Commits · 96394581f2c1f73dd49ad83155f53a1015c23893 · RITESH Sahany / platform_packages_modules_Virtualization

Jun 08, 2023
- Snap for 10286161 from 2e22a888 to udc-release · 96394581
  Android Build Coastguard Worker authored 1 year ago
  
  Change-Id: Ic064fba531c3ec38dbf87547a2451ed85592453b
  96394581
Jun 07, 2023

microdroid: Add device-mapper capabilities to ueventd. · 2e22a888

David Anderson authored 1 year ago

Bug: 286011429
Test: treehugger
(cherry picked from https://android-review.googlesource.com/q/commit:40427e7f1349491a9947ff4e520df98a826da4de)
Merged-In: I87d7836ea6e875712c0a01b52a22c90745d53a2a

Change-Id: I4aa290483e52ad7429424ba8fbe68390f2100913

2e22a888

May 24, 2023

Snap for 10196304 from 158aabc5 to udc-release · 0c9de433
Android Build Coastguard Worker authored 1 year ago
```
Change-Id: Id304a3ef685bc7c4a03d99154b40b39528079378
```
0c9de433

Update kernel to builds 10180051 · 158aabc5

Jiyong Park authored 1 year ago

git log --first-parent -100 --oneline --no-decorate 955a8699b86a..e6c15792a6de:
e6c15792a6de ANDROID: ABI: Update symbol list for Exynos SoC
cffbdd825e02 ANDROID: ABI: Update oplus symbol list
527e7b1ee8d4 ANDROID: vendor_hooks: Add hooks for account irqtime process tick
3b573277d43c ANDROID: vendor_hooks: Add hooks to dup_task_struct
310995a546ac ANDROID: vendor_hooks: Add hooks to record the time of the process in various states
bf8bbc3ff811 ANDROID: vendor_hooks: Add hooks for signal
bfbebce3f712 ANDROID: power: wakeup_reason: change abort log
295ed6f4976e ANDROID: GKI: Update symbol list for xiaomi
d39f39ccb96c ANDROID: psi: Add vendor hooks for PSI tracing
dbc72667a254 UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
7ce023f18521 FROMGIT: scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue
bae70267baab ANDROID: ABI: Update oplus symbol list
287800324655 ANDROID: android: Export symbols for invoking cpufreq_update_util()
546b0f9d8ba7 ANDROID: ABI: Update oplus symbol list
e3e91e9f2af9 ANDROID: vendor_hooks: Export the tracepoints task_rename
42b899d573e9 ANDROID: Add macros to create reserved data fields to backport upstream changes
718da042d120 ANDROID: retry page allocation from buddy on lock contention
0ef5d2caad52 UPSTREAM: KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
270a77dd074c ANDROID: arm64: Check FGT cap before touching HFGWTR_EL2
95cd5f8f94a3 Revert "ANDROID: Partially Revert "ANDROID: KVM: arm64: Allow tweaking HFGWTR_EL2 from modules""
630b104caa76 FROMGIT: f2fs: fix the wrong condition to determine atomic context
cab47c81b54a ANDROID: GKI: update symbol list file for honor
3368eaf93435 ANDROID: ABI: Update symbol list for imx
a26891749bc1 ANDROID: mm: shmem: initialize the vendor data
112bf65cbc60 ANDROID: GKI: refresh STG ABI to new version
22406c7dbb4f ANDROID: GKI: Add symbols to symbol list for vivo
eb9264dd9644 ANDROID: ABI: Update oplus symbol list
c92b19e8e413 ANDROID: vendor_hooks: Add hooks for account process tick
32ff609a3285 ANDROID: ABI: Update oplus symbol list
ec8c8f6e331c ANDROID: vendor_hooks: add hook account_process_tick_gran
1a40d683e81d ANDROID: vendor_hooks: Add hook in try_to_unmap_one()
190af408449e ANDROID: vendor_hooks: Add hook in mmap_region()
1b160e2a0e90 ANDROID: Partially Revert "ANDROID: KVM: arm64: Allow tweaking HFGWTR_EL2 from modules"
7d346b229c78 ANDROID: GKI: update the ABI symbol list
a9a44851ec76 ANDROID: freezer: Add vendor hook to freezer for GKI purpose.
632ec01905b6 ANDROID: freezer: export the freezer_cgrp_subsys for GKI purpose.
fdd7d6fbac3e ANDROID: GKI: update the ABI symbol list
17fff41db863 ANDROID: Add vendor hooks for binder perf tuning
bf4922727c63 ANDROID: Add vendor hooks to signal.
27dfd1c13e3a ANDROID: Update the ABI symbol list
2488e2e472e7 ANDROID: page_pinner: add missing page_pinner_put_page
d47c9481dafa ANDROID: page_pinner: prevent pp_buffer uninitialized access
83b784c3d716 ANDROID: page_pinner: prevent pp_buffer access before initialization
231a4cccec44 ANDROID: mm: fix use-after free of page_ext in page_pinner
e6e6e1273db4 ANDROID: mm: introduce page_pinner
4c868837facf ANDROID: abi_gki_aarch64_qcom: Add gh_rm_register_platform_ops
9a9fc8d1b288 ANDROID: gunyah: Sync remaining gunyah drivers with latest
