1 // Copyright 2021, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! Android VM control tool.
16
17 mod create_idsig;
18 mod create_partition;
19 mod run;
20
21 use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
22 CpuTopology::CpuTopology, IVirtualizationService::IVirtualizationService,
23 PartitionType::PartitionType, VirtualMachineAppConfig::DebugLevel::DebugLevel,
24 };
25 #[cfg(not(llpvm_changes))]
26 use anyhow::anyhow;
27 use anyhow::{bail, Context, Error};
28 use binder::{ProcessState, Strong};
29 use clap::{Args, Parser};
30 use create_idsig::command_create_idsig;
31 use create_partition::command_create_partition;
32 use run::{command_run, command_run_app, command_run_microdroid};
33 use serde::Serialize;
34 use std::io::{self, IsTerminal};
35 use std::num::NonZeroU16;
36 use std::os::unix::process::CommandExt;
37 use std::path::{Path, PathBuf};
38 use std::process::Command;
39
40 #[derive(Args, Default)]
41 /// Collection of flags that are at VM level and therefore applicable to all subcommands
42 pub struct CommonConfig {
43 /// Name of VM
44 #[arg(long)]
45 name: Option<String>,
46
47 /// Run VM with vCPU topology matching that of the host. If unspecified, defaults to 1 vCPU.
48 #[arg(long, default_value = "one_cpu", value_parser = parse_cpu_topology)]
49 cpu_topology: CpuTopology,
50
51 /// Memory size (in MiB) of the VM. If unspecified, defaults to the value of `memory_mib`
52 /// in the VM config file.
53 #[arg(short, long)]
54 mem: Option<u32>,
55
56 /// Run VM in protected mode.
57 #[arg(short, long)]
58 protected: bool,
59
60 /// Ask the kernel for transparent huge-pages (THP). This is only a hint and
61 /// the kernel will allocate THP-backed memory only if globally enabled by
62 /// the system and if any can be found. See
63 /// https://docs.kernel.org/admin-guide/mm/transhuge.html
64 #[arg(short, long)]
65 hugepages: bool,
66
67 /// Run VM with network feature.
68 #[cfg(network)]
69 #[arg(short, long)]
70 network_supported: bool,
71
72 /// Boost uclamp to stablise results for benchmarks.
73 #[arg(short, long)]
74 boost_uclamp: bool,
75
76 /// Secure services this VM wants to access.
77 #[cfg(tee_services_allowlist)]
78 #[arg(long)]
79 tee_services: Vec<String>,
80 }
81
82 impl CommonConfig {
network_supported(&self) -> bool83 fn network_supported(&self) -> bool {
84 cfg_if::cfg_if! {
85 if #[cfg(network)] {
86 self.network_supported
87 } else {
88 false
89 }
90 }
91 }
92
tee_services(&self) -> &[String]93 fn tee_services(&self) -> &[String] {
94 cfg_if::cfg_if! {
95 if #[cfg(tee_services_allowlist)] {
96 &self.tee_services
97 } else {
98 &[]
99 }
100 }
101 }
102 }
103
104 #[derive(Args, Default)]
105 /// Collection of flags for debugging
106 pub struct DebugConfig {
107 /// Debug level of the VM. Supported values: "full" (default), and "none".
108 #[arg(long, default_value = "full", value_parser = parse_debug_level)]
109 debug: DebugLevel,
110
111 /// Path to file for VM console output.
112 #[arg(long)]
113 console: Option<PathBuf>,
114
115 /// Path to file for VM console input.
116 #[arg(long)]
117 console_in: Option<PathBuf>,
118
119 /// Path to file for VM log output.
120 #[arg(long)]
121 log: Option<PathBuf>,
122
123 /// Port at which crosvm will start a gdb server to debug guest kernel.
124 /// Note: this is only supported on Android kernels android14-5.15 and higher.
125 #[arg(long)]
126 gdb: Option<NonZeroU16>,
127
128 /// Whether to enable earlycon. Only supported for debuggable Linux-based VMs.
129 #[cfg(debuggable_vms_improvements)]
130 #[arg(long)]
131 enable_earlycon: bool,
132
133 /// Path to file to dump VM device tree.
