This change adds the PCI device that will act as the conduit between
vhost vmm and vhost device in a virtio-vhost-user
specification. It only implements the communication logic i.e. rx / tx
from the vmm socket and virtio queues associated with the device.
BUG=b:194136484
TEST=Compile.
Change-Id: Ib47045b7633b77b73ed7bd428ca981caa6645275
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3146213
Auto-Submit: Abhishek Bhardwaj <abhishekbh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Abhishek Bhardwaj <abhishekbh@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
GuestMemory is only needed for the set_mem_table and set_vring_addr
methods so take it in as a parameter there rather than storing it in the
struct. Vhost-user devices don't have access to GuestMemory when the
vhost device is first constructed.
BUG=b:179756331
TEST=unit tests
Change-Id: Id446db43777c26b0dfbe8b37366f2da93de53b23
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3153211
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Impose a limit on the maximum nesting of file formats that can open more
files. For example, a qcow2 file can have a backing file, which could be
another qcow2 file with a backing file (or even the same file as the
original), potentially causing unbounded recursion.
BUG=b:198326611
TEST=cros_fuzz
Change-Id: I2f8573a7c71c6d8b310f2c2a75a240f2f8f0c9b1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3146214
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Cody Schuffelen <schuffelen@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Somehow, after rsyncing the whole directory, git will no longer work in the
copy. So instead, we are now using 'git clone'.
This changes the behavior to not include local workspace modifications in
kokoro simulations. Which is ok, we have test_all for that and the behavior
will more closely match what's happening in kokoro presubmits.
BUG=None
TEST=./ci/simulate_all
Change-Id: I439b9eadcac65d99782e2b0eb869519abb2ada37
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3152425
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
We no longer need to build dependencies from source and provide them
via pkg-config, this simplifies much of our builder container setup.
As debian bullseye got promoted to stable, we can now also simplify
further by just using bullseye stable instead of mixing stable and
testing packages.
BUG=b:181359683
TEST=./test_all
Change-Id: I2ce61992d5cfe6eb5dc3f0ec61920dcc5455ca40
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141772
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
This CL adds a vhost user FS device to crosvm. The implementation
requires the following arguments:
--socket = a path to a unix socket crosvm is going to connect to
--tag = a virtio fs tag to mount within the VM
--shared-dir = path to the shared directory
Optional arguments are:
--uid-map = UID translation from inside the VM to the outside
--gid-map = GID translation from inside the VM to the outside
Example command:
crosvm device fs --socket $HOME/test --tag fs-tag --shared-dir $DIR
crosvm run --vhost-user-fs=$HOME/test:fs-tag ...
BUG=b:179636297
TEST=launch fs device and verified that mounted directory works
Change-Id: Icab9e4be65092ef817006408b50bb3bf35033c62
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3062161
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Morg <morg@chromium.org>
Commit-Queue: Morg <morg@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
When skipping descriptors in the next_descriptor() helper function, we
advance the offset in the input bytestream by adding the user-controlled
bLength field. If bLength was 0, next_descriptor() would get stuck in a
loop and never return.
Add a check for this case as well as a unit test based on the failing
fuzzer input.
BUG=b:198320695
TEST=cargo test -p usb_util
TEST=cros_fuzz
Change-Id: Iec130a33b28f05219907265b7acafa9ee3791c1a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3155363
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Both libraries have previously been built as part of
ci/build_environment/Makefile. This CL moves that behavior into the
build.rs file of rutabaga_gfx.
This is the last third party dependency that we need to build from
source, and allows us to build/test on the host machine instead of
requiring the builder container.
It also allows us to greatly simplify the builder containers, which
I will do in a follow-up CL as we also need to upgrade them to bullseye.
This CL uprevs virglrenderer to include:
https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/609
and minigbm to include: https://crrev.com/c/3141018
BUG=b:196059146
TEST=./test_all && ./run_tests --run-privileged
Change-Id: I4442ccc991d13a3fcfa224de50e916b3926f0cb4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141771
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Tested-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Update to the latest version of vmm_vhost to pick up the API change.
Also fix clippy errors in the gpu device.
BUG=b:179755651
TEST=cargo build
Change-Id: Ia42681aee1d92f38dfcca1fbf87e8cfd7ac15d95
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3151109
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The Cargo.toml originally requested edition = 2021, which is not
available in a released version of Rust yet.
