mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-24 12:34:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/Cargo.toml
Shintaro Kawamura b5a9833d97 swap: send userfaultfd via Tube on device process fork 
This implements the equivalent logic on crosvm as
UFFD_FEATURE_EVENT_FORK. When each device process forks, the ProxyDevice
creates userfaultfd and send it to the monitor process by
SwapController::on_process_forked().

Crosvm does not have any child processes which may access the guest
memory except device processes as of now. Crosvm forks
virgl_render_server, but the mmap is not preserved in the process on
execve(2) since it is a different binary. Also no device process forks
grandchild processes according to the seccomp policy.

We actually can't use UFFD_FEATURE_EVENT_FORK because the feature does
not support non-root user namespace (go/uffd-fork-user-ns) and ARCVM
runs in a non-root user namespace.

This also adds syscalls to seccomp policies for devices to allow the
processes to create and setup a userfaultfd.

BUG=b:266641923
TEST=manually tested

Change-Id: Ide3088e1e95ae3c8259e3f4324124b3376e760b7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4194228
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
2023-02-01 00:47:52 +00:00

470 lines
14 KiB
TOML
Raw Blame History

[package]
name = "crosvm"
version = "0.1.0"
authors = ["The ChromiumOS Authors"]
edition = "2021"
default-run = "crosvm"
# b:223855233
resolver = "1"
[[bin]]
name = "crosvm"
path = "src/main.rs"
[[bin]]
name = "crosvm-direct"
path = "src/main.rs"
required-features = [ "direct" ]
[profile.release]
panic = 'abort'
overflow-checks = true
[profile.release-test]
inherits = 'release'
panic = 'unwind'
# Reproduces the options used when building crosvm for ChromeOS.
[profile.chromeos]
inherits = "release"
opt-level = "s"
strip = "symbols"
# Enables LTO to further reduce the size of the binary.
[profile.lto]
inherits = "chromeos"
lto = true
[workspace]
# Explicitly list all crates of crosvm as workspace members since not all of them may be referenced
# by dependencies.
members = [
"aarch64",
"acpi_tables",
"anti_tamper",
"arch",
"argh_helpers",
"base",
"bit_field",
"broker_ipc",
"common/audio_streams",
"common/balloon_control",
"common/cros_asyncv2",
"common/cros-fuzz",
"common/data_model",
"common/p9",
"common/sync",
"crash_report",
"cros_async",
"cros_fdt",
"cros_tracing",
"crosvm_cli",
"crosvm_control",
"crosvm_plugin",
"crosvm-fuzz",
"devices",
"disk",
"e2e_tests",
"fuse",
"gpu_display",
"hypervisor",
"io_uring",
"kernel_cmdline",
"kernel_loader",
"kvm_sys",
"kvm",
"libcras_stub",
"linux_input_sys",
"media/cros-codecs",
"media/ffmpeg",
"media/libva",
"media/libvda",
"metrics",
"net_sys",
"net_util",
"power_monitor",
"prebuilts",
"protos",
"proto_build_tools",
"qcow_utils",
"resources",
"rutabaga_gfx",
"serde_keyvalue",
"swap",
"system_api",
"third_party/vmm_vhost",
"tools/impl/catapult_converter",
"tpm2-sys",
"tpm2",
"usb_sys",
"usb_util",
"vfio_sys",
"vhost",
"virtio_sys",
"vm_control",
"vm_memory",
"x86_64",
]
# Exclude crates from crosvm builds completely. Avoid using this if possible as crates added here
# will not be tested in CI and may break at any time.
exclude = [
"sandbox",
"tools/audio_streams_conformance_test",
"tools/examples/baremetal",
"tube_transporter",
"win_audio",
"win_util",
]
[features]
## Default features of crosvm. This selection is somewhat arbitrary for historical reasons.
default = ["audio", "balloon", "config-file", "document-features", "gpu", "qcow", "usb"]
## Enables support for the Android [sparse image format](https://android.googlesource.com/platform/system/core/+/HEAD/libsparse/sparse_format.h)
## in the block device.
android-sparse = ["disk/android-sparse"]
## Enables cross-platform audio devices
audio = ["devices/audio"]
