Merge "Revert "Skeleton for IVmTethering service"" into main
diff --git a/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java b/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
index ef6a2fc..1e0f6c6 100644
--- a/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
+++ b/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
@@ -102,6 +102,7 @@
private static final String KEY_OS = "os";
private static final String KEY_EXTRA_APKS = "extraApks";
private static final String KEY_NETWORK_SUPPORTED = "networkSupported";
+ private static final String KEY_SHOULD_BOOST_UCLAMP = "shouldBoostUclamp";
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -212,6 +213,8 @@
/** Whether to run the VM with supporting network feature or not. */
private final boolean mNetworkSupported;
+ private final boolean mShouldBoostUclamp;
+
@Retention(RetentionPolicy.SOURCE)
@StringDef(
prefix = "MICRODROID",
@@ -247,7 +250,8 @@
boolean connectVmConsole,
@Nullable File vendorDiskImage,
@NonNull @OsName String os,
- boolean networkSupported) {
+ boolean networkSupported,
+ boolean shouldBoostUclamp) {
// This is only called from Builder.build(); the builder handles parameter validation.
mPackageName = packageName;
mApkPath = apkPath;
@@ -271,6 +275,7 @@
mVendorDiskImage = vendorDiskImage;
mOs = os;
mNetworkSupported = networkSupported;
+ mShouldBoostUclamp = shouldBoostUclamp;
}
/** Loads a config from a file. */
@@ -373,6 +378,7 @@
builder.setNetworkSupported(b.getBoolean(KEY_NETWORK_SUPPORTED));
+ builder.setShouldBoostUclamp(b.getBoolean(KEY_SHOULD_BOOST_UCLAMP));
return builder.build();
}
@@ -424,6 +430,7 @@
b.putStringArray(KEY_EXTRA_APKS, extraApks);
}
b.putBoolean(KEY_NETWORK_SUPPORTED, mNetworkSupported);
+ b.putBoolean(KEY_SHOULD_BOOST_UCLAMP, mShouldBoostUclamp);
b.writeToStream(output);
}
@@ -780,6 +787,8 @@
customConfig.networkSupported = mNetworkSupported;
vsConfig.customConfig = customConfig;
}
+
+ vsConfig.boostUclamp = mShouldBoostUclamp;
return vsConfig;
}
@@ -860,6 +869,7 @@
@Nullable private File mVendorDiskImage;
@NonNull @OsName private String mOs = DEFAULT_OS;
private boolean mNetworkSupported;
+ private boolean mShouldBoostUclamp = false;
/**
* Creates a builder for the given context.
@@ -958,7 +968,8 @@
mConnectVmConsole,
mVendorDiskImage,
mOs,
- mNetworkSupported);
+ mNetworkSupported,
+ mShouldBoostUclamp);
}
/**
@@ -1280,5 +1291,11 @@
mNetworkSupported = networkSupported;
return this;
}
+
+ /** @hide */
+ public Builder setShouldBoostUclamp(boolean shouldBoostUclamp) {
+ mShouldBoostUclamp = shouldBoostUclamp;
+ return this;
+ }
}
}
diff --git a/libs/hypervisor_props/src/lib.rs b/libs/hypervisor_props/src/lib.rs
index 14614fd..6665bc5 100644
--- a/libs/hypervisor_props/src/lib.rs
+++ b/libs/hypervisor_props/src/lib.rs
@@ -37,3 +37,8 @@
pub fn version() -> Result<Option<String>> {
Ok(hypervisorproperties::hypervisor_version()?)
}
+
+/// Returns if the hypervisor is pKVM
+pub fn is_pkvm() -> Result<bool> {
+ Ok(version()?.unwrap_or_default().starts_with("kvm") && is_protected_vm_supported()?)
