When specified, log messages printed to stderr will not include
timestamps. Syslog messages always include timestamps regardless
of this flag.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use rand::random() or rand::Rng::fill() in place of the now-removed
OsRng.fill_bytes(), note that the generic function now supports arrays
of any length.
Replace the deprecated rand::thread_rng() with its new name rand::rng()
or with new alternatives such as rand::random_range() where appropriate.
In fuzz/, update the impl of rand_core::RndCore which now does not
require implementing try_fill_bytes() (moved to TryRndCore) so remove it
as the function was only used by unit tests (which can also be removed).
As a result, CrosVM now follow the clean split of all client code only
depending on rand::Rnd (no imports of RndCore left) and the one provided
(FuzzRng) uses the rand_core crate, as recommended by the crate docs.
BUG=b:460349550
TEST=tools/presubmit
Change-Id: Icf0121297efcb0388e8aab17394c21457edbb119
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/7253053
Auto-Submit: Pierre-Clément Tosi <ptosi@google.com>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Pierre-Clément Tosi <ptosi@google.com>
Introduce a device emulating the Arm SMCCC TRNG spec (DEN0098), intended
to expose a source of true entropy to the guest through an SMC/HVC
interface, typically implemented by firmware. The main use-case for this
device is to exercise the CrosVM infrastructure supporting hypercalls
without depending on Android-specific features. Drivers are available in
(guest) Linux v5.12+.
Implement a backend for AArch64 KVM, compatible with (host) Linux v6.4+.
Expose the optional device through the cmdline flag --smccc-trng.
BUG=b:460349550
TEST=tools/presubmit
Change-Id: I6721eadad29a51c0f31ace1d54c4deb2c213d45a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/7253052
Auto-Submit: Pierre-Clément Tosi <ptosi@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Frederick Mayle <fmayle@google.com>
The generic function is already available in the current version (0.8.5)
while 0.9.x has deprecated thread_rng and removed OsRng.fill_bytes().
Therefore, use it to replace those (equivalent) to reduce as much as
possible the size of the upcoming CL bumping the dependency version.
Note: No functional change intended.
BUG=b:460349550
TEST=tools/presubmit --all
Change-Id: Ic321aea4595dcc0e087a15b68492686a5c4043c3
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/7209063
Auto-Submit: Pierre-Clément Tosi <ptosi@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Pierre-Clément Tosi <ptosi@google.com>
To prepare for Rust toolchain uprev, ran `tools/clippy --fix` with
Rust 1.88 for each platform.
To build with the current Rust version 1.81, some changes with unstable
features were manually reverted.
BUG=b:455879436
TEST=CQ
Change-Id: I4a91460d4fc2de5d7afbc2da04b7f7765219bb2e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/7089630
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Using the 64-bit KVM API from 32-bit Arm userspace was only possible on
ChromeOS due to a kernel hack that enabled the KVM compat ioctl with no
translation (so it passed through structs directly to the 64-bit host
kernel). This never worked on an unmodified upstream Linux kernel.
All supported Arm-based ChromeOS boards have been migrated to 64-bit
userspace, so we can drop the 32-bit Arm host support code.
BUG=b:452696537
TEST=crosvm CQ
TEST=ChromeOS CQ with crrev.com/c/7094556
Change-Id: I254bc4dbe7f760403cd93f37cc5fdcada23cd483
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6542041
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Replaces --lock-guest-memory-dontneed (assumed to have no users since it
was just added for Android recently).
`MADV_DONTNEED_LOCKED` doesn't eagerly complete all the steps to free
the memory. In practice, we see that, even though the process' RSS goes
down, the /proc/meminfo memavailable stat doesn't go back up, making it
seem like VMs have a worse overall impact on general memory availability
than is truly the case. Instead, this new option uses `fallocate` with
`FALLOC_FL_PUNCH_HOLE` on the underlying file.
Originally deployed in a hackier form in Android with Change-Id
I872f9051afe165b7e10f8a397792268e158e0e33.
BUG=b:413829005
Change-Id: Ie328b68a43ea689dc626673b43a4aac4ae4ed62e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/7040142
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
Otherwise the error would almost never be logged.
