| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
| |
This will allow creating GuestMemory structs representing memory of
VMs being managed by other processes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The separate Vm functions for MemoryMappings and MemoryMappingArenas
have been combined and now use a MappedRegion trait that the mappings
implement. msync_memory_region replaces the get_mmap_arena function,
which is used by VmMsyncRequest. Since Vm uses mutexes for cloning, it
can't return mem region references.
BUG=chromium:1077058
TEST=cargo test, cargo test -p sys_util, cargo test -p hypervisor
Change-Id: If257b16ee34d07820ae7ebdb9a3a598a41df013c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2202845
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change VolatileSlice so that it is ABI-compatible with iovec. This
allows us to directly pass in a VolatileSlice for a C function that
expects an iovec without having to create temporaries that convert from
one to the other.
Also change all the parameters from u64 to usize. It's not possible to
address more memory than fits into a usize so having u64 here didn't
really provide much benefit and led to a lot of tedious casting back and
forth all over the place.
BUG=none
TEST=unit tests
Cq-Depend: chromium:2206621
Change-Id: I258f9123c603d9a4c6c5e2d4d10eb4aedf74466d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2203998
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While only 32 bits of address can be mapped, that 32 bits can be offset
by further than 32 bits in to a large file. As chirantan points out, the
try_mmap call was already casting the usize to u64 on all architectures.
Convert the usize offset in mmap to u64 and address users of the API as
well.
Change-Id: I67aed928ea521049fb51eb7aa61ea4de8b4d096c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2124879
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert playback and capture for the AC97 device to use the zero-copy
ShmStreamSource instead of the old StreamSource.
In the process, rework start_playback and start_capture unit tests so
they rely less on sleep statements.
BUG=chromium:968724
BUG=chromium:1006035
TEST="sox -n -r 48000 -b 16 output.raw synth 5 sine 330 &&
aplay -f dat output.raw" within a VM, check that sine wave is played
accurately.
Change-Id: Ie9cddbc5285a9505872c9951a8a1da01de70eb88
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1749950
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Fletcher Woodruff <fletcherw@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Chih-Yang Hsia <paulhsia@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a function offset_from_base() which, given a GuestAddress, determines
the offset of that address within the backing memfd of the GuestMemory.
In other words, this lets you convert a GuestAddress into an offset that
can be understood by another process which has mapped the the memfd and
would like to read from that address.
BUG=chromium:968724
TEST=cargo test
Change-Id: I5b033ad29dd38090f74577c068cc62ee9c6effb6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2015835
Tested-by: Fletcher Woodruff <fletcherw@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Fletcher Woodruff <fletcherw@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the unchecked conversion with a try_from() rather than just
truncating without warning. This gives a more useful error message when
a >4GB guest memory size is requested on a 32-bit platform.
BUG=chromium:1028747
TEST=`crosvm run -m $((5 * 1024)) ...` on kevin
Change-Id: Ib1fcf4019eefdc9ee8f93a5307802e6d6d43d01c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1937552
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Builders should all have memfd support now.
BUG=chromium:942183
TEST=compile and run, CQ will also test
Cq-Depend: chromium:1901871, chromium:1907541
Change-Id: I0cd4ec43a51e9995def2e105d68e12a703168365
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1834701
Commit-Queue: Gurchetan Singh <gurchetansingh@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Gurchetan Singh <gurchetansingh@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Gurchetan Singh <gurchetansingh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gpa > guest_mem.end_addr() is used to avoid gpa fall into guest ram,
but low mmio maybe below guest_mem.end_addr(), this condition is false,
then low mmio couldn't be added. Since low mmio could be added into kvm
also, this condition is wrong.
This patch iterate all the guest memory reginos, and check whether it
overlap with any of them.
BUG=chromium:992270
TEST=bulld_test
Change-Id: I9560db43f9836f85d0ff927e7eeb92447774568c
Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.corp-partner.google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1895235
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When guest boot with -m 4096, guest e820 is:
BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
BIOS-e820: [mem 0x0000000000200000-0x00000000cfffffff] usable
so guest usable ram is 3.25G which is smaller than specified 4G.