afaf16332908 ANDROID: gunyah: Sync with latest "mailbox: Add Gunyah message queue mailbox"
016d92266efd ANDROID: gunyah: Sync with latest "gunyah: Common types and error codes for Gunyah hypercalls"
58a642ea086f ANDROID: gunyah: Sync with latest hypercalls
a30bae5a9acf ANDROID: gunyah: Sync with latest documentation and UAPI
b3f59a9b3318 ANDROID: gunyah: Sync with latest "firmware: qcom_scm: Register Gunyah platform ops"
15a4929f8e00 BACKPORT: firmware: qcom_scm: Use fixed width src vm bitmap
b0426ab62ea5 BACKPORT: misc: fastrpc: Pass bitfield into qcom_scm_assign_mem
2220f8190ad5 ANDROID: gunyah: Sync with latest "virt: gunyah: Add ioeventfd"
1b9d0e44a7a0 ANDROID: gunyah: Sync with latest "gunyah: vm_mgr: Add ioctls to support basic non-proxy VM boot"
28ecb1162adb ANDROID: gunyah: Sync with latest "gunyah: vm_mgr: Add/remove user memory regions"
084d70e26461 ANDROID: gunyah: Sync with latest "virt: gunyah: Add resource tickets"
5e0785329a76 ANDROID: gunyah: Sync with latest "gunyah: vm_mgr: Add framework for VM Functions"
fea63fe1f113 ANDROID: gunyah: Sync with latest "gunyah: rsc_mgr: Add resource manager RPC core"
6889a3fbe42f ANDROID: gunyah: Sync with latest "virt: gunyah: Translate gh_rm_hyp_resource into gunyah_resource"
96ddb92d5cf1 ANDROID: gunyah: Sync with latest "virt: gunyah: Add hypercalls to identify Gunyah"
467d3baa5d70 BACKPORT: overflow: Introduce overflows_type() and castable_to_type()
25a4fdf787cb Merge "Merge b1644a0031cf ("drm/rockchip: vop2: Use regcache_sync() to fix suspend/resume") into android14-6.1" into android14-6.1
26283282a1c7 UPSTREAM: drm/amd/display: set dcn315 lb bpp to 48
5d61392e80b0 UPSTREAM: drm/amdgpu: Fix desktop freezed after gpu-reset
fea91b573ab9 UPSTREAM: drm/i915: Fix fast wake AUX sync len
b0b7c6147e55 UPSTREAM: ASN.1: Fix check for strdup() success
c45eb7457f22 UPSTREAM: ASoC: fsl_sai: Fix pins setting for i.MX8QM platform
9a9b52eec789 UPSTREAM: ASoC: fsl_asrc_dma: fix potential null-ptr-deref
7caae9e684f0 UPSTREAM: ASoC: SOF: pm: Tear down pipelines only if DSP was active
fe43fe9cce4e UPSTREAM: fpga: bridge: properly initialize bridge device before populating children
0c69b18d8e6c UPSTREAM: iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
690f3e949db8 UPSTREAM: Input: pegasus-notetaker - check pipe type when probing
6bf110bb7a6c UPSTREAM: gcc: disable '-Warray-bounds' for gcc-13 too
90f84684abee UPSTREAM: sctp: Call inet6_destroy_sock() via sk->sk_destruct().
e1dc9c79c235 UPSTREAM: dccp: Call inet6_destroy_sock() via sk->sk_destruct().
8cc757d50bbe UPSTREAM: netfilter: nf_tables: deactivate anonymous set from preparation phase
10e4c804f2f9 ANDROID: GKI: add symbol list file for unisoc
8b5229c547a6 UPSTREAM: inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
e0c86087dc8d UPSTREAM: purgatory: fix disabling debug info
2200f18847d4 UPSTREAM: MIPS: Define RUNTIME_DISCARD_EXIT in LD script
c4cafbd0d499 Merge a3a93b46833f ("memstick: fix memory leak if card device is never registered") into android14-6.1
b75992d1f8b7 UPSTREAM: usb: dwc3: debugfs: Resume dwc3 before accessing registers
a40a21450e4c ANDROID: ABI: Update oplus symbol list
44337937b15b ANDROID: vendor_hooks: Export the tracepoints sched_stat_sleep and sched_waking to let module probe them
527ffd22ade0 ANDROID: vendor_hooks: Export the tracepoints sched_stat_iowait, sched_stat_blocked, sched_stat_wait to let modules probe them
102b4685b37e ANDROID: vendor_hooks: export get_wchan
1ffd1a1c555b ANDROID: workqueue: export symbol of the function wq_worker_comm()
9e8fe54a710f BACKPORT: mm/kmemleak: fix UAF bug in kmemleak_scan()
362369c2e9d2 ANDROID: clang: update to 17.0.2
96cb2c28cd7a ANDROID: abi_gki_aarch64_qcom: update symbol list
b176c2f44dbf UPSTREAM: media: add nv12_8l128 and nv12_10be_8l128 video format.
fc305a2a2eb1 ANDROID: ABI: update symbol list for galaxy
81509f85f33a ANDROID: db845c: Remove MAKE_GOALS from build.config
6f4553626dbd ANDROID: GKI: gen_gki_modules_headers update preprocessing
da126f8d02cd FROMGIT: locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers
952048f51210 FROMGIT: xfrm: Check if_id in inbound policy/secpath match
006d1fc45043 ANDROID: always add the struct wireless_dev * to struct net_device
eea2369f36c4 ANDROID: ABI: Update symbol list for imx