The worker thread body is moved into a function to simplify error
handling. Only has whitespace changes.
Change-Id: Ib853a1ce099e0d2110eb2c6f8b03c104a4556006
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6870987
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Auto-Submit: Frederick Mayle <fmayle@google.com>
Decoding the signo/status/code triple is non-trivial and the numbers can
vary by platform.
Before
ERROR crosvm::crosvm::sys::linux] child pid 1812415 exited: signo 17, status 31, code 3
After
ERROR crosvm::crosvm::sys::linux] child pid 1866855 killed by signal 31 (Bad system call)
Change-Id: I6e9c01f726b6341de61bd20530add58a0c22ddf4
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6851343
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Auto-Submit: Frederick Mayle <fmayle@google.com>
When a vhost-user backend device exits unexpectedly, a VM previously
caused unwrap() and died with SIGABRT.
This change allows vhost-user frontend to send a message to the main VM process
when its worker detects a backend disconnection so the main process can
exits with `CommandStatus::VmCrash`.
BUG=b:435603289
TEST=kill vhost-user backend device. Then, VM exited with 33.
Change-Id: I77e8a65e01850441a7d66fd70854a880ee86b703
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6817819
Auto-Submit: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Frederick Mayle <fmayle@google.com>
Only the main Cargo.toml file gets the magic comment processing; other
crates had these comments, but they did nothing, so remove them.
Change-Id: I1d615a8d1005f40e89fd8aad9c1be10f40c9ab93
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6490092
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Cody Schuffelen <schuffelen@google.com>
Reviewed-by: Richard Zhang <rizhang@google.com>
The previous compare_object_handles() implementation would call
LoadLibrary("Kernelbase") once and cache the result, but it would still
call GetProcAddress("CompareObjectHandles") each time it was called.
Similarly, the nt_query_timer_resolution() and nt_set_timer_resolution()
functions would call GetProcAddress() each time they were called.
Instead, cache the result of the GetProcAddress() calls.
Additionally, simplify the fallback code used when the dynamically
loaded library or functions are not available by substituting the
function pointer with a pointer to a stub implementation that matches
the calling convention of the real API, rather than checking for NULL on
each call.
This also eliminates static_mut_refs warnings in upcoming Rust versions
by using OnceLock rather than Once plus a static mut MaybeUnint:
<https://doc.rust-lang.org/rustc/lints/listing/warn-by-default.html#static-mut-refs>
Change-Id: I9142e0ab08b67c47d7bb56b744ca2c41ad25189e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6456243
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
`--lock-guest-memory` uses `mlock` on the guest memory and then
`MADV_REMOVE` to free ranges, but `MADV_REMOVE` cannot be used on locked
memory ranges, so it requires sandboxing to be enabled and only performs
the `MADV_REMOVE` calls from the sandboxed balloon process (memory locks
are implicitly release on fork).
The new `--lock-guest-memory-dontneed` added in this commit uses
`MADV_DONTNEED_LOCKED`, which essentially does the same thing as
`MADV_REMOVE`, but it works correctly on locked ranges and so doesn't
require sandboxing. The downside is that it requires a 5.18 or newer
kernel.
BUG=b:407786138
Change-Id: Ib8e24d647a97b98abf5b3ba6b0356c9d9999a378
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6451457
Commit-Queue: Frederick Mayle <fmayle@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
These were stabilized in Rust 1.80, so we can drop the external crate
and use the standard library implementation now that we have Rust 1.81.
Change-Id: I31daf78c67f7454f6e260b83fc386f955102d08c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5321451
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
In preparation for migration to std::sync::OnceLock, replace usage of
get_or_try_init(), since the standard library version of that function
is not stabilized yet. Use get_or_init() in its place, and store the
result of the initialization so future attempts do not need to retry.
Change-Id: I7727b6f9319982054d8633eca1eb1bd2b04c079b
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5321448
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Frederick Mayle <fmayle@google.com>
The current way of calculating the offset of a member in sockaddr_un
creates a reference from a null pointer, which is UB. This change
migrates to the std::mem::offset_of! macro.