BUG=None
TEST=`cargo build` without the real system_api
Change-Id: I9577301b6bfb83cafd5fd9bb0ec5024b385b324e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3145914
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>
Commit-Queue: Ryo Hashimoto <hashimoto@chromium.org>
Fixes Rust 1.53+ warnings when building crosvm:
warning: lint `safe_packed_borrows` has been renamed to `unaligned_references`
BUG=None
TEST=cargo build
Change-Id: If2d2852e0fc20e6afd7fe8e712a2718b640f052b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3145915
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
This removes the minijail build from build_environment, which will
cause the minijail-sys crate to build it from source.
Minijail is upreved to include https://r.android.com/1815277
BUG=b:198305518
TEST=./test_all
Change-Id: I38c46c2a7df43e3d3a94ae0c5f8a9aae2abd3555
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141770
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
A NV12 frame is made of one Y plane at full resolution, and one plane
include one U and one V component for each four pixels. Thus the size of
the second plane should be half of that of the first one.
This is important to get right as ffmpeg conversion functions wil rely
on this information and will fail if the computed size is bigger than
the target buffer.
BUG=b:161774071
BUG=b:169295147
TEST=Android Youtube plays properly on Hatch.
Change-Id: I4196983389def3a4914c076d68067874041fab55
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3023743
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
The fsverity_enable_arg struct contains optional pointers to additional
data. Check for them and try to copy them in if necessary. This
requires a corresponding kernel change where the fuse driver also
reads the struct and copies the relevant data from the userspace
application.
Steps to test this change:
// Create a test file
head -c 1000000 /dev/urandom > file
// Generate a new certificate and private key:
openssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -out cert.pem
// Convert the certificate from PEM to DER format:
openssl x509 -in cert.pem -out cert.der -outform der
// Load the certificate into the fs-verity keyring. This step MUST be
// done on the host kernel.
keyctl padd asymmetric '' %keyring:.fs-verity < cert.der
// Now set up fs-verity on the test file:
fsverity sign file file.sig --key=key.pem --cert=cert.pem \
--salt 12345678
fsverity enable file --signature=file.sig --salt 12345678
BUG=b:141632062
TEST=See above
Change-Id: Ied7106cfbd2919f1f0c7f605166769d4916925b0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141298
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Only change the device uid/gid in the sandbox when it is not 0.
Otherwise, running crosvm as root makes minijail complain:
libminijail[16370]: useless change to uid 0
BUG=none
TEST=run crosvm as root
Change-Id: Ida4b0e772ed000d3e42f77012af9d2505f64d92a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3141297
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Fergus Dall <sidereal@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Rather than mapping past the end of the file when using a pmem backing
file that is not 2 MiB aligned, use an anonymous mapping to fill the
remaining part of the arena.
This partially reverts https://crrev.com/c/2153103 while keeping the
effective change: the anonymous mapping used to fill the padding is now
added with the same protection as the file mapping.
Also handle images that are not a multiple of the page size (typically
4096 bytes) - the memory mapping on the host will handle zero-filling
reads and discarding writes past the end of the mapped file as long as
we map a size containing the partial last page.
BUG=chromium:1244217
TEST=Boot crosvm with non-2MB aligned pmem disk; read the last few bytes
TEST=./test_all
Change-Id: Ibe8da170175bb9befce924122b912a28a6dc0e7b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3131444
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
On all architectures, KVM_CREATE_VM takes an argument known
as the 'machine type identifier'. This machine type is
architecture dependent, and the documentation helpfully says:
You probably want to use 0 as machine type.
So let's do that.
Change-Id: I8a8a0f7b78e32012c5ab841097c05a02fe0532ff
Signed-off-by: Marc Zyngier <mzyngier@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3124676
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Andrew Walbran <qwandor@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
This enables the bios to read kernel command line parameters
from crosvm and pass them to the kernel that it loads.
BUG=b:195323844
TEST=pass --params through uboot to Linux
Change-Id: I306bb16421393583edc8b0dbdb3198a5b3cc0377
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3140277
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Tom Cherry <tomcherry@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The `num_idle` field of the shared state between BlockingPool worker
threads can underflow in the following case:
* state.num_idle == 2.
* We spawn 2 new tasks into the BlockingPool.
* Both idle worker threads are woken up. `state.num_idle` goes to 0.
* The first worker thread wakes up and pulls a task from the queue.
That task finishes very quickly so the worker thread pulls the second
task from the queue before the second worker thread is scheduled.
* The second worker thread is scheduled. It sees that
`s.tasks.is_empty() == true` so it goes back to waiting on the
Condvar.
* The second worker thread's wait times out and it tries to decrement
`state.num_idle` leading to underflow.