Test: treehugger
Bug: 283871392
Merged-In: I049c89796d075ed3968223f71f9acbc9b7b2cf35
Change-Id: I049c89796d075ed3968223f71f9acbc9b7b2cf35
(cherry picked from commit 967c9893)

158aabc5

Update kernel to builds 10180051 · d2828eae

Jiyong Park authored 1 year ago

Test: treehugger
Bug: 283871392
Merged-In: Ia054592e7e3ef92b127d2af8b33d4fe2acc6389a
Change-Id: Ia054592e7e3ef92b127d2af8b33d4fe2acc6389a
(cherry picked from commit ff4b11ee)

d2828eae

May 22, 2023

Snap for 10180570 from 4ac0fd85 to udc-release · 6e4f33ff
Android Build Coastguard Worker authored 1 year ago
```
Change-Id: I857926a3dcee6057323885b898156f180ae2130c
```
6e4f33ff

Update clang to r487747c · 4ac0fd85

Yi Kong authored 1 year ago

Bug: 281596081
Test: presubmit
(cherry picked from https://android-review.googlesource.com/q/commit:8ba2eb4bb6d45cc91f180f30c5f631280fe15e8b)
Merged-In: I6a49d6b4d651759b240c5248a7de8fd2a2fb3a54
Change-Id: I6a49d6b4d651759b240c5248a7de8fd2a2fb3a54

