diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-11 18:53:23 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-11 18:53:23 +0000 |
| commit | 96f185cb6d752ae994c746ed122f004cd77bf2ca (patch) | |
| tree | 2718c5e4cf07cf0b088feeb458ef70103adbeaff | |
| parent | 369de68b46c6e2789a9ce7ace8916a5ff61f9097 (diff) | |
| parent | fa06235f96982141926140e17dbe2cd403c4c67e (diff) | |
| download | crosvm-android14-mainline-resolv-release.tar.gz | |
Snap for 10476824 from fa06235f96982141926140e17dbe2cd403c4c67e to mainline-resolv-releaseaml_res_341510000aml_res_341410010aml_res_341311030aml_res_341110000android14-mainline-resolv-release
Change-Id: I5a634608118246cae3b54a289bb543a4f131f252
| -rw-r--r-- | src/crosvm/cmdline.rs | 12 | ||||
| -rw-r--r-- | src/crosvm/config.rs | 2 | ||||
| -rw-r--r-- | src/crosvm/sys/unix.rs | 3 | ||||
| -rw-r--r-- | src/crosvm/sys/unix/vcpu.rs | 5 |
4 files changed, 20 insertions, 2 deletions
diff --git a/src/crosvm/cmdline.rs b/src/crosvm/cmdline.rs index 6c017ab6e..da8c2e00e 100644 --- a/src/crosvm/cmdline.rs +++ b/src/crosvm/cmdline.rs @@ -717,6 +717,10 @@ fn overwrite<T>(left: &mut T, right: T) { let _ = std::mem::replace(left, right); } +fn bool_default_true() -> bool { + true +} + /// Each field of this structure has a dual use: /// /// 1) As a command-line parameter, controlled by the `#[argh]` helper attribute. @@ -927,6 +931,13 @@ pub struct RunCommand { /// older which is less frequently checked generation. pub coiommu: Option<devices::CoIommuParameters>, + #[argh(option, default = "true")] + #[merge(strategy = overwrite)] + #[serde(default = "bool_default_true")] + /// protect VM threads from hyperthreading-based attacks by scheduling them on different cores. + /// Enabled by default, and required for per_vm_core_scheduling. + pub core_scheduling: bool, + #[argh(option, arg_name = "CPUSET", from_str_fn(parse_cpu_affinity))] #[serde(skip)] // TODO(b/255223604) #[merge(strategy = overwrite_option)] @@ -2301,6 +2312,7 @@ impl TryFrom<RunCommand> for super::config::Config { cfg.params.extend(cmd.params); + cfg.core_scheduling = cmd.core_scheduling; cfg.per_vm_core_scheduling = cmd.per_vm_core_scheduling; // `--cpu` parameters. diff --git a/src/crosvm/config.rs b/src/crosvm/config.rs index 28472f100..b2266b161 100644 --- a/src/crosvm/config.rs +++ b/src/crosvm/config.rs @@ -1003,6 +1003,7 @@ pub struct Config { pub bus_lock_ratelimit: u64, #[cfg(unix)] pub coiommu_param: Option<devices::CoIommuParameters>, + pub core_scheduling: bool, pub cpu_capacity: BTreeMap<usize, u32>, // CPU index -> capacity pub cpu_clusters: Vec<CpuSet>, #[cfg(feature = "crash-report")] @@ -1214,6 +1215,7 @@ impl Default for Config { bus_lock_ratelimit: 0, #[cfg(unix)] coiommu_param: None, + core_scheduling: true, #[cfg(feature = "crash-report")] crash_pipe_name: None, #[cfg(feature = "crash-report")] diff --git a/src/crosvm/sys/unix.rs b/src/crosvm/sys/unix.rs index c00427b48..4b877a8ad 100644 --- a/src/crosvm/sys/unix.rs +++ b/src/crosvm/sys/unix.rs @@ -2680,7 +2680,7 @@ fn run_control<V: VmArch + 'static, Vcpu: VcpuArch + 'static>( // shared by all vCPU threads. // TODO(b/199312402): Avoid enabling core scheduling for the crosvm process // itself for even better performance. Only vCPUs need the feature. - if cfg.per_vm_core_scheduling { + if cfg.core_scheduling && cfg.per_vm_core_scheduling { if let Err(e) = enable_core_scheduling() { error!("Failed to enable core scheduling: {}", e); } @@ -2799,6 +2799,7 @@ fn run_control<V: VmArch + 'static, Vcpu: VcpuArch + 'static>( use_hypervisor_signals, #[cfg(all(any(target_arch = "x86_64", target_arch = "aarch64"), feature = "gdb"))] to_gdb_channel.clone(), + cfg.core_scheduling, cfg.per_vm_core_scheduling, cpu_config, cfg.privileged_vm, diff --git a/src/crosvm/sys/unix/vcpu.rs b/src/crosvm/sys/unix/vcpu.rs index dff53911d..dc0099181 100644 --- a/src/crosvm/sys/unix/vcpu.rs +++ b/src/crosvm/sys/unix/vcpu.rs @@ -122,6 +122,7 @@ fn bus_io_handler(bus: &Bus) -> impl FnMut(IoParams) -> Option<[u8; 8]> + '_ { /// This function will be called from each VCPU thread at startup. pub fn set_vcpu_thread_scheduling( vcpu_affinity: CpuSet, + core_scheduling: bool, enable_per_vm_core_scheduling: bool, vcpu_cgroup_tasks_file: Option<File>, run_rt: bool, @@ -132,7 +133,7 @@ pub fn set_vcpu_thread_scheduling( } } - if !enable_per_vm_core_scheduling { + if core_scheduling && !enable_per_vm_core_scheduling { // Do per-vCPU core scheduling by setting a unique cookie to each vCPU. if let Err(e) = enable_core_scheduling() { error!("Failed to enable core scheduling: {}", e); @@ -548,6 +549,7 @@ pub fn run_vcpu<V>( #[cfg(all(any(target_arch = "x86_64", target_arch = "aarch64"), feature = "gdb"))] to_gdb_tube: Option< mpsc::Sender<VcpuDebugStatusMessage>, >, + enable_core_scheduling: bool, enable_per_vm_core_scheduling: bool, cpu_config: Option<CpuConfigArch>, privileged_vm: bool, @@ -570,6 +572,7 @@ where let vcpu_fn = || -> ExitState { if let Err(e) = set_vcpu_thread_scheduling( vcpu_affinity, + enable_core_scheduling, enable_per_vm_core_scheduling, vcpu_cgroup_tasks_file, run_rt && !delay_rt, |