2516 Commits

Author SHA1 Message Date
dependabot[bot]
0c2f2d3ec1 build: Bump anyhow from 1.0.87 to 1.0.94
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.87 to 1.0.94.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.87...1.0.94)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-05 00:30:01 +00:00
dependabot[bot]
30cf1eed5e build: Bump libc from 0.2.158 to 0.2.167
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.158 to 0.2.167.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.167/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.158...0.2.167)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-03 01:15:36 +00:00
Rob Bradford
81f8a27ef6 pci: vfio: Use MemorySlotAllocator for allocating memory slots
Adapt the existing code to replace the closure with the new of the new
MemorySlotAllocator.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-11-24 10:45:15 +00:00
Rob Bradford
e3bd5e9b35 vmm: memory_manager: Adapt for new MemorySlotAllocator
Adapt the existing code to transparently the MemorySlotAllocator. The
MemoryManager is the canonical holder of the these values with them
turned into a MemoryAllocator on demand.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-11-24 10:45:15 +00:00
Wojtek Czekalski
8acaeb5c82 vmm: Add serial option to the disk config doc
Signed-off-by: Wojtek Czekalski <wczekalski@me.com>
2024-11-05 19:48:25 +00:00
dependabot[bot]
59a1719b6e build: Bump flume from 0.11.0 to 0.11.1
Bumps [flume](https://github.com/zesterer/flume) from 0.11.0 to 0.11.1.
- [Changelog](https://github.com/zesterer/flume/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zesterer/flume/commits)

---
updated-dependencies:
- dependency-name: flume
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 00:41:24 +00:00
Rob Bradford
7a637fe1f4 vmm: memory_manager: Use div_ceil()
--> vmm/src/memory_manager.rs:1972:13
     |
1972 | ...   ((self.start_of_device_area.0 + SGX_PAGE_SIZE - 1) / SGX_PAGE_SIZE) * ...
     |       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: consider using `.div_ceil()`: `self.start_of_device_area.0.div_ceil(SGX_PAGE_SIZE)`
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#manual_div_ceil
     = note: `#[warn(clippy::manual_div_ceil)]` on by default

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-10-21 15:28:17 +00:00
Ruoqing He
0aab960bf1 misc: Elide needless lifetimes
As clippy of rust-toolchain version 1.83.0-beta.1 suggests, elide
needless lifetimes to `'_`.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2024-10-18 17:46:39 +00:00
Ruoqing He
6164aa0885 misc: Replace div_round_up operation with div_ceil
As clippy of rust-toolchain version 1.83.0-beta.1 suggests, replace
manually implemented `div_round_up!` and the like with `div_ceil` from
std.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2024-10-18 17:46:39 +00:00
dependabot[bot]
ac97690848 build: Bump once_cell from 1.19.0 to 1.20.2
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.19.0 to 1.20.2.
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.19.0...v1.20.2)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 14:07:19 +00:00
Alexandru Matei
c891dcb947 vmm: drop device_tree mutex before acquiring pci_bus mutex
AddressManager::move_bar() acquires the device_tree mutex.
The function is called from PciConfigIo::config_space_write()/
PciConfigMmio::config_space_write() while the pci_bus mutex
is acquired.
The functions DeviceManager::pci_resources()/eject_device()
acquire these mutexes in reverse order, which leads to a deadlock.

Fixes: #6775

Signed-off-by: Alexandru Matei <alexandru.matei@uipath.com>
2024-10-03 12:04:00 +00:00
Ruoqing He
297236a7c0 misc: Eliminate use of assert!((...).is_ok())
Asserting on .is_ok()/.is_err() leads to hard to debug failures (as if
the test fails, it will only say "assertion failed: false". We replace
these with `.unwrap()`, which also prints the exact error variant that
was unexpectedly encountered (we can to this these days thanks to
efforts to implement Display and Debug for our error types). If the
assert!((...).is_ok()) was followed by an .unwrap() anyway, we just drop
the assert.