Change-Id: Ia591bd1bfb962f8d8a8645eb63c5510b576d2480
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6328039
Auto-Submit: Bastian Kersting <bkersting@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
The Event code was using MaybeUninit to initialize a HANDLE value, and
it was being used incorrectly (calling as_mut_ptr() on a temporary
that would be dropped by the time it was used). This didn't really
matter in practice, since event_clone is passed by reference as an
output-only parameter to DuplicateHandle(), but it's simpler to just
initialize the HANDLE to INVALID_HANDLE_VALUE (-1) instead.
Fixes a new warning in Rust 1.84:
"error: a dangling pointer will be produced because the temporary
`std::mem::MaybeUninit<libc::c_void>` will be dropped"
Change-Id: I1b56138c4605a21755f2f27e4e772142630157a8
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6266468
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Updates both container and testvm to the latest version and
fixes issues arising from that.
- Uprev some runtime dependencies in cloud_init
- Fix testvm Makefile to use same directory for artifacts
as testvm.py
- Run ext2 test_mkfs_xattr as sudo to allow modification of selinux
attributes
- Re-format a couple of files with latest versions of formatters
- Use `cp -u` instead of rsync, because for some mysterious reason
rsync gets permission errors in CI that cannot be reproduced
locally.
BUG=b:395695390
TEST=dev_container presubmit --no-delta all
Change-Id: Idff5bf4b15c21ecce883ae9213c50caa4f548353
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6254015
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
It seems like a legit bug, sometimes the timer goes off too early on
Windows. Doesn't reproduce on wine.
BUG=b:363125486
Change-Id: I9277fb1d453511b9192aea22dbcb97a9695220cd
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6240846
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Frederick Mayle <fmayle@google.com>
On Windows, ERROR_MORE_DATA is not really an error. It means
there's more data on the pipe, and it can be read in a subsequent
call. Despite this, we've been treating as an error at the named
pipe library level, and then working around it in consumers that
need to allow those errors. This CL does a couple things:
* Switches PipeConnection to ignore ERROR_MORE_DATA and return
a successful read.
* Remove all handling of ERROR_MORE_DATA in other parts of CrosVM.
* Documents that Unix's version of ERROR_MORE_DATA (as implemented
by us) is destructive and requires special handling.
BUG=b:296138586
TEST=tested downstream
Change-Id: Ie9d6131fe8043b757466cb1d00743a4e88356943
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6086137
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Noah Gold <nkgold@google.com>
This CL adjusts c9628cf0da, which we
previously ran into with on Windows. The core issue is explained in the
CL comments: converting broken pipe into a successful zero byte read
doesn't work well with overlapped operations.
As part of this change, we also had to disambiguate zero byte writes to
named pipes (which result in successful zero byte reads that are NOT
EOF). These operations generally should not occur in CrosVM, but are
possible if communicating with other named pipe peers.
BUG=b:363357271
TEST=builds & also tested downstream
Change-Id: I0f95e82609cbdfa5bcd4b578c6b7043b77459e37
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6085322
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Noah Gold <nkgold@google.com>
Rather than accepting a StreamChannel and then failing at runtime if
passed a byte-oriented stream rather than a message-oriented stream, we
can make the unix platform-specific Tube code accept a UnixSeqpacket
directly, moving the check to compile time.
Since Tube no longer wraps StreamChannel, we can also remove the unix
platform-specific peek_size() and from_unix_seqpacket() functions that
were only used by Tube.
BUG=None
TEST=tools/dev_container tools/presubmit
Change-Id: Idcb4b459ff408abee25436f9c5065507eb031c79
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6068213
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Noah Gold <nkgold@google.com>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Add the minimal allow(dead_code) and feature declarations to allow the
clippy checks to pass for Windows with Rust 1.81.
BUG=b:365852007
TEST=tools/presubmit clippy_mingw64
Change-Id: I9ab776b07d8e9e14fe380d9b5ef1fa332788ff63
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6013080
Reviewed-by: Kaiyi Li <kaiyili@google.com>
Reviewed-by: Noah Gold <nkgold@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
... by serializing/deserializing the map as a series of kv pairs
to avoid `key must be a string` errors with JSON.