3.25G~4G is assigned to pci device as mmio, this range should be
relocated to 4G above like 4G to 4.75G. So guest could see the full 4G
usable ram.
With this patch, guest e820 is:
BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
BIOS-e820: [mem 0x0000000000200000-0x00000000cfffffff] usable
BIOS-e820: [mem 0x0000000100000000-0x000000012fffffff] usable
The guest could use 4G ram equal to specified 4G.
Then mmio hole exists in guest ram's regions, GuestMemory's end_addr
is larger than the memsize. end_addr couldn't be used to judge an
address in a guest memory or not We should iterate all the regions
to avoid the address in the hole; end_addr couldn't be used for
checked_offset() also, it may faill into mmio hole.
BUG=none
TEST=build_test; Boot vm with different guest memory size, and check
vm's e820 table
Change-Id: I2cd7c3223173ab635041875b9d8b49c2800c8dab
Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.corp-partner.google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1895231
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor the Reader and Writer implementations for DescriptorChains.
This has several changes:
* Change the DescriptorChainConsumer to keep a
VecDeque<VolatileSlice> instead of an iterator. This delegates the
fiddly business of sub-slicing chunks of memory to the VolatileSlice
implementation.
* Read in the entire DescriptorChain once when the Reader or Writer is
first constructed. This allows us to validate the DescriptorChain
in the beginning rather than having to deal with an invalid
DescriptorChain in the middle of the device operating on it.
Combined with the check that enforces the ordering of read/write
descriptors in a previous change we can be sure that the entire
descriptor chain that we have copied in is valid.
* Add a new `split_at` method so that we can split the Reader/Writer
into multiple pieces, each responsible for reading/writing a
separate part of the DescriptorChain. This is particularly useful
for implementing zero-copy data transfer as we sometimes need to
write the data first and then update an earlier part of the buffer
with the number of bytes written.
* Stop caching the available bytes in the DescriptorChain. The
previous implementation iterated over the remaining descriptors in
the chain and then only updated the cached value. If a mis-behaving
guest then changed one of the later descriptors, the cached value
would no longer be valid.
* Check for integer overflow when calculating the number of bytes
available in the chain. A guest could fill a chain with five 1GB
descriptors and cause an integer overflow on a 32-bit machine.
This would previously crash the device process since we compile with
integer overflow checks enabled but it would be better to return an
error instead.
* Clean up the Read/Write impls. Having 2 different functions called
`read`, with different behavior is just confusing. Consolidate on
the Read/Write traits from `std::io`.
* Change the `read_to` and `write_from` functions to be generic over
types that implement `FileReadWriteVolatile` since we are not
allowed to assume that it's safe to call read or write on something
just because it implements `AsRawFd`. Also add `*at` variants that
read or write to a particular offset rather than the kernel offset.
* Change the callback passed to the `consume` function of
`DescriptorChainConsumer` to take a `&[VolatileSlice]` instead.
This way we can use the `*vectored` versions of some methods to
reduce the number of I/O syscalls we need to make.
* Change the `Result` types that are returned. Functions that perform
I/O return an `io::Result`. Functions that only work on guest
memory return a `guest_memory::Result`. This makes it easier to
inter-operate with the functions from `std::io`.
* Change some u64/u32 parameters to usize to avoid having to convert
back and forth between the two in various places.
BUG=b:136128319
TEST=unit tests
Change-Id: I15102f7b4035d66b5ce0891df42b656411e8279f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1757240
Auto-Submit: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new constructors are shorter and omit the bare `None` in the `anon`
call sites which gave no clues to the reader what the effect of that
`None` was. This should improve readability.
TEST=./build_test
BUG=None
Change-Id: I2e34e7df9a4ccc5da50edf4e963a6a42e3d84b22
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1797188
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A few places were using the old syntax without `dyn`. Nightly compilers
have started warning more aggressively, so fix up the last of those.
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Change-Id: I4df49b4a27a62acfd8c542cec903e4c5b31bedcc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1715576
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This manifested itself in a couple places that were turning shared
memory buffers into slices for the purposes of passing these slices to
`Read` and `Write` trait methods.
