remove it
> now.
>
> This was an unsafe abstraction, and we have better alternatives (such as
> the read_obj()/write_obj() functions) that do not create a long-lived
> mutable reference that could easily alias other slices.
>
> BUG=None
> TEST=tools/presubmit --all
>
> Change-Id: I84f1e2487d6211ce24b8fc992fa7675765870132
> Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824000
> Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
> Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
> Reviewed-by: Alexandre Courbot <acourbot@chromium.org>

TESTED=CQ

BUG=b:204409584
FIXED=b:236759218

Change-Id: I4019870a2321fcd8610669862b5e6ed9bf7c2282
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4215512
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zihan Chen <zihanchen@google.com>
2023-02-01 23:40:54 +00:00
Dapeng Mi
1f47978751 Virtqueue: Fix invalid avail_index issue
When we run FIO stress test with virito-blk, we found sometimes crosvm
would read an invalid "avail_index" from available ring of virtqueue.

This invalid "avail_index" would lead to subsequent "avail_len" check
fails and cause all filled descriptor won't be processed, and even worse
is the "vring_need_event" would always fail in Kernel virtio driver and
the virtqueue could be blocked forever if the feature
"VIRTIO_RING_F_EVENT_IDX" is enabled.

After a further investigation, we found the issue is related with rustc
optimization level, when opt_level=0, function 'read_unaligned' would
finally call glibc function 'memcpy' to read the value. While 'memcpy'
could break the read atomicity of u16 type data as the data is read one
byte by one byte. When opt_level >= 1, the 'read_unaligned' is optimized
to call a single 'mov' instruction to read the u16 data, so the issue
is gone.

we found 'read_volatile' function would be compiled to a single 'mov'
instruction in any optimization level. Atomic looks to be more right
solution to fix the issue, but we utilize this finding about volatile
as a workaround.

BUG=b:258349128
TEST=Run 12-hours FIO stress test in crosvm Linux VM and no packet loss
are found.

Change-Id: Iae5e4b29fe34ed9f4437afa4fe4e43a3c337e2df
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4021759
Commit-Queue: Takaya Saeki <takayas@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2023-01-12 08:02:39 +00:00
Daniel Verkamp
061e6d03c4 base: unix: remove kernel_has_memfd()
This function was used to check if the memfd_create() function worked in
order to skip tests on very old kernels (before Linux 3.17 from 2014).

All kernels older than 3.17 are EOL now, so we can reasonably require a
more recent kernel version.

Removing the checks will ensure that all tests actually pass rather than
being silently skipped.

BUG=None
TEST=crosvm CQ
TEST=tools/presubmit --all

Change-Id: I92695127061406901bb02b1012f2c14ee9afc705
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4126247
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-01-05 17:57:57 +00:00
Daniel Verkamp
ac0fc378a3 Fix remaining Chrome/Chromium OS instances
These should be written as ChromeOS and ChromiumOS (without the space)
to match the updated branding. The copyright headers were already
migrated to the new style (https://crrev.com/c/3894243), but there were
some more instances left over.

BUG=None
TEST=tools/cargo-doc

Change-Id: I8c76aea2eb33b2e370ab71ee9b5cc0a4cfd00585
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4129934
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2023-01-03 22:14:30 +00:00
Michael Sammler
fd442c62f0 vm_memory: guest_memory: Remove continuation passing style of do_in_region
This patch refactors do_in_region a function find_region that does not
take a closure as an argument, but instead returns the region.

BUG=None
TEST=tools/presubmit --all

Change-Id: I1ca11b513d42836410d363ccdf1cda61edc33ec8
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4019232
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Michael Sammler <sammler@google.com>
2022-11-15 20:46:18 +00:00
Daniel Verkamp
11a94b98a8 crosvm bindgen: regenerate with missing_safety_doc
Regenerate all of the automated bindgen bindings by running
tools/bindgen-all-the-things after commit 54311a8da9 ("crosvm bindgen:
Allow missing_safety_doc").

