The coverage test started failing in the following PR:
https://github.com/rust-vmm/vhost/pull/73, which only
modified the codeowners file. It is probably a kcov bug.
Signed-off-by: Laura Loghin <lauralg@amazon.com>
Converting arbitrary bytes into an arbitrary Rust value is unsafe.
For example, it's unsafe to create a String that isn't valid UTF-8.
But the various internal recv* functions didn't restrict their return
types enough to enforce this invariant, making them unsafe without
being properly marked.
To fix this, we tighten up the bounds of the functions to enforce that
their return types are ByteValued, meaning that they can only be used
to create types that are safe to initialize with arbitrary data such
as might be received over a socket.
It's worth asking how these functions could have been unsafe in the
first place, since they don't contain any unsafe blocks themselves.
The answer is that the functions that recv into iovecs are also unsafe
but not correctly marked. I'm preparing further patches to fix that
up, but it's a lot of work so I've separated out this change in the
hope of getting it in first and making the diff for the next one
smaller.
This internal tightening shouldn't result in any public API changes.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
"Apache-2.0 or BSD-3-Clause" is not an valid license statement and is
rejected by cargo. So change it to "Apache-2.0 OR BSD-3-Clause".
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Rename LICENSE-BSD-Chromium as LICENSE-BSD-Google to match the
reference in source file. Also remoce LICENSE-BSD-3-Clause, all code
contributed by Alibaba is licensed under Apache 2.0.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
The SET_LOG_BASE implementation was incomplete as it didn't include the
ability to send the shared memory region information along with the file
descriptor.
This is required to perform proper dirty page logging with a vhost-user
device.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
It is helpful for the consumer of this crate to be able clone and copy
the VringConfigData structure, as well as being able to initialize it
only partially thanks to the Default trait.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
build(deps): update vm-memory requirement from 0.2.0 to 0.5.0
Updates the requirements on
[vm-memory](https://github.com/rust-vmm/vm-memory) to permit the latest
version.
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
fix warning, when compiling with 1.53.0
```
warning: reference to packed field is unaligned
--> src/vhost_user/message.rs:252:53
|
252 | unsafe { std::mem::transmute_copy::<u32, R>(&self.request) }
| ^^^^^^^^^^^^^
|
= note: `#[warn(unaligned_references)]` on by default
= warning: this was previously accepted by the compiler but is being
phased out; it will become a hard error in a future release!
= note: for more information, see issue #82523
<https://github.com/rust-lang/rust/issues/82523>
= note: fields of packed structs are not properly aligned, and
creating a misaligned reference is undefined behavior (even if
that reference is never dereferenced)
```
Signed-off-by: wanglei <wllenyj@linux.alibaba.com>
Move take_single_file() to mod.rs as it is used in both master feature
and slave feature so that we can build the master feature without the
slave feature.
Signed-off-by: Keiichi Watanabe <keiichiw@chromium.org>
Use `File` or `dyn AsRawFd` instead of `RawFd` to handle ownership
easily.
Fixes#37.
Signed-off-by: Keiichi Watanabe <keiichiw@chromium.org>
Change-Id: I6c79d73d1a54163d4612b0ca4d30bf7bd53f9b0f
A device process may already have a connected socket to the VMM, for
example by inheriting one end of a socketpair() created by the parent
process. Add a method to create a SlaveReqHandler directly from a
connected socket.
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Allow enum names whose characters are all upper case such as `NOOP`.
This change is needed to uprev bump rust-vmm-ci's version at #46.
Signed-off-by: Keiichi Watanabe <keiichiw@chromium.org>
In reality the real guest may never see the
VHOST_USER_F_PROTOCOL_FEATURES bit during the device feature
negotiation. It is explicitly marked as UNUSED in the VirtIO spec so
the it would be perfectly valid for it to be ignored by the virtio
driver. The vhost-user spec explicitly states about the GET/SET
PROTOCOL FEATURES messages:
Slave that reported ``VHOST_USER_F_PROTOCOL_FEATURES`` must
support this message even before ``VHOST_USER_SET_FEATURES`` was
called.
which implies the final acked feature set shouldn't impact on the
negotiated VHOST_USER_PROTOCOL_F_REPLY_ACK feature. This prevents a
hang with the QEMU remote end which makes it's determination to ask
for a reply based only on the negotiated protocol feature set:
virtio_has_feature(dev->protocol_features,
VHOST_USER_PROTOCOL_F_REPLY_ACK);
Let's be liberal in what we accept.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Except the list of commands from which we can expect a reply, all the
other commands should be able to reply with an acknowledgment if being
asked for.