However, this required the removal of the methods that took `Read` and
`Write` instances. This was a convenient interface but impossible to
implement safely because making slices from raw pointers without
enforcing safety guarantees causes undefined behaviour in Rust. It turns
out lots of code in crosvm was using these interfaces indirectly, which
explains why this CL touches so much.
TEST=crosvm run
BUG=chromium:938767
Change-Id: I4ff40c98da6ed08a4a42f4c31f0717f81b1c5863
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1636685
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See:
https://rust-lang.github.io/rust-clippy/master/index.html#explicit_iter_loop
https://rust-lang.github.io/rust-clippy/master/index.html#explicit_into_iter_loop
Before:
for element in slice.iter() {...}
After:
for element in slice {...}
TEST=grep -r '\.iter() {'
TEST=grep -r '\.iter_mut() {'
TEST=grep -r '\.into_iter() {'
TEST=cargo check --all-features
TEST=local kokoro
Change-Id: I27f0df7cfa1064b2c8b162cba263513926a433a9
Reviewed-on: https://chromium-review.googlesource.com/1568525
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As described in:
https://doc.rust-lang.org/edition-guide/rust-2018/ownership-and-lifetimes/default-match-bindings.html
which also covers the new mental model that the Rust Book will use for
teaching binding modes and has been found to be more friendly for both
beginners and experienced users.
Before:
match *opt {
Some(ref v) => ...,
None => ...,
}
After:
match opt {
Some(v) => ...,
None => ...,
}
TEST=cargo check --all-features
TEST=local kokoro
Change-Id: I3c5800a9be36aaf5d3290ae3bd3116f699cb00b7
Reviewed-on: https://chromium-review.googlesource.com/1566669
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Separated out of CL:1513058 to make it possible to land parts
individually while the affected crate has no other significant CLs
pending. This avoids repeatedly introducing non-textual conflicts with
new code that adds `use` statements.
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: Ic57170776a9396bab54a8c7eb2b8b1436f63b57c
Reviewed-on: https://chromium-review.googlesource.com/1520069
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Building off CL:1290293
Instead of having a seperate GuestMemoryManager, this adds SharedMemory
as a Arc'd member of GuestMemory. This is nice since it removes the need
to plumb the Manager struct throughout the codebase.
BUG=chromium:936567
TEST=cargo test -p sys_util
Change-Id: I6fa5d73f7e0db495c2803a040479818445660345
Reviewed-on: https://chromium-review.googlesource.com/1493013
Commit-Ready: Daniel Prilik <prilik@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an easy step toward adopting 2018 edition eventually, and will
make any future CL that sets `edition = "2018"` this much smaller.
The module system changes in Rust 2018 are described here:
https://doc.rust-lang.org/edition-guide/rust-2018/module-system/path-clarity.html
Generated by running:
cargo fix --edition --all
in each workspace, followed by bin/fmt.
TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: I000ab5e69d69aa222c272fae899464bbaf65f6d8
Reviewed-on: https://chromium-review.googlesource.com/1513054
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The description method is deprecated and its signature forces less
helpful error messages than what Display can provide.
BUG=none
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
Change-Id: I27fc99d59d0ef457c5273dc53e4c563ef439c2c0
Reviewed-on: https://chromium-review.googlesource.com/1497735
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add GuestMemory::write_all_at_addr, GuestMemory::read_exact_at_addr
which return error if the entire write or read cannot be completed.
Also rename write_slice_at_addr to write_at_addr, read_slice_at_addr to
read_at_addr to make the entire set of four methods consistent in naming
with the methods of std::io::Write and std::io::Read.
Context:
https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1387624/16/devices/src/virtio/tpm.rs#75
TEST=cargo test
Change-Id: Ia0775b75281ccf8030c84b41f9018a511204b8c9
Reviewed-on: https://chromium-review.googlesource.com/1407156
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every implementation of Fn also implements FnMut, so if some callback
can be passed to GuestMemory::with_regions then it could also have been
passed to GuestMemory::with_regions_mut.
This CL removes GuestMemory::with_regions and renames with_regions_mut
to with_regions.
TEST=cargo check
Change-Id: Ia4f168ff4eb4d45a5ee8f9413821ae244fb72ee1
Reviewed-on: https://chromium-review.googlesource.com/1378688
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We updated the production toolchain from 1.30 to 1.31 in CL:1366446.