Inspired by and quoted from @roypat.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2024-10-03 12:03:49 +00:00
Rob Bradford
d1c9002c48 vmm: cpu: Fix aarch64 unit test
This fixes commit 2668dbbd8b501be6e59aff36eca26c34a13368f7 which changed
the error message.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-10-02 14:50:39 +00:00
dependabot[bot]
fbb21038cb build: Bump zbus from 4.1.2 to 4.4.0
Bumps [zbus](https://github.com/dbus2/zbus) from 4.1.2 to 4.4.0.
- [Release notes](https://github.com/dbus2/zbus/releases)
- [Commits](https://github.com/dbus2/zbus/compare/zbus-4.1.2...zbus-4.4.0)

---
updated-dependencies:
- dependency-name: zbus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-02 09:36:21 +00:00
Songqian Li
ab12e7c294 vmm: fix cargo clippy error for rust 1.77
Since cloning Option<Arc<T>> will clone for Arc<T>, this patch fixes the
follow warning:

warning: this call to `as_ref.map(...)` does nothing
   --> vmm/src/lib.rs:872:13
    |
872 |             self.console_resize_pipe.as_ref().map(Arc::clone),
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: try: `self.console_resize_pipe.clone()`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#useless_asref
    = note: `#[warn(clippy::useless_asref)]` on by default

Signed-off-by: Songqian Li <sionli@tencent.com>
2024-09-30 08:18:02 +00:00
Songqian Li
33c15ca273 vmm: remove pub use vm_config in config
This patch removes pub import vm_config in config.rs to eliminate
the ambiguity of vm_comfig reference.

Signed-off-by: Songqian Li <sionli@tencent.com>
2024-09-30 08:18:02 +00:00
Ruoqing He
61e57e1cb1 misc: Further improve imports styling
By introducing `imports_granularity="Module"` format strategy,
effectively groups imports from the same module into one line or block,
improving maintainability and readability.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2024-09-29 16:13:48 +00:00
Rob Bradford
88a9f79944 misc: Adapt consistent import style formatting
Historically the Cloud Hypervisor coding style has been to ensure that
all imports are ordered and placed in a single group. Unfortunately
cargo fmt has no support for ensuring that all imports are in a single
group so if whitespace lines were added as part of the import statements
then they would only be odered correctly in the group.

By adopting "group_imports="StdExternalCrate" we can enforce a style
where imports are placed in at most three groups for std, external
crates and the crate itself. Choosing a style enforceable by the tooling
reduces the reviewer burden.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-09-29 13:08:12 +01:00
BharatNarasimman
6e4aefe66f vmm: Remove console resize for Serial
Serial device doesnt support resize semantics. Setting up the
console resize pipe in the Serial device setup path, overwrites
the setup done as part of virtio-console.

Signed-off-by: BharatNarasimman <bharatn@microsoft.com>
2024-09-28 15:25:08 +00:00
Songqian Li
cc9899e09d vmm: remove unused mutex in api
This patch removes locks in VmCreate request and VmInfo response
since we needn't use a lock here and should ensure that internal
implementation is transparent to the runtime.

Signed-off-by: Songqian Li <sionli@tencent.com>
2024-09-28 14:02:04 +00:00
Ruoqing He
5a70d7ec69 build: Centralize rust-vmm crates to workspace
Modify `Cargo.toml` in each member crate to follow the dependencies
specified in root `Cargo.toml` file.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2024-09-27 15:58:21 +00:00
BharatNarasimman
a0ae3ad1df vmm: Pass the newly created console resizer pipe during vm reboot
For a VM with virt-console enabled, when a reboot is requested, the
console devices are closed during the shutdown path. As part of this
the sigwinch listener process and the console resizer pipe are closed.
For the new incarnation of the VM, fresh set of console devices are
setup and a new console resizer pipe is created. The new VM should
be setup to use the newly created console devices including the console
resizer pipe.

Reading from the older console resizer pipe results in unexpected eof
error and terminates the cloud hypervisor process.