For the commands such as SET_PROTOCOL_FEATURES, which usually happens
before the protocol features negotiation is complete, we should also be
able to reply with an ACK if needed. Indeed, the protocol features
negotiation could have happened earlier, which means we might expect a
reply ACK from GET_FEATURES command if this happens later on.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The inflight I/O tracking feature is useful for handling crashes and
disconnections from the backend. It allows the backend to rely on a
buffer that was shared earlier with the VMM to restore to the previous
state it was before the crash.
This feature depends on the availability of the protocol feature
VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD, and it implements both
VHOST_USER_GET_INFLIGHT_FD and VHOST_USER_SET_INFLIGHT_FD messages.
Fixes#43
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Introduce a new method set_flags() in order to let the caller define the
expected set of flags that should be applied to the header for the
following messages.
Fixes#40
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Based on the specification, one can call into
VHOST_USER_GET_PROTOCOL_FEATURES or VHOST_USER_SET_PROTOCOL_FEATURES
before VHOST_USER_SET_FEATURES.
The current code is wrong as it expects the VIRTIO features to be
already acknowledged at the time the protocol features are get/set.
Quote from the spec for both VHOST_USER_GET_PROTOCOL_FEATURES and
VHOST_USER_SET_PROTOCOL_FEATURES:
Slave that reported VHOST_USER_F_PROTOCOL_FEATURES must support this
message even before VHOST_USER_SET_FEATURES was called.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
We should allow to receive SET_VRING_ENABLE request with non-zero index
even if MQ protocol feature is disabled because some device can have
multiple queues without the MQ feature.
e.g. virtio-net means that it supports multiple pairs of tx/rx queues.
So, the slave must support at least one pair of queues regardless of
whether MQ is supported.
Instead, make it check if VHOST_USER_F_PROTOCOL_FEATURES has been
negotiated.
Signed-off-by: Keiichi Watanabe <keiichiw@chromium.org>
Modify the interpretation of the set and get config offset field to
match qemu. The wording in the vhost user spec is ambiguous, bet lets
defer to qemu's implementation so vhost based devices can be used with
qemu as a VMM. Fixes#29.
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Change-Id: Ib1b909d02c3b7dab1964799f0a4d960f1ef308fa
Adding support for a new message REM_MEM_REG. This command request an
existing memory region to be removed and unmapped from the vhost-user
backend.
It is designed for supporting memory hot-unplug, rather than using
SET_MEM_TABLE, which is less efficient as it would remap all remaining
regions.
It is only available if the protocol feature
VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS has been negotiated.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Adding support for a new message ADD_MEM_REG. This command request a new
region to be added and mapped by the vhost-user backend.
It is designed for supporting memory hotplug, avoiding the limitation
from SET_MEM_TABLE (supports only 8 regions).
It is only available if the protocol feature
VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS has been negotiated.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Add the support for GET_MAX_MEM_SLOTS command. This requests the
vhost-user backend to provide the maximum amount of memory slots
that can be supported.
It is only available if the protocol feature
VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS has been negotiated.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
The vhost-user specification moved forward by adding more message types.
This commit extends the list according to the latest specification.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Instead of taking a `&str` for the path of the sockets, take
`AsRef<Path>`. This way users can pass `PathBuf`, `Path`, `String`, or
`&str`.
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Prepare for publishing to crates.io,
1) update README.md
2) update Cargo.toml
3) set code owners
It should be ready for publishing now.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Add more negative unit test cases to improve code coverage.
Also add two helper functions to simplify code.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Use std::ptr::read_aligned() to safely access data buffer instead of
directly accessing data struct in data buffer.
Also enforce stricter message size validation.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Rename the original VhostUserSlaveReqHandler trait as
VhostUserSlaveReqHandlerMut, and add another VhostUserSlaveReqHandler
trait with interior mutability.
This also help to simplify caller implementations.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
