• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..--

aarch64/23-Nov-2023-1,161918

acpi_tables/23-Nov-2023-2,2771,665

arch/23-Nov-2023-2,3811,886

assertions/23-Nov-2023-13470

base/23-Nov-2023-1,177856

bin/23-Nov-2023-332202

bit_field/23-Nov-2023-1,401895

ci/23-Nov-2023-1,9031,358

cros_async/23-Nov-2023-8,8095,996

crosvm_plugin/23-Nov-2023-2,9412,185

cuttlefish/23-Nov-2023-4327

data_model/23-Nov-2023-1,273749

devices/23-Nov-2023-53,28242,607

disk/23-Nov-2023-5,1504,307

docs/23-Nov-2023-11270

enumn/23-Nov-2023-343215

fuse/23-Nov-2023-4,7833,267

fuzz/23-Nov-2023-403289

gpu_display/23-Nov-2023-8,4657,530

hypervisor/23-Nov-2023-4,6353,508

integration_tests/23-Nov-2023-655439

io_uring/23-Nov-2023-2,2111,779

kernel_cmdline/23-Nov-2023-292227

kernel_loader/23-Nov-2023-698617

kvm/23-Nov-2023-2,7452,104

kvm_sys/23-Nov-2023-19,66719,585

libcrosvm_control/23-Nov-2023-482376

linux_input_sys/23-Nov-2023-267228

net_sys/23-Nov-2023-2,9512,890

net_util/23-Nov-2023-825606

power_monitor/23-Nov-2023-429340

protos/23-Nov-2023-767597

qcow_utils/23-Nov-2023-498392

rand_ish/23-Nov-2023-136103

resources/23-Nov-2023-1,009788

rutabaga_gfx/23-Nov-2023-6,0404,704

seccomp/23-Nov-2023-3,1412,756

src/23-Nov-2023-9,9698,491

sync/23-Nov-2023-265151

sys_util/23-Nov-2023-11,9038,148

syscall_defines/23-Nov-2023-1,6541,610

tempfile/23-Nov-2023-328219

tests/23-Nov-2023-3,4612,707

tpm2/23-Nov-2023-25282

tpm2-sys/23-Nov-2023-10176

usb_sys/23-Nov-2023-316275

usb_util/23-Nov-2023-1,5501,210

vfio_sys/23-Nov-2023-745709

vhost/23-Nov-2023-797587

virtio_sys/23-Nov-2023-2,3222,280

vm_control/23-Nov-2023-1,5581,299

vm_memory/23-Nov-2023-1,184736

x86_64/23-Nov-2023-5,7384,852

.dockerignoreD23-Nov-202330 54

.gitignoreD23-Nov-2023107 1110

.gitmodulesD23-Nov-2023125 43

.rustfmt.tomlD23-Nov-202374 43

Android.bpD23-Nov-202310.9 KiB453436

CONTRIBUTING.mdD23-Nov-20232.5 KiB6748

Cargo.lockD23-Nov-202323.5 KiB1,2901,161

Cargo.tomlD23-Nov-20233.4 KiB123111

LICENSED23-Nov-20231.5 KiB2827

METADATAD23-Nov-202339 43

OWNERSD23-Nov-202394 65

PRESUBMIT.cfgD23-Nov-2023123 75

README.mdD23-Nov-202311.5 KiB291214

all2android.shD23-Nov-2023963 4127

navbar.mdD23-Nov-2023174 96

run_testsD23-Nov-20232.9 KiB9478

rust-toolchainD23-Nov-20237 21

test_allD23-Nov-2023304 102

unblocked_terms.txtD23-Nov-2023498 3634

README.md

1# crosvm - The Chrome OS Virtual Machine Monitor
2
3This component, known as crosvm, runs untrusted operating systems along with
4virtualized devices. This only runs VMs through the Linux's KVM interface. What
5makes crosvm unique is a focus on safety within the programming language and a
6sandbox around the virtual devices to protect the kernel from attack in case of
7an exploit in the devices.
8
9## IRC
10
11The channel #crosvm on [freenode](https://webchat.freenode.net/#crosvm) is used
12for technical discussion related to crosvm development and integration.
13
14## Getting started
15
16### Building for CrOS
17
18crosvm on Chromium OS is built with Portage, so it follows the same general
19workflow as any `cros_workon` package. The full package name is
20`chromeos-base/crosvm`.
21
22See the [Chromium OS developer guide] for more on how to build and deploy with
23Portage.
24
25[Chromium OS developer guide]: https://chromium.googlesource.com/chromiumos/docs/+/HEAD/developer_guide.md
26
27### Building with Docker
28
29See the [README](ci/README.md) from the `ci` subdirectory to learn how
30to build and test crosvm in enviroments outside of the Chrome OS chroot.
31
32### Building for Linux
33
34>**NOTE:** Building for Linux natively is new and not fully supported.
35
36First, [set up depot_tools] and use `repo` to sync down the crosvm source