134 #[arg(long)]
135 dump_device_tree: Option<PathBuf>,
136 }
137
138 impl DebugConfig {
enable_earlycon(&self) -> bool139 fn enable_earlycon(&self) -> bool {
140 cfg_if::cfg_if! {
141 if #[cfg(debuggable_vms_improvements)] {
142 self.enable_earlycon
143 } else {
144 false
145 }
146 }
147 }
148 }
149
150 #[derive(Args, Default)]
151 /// Collection of flags that are Microdroid specific
152 pub struct MicrodroidConfig {
153 /// Path to the file backing the storage.
154 /// Created if the option is used but the path does not exist in the device.
155 #[arg(long)]
156 storage: Option<PathBuf>,
157
158 /// Size of the storage. Used only if --storage is supplied but path does not exist
159 /// Default size is 10*1024*1024
160 #[arg(long)]
161 storage_size: Option<u64>,
162
163 /// Path to disk image containing vendor-specific modules.
164 #[cfg(vendor_modules)]
165 #[arg(long)]
166 vendor: Option<PathBuf>,
167
168 /// SysFS nodes of devices to assign to VM
169 #[cfg(device_assignment)]
170 #[arg(long)]
171 devices: Vec<PathBuf>,
172
173 /// Version of OS to use. If not set, defaults to microdroid.
174 /// You can list all available OSes via `vm info` command.
175 #[arg(long)]
176 os: Option<String>,
177 }
178
179 impl MicrodroidConfig {
vendor(&self) -> Option<&PathBuf>180 fn vendor(&self) -> Option<&PathBuf> {
181 cfg_if::cfg_if! {
182 if #[cfg(vendor_modules)] {
183 self.vendor.as_ref()
184 } else {
185 None
186 }
187 }
188 }
189
devices(&self) -> &[PathBuf]190 fn devices(&self) -> &[PathBuf] {
191 cfg_if::cfg_if! {
192 if #[cfg(device_assignment)] {
193 &self.devices
194 } else {
195 &[]
196 }
197 }
198 }
199 }
200
201 #[derive(Args, Default)]
202 /// Flags for the run_app subcommand
203 pub struct RunAppConfig {
204 #[command(flatten)]
205 common: CommonConfig,
206
207 #[command(flatten)]
208 debug: DebugConfig,
209
210 #[command(flatten)]
211 microdroid: MicrodroidConfig,
212
213 /// Path to VM Payload APK
214 apk: PathBuf,
215
216 /// Path to idsig of the APK
217 idsig: PathBuf,
218
219 /// Path to the instance image. Created if not exists.
220 instance: PathBuf,
221
222 /// Path to file containing instance_id. Required iff llpvm feature is enabled.
223 #[cfg(llpvm_changes)]
224 #[arg(long = "instance-id-file")]
225 instance_id: PathBuf,
226
227 /// Path to VM config JSON within APK (e.g. assets/vm_config.json)
228 #[arg(long)]
229 config_path: Option<String>,
230
231 /// Name of VM payload binary within APK (e.g. MicrodroidTestNativeLib.so)
232 #[arg(long)]
233 #[arg(alias = "payload_path")]
234 payload_binary_name: Option<String>,
235
236 /// Paths to extra apk files.
237 #[cfg(multi_tenant)]
238 #[arg(long = "extra-apk")]
239 #[clap(conflicts_with = "config_path")]
240 extra_apks: Vec<PathBuf>,
241
242 /// Paths to extra idsig files.
243 #[arg(long = "extra-idsig")]
244 extra_idsigs: Vec<PathBuf>,
245 }
246
247 impl RunAppConfig {
extra_apks(&self) -> &[PathBuf]248 fn extra_apks(&self) -> &[PathBuf] {
249 cfg_if::cfg_if! {
250 if #[cfg(multi_tenant)] {
251 &self.extra_apks
252 } else {
253 &[]
254 }
255 }
256 }
257
instance_id(&self) -> Result<PathBuf, Error>258 fn instance_id(&self) -> Result<PathBuf, Error> {
259 cfg_if::cfg_if! {
260 if #[cfg(llpvm_changes)] {
261 Ok(self.instance_id.clone())
262 } else {
263 Err(anyhow!("LLPVM feature is disabled, --instance_id flag not supported"))
264 }
265 }
266 }
267
set_instance_id(&mut self, instance_id_file: PathBuf) -> Result<(), Error>268 fn set_instance_id(&mut self, instance_id_file: PathBuf) -> Result<(), Error> {
269 cfg_if::cfg_if! {
270 if #[cfg(llpvm_changes)] {
271 self.instance_id = instance_id_file;
272 Ok(())
273 } else {
274 let _ = instance_id_file;
275 Err(anyhow!("LLPVM feature is disabled, --instance_id flag not supported"))
276 }
277 }
278 }
279 }
280
281 #[derive(Args, Default)]
282 /// Flags for the run_microdroid subcommand
283 pub struct RunMicrodroidConfig {
284 #[command(flatten)]
285 common: CommonConfig,
286
287 #[command(flatten)]
288 debug: DebugConfig,
289
290 #[command(flatten)]
291 microdroid: MicrodroidConfig,
292
293 /// Path to the directory where VM-related files (e.g. instance.img, apk.idsig, etc.) will
294 /// be stored. If not specified a random directory under /data/local/tmp/microdroid will be
295 /// created and used.