Signed-off-by: BharatNarasimman <bharatn@microsoft.com>
2024-09-26 20:06:53 +00:00
Rob Bradford
d90fa96bb7 build: Bulk update vm-memory and related dependencies
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-09-26 12:31:25 +00:00
Alyssa Ross
287887c99c vmm: fix console IO safety
Rebooting a VM fails with the following error when debug assertions
are enabled:

	fatal runtime error: IO Safety violation: owned file descriptor already closed

This happens because FromRawFd::from_raw_fd is used on RawFds stored
in ConsoleInfo every time a VM begins to boot, so the second
time (after a reboot, or if the first attempt to boot via the API
failed), the fd will be closed.  Until this assertion is hit, the code
is operating on either closed file descriptors, or new file
descriptors for something completely different.  If debug assertions
are disabled, it will just continue doing this with unpredictable
results.

To fix this, and prevent the problem reocurring, ownership of the
console file descriptors needs to be properly tracked, using Rust's
type system, so this commit refactors the console code to do that.
The file descriptors are now passed around with reference counts, so
they won't be closed prematurely.  The obvious way to do this would be
to just have each member of ConsoleInfo be an Arc<File>, but we need
to accomodate that serial console file descriptors can also be
sockets.  We can't just store an OwnedFd and convert it when it's
used, because we only get a reference from the Arc, so we need to
store the descriptors as their concrete types in an enum.  Since this
basically duplicates the ConsoleOutputMode enum from the config, the
ConsoleOutputMode enum is now not used past constructing the
ConsoleInfo.

So that ownership can be represented consistently, the debug console's
tty mode now uses its own stdout descriptor.

I'm still using .try_clone().unwrap() (i.e. dup()) to clone file
descriptors for Endpoint::FilePair and Endpoint::TtyPair, because I
assume there's a reason for them not just to hold a single file
descriptor.

I've also retained the existing behaviour of having serial manager
ignore the tty file descriptor passed to it (which is stdout), and
instead using stdin.  It looks a lot weirder now, because it has to
explicitly indicate it's ignoring the fd with an underscore binding.

Fixes: 52eebaf6 ("vmm: refactor DeviceManager to use console_info")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-09-25 22:34:43 +00:00
Alyssa Ross
a5df86698b vmm: factor out stdout dup
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-09-25 22:34:43 +00:00
Alyssa Ross
bc251fdf46 vmm: fix resizing TTY consoles
The assignment of console_resize_pipe in the TTY case seems to have
been accidentally deleted.  I've put it back, but since this is adding
code, I used the new safe API for checking whether a file is a
terminal, introduced in Rust 1.70.0.  We should probably use that
everywhere, but that's out of scope of this bug fix.

Fixes: 52eebaf6 ("vmm: refactor DeviceManager to use console_info")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-09-25 18:56:18 +00:00
Alyssa Ross
d1214acf2a vmm: remove unused DeviceManager::console method
Fixes: 38a1b457 ("vmm: use the SIGWINCH listener for TTYs too")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-09-25 18:55:42 +00:00
Alyssa Ross
938ff2eeb7 vmm: update serial manager epoll events size
I've moved this so that it's just after the enum definition, which
will hopefully make it less easy to miss if events are added/removed
again in future.

Fixes: 6d1077fc ("vmm: Unix socket backend for serial port")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-09-25 18:55:18 +00:00
Nuno Das Neves
9f08aa6dc2 hypervisor: mshv: Update mshv crates to v0.3.0
And modify to code to use the updated interfaces.

Arguments for map_guest_memory, get_dirty_bitmap, vp.run(),
import_isolated_pages, modify_gpa_host_access have changed.
Update these to use the new interfaces, including new MSHV_*
definitions, and remove some redundant arguments.

Update seccomp IOCTLs to reflect interface changes.

Fix irq-related definitions naming.

Bump vfio-ioctls to support mshv v0.3.0.