Fix this by adding a `num_notified` field to the shared worker state.
This field acts like a counter for the number of idle worker threads
that have been woken up.
When an idle thread is waiting on a Condvar, rather than checking if the
task queue is empty, it will instead check if num_notified > 0. When an
idle worker thread observes that num_notified > 0 it decrements it by 1
and then goes back to processing tasks from the queue. num_idle is only
decremented when num_notified is 0.
Change the num_idle decrement to a checked_sub so that we can catch it
even when -Coverflow_checks=off. Also add a test for this case. This
test consistently panics without the num_notified changes.
BUG=none
TEST=unit tests
Change-Id: Ia1b348605e0d02415635cdd023db1c10201ab661
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3139159
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
A new command line parameter to specify privileged UIDs.
If the requester UID is privileged, PassthroughFs uses D-Bus to set
quota project ID.
BUG=b:190791826
TEST=build
Cq-Depend: chromium:3129049,chromium:3129048
Change-Id: Ie27f200e8c651be6a5503f69e7b784c5e8f968ea
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3014623
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryo Hashimoto <hashimoto@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Enable with `--cras-snd`.
Verified:
Basic playback and capture
Missing features:
* Getting chmap/jack/stream info from CRAS. They are hardcoded for now.
* Jack connect/disconnect notifications from CRAS
* Reporting latency bytes to the driver. It is currently hardcoded to 0.
BUG=b:179757101
TEST=`aplay` and `arecord` inside a debian img with a 5.10 kernel built
with virtio snd support. Launched with crosvm on rammus/kukui/hatch
Change-Id: I240000a92418b75b3eb8dcd241ff320214b68739
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2777991
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Woody Chow <woodychow@google.com>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
Also removes the use of the hermetic flag in favor of not failing the
build if the submodule is not checked out.
This allows us to remove the tpm2 build from the build_environment
Makefile.
BUG=b:198293072
TEST=./test_all
Change-Id: Ide81e78efe0da3a1b64d4b8ef094a2e901f99ccf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3133623
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
The virtio gpu resource used as a ring buffer for sending
CROSS_DOMAIN_CMD_GET_IMAGE_REQUIREMENTS responses back to the
guest is created with VIRTGPU_BLOB_MEM_GUEST. Because of this, it
is initially created with via a resource_create_blob() without a
ctx_id. The rutabaga backend routes resource_create_blob() requests
without a ctx_id to the default component which is Gfxstream on
Cuttlefish. The Gfxstream component needs to attach the backing
iovecs to the RutabagaResource in order for CrossDomainContext to
eventually take ownership of them.
BUG=b:189133053
TEST=launch Cuttlefish w/ cross domain
Change-Id: I1779fcae2c612dae55ca66fe61a5d2f966cedc1d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3131442
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Jason Macnak <natsu@google.com>
Prevent the dependency build process from leaving untracked files in the
working copy when running test_all.
BUG=None
TEST=./test_all
Change-Id: Ia9dca114ffe98e73f9858795657a3864deab9d3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3119699
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
- Use new VulkanImageAspect
- Use new vulkano::device::physical namespace
- Replace 'loaded_extensions' with 'enabled_extensions'
- Handle 'device_type' change
- Remove u64 to usize casts for DeviceMemoryBuilder
- Extension name update
BUG=b:189133053
TEST=build
Change-Id: I99d319b3eff534d1c4b93db9d7d64d2a95074d19
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3131446
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Auto-Submit: Jason Macnak <natsu@google.com>
Commit-Queue: Jason Macnak <natsu@google.com>
Replace the uses of read_struct() and read_struct_slice() with the
safe DataInit::from_reader() implementation.
BUG=b:197263364
TEST=./test_all
TEST=Boot bzImage kernel
TEST=Boot raw ELF kernel extracted with extract_vmlinux
Change-Id: I80f98243bfb58a7ae93e1686bc4d92b0cd485cda
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3108249
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Some devices need to have their current uid mapped in their sandbox
for bind mounts to work as expected. Currently crosvm looks up the
uid/gid for "crosvm" and maps that.
This logic is dubious anyway, since crosvm should be using whatever
user/group it was started under rather then trying to switch (which is
a priviliged operation), but putting concierge in a user namespace
breaks it entierly because the crosvm user gets remapped to a
different numeric value.
Replace the current approach with mapping the current euid/egid,
whatever it may be.
BUG=chromium:1240116
TEST=Manually tested
Change-Id: I0e9b95ed04834da1adedb72bee52ac4359f06041
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3105907
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Allen Webb <allenwebb@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