4ac0fd85

May 20, 2023
- Snap for 10171451 from 08477b2e to udc-release · 5d5ac366
  Android Build Coastguard Worker authored 1 year ago
  
  Change-Id: I9a5472edff87d8ca781bc203941217b18da6e8df
  5d5ac366
May 17, 2023

Filter bootarg for non-debuggable VMs · 08477b2e

Jiyong Park authored 1 year ago

The condition should have been the opposite:

* debuggable VM: no filtering is required
* non-debuggable VM: filtering is done, while some of args can survive
  if enabled by debug policy.

Bug: 283035363
Bug: 281998898
Test: run testTombstonesAreGeneratedUponKernelCrashOnPvm on a device
where debug policy is not provisioned

Merged-In: Id0f4f5d1777356e78ad995fa16bd3e8c0ff6c7ec
Change-Id: Id0f4f5d1777356e78ad995fa16bd3e8c0ff6c7ec
(cherry picked from commit 32f37ef4e62f45e715a682569300bad585380263)

08477b2e

May 15, 2023

Snap for 10136934 from cb4dd34b to udc-release · 91cdbbe1
Android Build Coastguard Worker authored 1 year ago
```
Change-Id: Ib7d578b8a14cfd1920a45f78ebeb2845296bfc12
```
91cdbbe1
Merge "Rely on logs instead to port forwarding in test" into udc-dev · cb4dd34b
Treehugger Robot authored 1 year ago

cb4dd34b

Rely on logs instead to port forwarding in test · 9d3d0f08

Shikha Panwar authored 1 year ago

adbConnectToMicrodroid is flaky; port forwarding fails (although
infrequently). This is the only test that relies on port forwarding,
rest use the MicrodroidBuilder class or inspect logs.

Change the test to use logs to determine if microdroid was up and
running.

Ignore-AOSP-First: This is a bug fix in udc-dev, will merge upstream separately.
Test: Run atest #testBootSucceedsWhenNonProtectedVmStartsWithImagesSignedWithDifferentKey
Bug: 279838948
Change-Id: I8884a8da455c0df4d5ef36b3c03f9d8126e94a70

9d3d0f08

May 13, 2023
- Snap for 10127524 from 65008dc7 to udc-release · 716ff078
  Android Build Coastguard Worker authored 1 year ago
  
  Change-Id: Ifcd18452a62795f467af4b6d20302645dfc5aba0
  716ff078
May 12, 2023

Revert "Rely on logs instead to port forwarding in test" · 65008dc7

Liana Kazanova authored 1 year ago

This reverts commit 1833ed84.

Reason for revert: Potential culprit for b/282208865 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.

Change-Id: Iea8c31397c11c5cc6c8e8671f0320854c489246e

65008dc7

Rely on logs instead to port forwarding in test · 1833ed84

Shikha Panwar authored 1 year ago

adbConnectToMicrodroid is flaky, the port forwarding fails (although
infrequently). This is the only test that relies on port forwarding,
rest use the MicrodroidBuilder class or inspect logs.

Change the test to use logs to determine if microdroid was up and
running.

Ignore-AOSP-First: This is a bug fix in udc-dev, will merge upstream separately.
Test: Run atest #testBootSucceedsWhenNonProtectedVmStartsWithImagesSignedWithDifferentKey
Bug: 279838948
Change-Id: Idfbe9d992994b164d285f59ecbbb4dfddaf9a74d

1833ed84

May 11, 2023

Snap for 10113759 from 68980bee to udc-release · abe564a0
Android Build Coastguard Worker authored 1 year ago
```
Change-Id: Ie1d064815445d2a9c2088918c1999de0b734c42b
```
abe564a0

Use FrameAllocator rather than Heap for shared memory pool. · f171294e

Andrew Walbran authored 1 year ago

Heap uses an intrusive linked list to store metadata inside unallocated
memory. This could be modified by a malicious host to manipulate the
allocator, which we don't want.