BUG=b:157245930
BUG=chromium:908640
TEST=tools/presubmit --all

Change-Id: I334f2ddc071acbf634f0d771d88650ee348cd5a0
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4025271
Reviewed-by: Zihan Chen <zihanchen@google.com>
Reviewed-by: Clarissa Garvey <clarissagarvey@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2022-11-15 20:43:50 +00:00
Daniel Verkamp
abe87c1c8f Revert "data_model: remove VolatileRef"
This reverts commit d39e5811df.

Reason for revert: libcras still uses VolatileRef and needs to be fixed before we can remove it

Original change's description:
> data_model: remove VolatileRef
>
> All uses except in test code have been eliminated, so we can remove it
> now.
>
> This was an unsafe abstraction, and we have better alternatives (such as
> the read_obj()/write_obj() functions) that do not create a long-lived
> mutable reference that could easily alias other slices.
>
> BUG=None
> TEST=tools/presubmit --all
>
> Change-Id: I84f1e2487d6211ce24b8fc992fa7675765870132
> Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824000
> Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
> Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
> Reviewed-by: Alexandre Courbot <acourbot@chromium.org>

Bug: None
Change-Id: I867cd1adff6c0c895791833432acd4a64aef0506
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4018409
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Daniel Verkamp <dverkamp@chromium.org>
2022-11-09 23:37:26 +00:00
Daniel Verkamp
d39e5811df data_model: remove VolatileRef
All uses except in test code have been eliminated, so we can remove it
now.

This was an unsafe abstraction, and we have better alternatives (such as
the read_obj()/write_obj() functions) that do not create a long-lived
mutable reference that could easily alias other slices.

BUG=None
TEST=tools/presubmit --all

Change-Id: I84f1e2487d6211ce24b8fc992fa7675765870132
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824000
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
2022-11-09 21:28:12 +00:00
Andrew Walbran
13cbc69abc aarch64: Don't include pVM firmware region in memory size calculation.
The pVM firmware memory region is allocated before
AARCH64_PHYS_MEM_START, but several parts of the code were assuming that
all memory was contiguous and after that.

BUG=b:244553205
TEST=Patched into AOSP and ran some VMs.

Change-Id: I8caefc9cae79c98ea62ee02a506b1b485d3f09a6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3921604
Reviewed-by: Pierre-Clément Tosi <ptosi@google.com>
Commit-Queue: Andrew Walbran <qwandor@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Jiyong Park <jiyong@google.com>
2022-10-12 17:42:33 +00:00
Keiichi Watanabe
cc8e94dc59 vm_memory: Add a method to check if a guest address range is valid
The current crosvm implementation is using
`GuestMemory::checked_offset()` for the following two cases:
(1) To get a valid `GuestAddress` representing `addr + offset`.
(2) Guarantee that the memory range `[addr, addr+offset]` is valid.

However, using `checked_offset()` for the case (2) is wrong because the
method only checks if the end address `addr+offset` is valid and doesn't
check if an invalid region exists between `addr` and `addr+offset`.

So, this CL adds `GuestMemory::is_valid_range()` to replace the (2)
cases.

BUG=b:251753217
TEST=cargo test in vm_memory
TEST=start a vm with virtio devices

Change-Id: I21bce5d1c60acdff79284cdad963849a6e19e19c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3945520
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: David Stevens <stevensd@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
2022-10-12 03:57:43 +00:00
Andrew Walbran
771af7347d vm_memory: Format GuestAddress in hex for Debug.
This is generally more useful when it shows up in log messages.

BUG=b:244553205
TEST=tools/dev_container tools/run_tests

Change-Id: Idbaa58f7a9fdb8e69212074fb5853da9098a82fb
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3921603
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Andrew Walbran <qwandor@google.com>
2022-09-29 07:37:51 +00:00
Pujun Lun
797ff4a795 vm_memory: create udmabuf stub for Windows.
BUG=b:213149288
TEST=presubmit

Change-Id: I250209912cff96da505e6ccfb76f9dba4b9a6683
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3885377
Commit-Queue: Pujun Lun <lunpujun@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2022-09-15 19:03:49 +00:00