commit e2ff2c41a07ccb048bed42e3843c1b1bdd7115ec
author Xiong Zhang <xiong.y.zhang@intel.corp-partner.google.com> Wed Jun 02 16:49:50 2021 +0800
committer Commit Bot <commit-bot@chromium.org> Thu Jan 06 23:32:55 2022 +0000
tree a835ff79dc04dd55119812eee30836f8cac062cb
parent 4fbc554e60d71e3b8b35baa9e074972bfc2e27f2

linux: Disable sandbox for hotplug device

When sandbox is enabled, forking a process for hotplug device
is failure, the error message is:
Failed to fork jail process: Attempt to call fork() while
multithreaded.

This means minijail couldn't fork a new process for added device
when vm has started, so disable sandbox for hotplug device.

BUG=b:185084350
TEST=Boot a guest and hotplug vfio pci device repeatedly

Change-Id: I2983399f41a44984a113c9846aff93fd978a02b5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2955581
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>

src/linux.rs

diff --git a/src/linux.rs b/src/linux.rs
index a44b5e3..ad03174 100644
--- a/src/linux.rs
+++ b/src/linux.rs
@@ -1754,6 +1754,8 @@
         Tube::pair().context("failed to create tube")?;
     control_tubes.push(TaggedControlTube::VmMemory(vfio_host_tube_mem));
 
+    let hotplug = bus_num.is_some();
+
     let vfio_device =
         VfioDevice::new_passthrough(&vfio_path, vm, vfio_container.clone(), iommu_enabled)
             .context("failed to create vfio device")?;
@@ -1777,7 +1779,11 @@
         endpoints.insert(endpoint_addr.unwrap().to_u32(), vfio_container);
     }
 
-    Ok((vfio_pci_device, simple_jail(cfg, "vfio_device")?))
+    if hotplug {
+        Ok((vfio_pci_device, None))
+    } else {
+        Ok((vfio_pci_device, simple_jail(cfg, "vfio_device")?))
+    }
 }
 
 fn create_vfio_platform_device(