This CL does the same upgrade for the local developer toolchain and
Kokoro.
The relevant changes are in rust-toolchain and kokoro/Dockerfile.
The rest are from rustfmt.
TEST=cargo fmt --all -- --check
TEST=as described in kokoro/README.md
Change-Id: I3b4913f3e237baa36c664b4953be360c09efffd4
Reviewed-on: https://chromium-review.googlesource.com/1374376
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hopefully the changes are self-explanatory and uncontroversial. This
eliminates much of the noise from `cargo clippy` and, for my purposes,
gives me a reasonable way to use it as a tool when writing and reviewing
code.
Here is the Clippy invocation I was using:
cargo +nightly clippy -- -W clippy::correctness -A renamed_and_removed_lints -Aclippy::{blacklisted_name,borrowed_box,cast_lossless,cast_ptr_alignment,enum_variant_names,identity_op,if_same_then_else,mut_from_ref,needless_pass_by_value,new_without_default,new_without_default_derive,or_fun_call,ptr_arg,should_implement_trait,single_match,too_many_arguments,trivially_copy_pass_by_ref,unreadable_literal,unsafe_vector_initialization,useless_transmute}
TEST=cargo check --features wl-dmabuf,gpu,usb-emulation
TEST=boot linux
Change-Id: I55eb1b4a72beb2f762480e3333a921909314a0a2
Reviewed-on: https://chromium-review.googlesource.com/1356911
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that cargo fmt has landed, run it over everything at once to bring
rust source to the standard formatting.
TEST=cargo test
BUG=None
Change-Id: Ic95a48725e5a40dcbd33ba6d5aef2bd01e91865b
Reviewed-on: https://chromium-review.googlesource.com/1259287
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a policy for the balloon device so that it starts taking
memory away from the VM when the system is under low memory conditions.
There are a few pieces here:
* Change the madvise call in MemoryMapping::dont_need_range to use
MADV_REMOVE instead of MADV_DONTNEED. The latter does nothing when
the memory mapping is shared across multiple processes while the
former immediately gives the pages in the specified range back to the
kernel. Subsequent accesses to memory in that range returns zero
pages.
* Change the protocol between the balloon device process and the main
crosvm process. Previously, the device process expected the main
process to send it increments in the amount of memory consumed by the
balloon device. Now, it instead just expects the absolute value of
the memory that should be consumed. To properly implement the policy
the main process needs to keep track of the total memory consumed by
the balloon device so this makes it easier to handle all the policy in
one place.
* Add a policy for dealing with low memory situations. When the VM
starts up, we determine the maximum amount of memory that the balloon
device should consume:
* If the VM has more than 1.5GB of memory, the balloon device max is
the size of the VM memory minus 1GB.
* Otherwise, if the VM has at least 500MB, the balloon device max is
50% of the size of the VM memory.
* Otherwise, the max is 0.
The increment used to change the size of the balloon is defined as
1/16 of the max memory that the balloon device will consume. When the
crosvm main process detects that the system is low on memory, it
immediately increases the balloon size by the increment (unless it has
already reached the max). It then starts 2 timers: one to check for
low memory conditions again in 1 seconds (+ jitter) and another to
check if the system is no longer low on memory in 1 minute (+ jitter)
with a subsequent interval of 30 seconds (+ jitter).
Under persistent low memory conditions the balloon device will consume
the maximum memory after 16 seconds. Once there is enough available
memory the balloon size will shrink back down to 0 after at most 9
minutes.
BUG=chromium:866193
TEST=manual
Start 2 VMs and write out a large file (size > system RAM) in each.
Observe /sys/kernel/mm/chromeos-low_mem/available and see that the
available memory steadily decreases until it goes under the low memory
margin at which point the available memory bounces back up as crosvm
frees up pages.
CQ-DEPEND=CL:1152214
Change-Id: I2046729683aa081c9d7ed039d902ad11737c1d52
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1149155
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is useful to get the total size of memory without having to write
something that iterates over the regions explicitly.
