Merge "Use select() in build/Android.bp and guest/kernel/" into main
diff --git a/android/VmLauncherApp/java/com/android/virtualization/vmlauncher/MainActivity.java b/android/VmLauncherApp/java/com/android/virtualization/vmlauncher/MainActivity.java
index 9004c07..d837c04 100644
--- a/android/VmLauncherApp/java/com/android/virtualization/vmlauncher/MainActivity.java
+++ b/android/VmLauncherApp/java/com/android/virtualization/vmlauncher/MainActivity.java
@@ -46,6 +46,7 @@
import android.util.Log;
import android.view.InputDevice;
import android.view.KeyEvent;
+import android.view.SurfaceControl;
import android.view.SurfaceHolder;
import android.view.SurfaceView;
import android.view.View;
@@ -497,7 +498,11 @@
if (mCursorHandler != null) {
mCursorHandler.interrupt();
}
- mCursorHandler = new CursorHandler(cursorSurfaceView, pfds[0]);
+ mCursorHandler =
+ new CursorHandler(
+ surfaceView.getSurfaceControl(),
+ cursorSurfaceView.getSurfaceControl(),
+ pfds[0]);
mCursorHandler.start();
runWithDisplayService(
(service) -> service.setCursorStream(pfds[1]));
@@ -763,12 +768,16 @@
}
static class CursorHandler extends Thread {
- private final SurfaceView mSurfaceView;
+ private final SurfaceControl mCursor;
private final ParcelFileDescriptor mStream;
+ private final SurfaceControl.Transaction mTransaction;
- CursorHandler(SurfaceView s, ParcelFileDescriptor stream) {
- mSurfaceView = s;
+ CursorHandler(SurfaceControl main, SurfaceControl cursor, ParcelFileDescriptor stream) {
+ mCursor = cursor;
mStream = stream;
+ mTransaction = new SurfaceControl.Transaction();
+
+ mTransaction.reparent(cursor, main).apply();
}
@Override
@@ -795,11 +804,7 @@
}
float x = (float) (byteBuffer.getInt() & 0xFFFFFFFF);
float y = (float) (byteBuffer.getInt() & 0xFFFFFFFF);
- mSurfaceView.post(
- () -> {
- mSurfaceView.setTranslationX(x);
- mSurfaceView.setTranslationY(y);
- });
+ mTransaction.setPosition(mCursor, x, y).apply();
}
} catch (IOException e) {
Log.e(TAG, "failed to run CursorHandler", e);
diff --git a/docs/vm_remote_attestation.md b/docs/vm_remote_attestation.md
index 6dab37a..79f44b9 100644
--- a/docs/vm_remote_attestation.md
+++ b/docs/vm_remote_attestation.md
@@ -105,7 +105,11 @@
set to true only when all the DICE certificates in the pVM DICE chain are in
normal mode.
- The `vmComponents` field contains a list of all the APKs and apexes loaded
- by the pVM.
+ by the pVM. These components are extracted from the config descriptor of the
+ last DiceChainEntry of the pVM DICE chain. Refer to
+ [dice_for_avf_guest.cddl][dice_for_avf_guest_cddl] for more information.
+
+[dice_for_avf_guest_cddl]: https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/Virtualization/dice_for_avf_guest.cddl
## To Support It
diff --git a/libs/libvmbase/src/memory/page_table.rs b/libs/libvmbase/src/memory/page_table.rs
index dc346e7..62b52ae 100644
--- a/libs/libvmbase/src/memory/page_table.rs
+++ b/libs/libvmbase/src/memory/page_table.rs
@@ -16,23 +16,29 @@
use crate::read_sysreg;
use aarch64_paging::idmap::IdMap;
-use aarch64_paging::paging::{Attributes, Constraints, Descriptor, MemoryRegion};
+use aarch64_paging::paging::{
+ Attributes, Constraints, Descriptor, MemoryRegion, TranslationRegime,
+};
use aarch64_paging::MapError;
use core::result;
/// Software bit used to indicate a device that should be lazily mapped.