+}
diff --git a/microdroid_manager/src/vm_secret.rs b/microdroid_manager/src/vm_secret.rs
index ec40b45..b23acf7 100644
--- a/microdroid_manager/src/vm_secret.rs
+++ b/microdroid_manager/src/vm_secret.rs
@@ -20,7 +20,7 @@
use secretkeeper_comm::data_types::request::Request;
use binder::{Strong};
use coset::{CoseKey, CborSerializable, CborOrdering};
-use dice_policy_builder::{CertIndex, ConstraintSpec, ConstraintType, policy_for_dice_chain, MissingAction, WILDCARD_FULL_ARRAY};
+use dice_policy_builder::{TargetEntry, ConstraintSpec, ConstraintType, policy_for_dice_chain, MissingAction, WILDCARD_FULL_ARRAY};
use diced_open_dice::{DiceArtifacts, OwnedDiceArtifacts};
use keystore2_crypto::ZVec;
use openssl::hkdf::hkdf;
@@ -45,9 +45,10 @@
const SUBCOMPONENT_DESCRIPTORS: i64 = -71002;
const SUBCOMPONENT_SECURITY_VERSION: i64 = 2;
const SUBCOMPONENT_AUTHORITY_HASH: i64 = 4;
-// Index of DiceChainEntry corresponding to Payload (relative to the end considering DICE Chain
-// as an array)
-const PAYLOAD_INDEX_FROM_END: usize = 0;
+// See dice_for_avf_guest.cddl for the `component_name` used by different boot stages in guest VM.
+const MICRODROID_PAYLOAD_COMPONENT_NAME: &str = "Microdroid Payload";
+const GUEST_OS_COMPONENT_NAME: &str = "vm_entry";
+const INSTANCE_HASH_KEY: i64 = -71003;
// Generated using hexdump -vn32 -e'14/1 "0x%02X, " 1 "\n"' /dev/urandom
const SALT_ENCRYPTED_STORE: &[u8] = &[
@@ -173,25 +174,27 @@
// microdroid_manager/src/vm_config.cddl):
// - GreaterOrEqual on SECURITY_VERSION (Required)
// - ExactMatch on AUTHORITY_HASH (Required).
+// 5. ExactMatch on Instance Hash (Required) - This uniquely identifies one VM instance from
+// another even if they are running the exact same images.
fn sealing_policy(dice: &[u8]) -> Result<Vec<u8>, String> {
- let constraint_spec = [
+ let constraint_spec = vec![
ConstraintSpec::new(
ConstraintType::ExactMatch,
vec![AUTHORITY_HASH],
MissingAction::Fail,
- CertIndex::All,
+ TargetEntry::All,
),
ConstraintSpec::new(
ConstraintType::ExactMatch,
vec![MODE],
MissingAction::Fail,
- CertIndex::All,
+ TargetEntry::All,
),
ConstraintSpec::new(
ConstraintType::GreaterOrEqual,
vec![CONFIG_DESC, SECURITY_VERSION],
MissingAction::Ignore,
- CertIndex::All,
+ TargetEntry::All,
),
ConstraintSpec::new(
ConstraintType::GreaterOrEqual,
@@ -202,7 +205,7 @@
SUBCOMPONENT_SECURITY_VERSION,
],
MissingAction::Fail,
- CertIndex::FromEnd(PAYLOAD_INDEX_FROM_END),
+ TargetEntry::ByName(MICRODROID_PAYLOAD_COMPONENT_NAME.to_string()),
),
ConstraintSpec::new(
ConstraintType::ExactMatch,
@@ -213,11 +216,17 @@
SUBCOMPONENT_AUTHORITY_HASH,
],
MissingAction::Fail,
- CertIndex::FromEnd(PAYLOAD_INDEX_FROM_END),
+ TargetEntry::ByName(MICRODROID_PAYLOAD_COMPONENT_NAME.to_string()),
+ ),
+ ConstraintSpec::new(
+ ConstraintType::ExactMatch,
+ vec![CONFIG_DESC, INSTANCE_HASH_KEY],
+ MissingAction::Fail,
+ TargetEntry::ByName(GUEST_OS_COMPONENT_NAME.to_string()),
),
];
- policy_for_dice_chain(dice, &constraint_spec)?
+ policy_for_dice_chain(dice, constraint_spec)?