296 #[arg(long)]
297 work_dir: Option<PathBuf>,
298 }
299
300 #[derive(Args, Default)]
301 /// Flags for the run subcommand
302 pub struct RunCustomVmConfig {
303 #[command(flatten)]
304 common: CommonConfig,
305
306 #[command(flatten)]
307 debug: DebugConfig,
308
309 /// Path to VM config JSON
310 config: PathBuf,
311 }
312
313 #[derive(Parser)]
314 enum Opt {
315 /// Check if the feature is enabled on device.
316 CheckFeatureEnabled { feature: String },
317 /// Run a virtual machine with a config in APK
318 RunApp {
319 #[command(flatten)]
320 config: RunAppConfig,
321 },
322 /// Run a virtual machine with Microdroid inside
323 RunMicrodroid {
324 #[command(flatten)]
325 config: RunMicrodroidConfig,
326 },
327 /// Run a virtual machine
328 Run {
329 #[command(flatten)]
330 config: RunCustomVmConfig,
331 },
332 /// List running virtual machines
333 List,
334 /// Print information about virtual machine support
335 Info,
336 /// Create a new empty partition to be used as a writable partition for a VM
337 CreatePartition {
338 /// Path at which to create the image file
339 path: PathBuf,
340
341 /// The desired size of the partition, in bytes.
342 size: u64,
343
344 /// Type of the partition
345 #[arg(short = 't', long = "type", default_value = "raw",
346 value_parser = parse_partition_type)]
347 partition_type: PartitionType,
348 },
349 /// Creates or update the idsig file by digesting the input APK file.
350 CreateIdsig {
351 /// Path to VM Payload APK
352 apk: PathBuf,
353
354 /// Path to idsig of the APK
355 path: PathBuf,
356 },
357 /// Connect to the serial console of a VM
358 Console {
359 /// CID of the VM
360 cid: Option<i32>,
361 },
362 }
363
parse_debug_level(s: &str) -> Result<DebugLevel, String>364 fn parse_debug_level(s: &str) -> Result<DebugLevel, String> {
365 match s {
366 "none" => Ok(DebugLevel::NONE),
367 "full" => Ok(DebugLevel::FULL),
368 _ => Err(format!("Invalid debug level {}", s)),
369 }
370 }
371
parse_partition_type(s: &str) -> Result<PartitionType, String>372 fn parse_partition_type(s: &str) -> Result<PartitionType, String> {
373 match s {
374 "raw" => Ok(PartitionType::RAW),
375 "instance" => Ok(PartitionType::ANDROID_VM_INSTANCE),
376 _ => Err(format!("Invalid partition type {}", s)),
377 }
378 }
379
parse_cpu_topology(s: &str) -> Result<CpuTopology, String>380 fn parse_cpu_topology(s: &str) -> Result<CpuTopology, String> {
381 match s {
382 "one_cpu" => Ok(CpuTopology::ONE_CPU),
383 "match_host" => Ok(CpuTopology::MATCH_HOST),
384 _ => Err(format!("Invalid cpu topology {}", s)),
385 }
386 }
387
get_service() -> Result<Strong<dyn IVirtualizationService>, Error>388 fn get_service() -> Result<Strong<dyn IVirtualizationService>, Error> {
389 let virtmgr =
390 vmclient::VirtualizationService::new().context("Failed to spawn VirtualizationService")?;
391 virtmgr.connect().context("Failed to connect to VirtualizationService")
392 }
393
command_check_feature_enabled(feature: &str)394 fn command_check_feature_enabled(feature: &str) {
395 println!(
396 "Feature {feature} is {}",
397 if avf_features::is_feature_enabled(feature) { "enabled" } else { "disabled" }
398 );
399 }
400
main() -> Result<(), Error>401 fn main() -> Result<(), Error> {
402 env_logger::init();
403 let opt = Opt::parse();
404
405 // We need to start the thread pool for Binder to work properly, especially link_to_death.