## Enables the virtio-balloon device which allows dynamic scaling of memory via `vm_control`
## commands. See [Balloon Device](https://crosvm.dev/book/devices/balloon.html) for more
## information.
balloon = ["devices/balloon", "vm_control/balloon"]
## Enables the composite-disk format, which adds protobufs as a dependency of the build. This format
## is intended to speed up crosvm's usage in CI environments that might otherwise have to
## concatenate large file system images into a single disk image.
composite-disk = ["protos/composite-disk", "protobuf", "disk/composite-disk"]
## Enables support for JSON configuration files that can be specified using `--cfg`. See
## [Configuration Files](https://crosvm.dev/book/running_crosvm/options.html#configuration-files)
## for more information.
config-file = []
## Enables using gdb to debug the guest kernel. See
## [GDB Support](https://crosvm.dev/book/running_crosvm/advanced_usage.html#gdb-support) for more
## information.
gdb = [
"aarch64/gdb",
"arch/gdb",
"gdbstub",
"gdbstub_arch",
"vm_control/gdb",
"x86_64/gdb",
]
## Enables a panic handler that writes panic info to the `RUST_PANIC_SIG` memfd.
panic-memfd = []
## Enables the use of the qcow format for block devices.
qcow = ["disk/qcow"]
## Enables vmm-swap of guest memory. This is only available on Linux.
swap = ["aarch64/swap", "arch/swap", "devices/swap", "vm_control/swap", "x86_64/swap", "dep:swap"]
## Enables collection of VM statistics.
stats = ["devices/stats"]
## Enables trusted platform module emulation for the guest. This relies on the software emulated
## TPM implementation from libtpm2 which is suited only for testing purposes.
tpm = ["devices/tpm"]
## Enables USB host device passthrough via an emulated XHCI controller.
## USB is supported only on unix/linux. The feature is a no-op on windows.
usb = ["devices/usb"]
## Enables the non-upstream virtio wayland protocol. This can be used in conjuction with the gpu
## feature to enable a zero-copy display pipeline.
wl-dmabuf = ["devices/minigbm"]
## Enables the usage of the X11 protocol for display on the host.
x = ["devices/x"]
#! ### Graphics features
## Enables basic virtio-gpu support. This includes basic display and input features, but lacks 3D
## acceleration in the absence of other crosvm features.
gpu = ["devices/gpu", "gpu_display", "vm_control/gpu"]
## Enables 3D acceleration for guest via the gfxstream protocol over virtio-gpu. This is used for
## compatibility with the Android Emulator. The protocol provides the best speed and compatibility
## with GL/vulkan versions by forwarding the guest's calls to the host's graphics libraries and GPU.
## However, this means the sandbox is not enabled for the virtio-gpu device.
gfxstream = ["devices/gfxstream"]
## Adds a stub implementation of gfxstream to allow us to compile the gfxstream feature without
## access to the gfxstream library.
## Note that this feature only allows compilation of gfxstream and will not be functional at
## runtime.
gfxstream_stub = ["rutabaga_gfx/gfxstream_stub"]
## Enables 3D acceleration for the guest via the virglrenderer library over virtio-gpu.
virgl_renderer = ["devices/virgl_renderer"]
## Enables in development features of virglrenderer to support newer OpenGL versions.
virgl_renderer_next = ["devices/virgl_renderer_next", "rutabaga_gfx/virgl_renderer_next"]
#! ### Video features
#!
#! See [Video Device](https://crosvm.dev/book/devices/video.html) for more information.
## Enables the video decoding device
video-decoder = ["devices/video-decoder"]
## Enables the video encoding device
video-encoder = ["devices/video-encoder"]
## Enables the ffmpeg backend of video devices.
ffmpeg = ["devices/ffmpeg"]
# Enables the VAAPI backend of video devices.
vaapi = ["devices/vaapi"]
#! ### Linux-specific feature flags