.to_vec()
.map_err(|e| format!("DicePolicy construction failed {e:?}"))
}
diff --git a/tests/benchmark/Android.bp b/tests/benchmark/Android.bp
index 413ffe4..5ede699 100644
--- a/tests/benchmark/Android.bp
+++ b/tests/benchmark/Android.bp
@@ -22,8 +22,10 @@
"MicrodroidTestNativeLib",
"libiovsock_host_jni",
],
- jni_uses_platform_apis: true,
- sdk_version: "test_current",
+ libs: [
+ "framework-virtualization.impl",
+ ],
+ platform_apis: true,
use_embedded_native_libs: true,
compile_multilib: "64",
required: ["perf-setup"],
diff --git a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
index 9cc1b7b..d8b17f1 100644
--- a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
+++ b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
@@ -233,6 +233,7 @@
for (int i = 0; i < trialCount; i++) {
VirtualMachineConfig.Builder builder =
newVmConfigBuilderWithPayloadBinary("MicrodroidIdleNativeLib.so")
+ .setShouldBoostUclamp(true)
.setMemoryBytes(256 * ONE_MEBI)
.setDebugLevel(DEBUG_LEVEL_NONE);
if (fullDebug) {
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 4d8dac6..4141903 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -28,8 +28,6 @@
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
import static com.google.common.truth.TruthJUnit.assume;
-import com.android.virt.vm_attestation.testservice.IAttestationService.AttestationStatus;
-import com.android.virt.vm_attestation.testservice.IAttestationService.SigningResult;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
@@ -70,8 +68,15 @@
import com.android.microdroid.testservice.IAppCallback;
import com.android.microdroid.testservice.ITestService;
import com.android.microdroid.testservice.IVmCallback;
+import com.android.virt.vm_attestation.testservice.IAttestationService.AttestationStatus;
+import com.android.virt.vm_attestation.testservice.IAttestationService.SigningResult;
import com.android.virt.vm_attestation.util.X509Utils;
+import co.nstant.in.cbor.CborDecoder;
+import co.nstant.in.cbor.model.Array;
+import co.nstant.in.cbor.model.DataItem;
+import co.nstant.in.cbor.model.MajorType;
+
import com.google.common.base.Strings;
import com.google.common.truth.BooleanSubject;
@@ -113,17 +118,13 @@
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Stream;
-import co.nstant.in.cbor.CborDecoder;
-import co.nstant.in.cbor.model.Array;
-import co.nstant.in.cbor.model.DataItem;
-import co.nstant.in.cbor.model.MajorType;
-
@RunWith(Parameterized.class)
public class MicrodroidTests extends MicrodroidDeviceTestBase {
private static final String TAG = "MicrodroidTests";
private static final String TEST_APP_PACKAGE_NAME = "com.android.microdroid.test";
private static final String VM_ATTESTATION_PAYLOAD_PATH = "libvm_attestation_test_payload.so";
private static final String VM_ATTESTATION_MESSAGE = "Hello RKP from AVF!";
+ private static final int ENCRYPTED_STORAGE_BYTES = 4_000_000;
@Rule public Timeout globalTimeout = Timeout.seconds(300);
@@ -1602,7 +1603,7 @@
newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
.setDebugLevel(DEBUG_LEVEL_FULL);
if (encryptedStoreEnabled) {
- builder.setEncryptedStorageBytes(4_000_000);
+ builder.setEncryptedStorageBytes(ENCRYPTED_STORAGE_BYTES);
}
VirtualMachineConfig config = builder.build();
String vmNameOrig = "test_vm_orig";
@@ -1656,7 +1657,7 @@
VirtualMachineConfig config =
newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
.setMemoryBytes(minMemoryRequired())
- .setEncryptedStorageBytes(4_000_000)
+ .setEncryptedStorageBytes(ENCRYPTED_STORAGE_BYTES)
.setDebugLevel(DEBUG_LEVEL_FULL)
.build();
