diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-12-14 16:23:52 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-12-14 16:23:52 +0000 |
| commit | 74882595a9431cf81a3b12a1bb0bd879deaa5983 (patch) | |
| tree | 00728d1f178833841f27cbaf691b91edf0e478a9 | |
| parent | 71d0a40bf00b7fdfbc471c9a60c4341d3bc438b1 (diff) | |
| parent | ad93eb404730aaa3ca95ad9e5db0907b185ed411 (diff) | |
| download | crosvm-aml_tz4_332714010.tar.gz | |
Snap for 11219529 from ad93eb404730aaa3ca95ad9e5db0907b185ed411 to mainline-tzdata4-releaseaml_tz4_332714070aml_tz4_332714050aml_tz4_332714010aml_tz4_332714010
Change-Id: I2ba171770f8e214559f7d244acb4c7c8984a0f5a
| -rw-r--r-- | src/crosvm.rs | 2 | ||||
| -rw-r--r-- | src/linux/mod.rs | 3 | ||||
| -rw-r--r-- | src/linux/vcpu.rs | 5 | ||||
| -rw-r--r-- | src/main.rs | 11 |
4 files changed, 19 insertions, 2 deletions
diff --git a/src/crosvm.rs b/src/crosvm.rs index c79ef0115..cdba3e0e9 100644 --- a/src/crosvm.rs +++ b/src/crosvm.rs @@ -363,6 +363,7 @@ pub struct Config { pub vcpu_affinity: Option<VcpuAffinity>, pub cpu_clusters: Vec<Vec<usize>>, pub cpu_capacity: BTreeMap<usize, u32>, // CPU index -> capacity + pub core_scheduling: bool, pub per_vm_core_scheduling: bool, #[cfg(feature = "audio_cras")] pub cras_snds: Vec<CrasSndParameters>, @@ -486,6 +487,7 @@ impl Default for Config { vcpu_affinity: None, cpu_clusters: Vec::new(), cpu_capacity: BTreeMap::new(), + core_scheduling: true, per_vm_core_scheduling: false, #[cfg(feature = "audio_cras")] cras_snds: Vec::new(), diff --git a/src/linux/mod.rs b/src/linux/mod.rs index 444d8c9b4..9ff692e8c 100644 --- a/src/linux/mod.rs +++ b/src/linux/mod.rs @@ -1719,7 +1719,7 @@ fn run_control<V: VmArch + 'static, Vcpu: VcpuArch + 'static>( // shared by all vCPU threads. // TODO(b/199312402): Avoid enabling core scheduling for the crosvm process // itself for even better performance. Only vCPUs need the feature. - if cfg.per_vm_core_scheduling { + if cfg.core_scheduling && cfg.per_vm_core_scheduling { if let Err(e) = enable_core_scheduling() { error!("Failed to enable core scheduling: {}", e); } @@ -1770,6 +1770,7 @@ fn run_control<V: VmArch + 'static, Vcpu: VcpuArch + 'static>( use_hypervisor_signals, #[cfg(all(target_arch = "x86_64", feature = "gdb"))] to_gdb_channel.clone(), + cfg.core_scheduling, cfg.per_vm_core_scheduling, cfg.host_cpu_topology, cfg.privileged_vm, diff --git a/src/linux/vcpu.rs b/src/linux/vcpu.rs index 562b528ee..f8c854984 100644 --- a/src/linux/vcpu.rs +++ b/src/linux/vcpu.rs @@ -73,6 +73,7 @@ pub fn runnable_vcpu<V>( no_smt: bool, has_bios: bool, use_hypervisor_signals: bool, + core_scheduling: bool, enable_per_vm_core_scheduling: bool, host_cpu_topology: bool, vcpu_cgroup_tasks_file: Option<File>, @@ -119,7 +120,7 @@ where ) .context("failed to configure vcpu")?; - if !enable_per_vm_core_scheduling { + if core_scheduling && !enable_per_vm_core_scheduling { // Do per-vCPU core scheduling by setting a unique cookie to each vCPU. if let Err(e) = enable_core_scheduling() { error!("Failed to enable core scheduling: {}", e); @@ -609,6 +610,7 @@ pub fn run_vcpu<V>( #[cfg(all(target_arch = "x86_64", feature = "gdb"))] to_gdb_tube: Option< mpsc::Sender<VcpuDebugStatusMessage>, >, + core_scheduling: bool, enable_per_vm_core_scheduling: bool, host_cpu_topology: bool, privileged_vm: bool, @@ -658,6 +660,7 @@ where no_smt, has_bios, use_hypervisor_signals, + core_scheduling, enable_per_vm_core_scheduling, host_cpu_topology, vcpu_cgroup_tasks_file, diff --git a/src/main.rs b/src/main.rs index c910065f6..48afbb53b 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1173,6 +1173,15 @@ fn set_argument(cfg: &mut Config, name: &str, value: Option<&str>) -> argument:: "cpu-capacity" => { parse_cpu_capacity(value.unwrap(), &mut cfg.cpu_capacity)?; } + "core-scheduling" => { + let val_str = value.unwrap_or("true"); + cfg.core_scheduling = + val_str.parse() + .map_err(|_| argument::Error::InvalidValue { + value: val_str.to_owned(), + expected: String::from("core-scheduling must be a boolean"), + })?; + } "per-vm-core-scheduling" => { cfg.per_vm_core_scheduling = true; } @@ -2574,6 +2583,8 @@ fn run_vm(args: std::env::Args) -> std::result::Result<CommandStatus, ()> { or colon-separated list of assignments of guest to host CPU assignments (e.g. 0=0:1=1:2=2) (default: no mask)"), Argument::value("cpu-cluster", "CPUSET", "Group the given CPUs into a cluster (default: no clusters)"), Argument::value("cpu-capacity", "CPU=CAP[,CPU=CAP[,...]]", "Set the relative capacity of the given CPU (default: no capacity)"), + Argument::value("core-scheduling", "true", "Enable core scheduling feature to protect against hyperthread attacks. This option is + a prerequisite for per-vm-core-scheduling."), Argument::flag("per-vm-core-scheduling", "Enable per-VM core scheduling intead of the default one (per-vCPU core scheduing) by making all vCPU threads share same cookie for core scheduling. This option is no-op on devices that have neither MDS nor L1TF vulnerability."), |