Bug: 280644106
Test: m pvmfw
Change-Id: I75903084da8f4f2c12063b685d41aa1c8ee37da3
Merged-In: I75903084da8f4f2c12063b685d41aa1c8ee37da3

f171294e

pvmfw: Improve memory sharing with the host · fefc3750

Pierre-Clément Tosi authored 1 year ago

Instead of issuing memory sharing/unsharing HVCs every time alloc_shared
and dealloc_shared are called, introduce a MemorySharer object to share
pages from the global allocator on demand and keep them in a pool until
its destructor is called, at which point, it unshares all the regions
and returns them to the heap.

This allows the backends for memory sharing to be unified behind a
unique SHARED_POOL heap that is either populated by the MemorySharer on
pKVM or covers the statically shared region on Gunyah. On pKVM,
alloc_shared calls will only result in MEM_SHARE HVCs if SHARED_POOL
isn't already large enough to fulfill the request.

This also guarantees that all pages that have been been shared during
pvmfw execution have been unshared by the time the guest OS is entered,
even if an alloc_shared hasn't been matched with a dealloc_shared call.

By caching the granule size in the MemorySharer ctor, this removes the
need to issue a granule-discovery HVC every time memory is being shared
or unshared with the host.

Bug: 280644106
Test: atest MicrodroidHostTests
Change-Id: I3992e7c59ea79897e93bccc043d4438acbc0586c
Merged-In: I3992e7c59ea79897e93bccc043d4438acbc0586c

fefc3750

pvmfw: Stop confusing MEM_SHARE granule & DMA size · 7ba39397

Pierre-Clément Tosi authored 1 year ago

The VirtIO HAL assumes that shared allocations are aligned to a size
that is a multiple of the DMA alignment required by virtio devices. This
is wrong because 1. the allocator isn't forced to align the region it
returns to the memory granule (e.g. if 2 regions are requested that fit
in a single granule, it should be allowed to allocate only one granule)
and 2. nothing guarantees the granule to be a multiple of the DMA
alignment.

Therefore, modify the {de,}alloc_shared API to more closely follow
Rust-standard APIs (e.g. GlobalAllocator or LockedHeap) by taking a
Layout, allowing the caller to pass the alignment it requires.

Use that in the virtio_drivers HAL to request:

    - PAGE_SIZE-aligned regions for DMA;
    - size_of::<u128>()-aligned regions for bounce buffers

Keep the memory.rs code functionally unchanged for now, so that
allocations are still granule-aligned after this patch.

Bug: 280644106
Test: atest MicrodroidTests
Change-Id: I2b22e2095cde48e59e7303efeed1e3c09ee5ad5b
Merged-In: I2b22e2095cde48e59e7303efeed1e3c09ee5ad5b

7ba39397

pvmfw: virtio: Clean up hal.rs · 5c94426d

Pierre-Clément Tosi authored 1 year ago

Replace contains_range() with the RangeExt::is_within helper.

Turn the logging calls tracking VirtIO buffer management into trace!().

Move logging for allocation of shared memory to the allocators.

Avoid using as when casting pointers and use methods instead; in
particular, explicitly const_cast the source of a copy_nonoverlapping.

Make the logs for copying to/from bounce buffers easier to grep/parse.

Minimize scope of unsafe blocks, add missing SAFETY comments, and
clarify that HalImpl methods safety requirements are documented in the
trait.

Add copyright header and module docstring.

Bug: 280644106
Test: atest MicrodroidTests
Change-Id: I1b4daade70f5f43b6bc0f222568fbaaa29edf27f
Merged-In: I1b4daade70f5f43b6bc0f222568fbaaa29edf27f

5c94426d

[virtio] Mark virtio_drivers::Hal implementation as unsafe · 9f37a454

Alice Wang authored 1 year ago

As required by virtio_drivers v0.4.0.