VirtualMachine vm = forceCreateNewVirtualMachine("test_vm", config);
@@ -1683,7 +1684,7 @@
VirtualMachineConfig config =
newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
.setMemoryBytes(minMemoryRequired())
- .setEncryptedStorageBytes(4_000_000)
+ .setEncryptedStorageBytes(ENCRYPTED_STORAGE_BYTES)
.setDebugLevel(DEBUG_LEVEL_FULL)
.build();
@@ -1790,7 +1791,7 @@
VirtualMachineConfig config =
newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
.setMemoryBytes(minMemoryRequired())
- .setEncryptedStorageBytes(4_000_000)
+ .setEncryptedStorageBytes(ENCRYPTED_STORAGE_BYTES)
.setDebugLevel(DEBUG_LEVEL_FULL)
.build();
VirtualMachine vm = forceCreateNewVirtualMachine("test_vm_a", config);
@@ -2282,7 +2283,7 @@
VirtualMachineConfig vmConfig =
newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
.setDebugLevel(DEBUG_LEVEL_FULL)
- .setEncryptedStorageBytes(4_000_000)
+ .setEncryptedStorageBytes(ENCRYPTED_STORAGE_BYTES)
.build();
VirtualMachine vm = forceCreateNewVirtualMachine("test_vm_encstore_no_exec", vmConfig);
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 0055b3b..8e1b6bb 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -401,68 +401,9 @@
check_gdb_allowed(config)?;
}
- // Currently, VirtMgr adds the host copy of reference DT & untrusted properties
- // (e.g. instance-id)
- let host_ref_dt = Path::new(VM_REFERENCE_DT_ON_HOST_PATH);
- let host_ref_dt = if host_ref_dt.exists()
- && read_dir(host_ref_dt).or_service_specific_exception(-1)?.next().is_some()
- {
- Some(host_ref_dt)
- } else {
- warn!("VM reference DT doesn't exist in host DT");
- None
- };
-
- let vendor_hashtree_digest = extract_vendor_hashtree_digest(config)
- .context("Failed to extract vendor hashtree digest")
- .or_service_specific_exception(-1)?;
-
- let trusted_props = if let Some(ref vendor_hashtree_digest) = vendor_hashtree_digest {
- info!(
- "Passing vendor hashtree digest to pvmfw. This will be rejected if it doesn't \
- match the trusted digest in the pvmfw config, causing the VM to fail to start."
- );
- vec![(
- cstr!("vendor_hashtree_descriptor_root_digest"),
- vendor_hashtree_digest.as_slice(),
- )]
- } else {
- vec![]
- };
-
- let instance_id;
- let mut untrusted_props = Vec::with_capacity(2);
- if cfg!(llpvm_changes) {
- instance_id = extract_instance_id(config);
- untrusted_props.push((cstr!("instance-id"), &instance_id[..]));
- let want_updatable = extract_want_updatable(config);
- if want_updatable && is_secretkeeper_supported() {
- // Let guest know that it can defer rollback protection to Secretkeeper by setting
- // an empty property in untrusted node in DT. This enables Updatable VMs.
- untrusted_props.push((cstr!("defer-rollback-protection"), &[]))
- }
- }
-
- let device_tree_overlay =
- if host_ref_dt.is_some() || !untrusted_props.is_empty() || !trusted_props.is_empty() {
- let dt_output = temporary_directory.join(VM_DT_OVERLAY_PATH);
- let mut data = [0_u8; VM_DT_OVERLAY_MAX_SIZE];
- let fdt = create_device_tree_overlay(
- &mut data,
- host_ref_dt,
- &untrusted_props,
- &trusted_props,
- )
- .map_err(|e| anyhow!("Failed to create DT overlay, {e:?}"))
- .or_service_specific_exception(-1)?;
- fs::write(&dt_output, fdt.as_slice()).or_service_specific_exception(-1)?;
- Some(File::open(dt_output).or_service_specific_exception(-1)?)
- } else {
- None
- };
+ let device_tree_overlay = maybe_create_device_tree_overlay(config, &temporary_directory)?;
let debug_config = DebugConfig::new(config);
-
let ramdump = if !uses_gki_kernel(config) && debug_config.is_ramdump_needed() {
Some(prepare_ramdump_file(&temporary_directory)?)