Bug: b/369615058
Test: cvd start --enable_virtiofs=false
Test: cvd snapshot_take --snapshot_path=/tmp/snapshot1
Test: cvd create --snapshot_path=/tmp/snapshot1
Change-Id: I037e8e3659b52fa2983712425381431a0bebab87
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5917178
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Jason Macnak <natsu@google.com>
It is used to optionally set the name of the VM. It can be useful when
there are multiple crosvm processes running and we want to distinguish
them. This is especially a must in Android which uses process name for
the resource attribution purpose.
BUG=b/375094126
TEST=tools/dev_container tools/presubmit
Change-Id: Id4af3b8f2b216ad3239a4467a0c30a4630d44a73
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5955889
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Jiyong Park <jiyong@google.com>
Add a utility function `base::call_with_extended_max_files()` that executes
a given callback with extended file counts and restore the original file limit.
This utility will be used by the following CL for pmem-ext2.
BUG=b:329359333
TEST=presubmit
Change-Id: Id85781e4e4cd5542d4da630eb48779947b098490
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5872164
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Make base::max_open_files() return the rlimit64 struct intead of
its rlim_max field.
This will be helpful when changing the soft limit in the following
CL.
BUG=b:329359333
TEST=presubmit
Change-Id: I2738c325f4f1ed19ae021e0b8a50a6a1592c5592
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5872162
Commit-Queue: Keiichi Watanabe <keiichiw@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
The VhostUserStream is set to non_blocking before running handler now.
However, the VhostUserStream is created from connection sockets, so it
does not call accept and handle error. This CL removes the line setting
VhostUserSteam to non_blocking.
Also, this CL fixes several incorrect comments.
BUG=b:365458565
TEST=run manual test
Change-Id: I7803fc4c277559f98be4f0bd93b2bb77564ef93c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5838947
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Yuan Yao <yuanyaogoog@chromium.org>
Some doc comments were being incorrectly interpreted due to missing
indentation (for intentional line contintuations) or line breaks (for
new lines that were intended to be separate paragraphs).
Clippy warns about these as of Rust 1.80:
<https://rust-lang.github.io/rust-clippy/master/index.html#/doc_lazy_continuation>
Fix them along with some other nearby minor formatting cleanups.
TEST=tools/cargo-doc
TEST=tools/clippy # with rust-toolchain 1.80
Change-Id: Ice0b7cc3bd75d9ab08c10107a13f95ca9f87a0a3
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5758934
Auto-Submit: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Frederick Mayle <fmayle@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Waiting on a `WaitContext` isn't enough, the timer must be ack'd. I
suspect this code has only been used on Windows, where the ack
technically isn't needed.
Change-Id: Ia53714a4f94f83310decf45888c9314e4631da5a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5825224
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
The vhost-user backend currently supports socket creation solely from
UDS paths. To accommodate scenarios requiring the passing of connected
sockets via file descriptors, this change introduces the VhostUserStream
structure implementing VhostUserConnection. The VhostUserStream
constructs directly from a raw file descriptor, dup fd and establishing
a UnixStream for communication.
This change adds a 'fd' option to the vhost-user-fs backend device. This
allows the vhost-user socket to be created either by providing a UDS
path (using the 'socket' option) or by using a raw file descriptor
(using the new 'fd' option).
TEST=tools/dev_container tools/presubmit
BUG=b:361212225
Change-Id: I4912f697b5b9d24c7b0b2281a113047831c844df
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5796596
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: Yuan Yao <yuanyaogoog@chromium.org>
If `mark_waited` was called in an event loop to ack the timer, but
another thread was concurrently disabling the timer, then a deadlock
could occur. Despite the code being written as if the timer is in
NONBLOCK mode and even stating it in the implementation, it seems as if
that has never been the case.
Change-Id: I75b80a2ab7a5b13f2c48035199aa18313012419a
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5825218
Reviewed-by: David Dai <davidai@google.com>
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
Instead of checking for an error range of elapsed time, just make sure
the lower bound was reached. No code using this should be written
expecting a tight upper bound.
Change-Id: Iffb31bf4c621a3dd91b7904d096dc92713be76c6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5825217
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
Commit-Queue: Frederick Mayle <fmayle@google.com>