Bug: 274732281
Test: m pvmfw_img && atest vmbase_example.integration_test
Change-Id: Ie30fae6962bbe6af2e711b9bb7c475df4a9f9c7b
Merged-In: Ie30fae6962bbe6af2e711b9bb7c475df4a9f9c7b

9f37a454

May 10, 2023
- Snap for 10106040 from 288a5d9e to udc-release · 1b8841fa
  Android Build Coastguard Worker authored 1 year ago
  
  Change-Id: Id4a750c5f92ab97a18a65efc30aaea31ff0f8241
  1b8841fa
May 09, 2023

libs: libfdt: Fix Fdt::header() using bad pointer · 68980bee

Pierre-Clément Tosi authored 1 year ago

Fix a bug where a reference to the DT was erroneously obtained through
&self (instead of self) which was causing Fdt::totalsize() to return a
wrong value (probably read from the stack where &self pointed to), in
turn making Fdt::as_slice() return the wrong region of memory. This UB
seems to have consistently resulted in fdt.totalsize() == 0 i.e.
fdt.as_slice() == &[] and has gone unnoticed until now.

Avoid casting pointers with as in as_{mut_,}ptr().

Bug: 280425124
Test: atest MicrodroidHostTests
Change-Id: Ie31f6c6f19e756ee843d1fd2f11f106590e99395
Merged-In: Ie31f6c6f19e756ee843d1fd2f11f106590e99395

68980bee

pvmfw: Remove unnecessary flush of the guest DT · 99a3d1f2

Pierre-Clément Tosi authored 1 year ago

There is not need to flush it manually now that MemoryTracker flushes
R/W memory when dropped.

Note: This flush() had no effect due to a bug in Fdt::header() causing
      fdt.as_slice() == &[].

Bug: 280425124
Test: atest MicrodroidHostTests
Change-Id: I56678bd0535217a0c246f480c94685378ac7ec59
Merged-In: I56678bd0535217a0c246f480c94685378ac7ec59

99a3d1f2

pvmfw: apply_debug_policy: Backup DT before unpacking · 1c9b08f1

Pierre-Clément Tosi authored 1 year ago

As the DT needs to be backed-up before applying the overlay due to
fdt_apply_overlay corrupting its inputs on failure, do so before
unpacking it, reducing the amount of memory needed by the backup Vec
from the maximum size that the DT could occupy (here, 2MiB) to the
actual size that the DT has (here, a few KiB).

Note: This wasn't detected previously due to a bug in Fdt::header()
      causing fdt.as_slice() == &[] but will be required once the bug is
      fixed as pvmfw's HEAP can't hold a 2MiB slice.

Bug: 280425124
Test: atest MicrodroidHostTests
Change-Id: Ic6e651a73c4fb97e4bf97c32edc0b327b6cd1def
Merged-In: Ic6e651a73c4fb97e4bf97c32edc0b327b6cd1def

1c9b08f1

pvmfw: Resize stack region to 8 pages · 288a5d9e

Pierre-Clément Tosi authored 1 year ago

Reduce the number of pages required (which seems to be 4-5 on a normal
boot) to reduce the work when mapping, unmapping, and clearing the
region.

Bug: 270684188
Test: atest MicrodroidHostTests
Change-Id: I626aea440b92c2462f7ca3c761fb66b51a596741
Merged-In: I626aea440b92c2462f7ca3c761fb66b51a596741

288a5d9e

pvmfw: apply_debug_policy: Improve failure path · afdd73c0

Pierre-Clément Tosi authored 1 year ago

As the function already makes an internal backup of the debug_policy,
turn the parameter into a shareable reference and pass the backup to
fdt_apply_overlay instead of the original DTBO. This removes the need to
do any work to restore the overlay on failure.

Avoid confusing logs such as

    [ERROR] Failed to apply debug policy: The requested node or property does not exist. Recovering...
    [INFO] Debug policy applied.

by returning a bool letting the caller know if DP was properly applied.

Report failure to apply DP as warnings instead of info! or error!.