37tree. This is a subset of the entire Chromium OS manifest with just enough repos
38to build crosvm.
39
40```sh
41mkdir crosvm
42cd crosvm
43repo init -g crosvm -u https://chromium.googlesource.com/chromiumos/manifest.git --repo-url=https://chromium.googlesource.com/external/repo.git
44repo sync
45```
46
47A basic crosvm build links against `libcap`. On a Debian-based system,
48you can install `libcap-dev`.
49
50Handy Debian one-liner for all build and runtime deps, particularly if you're
51running Crostini:
52```sh
53sudo apt install build-essential libcap-dev libgbm-dev libvirglrenderer-dev libwayland-bin libwayland-dev pkg-config protobuf-compiler python wayland-protocols
54```
55
56Known issues:
57*   Seccomp policy files have hardcoded absolute paths. You can either fix up
58    the paths locally, or set up an awesome hacky symlink: `sudo mkdir
59    /usr/share/policy && sudo ln -s /path/to/crosvm/seccomp/x86_64
60    /usr/share/policy/crosvm`. We'll eventually build the precompiled
61    policies [into the crosvm binary](http://crbug.com/1052126).
62*   Devices can't be jailed if `/var/empty` doesn't exist. `sudo mkdir -p
63    /var/empty` to work around this for now.
64*   You need read/write permissions for `/dev/kvm` to run tests or other crosvm
65    instances. Usually it's owned by the `kvm` group, so `sudo usermod -a -G kvm
66    $USER` and then log out and back in again to fix this.
67*   Some other features (networking) require `CAP_NET_ADMIN` so those usually
68    need to be run as root.
69
70And that's it! You should be able to `cargo build/run/test`.
71
72[set up depot_tools]: https://commondatastorage.googleapis.com/chrome-infra-docs/flat/depot_tools/docs/html/depot_tools_tutorial.html#_setting_up
73
74## Usage
75
76To see the usage information for your version of crosvm, run `crosvm` or `crosvm
77run --help`.
78
79### Boot a Kernel
80
81To run a very basic VM with just a kernel and default devices:
82
83```bash
84$ crosvm run "${KERNEL_PATH}"
85```
86
87The uncompressed kernel image, also known as vmlinux, can be found in your kernel
88build directory in the case of x86 at `arch/x86/boot/compressed/vmlinux`.
89
90### Rootfs
91
92#### With a disk image
93
94In most cases, you will want to give the VM a virtual block device to use as a
95root file system:
96
97```bash
98$ crosvm run -r "${ROOT_IMAGE}" "${KERNEL_PATH}"
99```
100
101The root image must be a path to a disk image formatted in a way that the kernel
102can read. Typically this is a squashfs image made with `mksquashfs` or an ext4
103image made with `mkfs.ext4`. By using the `-r` argument, the kernel is
104automatically told to use that image as the root, and therefore can only be
105given once. More disks can be given with `-d` or `--rwdisk` if a writable disk
106is desired.
107
108To run crosvm with a writable rootfs:
109
110>**WARNING:** Writable disks are at risk of corruption by a malicious or
111malfunctioning guest OS.
112```bash
113crosvm run --rwdisk "${ROOT_IMAGE}" -p "root=/dev/vda" vmlinux
114```
115>**NOTE:** If more disks arguments are added prior to the desired rootfs image,
116the `root=/dev/vda` must be adjusted to the appropriate letter.
117
118#### With virtiofs
119
120Linux kernel 5.4+ is required for using virtiofs. This is convenient for testing.
121The file system must be named "mtd*" or "ubi*".
122
123```bash
124crosvm run --shared-dir "/:mtdfake:type=fs:cache=always" \
125    -p "rootfstype=virtiofs root=mtdfake" vmlinux
126```
127
128### Control Socket
129
130If the control socket was enabled with `-s`, the main process can be controlled
131while crosvm is running. To tell crosvm to stop and exit, for example:
132