## Enables the Linux trace_marker backend for cros_tracing. This backend is only
## supported on Linux systems. It sends all cros_tracing tracepoints to the tracefs
## filesystem if mounted, for easier debugging with tools like trace-cmd.
trace_marker = ["cros_tracing/trace_marker"]
#! ### Windows-specific feature flags
#!
#! These feature flags are only available on Windows builds of crosvm.
## Enables the use of the HAXM hypervisor
haxm = ["hypervisor/haxm"]
## Enables the use of the WHPX hypervisor
whpx = ["devices/whpx", "hypervisor/whpx"]
## Enables a libslirp based network device. Currently only supported on Windows.
slirp = ["devices/slirp", "net_util/slirp"]
#! ### Non-additive feature flags
#!
#! These feature flags change the behavior of crosvm instead of adding functionality.
#! This is deprecated and will be phased out.
## Run crosvm with `--disable-sandbox` by default.
default-no-sandbox = []
## Special build of crosvm for ChromeOS that only supports direct device passthrough.
direct = ["balloon", "devices/direct", "arch/direct", "x86_64/direct"]
#! ### Project specific features
#!
#! These features are specific to downstream projects and may not be functional or useful
#! for standard linux builds of crosvm.
#! They are however enabled in upstream builds for compile and test coverage in CI.
#! #### ChromeOS
#!
#! These features will only be functional in ChromeOS builds running on ChromeOS.
## Enables virtio-fs quota reporting for ARCVM. Requires access to the
## org.chromium.ArcQuota dbus service.
arc_quota = ["devices/arc_quota"]
## Enables use of the ChromeOS audio server. ChromeOS builds will replace libcras_stub with an
## implementation that talks to the audio server. In upstream builds, using this option will panic.
audio_cras = ["devices/audio_cras"]
## Enables the VDA backend of the video devices. This feature requires the ChromeOS only
## libvda library and can be compiled but not linked. See b/244619291.
libvda = ["devices/libvda"]
## Builds the VDA video backend with a set of no-ops stubs instead of linking with libvda, which is
## only available on ChromeOS.
libvda-stub = ["devices/libvda-stub"]
## Enables the crosvm plugin API where functionality is provided via a FFI plugin API.
## This feature is used to integrate Parallels with crosvm and is not functional upstream.
plugin = ["protos/plugin", "crosvm_plugin", "kvm", "kvm_sys", "protobuf"]
## Enables battery reporting via the ChromeOS powerd. Requires access to the
## `org.chromium.PowerManager` dbus service.
power-monitor-powerd = ["arch/power-monitor-powerd"]
## Enables a virtualized TPM device that uses the `org.chromium.Vtpm` dbus service.
vtpm = ["devices/vtpm"]
#! #### Windows-future
#!
#! These features will only be functional in future builds of windows crosvm.
## Enables reporting of crosvm crashes
crash-report = ["broker_ipc/crash-report", "crash_report"]
#! ### Platform Feature Sets
#!
#! These feature flags enable all features that are supported for a given platform.
#! Note that these may include project specific features that will not be functional at runtime but
#! are enabled for compile and test coverage.
## All features that are compiled and tested for aarch64
all-aarch64 = [
"android-sparse",
"arc_quota",
"audio_cras",
"chromeos",
"composite-disk",
"crash-report",
"default",
"ffmpeg",
"gdb",
"gfxstream",
"gfxstream_stub",
"libvda-stub",
"panic-memfd",
"power-monitor-powerd",
"slirp",
"swap",
"trace_marker",
"tpm",
"vaapi",
"video-decoder",
"video-encoder",
"virgl_renderer_next",
"virgl_renderer",
"vtpm",
"wl-dmabuf",
"x",
]
## All features that are compiled and tested for x86_64
all-x86_64 = ["all-aarch64", "plugin", "scudo"]
## All features that are compiled and tested for armhf
## Note: This platform is deprecated and will be phased out.
all-armhf = [
"android-sparse",
"composite-disk",