406 ProcessState::start_thread_pool();
407
408 match opt {
409 Opt::CheckFeatureEnabled { feature } => {
410 command_check_feature_enabled(&feature);
411 Ok(())
412 }
413 Opt::RunApp { config } => command_run_app(config),
414 Opt::RunMicrodroid { config } => command_run_microdroid(config),
415 Opt::Run { config } => command_run(config),
416 Opt::List => command_list(get_service()?.as_ref()),
417 Opt::Info => command_info(),
418 Opt::CreatePartition { path, size, partition_type } => {
419 command_create_partition(get_service()?.as_ref(), &path, size, partition_type)
420 }
421 Opt::CreateIdsig { apk, path } => {
422 command_create_idsig(get_service()?.as_ref(), &apk, &path)
423 }
424 Opt::Console { cid } => command_console(cid),
425 }
426 }
427
428 /// List the VMs currently running.
command_list(service: &dyn IVirtualizationService) -> Result<(), Error>429 fn command_list(service: &dyn IVirtualizationService) -> Result<(), Error> {
430 let vms = service.debugListVms().context("Failed to get list of VMs")?;
431 println!("Running VMs: {:#?}", vms);
432 Ok(())
433 }
434
435 /// Print information about supported VM types.
command_info() -> Result<(), Error>436 fn command_info() -> Result<(), Error> {
437 let non_protected_vm_supported = hypervisor_props::is_vm_supported()?;
438 let protected_vm_supported = hypervisor_props::is_protected_vm_supported()?;
439 match (non_protected_vm_supported, protected_vm_supported) {
440 (false, false) => println!("VMs are not supported."),
441 (false, true) => println!("Only protected VMs are supported."),
442 (true, false) => println!("Only non-protected VMs are supported."),
443 (true, true) => println!("Both protected and non-protected VMs are supported."),
444 }
445
446 if let Some(version) = hypervisor_props::version()? {
447 println!("Hypervisor version: {}", version);
448 } else {
449 println!("Hypervisor version not set.");
450 }
451
452 if Path::new("/dev/kvm").exists() {
453 println!("/dev/kvm exists.");
454 } else {
455 println!("/dev/kvm does not exist.");
456 }
457
458 if Path::new("/dev/vfio/vfio").exists() {
459 println!("/dev/vfio/vfio exists.");
460 } else {
461 println!("/dev/vfio/vfio does not exist.");
462 }
463
464 if Path::new("/sys/bus/platform/drivers/vfio-platform").exists() {
465 println!("VFIO-platform is supported.");
466 } else {
467 println!("VFIO-platform is not supported.");
468 }
469
470 #[derive(Serialize)]
471 struct AssignableDevice {
472 node: String,
473 dtbo_label: String,
474 }
475
476 let devices = get_service()?.getAssignableDevices()?;
477 let devices: Vec<_> = devices
478 .into_iter()
479 .map(|device| AssignableDevice { node: device.node, dtbo_label: device.dtbo_label })
480 .collect();
481 println!("Assignable devices: {}", serde_json::to_string(&devices)?);
482
483 let os_list = get_service()?.getSupportedOSList()?;
484 println!("Available OS list: {}", serde_json::to_string(&os_list)?);
485
486 Ok(())
487 }
488
command_console(cid: Option<i32>) -> Result<(), Error>489 fn command_console(cid: Option<i32>) -> Result<(), Error> {
490 if !io::stdin().is_terminal() {
491 bail!("Stdin must be a terminal (tty). Use 'adb shell -t' to force allocate tty.");
492 }
493 let mut vms = get_service()?.debugListVms().context("Failed to get list of VMs")?;
494 if let Some(cid) = cid {
495 vms.retain(|vm_info| vm_info.cid == cid);
496 }
497 let host_console_name = vms
498 .into_iter()
499 .find_map(|vm_info| vm_info.hostConsoleName)
500 .context("Failed to get VM with console")?;
501 Err(Command::new("microcom").arg(host_console_name).exec().into())
502 }
503
504 #[cfg(test)]
505 mod tests {
506 use super::*;
507 use clap::CommandFactory;
508
509 #[test]
verify_app()510 fn verify_app() {
511 // Check that the command parsing has been configured in a valid way.
512 Opt::command().debug_assert();
513 }
514 }
515