133>**NOTE:** If the socket path given is for a directory, a socket name underneath
134that path will be generated based on crosvm's PID.
135```bash
136$ crosvm run -s /run/crosvm.sock ${USUAL_CROSVM_ARGS}
137    <in another shell>
138$ crosvm stop /run/crosvm.sock
139```
140>**WARNING:** The guest OS will not be notified or gracefully shutdown.
141
142This will cause the original crosvm process to exit in an orderly fashion,
143allowing it to clean up any OS resources that might have stuck around if crosvm
144were terminated early.
145
146### Multiprocess Mode
147
148By default crosvm runs in multiprocess mode. Each device that supports running
149inside of a sandbox will run in a jailed child process of crosvm. The
150appropriate minijail seccomp policy files must be present either in
151`/usr/share/policy/crosvm` or in the path specified by the
152`--seccomp-policy-dir` argument. The sandbox can be disabled for testing with
153the `--disable-sandbox` option.
154
155### Virtio Wayland
156
157Virtio Wayland support requires special support on the part of the guest and as
158such is unlikely to work out of the box unless you are using a Chrome OS kernel
159along with a `termina` rootfs.
160
161To use it, ensure that the `XDG_RUNTIME_DIR` enviroment variable is set and that
162the path `$XDG_RUNTIME_DIR/wayland-0` points to the socket of the Wayland
163compositor you would like the guest to use.
164
165### GDB Support
166
167crosvm supports [GDB Remote Serial Protocol] to allow developers to debug guest
168kernel via GDB.
169
170You can enable the feature by `--gdb` flag:
171
172```sh
173# Use uncompressed vmlinux
174$ crosvm run --gdb <port> ${USUAL_CROSVM_ARGS} vmlinux
175```
176
177Then, you can start GDB in another shell.
178
179```sh
180$ gdb vmlinux
181(gdb) target remote :<port>
182(gdb) hbreak start_kernel
183(gdb) c
184<start booting in the other shell>
185```
186
187For general techniques for debugging the Linux kernel via GDB, see this
188[kernel documentation].
189
190[GDB Remote Serial Protocol]: https://sourceware.org/gdb/onlinedocs/gdb/Remote-Protocol.html
191[kernel documentation]: https://www.kernel.org/doc/html/latest/dev-tools/gdb-kernel-debugging.html
192
193## Defaults
194
195The following are crosvm's default arguments and how to override them.
196
197* 256MB of memory (set with `-m`)
198* 1 virtual CPU (set with `-c`)
199* no block devices (set with `-r`, `-d`, or `--rwdisk`)
200* no network (set with `--host_ip`, `--netmask`, and `--mac`)
201* virtio wayland support if `XDG_RUNTIME_DIR` enviroment variable is set (disable with `--no-wl`)
202* only the kernel arguments necessary to run with the supported devices (add more with `-p`)
203* run in multiprocess mode (run in single process mode with `--disable-sandbox`)
204* no control socket (set with `-s`)
205
206## System Requirements
207
208A Linux kernel with KVM support (check for `/dev/kvm`) is required to run
209crosvm. In order to run certain devices, there are additional system
210requirements:
211
212* `virtio-wayland` - The `memfd_create` syscall, introduced in Linux 3.17, and a Wayland compositor.
213* `vsock` - Host Linux kernel with vhost-vsock support, introduced in Linux 4.8.
214* `multiprocess` - Host Linux kernel with seccomp-bpf and Linux namespacing support.
215* `virtio-net` - Host Linux kernel with TUN/TAP support (check for `/dev/net/tun`) and running with `CAP_NET_ADMIN` privileges.
216
217## Emulated Devices
218
219| Device           | Description                                                                        |
220|------------------|------------------------------------------------------------------------------------|
221| `CMOS/RTC`       | Used to get the current calendar time.                                             |