"default",
"gdb", # no effect because gdb is not supported for armhf
"libvda-stub",
"tpm",
]
## All features that are compiled and tested for mingw64
all-mingw64 = [
"android-sparse",
"audio",
"balloon",
"crash_report",
"gpu",
"haxm",
"slirp",
"stats",
]
## All features that are compiled and tested for msvc64
all-msvc64 = [ "all-mingw64" ]
## All features that are enabled in ChromeOS builds.
all-chromeos = ["base/chromeos", "audio_cras", "devices/chromeos", "panic-memfd", "arc_quota", "vtpm"]
# Deprecated feature flag. Remove after ChromeOS-side is updated.
chromeos = ["all-chromeos"]
[dependencies]
anyhow = "1.0.32"
arch = { path = "arch" }
argh = "0.1"
argh_helpers = { path = "argh_helpers" }
audio_streams = "*"
base = "*"
bit_field = { path = "bit_field" }
broker_ipc = { path = "broker_ipc" }
cfg-if = "1.0.0"
crash_report = { path = "crash_report", optional = true }
cros_async = { path = "cros_async" }
cros_tracing = { path = "cros_tracing" }
crosvm_cli = { path = "crosvm_cli" }
crosvm_plugin = { path = "crosvm_plugin", optional = true }
data_model = "*"
devices = { path = "devices" }
disk = { path = "disk" }
document-features = { version = "0.2", optional = true }
enumn = "0.1.0"
gdbstub = { version = "0.6.3", optional = true }
gdbstub_arch = { version = "0.2.4", optional = true }
rutabaga_gfx = { path = "rutabaga_gfx"}
hypervisor = { path = "hypervisor" }
kernel_cmdline = { path = "kernel_cmdline" }
kernel_loader = { path = "kernel_loader" }
kvm = { path = "kvm", optional = true }
kvm_sys = { path = "kvm_sys", optional = true }
libc = "0.2.93"
libcras = "*"
# Compile out trace statements in release builds
log = { version = "0", features = ["release_max_level_debug"]}
merge = "0.1.0"
metrics = { path = "metrics" }
net_util = { path = "net_util" }
once_cell = "1.7"
protobuf = { version = "2.3", optional = true }
protos = { path = "protos", optional = true }
remain = "*"
resources = { path = "resources" }
scudo = { version = "0.1", optional = true }
serde = "*"
serde_json = "*"
serde_keyvalue = { path = "serde_keyvalue", features = ["argh_derive"] }
static_assertions = "1.1"
sync = { path = "common/sync" }
tempfile = "3"
thiserror = { version = "1.0.20" }
uuid = { version = "0.8.2", features = [ "serde" ] }
vhost = { path = "vhost" }
vm_control = { path = "vm_control" }
acpi_tables = { path = "acpi_tables" }
vm_memory = { path = "vm_memory" }
[target.'cfg(target_arch = "x86_64")'.dependencies]
x86_64 = { path = "x86_64" }
[target.'cfg(any(target_arch = "aarch64", target_arch = "arm"))'.dependencies]
aarch64 = { path = "aarch64" }
[target.'cfg(unix)'.dependencies]
minijail = "*" # provided by ebuild
p9 = "*"
[target.'cfg(target_os="linux")'.dependencies]
swap = { path = "swap", optional = true }
[target.'cfg(windows)'.dependencies]
anti_tamper = { path = "anti_tamper" }
cros_async = { path = "cros_async" }
ctrlc = "*"
futures = "0.3"
gpu_display = { path = "gpu_display", optional = true }
rand = "0.8"
sandbox = { path = "sandbox" }
cros_tracing = { path = "cros_tracing" }
tube_transporter = { path = "tube_transporter" }
winapi = "*"
win_audio = { path = "win_audio"}
win_util = { path = "win_util"}
[build-dependencies]
cc = "*"
which = "4"
[dev-dependencies]
base = "*"
rand = "0.8"
[patch.crates-io]
audio_streams = { path = "common/audio_streams" }
base = { path = "base" }
cros_async = { path = "cros_async" }
cros_fuzz = { path = "common/cros-fuzz" } # ignored by ebuild
data_model = { path = "common/data_model" }
libcras = { path = "libcras_stub" } # ignored by ebuild
p9 = { path = "common/p9" } # ignored by ebuild
sync = { path = "common/sync" }
wire_format_derive = { path = "common/p9/wire_format_derive" } # ignored by ebuild
minijail = { path = "third_party/minijail/rust/minijail" } # ignored by ebuild
Reference in a new issue View git blame Copy permalink