BUG=chromium:797868
TEST=./build_test passes on all architectures
TEST=crosvm runs on caroline
Change-Id: Iac9a341b4c41d6462cf731f6267b92a0169578e4
Reviewed-on: https://chromium-review.googlesource.com/977565
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements the error trait so we can get more useful error
information back on failures.
BUG=chromium:797868
TEST=./build_test passes on all architectures
TEST=crosvm runs on caroline
Change-Id: Ia131b1eb14d24709c10f2ba752a962e822134a42
Reviewed-on: https://chromium-review.googlesource.com/938312
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to be able to run 64-bit ARM kernels using a 32-bit version of
crosvm, to make it more consistent use a u64 to represent
GuestAddress.
BUG=chromium:797868
TEST=./build_test passes on all architectures
TEST=crosvm runs on caroline
Change-Id: I43bf993592caf46891e3e5e05258ab70b6bf3045
Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/896398
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed for plugin process style executions because they don't
register guest memory though the GuestMemory interface. Their memory is
more dynamic and ill-suited to the GuestMemory abstraction.
TEST=./build_test
BUG=None
Change-Id: I250b0b874ef6a0e342fd6e659301f389d01a4cda
Reviewed-on: https://chromium-review.googlesource.com/848018
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add functions to let the kernel know a given range of memory isn't
needed currently. This function will result in `madvise(DONTNEED)`.
The ability to signal memory as not needed will be used by the balloon
driver to allow system memory to be redistributed away from the VM.
Change-Id: I4ca56e09010eec33989824f5738db4a4be0ec428
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/759305
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pass better errors from mmap and guest_memory. These modules were
written before I understood errors. Now the errors passed back to block
can be propagated.
Change-Id: I1842808a4114a715321c555281aacc211f23511c
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/656837
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=cargo test
Change-Id: Ifeda91de37bf83a2e5a00f5e308db786fa5d49d5
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/604934
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a method get_host_address for converting a
GuestAddress to a (usize) pointer in crosvm's address
space.
Change-Id: I6dc09e942c95204f4e53218b3250664782c8f8f9
Signed-off-by: Stephen Barber <smbarber@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/575439
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new method to GuestMemory that allows running a FnMut over all
regions. This will allow the virtio module to generate a vhost memory
table.
Also make do_in_region public, so that VHOST_NET can find the host
userspace address of vrings (necessary for VHOST ioctls).
BUG=none
TEST=cargo build
Change-Id: I43611dcc56146ed4d160f0e189b9328ca0e6d87d
Reviewed-on: https://chromium-review.googlesource.com/543909
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For some reason, the angle brackets in the comments confused doc-tests
such that they hung everytime `cargo test` was run on sys_util on my
machine. My theory is that the angle brackets triggered some strange
HTML behavior in `cargo test`.
BUG=None
TEST=cd sys_util; cargo test
Change-Id: Iceb81e64aecc4cc2a9397f2d1af2e64aeb8e2b5e
Reviewed-on: https://chromium-review.googlesource.com/518444
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mmap and GuestMemory are the intended targets for the VolatileMemory
trait.
TEST=cargo test
BUG=None
Change-Id: Ie228b5daef691a6dcb80841be1c3dddb4b19ffc4
Reviewed-on: https://chromium-review.googlesource.com/547335
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not all types are safe to read from guest memory. Any type with a
reference or pointer will be initialized to random bits that don't refer
to a valid address. This can cause dangling pointer and general
unsafe behavior.
To fix this, limit types that can be read with read_obj to those that
implement the unsafe trait `DataInit`. Provide implementations of
`DataInit` for intrinsic types that are obviously safe to initialize
with random data.
Implement the needed traits for bootparam types as they are read from
the kernel image directly.
Change-Id: I1040f5bc1b2fc4c58c87d8a2ce3f618edcf6f9b1
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/540750
Reviewed-by: Zach Reizner <zachr@chromium.org>
|
|
|
Add a module for accessing guest memory.
This module will replace all the slices that are used to access it
currently as those slices aren't valid because the memory is volatile
and a volatile slice doesn't exist in rust.
Modify the existing users so they no longer depend on the deprecated slice
access.
Change-Id: Ic0e86dacf66f68bd88ed9cc197cb14e45ada891d
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/509919
|