222| `i8042`          | Used by the guest kernel to exit crosvm.                                           |
223| `serial`         | x86 I/O port driven serial devices that print to stdout and take input from stdin. |
224| `virtio-block`   | Basic read/write block device.                                                     |
225| `virtio-net`     | Device to interface the host and guest networks.                                   |
226| `virtio-rng`     | Entropy source used to seed guest OS's entropy pool.                               |
227| `virtio-vsock`   | Enabled VSOCKs for the guests.                                                     |
228| `virtio-wayland` | Allowed guest to use host Wayland socket.                                          |
229
230## Contributing
231
232### Code Health
233
234#### `test_all`
235
236Crosvm provides docker containers to build and run tests for both x86_64 and
237aarch64, which can be run with the `./test_all` script.
238See `ci/README.md` for more details on how to use the containers for local
239development.
240
241#### `rustfmt`
242
243All code should be formatted with `rustfmt`. We have a script that applies
244rustfmt to all Rust code in the crosvm repo: please run `bin/fmt` before
245checking in a change. This is different from `cargo fmt --all` which formats
246multiple crates but a single workspace only; crosvm consists of multiple
247workspaces.
248
249#### `clippy`
250
251The `clippy` linter is used to check for common Rust problems.  The crosvm
252project uses a specific set of `clippy` checks; please run `bin/clippy` before
253checking in a change.
254
255#### Dependencies
256
257With a few exceptions, external dependencies inside of the `Cargo.toml` files
258are not allowed. The reason being that community made crates tend to explode the
259binary size by including dozens of transitive dependencies. All these
260dependencies also must be reviewed to ensure their suitability to the crosvm
261project. Currently allowed crates are:
262
263* `cc` - Build time dependency needed to build C source code used in crosvm.
264* `libc` - Required to use the standard library, this crate is a simple wrapper around `libc`'s symbols.
265
266### Code Overview
267
268The crosvm source code is written in Rust and C. To build, crosvm generally
269requires the most recent stable version of rustc.
270
271Source code is organized into crates, each with their own unit tests. These
272crates are:
273
274* `crosvm` - The top-level binary front-end for using crosvm.
275* `devices` - Virtual devices exposed to the guest OS.
276* `kernel_loader` - Loads elf64 kernel files to a slice of memory.
277* `kvm_sys` - Low-level (mostly) auto-generated structures and constants for using KVM.
278* `kvm` - Unsafe, low-level wrapper code for using `kvm_sys`.
279* `net_sys` - Low-level (mostly) auto-generated structures and constants for creating TUN/TAP devices.
280* `net_util` - Wrapper for creating TUN/TAP devices.
281* `sys_util` - Mostly safe wrappers for small system facilities such as `eventfd` or `syslog`.
282* `syscall_defines` - Lists of syscall numbers in each architecture used to make syscalls not supported in `libc`.
283* `vhost` - Wrappers for creating vhost based devices.
284* `virtio_sys` - Low-level (mostly) auto-generated structures and constants for interfacing with kernel vhost support.
285* `vm_control` - IPC for the VM.
286* `x86_64` - Support code specific to 64 bit intel machines.
287
288The `seccomp` folder contains minijail seccomp policy files for each sandboxed
289device. Because some syscalls vary by architecture, the seccomp policies are
290split by architecture.
291