} else {
@@ -658,6 +599,7 @@
tap,
virtio_snd_backend,
console_input_device: config.consoleInputDevice.clone(),
+ boost_uclamp: config.boostUclamp,
};
let instance = Arc::new(
VmInstance::new(
@@ -732,6 +674,67 @@
Err(anyhow!("No hashtree digest is extracted from microdroid vendor image"))
}
+fn maybe_create_device_tree_overlay(
+ config: &VirtualMachineConfig,
+ temporary_directory: &Path,
+) -> binder::Result<Option<File>> {
+ // Currently, VirtMgr adds the host copy of reference DT & untrusted properties
+ // (e.g. instance-id)
+ let host_ref_dt = Path::new(VM_REFERENCE_DT_ON_HOST_PATH);
+ let host_ref_dt = if host_ref_dt.exists()
+ && read_dir(host_ref_dt).or_service_specific_exception(-1)?.next().is_some()
+ {
+ Some(host_ref_dt)
+ } else {
+ warn!("VM reference DT doesn't exist in host DT");
+ None
+ };
+
+ let vendor_hashtree_digest = extract_vendor_hashtree_digest(config)
+ .context("Failed to extract vendor hashtree digest")
+ .or_service_specific_exception(-1)?;
+
+ let trusted_props = if let Some(ref vendor_hashtree_digest) = vendor_hashtree_digest {
+ info!(
+ "Passing vendor hashtree digest to pvmfw. This will be rejected if it doesn't \
+ match the trusted digest in the pvmfw config, causing the VM to fail to start."
+ );
+ vec![(cstr!("vendor_hashtree_descriptor_root_digest"), vendor_hashtree_digest.as_slice())]
+ } else {
+ vec![]
+ };
+
+ let instance_id;
+ let mut untrusted_props = Vec::with_capacity(2);
+ if cfg!(llpvm_changes) {
+ instance_id = extract_instance_id(config);
+ untrusted_props.push((cstr!("instance-id"), &instance_id[..]));
+ let want_updatable = extract_want_updatable(config);
+ if want_updatable && is_secretkeeper_supported() {
+ // Let guest know that it can defer rollback protection to Secretkeeper by setting
+ // an empty property in untrusted node in DT. This enables Updatable VMs.
+ untrusted_props.push((cstr!("defer-rollback-protection"), &[]))
+ }
+ }
+
+ let device_tree_overlay = if host_ref_dt.is_some()
+ || !untrusted_props.is_empty()
+ || !trusted_props.is_empty()
+ {
+ let dt_output = temporary_directory.join(VM_DT_OVERLAY_PATH);
+ let mut data = [0_u8; VM_DT_OVERLAY_MAX_SIZE];
+ let fdt =
+ create_device_tree_overlay(&mut data, host_ref_dt, &untrusted_props, &trusted_props)
+ .map_err(|e| anyhow!("Failed to create DT overlay, {e:?}"))
+ .or_service_specific_exception(-1)?;
+ fs::write(&dt_output, fdt.as_slice()).or_service_specific_exception(-1)?;
+ Some(File::open(dt_output).or_service_specific_exception(-1)?)
+ } else {
+ None
+ };
+ Ok(device_tree_overlay)
+}
+
fn write_zero_filler(zero_filler_path: &Path) -> Result<()> {
let file = OpenOptions::new()
.create_new(true)
@@ -958,6 +961,7 @@
vm_config.protectedVm = config.protectedVm;
vm_config.cpuTopology = config.cpuTopology;
vm_config.hugePages = config.hugePages || vm_payload_config.hugepages;
+ vm_config.boostUclamp = config.boostUclamp;
// Microdroid takes additional init ramdisk & (optionally) storage image
add_microdroid_system_images(config, instance_file, storage_image, os_name, &mut vm_config)?;
diff --git a/virtualizationmanager/src/crosvm.rs b/virtualizationmanager/src/crosvm.rs
index 4b03bac..7769f61 100644
--- a/virtualizationmanager/src/crosvm.rs
+++ b/virtualizationmanager/src/crosvm.rs
@@ -132,6 +132,7 @@
pub tap: Option<File>,
pub virtio_snd_backend: Option<String>,
pub console_input_device: Option<String>,
+ pub boost_uclamp: bool,
}
#[derive(Debug)]
@@ -854,6 +855,8 @@
command.arg("--no-balloon");
}
+ let mut memory_mib = config.memory_mib;
+
if config.protected {
match system_properties::read(SYSPROP_CUSTOM_PVMFW_PATH)? {
Some(pvmfw_path) if !pvmfw_path.is_empty() => {
@@ -869,6 +872,12 @@
let swiotlb_size_mib = 2 * virtio_pci_device_count as u32;
command.arg("--swiotlb").arg(swiotlb_size_mib.to_string());
+ // b/346770542 for consistent "usable" memory across protected and non-protected VMs under
+ // pKVM.