Bug: 280425124
Test: atest MicrodroidHostTests
Change-Id: Ib5979b07c7978edd94dd90537faefebd25620b19
Merged-In: Ib5979b07c7978edd94dd90537faefebd25620b19

afdd73c0

vmbase: Handle stack overflows · bfe48312

Pierre-Clément Tosi authored 1 year ago

Allocate the first page of the writable_data region for a stack to be
used by the exception handlers so that faults caused by accesses to the
SP from the main thread can be handled. As fault handlers push the
register file to the stack on entry, we would previously enter an
exception loop on stack overflow.

This works by reserving SP_EL0 for the "main" thread and relying on
current_exception_sp0 (from exceptions.S) switching to SP_EL1 when
taking an exception. SP_EL1 is first initialized to the bottom of the
newly allocated page while SP_EL0 is initialized to the value previously
used (note that SP_EL0 was previously unused).

Use the linker script to ensure that there is always at least one full
page between the end of .bss and the top (i.e. smallest address) of the
stack, in order to guarantee a permission fault on stack overflow, if
the MMU has been set properly.

Rely on the fact that the page preceding the page containing the EH
stack isn't mapped R/W to catch EH stack overflows (which would still
end up in an exception loop).

Bug: 279209532
Test: atest MicrodroidTests
Change-Id: Ie5a8dc06348bfb7db2742b1affec4d162d8b538c
Merged-In: Ie5a8dc06348bfb7db2742b1affec4d162d8b538c

bfe48312

Add BCC truncating · dec58e9a

Alan Stokes authored 1 year ago

"Truncate" the received BCC by removing the entire chain we receive
and peforming a non-DICE derivation on the CDIs. This is to ensure
that we don't provide access to a UDS-rooted BCC, since that might be
what we received. This needs to be removed once we have a reliable way
to distinguish a VM BCC from a non-VM one.

Fixed a test whose assumption is no longer true.

Bug: 266172411
Test: atest ComposHostTestCases (this validates the CompOS BCC)
Test: atest MicrodroidTests
Change-Id: I288f4ed8e108c81ab46f8ce2c94a9336855422c8
Merged-In: I288f4ed8e108c81ab46f8ce2c94a9336855422c8

dec58e9a

vmbase: Move stack to end of writable_data · 150ebc90

Pierre-Clément Tosi authored 1 year ago

Instead of imposing an arbitrary size for the stack, allows clients to
query a validated address range of a given size with boot_stack_range(),
which places the stack at the largest address possible, extending
downwards (common on AArch64).

Keep allocating 40 pages of stack in vmbase_example, rialto, and pvmfw.

Bug: 279209532
Bug: 270684188
Test: atest vmbase_example.integration_test
Test: atest rialto_test
Test: atest MicrodroidTests
Change-Id: If205ccd4fa408e32e5533b880a85f4cccbd3f005
Merged-In: If205ccd4fa408e32e5533b880a85f4cccbd3f005

150ebc90

Add BCC checking · c5e5fa3d

Alan Stokes authored 1 year ago

Check whether any stage in the received BCC is marked as debug. If
not, refuse to apply any debug policy we receive. (The bootloader
shouldn't pass one in this case, this is just to make sure we catch
any mistake here.)

In passing fix the lifetime of the config descriptor buffer
(b/280617929).

Bug: 275424867
Test: atest MicrodroidTests
Change-Id: I507fedee9e21e8cbda60044a4e0324e0d6530b00
Merged-In: I507fedee9e21e8cbda60044a4e0324e0d6530b00

c5e5fa3d

Revert "Disallow UDS-rooted BCC" · 6394b67e

Alan Stokes authored 1 year ago

This reverts commit 7e6a933d.

Reason for revert: We now truncate the received BCC in pvmfw, so this restriction is not needed.
Bug: 266172411

Change-Id: I1c294862352a93c74153627ac9a6812e80e90da7
Merged-In: I1c294862352a93c74153627ac9a6812e80e90da7

6394b67e

pvmfw: Zero all scratch memory before guest runs · 68533613

Pierre-Clément Tosi authored 1 year ago

Zero any memory that could still hold secrets before executing the guest
OS, to reduce as much as possible the risk of leaking them.