pub(super) const MMIO_LAZY_MAP_FLAG: Attributes = Attributes::SWFLAG_0;
-// We assume that:
-// - MAIR_EL1.Attr0 = "Device-nGnRE memory" (0b0000_0100)
-// - MAIR_EL1.Attr1 = "Normal memory, Outer & Inner WB Non-transient, R/W-Allocate" (0b1111_1111)
+/// We assume that MAIR_EL1.Attr0 = "Device-nGnRE memory" (0b0000_0100)
+const DEVICE_NGNRE: Attributes = Attributes::ATTRIBUTE_INDEX_0;
+
+/// We assume that MAIR_EL1.Attr1 = "Normal memory, Outer & Inner WB Non-transient, R/W-Allocate"
+/// (0b1111_1111)
+const NORMAL: Attributes = Attributes::ATTRIBUTE_INDEX_1.union(Attributes::INNER_SHAREABLE);
+
const MEMORY: Attributes =
- Attributes::VALID.union(Attributes::NORMAL).union(Attributes::NON_GLOBAL);
+ Attributes::VALID.union(NORMAL).union(Attributes::NON_GLOBAL).union(Attributes::ACCESSED);
const DEVICE_LAZY: Attributes =
- MMIO_LAZY_MAP_FLAG.union(Attributes::DEVICE_NGNRE).union(Attributes::EXECUTE_NEVER);
+ MMIO_LAZY_MAP_FLAG.union(DEVICE_NGNRE).union(Attributes::UXN).union(Attributes::ACCESSED);
const DEVICE: Attributes = DEVICE_LAZY.union(Attributes::VALID);
const CODE: Attributes = MEMORY.union(Attributes::READ_ONLY);
-const DATA: Attributes = MEMORY.union(Attributes::EXECUTE_NEVER);
+const DATA: Attributes = MEMORY.union(Attributes::UXN);
const RODATA: Attributes = DATA.union(Attributes::READ_ONLY);
const DATA_DBM: Attributes = RODATA.union(Attributes::DBM);
@@ -64,7 +70,7 @@
assert_eq!((tcr_el1 >> TCR_EL1_TG0_SHIFT) & TCR_EL1_TG0_MASK, TCR_EL1_TG0_SIZE_4KB);
assert_eq!((tcr_el1 >> TCR_EL1_T0SZ_SHIFT) & TCR_EL1_T0SZ_MASK, TCR_EL1_T0SZ_39_VA_BITS);
- IdMap::new(Self::ASID, Self::ROOT_LEVEL).into()
+ IdMap::new(Self::ASID, Self::ROOT_LEVEL, TranslationRegime::El1And0).into()
}
}
diff --git a/tests/vm_accessor/accessor/Android.bp b/tests/vm_accessor/accessor/Android.bp
index d9d1026..7c0ee6d 100644
--- a/tests/vm_accessor/accessor/Android.bp
+++ b/tests/vm_accessor/accessor/Android.bp
@@ -21,11 +21,11 @@
"libenv_logger",
"libglob",
"libhypervisor_props",
- "liblibc",
"liblog_rust",
"libmicrodroid_payload_config",
"librand",
"libvmconfig",
"libvmclient",
+ "libnix",
],
}
diff --git a/tests/vm_accessor/accessor/src/run.rs b/tests/vm_accessor/accessor/src/run.rs
index 03aa80d..932baab 100644
--- a/tests/vm_accessor/accessor/src/run.rs
+++ b/tests/vm_accessor/accessor/src/run.rs
@@ -26,11 +26,10 @@
use glob::glob;
use log::{error, info};
use rand::{distributions::Alphanumeric, Rng};
-use std::fs;
-use std::fs::File;
-use std::io;
-use std::os::unix::io::{AsRawFd, FromRawFd};
+use std::fs::{self, File};
+use std::io::{self, BufRead, BufReader};
use std::path::PathBuf;
+use std::thread;
use vmclient::{ErrorCode, VmInstance};
use vmconfig::open_parcel_file;
@@ -126,9 +125,9 @@
let vm = VmInstance::create(
service.as_ref(),
&vm_config,
- Some(duplicate_fd(io::stdout())?), /* console_out */
- None, /* console_in */
- Some(duplicate_fd(io::stdout())?), /* log */
+ Some(android_log_fd()?), /* console_out */
+ None, /* console_in */
+ Some(android_log_fd()?), /* log */
Some(Box::new(Callback {})),
)
.context("Failed to create VM")?;
@@ -159,17 +158,24 @@
}
}
-/// Safely duplicate the file descriptor.
-fn duplicate_fd<T: AsRawFd>(file: T) -> io::Result<File> {
- let fd = file.as_raw_fd();
- // SAFETY: This just duplicates a file descriptor which we know to be valid, and we check for an
- // an error.
- let dup_fd = unsafe { libc::dup(fd) };
- if dup_fd < 0 {
- Err(io::Error::last_os_error())
- } else {
- // SAFETY: We have just duplicated the file descriptor so we own it, and `from_raw_fd` takes
- // ownership of it.
- Ok(unsafe { File::from_raw_fd(dup_fd) })
- }
+/// This function is only exposed for testing.
+/// Production code prefer not expose logs from VM.
+fn android_log_fd() -> io::Result<File> {
+ let (reader_fd, writer_fd) = nix::unistd::pipe()?;
+
+ let reader = File::from(reader_fd);
+ let writer = File::from(writer_fd);
+
+ thread::spawn(|| {
+ for line in BufReader::new(reader).lines() {
+ match line {
+ Ok(l) => info!("{}", l),
+ Err(e) => {
+ error!("Failed to read line from VM: {e:?}");
+ break;
+ }
+ }
+ }
+ });
+ Ok(writer)
}