+ if hypervisor_props::is_pkvm()? {
+ memory_mib = memory_mib.map(|m| m.saturating_add(swiotlb_size_mib));
+ }
+
// Workaround to keep crash_dump from trying to read protected guest memory.
// Context in b/238324526.
command.arg("--unmap-guest-memory-on-fork");
@@ -890,7 +899,7 @@
command.arg("--params").arg("console=hvc0");
}
- if let Some(memory_mib) = config.memory_mib {
+ if let Some(memory_mib) = memory_mib {
command.arg("--mem").arg(memory_mib.to_string());
}
@@ -1054,6 +1063,10 @@
command.arg("--hugepages");
}
+ if config.boost_uclamp {
+ command.arg("--boost-uclamp");
+ }
+
append_platform_devices(&mut command, &mut preserved_fds, &config)?;
debug!("Preserving FDs {:?}", preserved_fds);
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
index a3f4b0f..ee39d75 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
@@ -139,4 +139,7 @@
* https://docs.kernel.org/admin-guide/mm/transhuge.html
*/
boolean hugePages;
+
+ /** Enable boost UClamp for less variance during testing/benchmarking */
+ boolean boostUclamp;
}
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineRawConfig.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineRawConfig.aidl
index c927c9b..0d175dd 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineRawConfig.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineRawConfig.aidl
@@ -91,4 +91,7 @@
/** The serial device for VM console input. */
@nullable @utf8InCpp String consoleInputDevice;
+
+ /** Enable boost UClamp for less variance during testing/benchmarking */
+ boolean boostUclamp;
}
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 241baa5..ae8d1da 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -454,7 +454,7 @@
.context("Failed to allocate instance_id")
.or_service_specific_exception(-1)?;
let uid = get_calling_uid();
- info!("Allocated a VM's instance_id: {:?}, for uid: {:?}", hex::encode(id), uid);
+ info!("Allocated a VM's instance_id: {:?}..., for uid: {:?}", &hex::encode(id)[..8], uid);
let state = &mut *self.state.lock().unwrap();
if let Some(sk_state) = &mut state.sk_state {
let user_id = multiuser_get_user_id(uid);
diff --git a/vm/src/main.rs b/vm/src/main.rs
index 390a60d..a250c35 100644
--- a/vm/src/main.rs
+++ b/vm/src/main.rs
@@ -65,6 +65,10 @@
#[cfg(network)]
#[arg(short, long)]
network_supported: bool,
+
+ /// Boost uclamp to stablise results for benchmarks.
+ #[arg(short, long)]
+ boost_uclamp: bool,
}
impl CommonConfig {
diff --git a/vm/src/run.rs b/vm/src/run.rs
index 0c9fbb6..cb15802 100644
--- a/vm/src/run.rs
+++ b/vm/src/run.rs
@@ -179,6 +179,7 @@
customConfig: Some(custom_config),
osName: os_name,
hugePages: config.common.hugepages,
+ boostUclamp: config.common.boost_uclamp,
});
run(
service.as_ref(),
@@ -260,6 +261,7 @@
}
vm_config.cpuTopology = config.common.cpu_topology;
vm_config.hugePages = config.common.hugepages;
+ vm_config.boostUclamp = config.common.boost_uclamp;
run(
get_service()?.as_ref(),
&VirtualMachineConfig::RawConfig(vm_config),