Note that this only covers memory that can't be zeroed from high-level
compiled code (i.e. the .bss and .data sections and stack regions) and
doesn't zero the received configuration data, which contains the
BccHandover holding the secret CDIs as that is (and must still be)
zeroed from Rust.

Furthermore, no other region is flushed so data such as the DT or BCC
that must be made available to the guest OS (even if it doesn't
immediately re-enable the MMU) should still be flushed from Rust.

Remove unnecessary ISB in jump_to_payload().

Bug: 270684188
Test: atest MicrodroidHostTests
Change-Id: I8e923a468d1826c00ce1d0b07e1a91f5d2909f99
Merged-In: I8e923a468d1826c00ce1d0b07e1a91f5d2909f99

68533613

Add Ciborium to pvmfw · 19f30a18

Alan Stokes authored 1 year ago

Import Ciborium to enable us to validate & manipulate the BCC CBOR.

Initially we do very minimal verification, just to prove that we can
call into the crate.

Bug: 266172411
Test: atest MicrodroidTests
Change-Id: Iaa78f9fc4f9b5c32e26c54eafc45bf5b29046f1e
Merged-In: Iaa78f9fc4f9b5c32e26c54eafc45bf5b29046f1e

19f30a18

vmbase: Map .bss, .data, & stack separately · 7e641025

Pierre-Clément Tosi authored 1 year ago

Map the "scratch" (.data & .bss) and stack regions separately to allow
them to be placed in non-contiguous regions.

Note: No functional change intended.

Bug: 270684188
Bug: 279209532
Test: atest vmbase_example.integration_test
Test: atest rialto_test
Test: atest MicrodroidTests
Change-Id: I6c3f8e4957e39e1c966a219149b253360782ba8e
Merged-In: I6c3f8e4957e39e1c966a219149b253360782ba8e

7e641025

vmbase: Introduce linker_{addr,region}! macros · 2192551b

Pierre-Clément Tosi authored 1 year ago

Deduplicate the code by introducing these local macros.

Bug: 270684188
Bug: 279209532
Test: atest vmbase_example.integration_test
Change-Id: I8cd4685bda96524e85cf4b45a65b0cdf20bdb74b
Merged-In: I8cd4685bda96524e85cf4b45a65b0cdf20bdb74b

2192551b

rialto: Get memory regions from vmbase::layout · 8dfd5904

Pierre-Clément Tosi authored 1 year ago

The regions are already exposed by vmbase so use those instead.

Note: No functional change intended.

Bug: 270684188
Bug: 279209532
Test: atest rialto_test
Change-Id: I6c89521167a5db5db7e80994df023d429e5ea3cb
Merged-In: I6c89521167a5db5db7e80994df023d429e5ea3cb

8dfd5904

[hypervisor] Gunyah support · 79a89585

Srivatsa Vaddagiri authored 1 year ago

Extend support for Gunyah hypervisor.

Test: Booted protected VM on Gunyah hypervisor.
Bug: 271493784
Change-Id: I32d59ac35f884327b5ddab5ab9a8b71f17530007
Merged-In: I32d59ac35f884327b5ddab5ab9a8b71f17530007

79a89585

[pvmfw] Use separate heap for shared memory · 44029169

Srivatsa Vaddagiri authored 1 year ago

Use a separate heap for shared memory allocation on platforms such as
Gunyah, that do not support an API for guest to share its memory with
host at runtime. The separate heap is initialized from the memory
range indicated in swiotlb node's reg property.

Test: m pvmfw_img
Bug: 271493784
Change-Id: I784626c27024f647672abcb4e844903e6dc7be70
Merged-In: I784626c27024f647672abcb4e844903e6dc7be70

44029169

[hypervisor] Add capabilities · d43576a9

Srivatsa Vaddagiri authored 1 year ago

Allow hypervisor backends to advertize their capabilities such as
dynamic memory sharing with host OS.

Test: m pvmfw_img
Bug: 271493784
Change-Id: Id2d755d790254814538ae6e12efb654bb091975c
Merged-In: Id2d755d790254814538ae6e12efb654bb091975c

d43576a9