Signed-off-by: Nuno Das Neves <nudasnev@microsoft.com>
2024-09-25 16:23:45 +00:00
Yuhong Zhong
2ad8fac624 vmm: memory_manager: Fix bound checks for memory hotplug
Bound checks for virtio-mem and ACPI memory hotplug are off by
one and two, respectively. This prevents users to fully use the reserved
memory hotplug size.

For ACPI, if we specific `--memory size=2G,hotplug_size=4G` and run
`ch-remote resize --memory 6G`, cloud-hypervisor will report the
following error because of the incorrect bound check:

`<vmm> ERROR:vmm/src/lib.rs:1631 -- Error when resizing VM:
MemoryManager(InsufficientHotplugRam)`

Similarly, for virtio-mem, cloud-hypervisor will fail the incorrect
bound check and abort the resize. The VM will see the following error
in dmesg:

`virtio_mem virtio3: unknown error, marking device broken: -22`

This patch has fixed both bound checks and ensure that users can
hot add memory up to the reserved hotplug size.

Signed-off-by: Yuhong Zhong <yz@cs.columbia.edu>
2024-09-19 18:02:20 +00:00
dependabot[bot]
4e64df1005 build: Bump anyhow from 1.0.86 to 1.0.87
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.86 to 1.0.87.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.86...1.0.87)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-10 00:03:10 +00:00
Rob Bradford
e47677020e vmm: Avoid clippy bool simplification warning
Clippy misidentifies this code as having a boolean expression that can
be simplified:

error: this boolean expression can be simplified
Error:    --> vmm/src/cpu.rs:425:13
    |
425 |             is_aarch64_feature_detected!("sve") || is_aarch64_feature_detected!("sve2");
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#nonminimal_bool
    = note: `-D clippy::nonminimal-bool` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::nonminimal_bool)]`
help: try
    |
425 |             !(!cfg!(target_feature = $target_feature_lit) && !$crate::detect::__is_feature_detected::$feature() && !$crate::detect::__is_feature_detected::$feature());
    |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
425 |             is_aarch64_feature_detected!("sve") || is_aarch64_feature_detected!("sve") || is_aarch64_feature_detected!("sve2");
    |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-09-07 09:40:20 +00:00
Jinank Jain
60aed1bd81 vmm: Fix seccomp violation while injecting NMI
... in case of guest running on Microsoft Hypervisor.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2024-09-06 18:51:26 +00:00
dependabot[bot]
68468b8519 build: Bump libc from 0.2.155 to 0.2.158
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.155 to 0.2.158.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.158/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.155...0.2.158)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-06 00:04:34 +00:00
Wenyu Huang
d2a364c5c0 vmm: Add support for enabling SVE in vm guests
This change enables SVE automatically if the host support SVE/SVE2.

Signed-off-by: Wenyu Huang <huangwenyuu@outlook.com>
2024-09-04 08:33:37 +01:00
Alyssa Ross
4bfeba967b vmm: fix console resizing
DeviceManager::add_virtio_console_device used to create the console
resize pipe and assign it to self.console_resize_pipe, but when this
was changed to use console_info, that was deleted without replacement.
This meant that, even though the console resize pipe was created by
pre_create_console_devices, the DeviceManager never found out about
it, so console resize didn't work (at least for pty consoles).

To fix this, the console resize pipe needs to be passed to the Vm
initializer, which is already supported, it was just previously not
used for new VMs.

Since DeviceManager already stores the console resize pipe in an Arc,
and Vmm also needs a copy of it, the sensible thing to do is change
DeviceManager::new to take Arc, and then we don't need to dup the file
descriptor, which could fail.

Fixes: 52eebaf6 ("vmm: refactor DeviceManager to use console_info")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-08-31 20:55:33 +00:00
Jinank Jain
ba262e45a4 hypervisor: vmm: Switch to common StandardRegisters implementation
Use the StandardRegisters defined in the hypervisor crate instead of
re-defining it from MSHV/KVM crate.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2024-08-30 17:04:37 +00:00
Wenyu Huang
4299815a67 vmm: allow to call fcntl in debug
This fixes a issue of running vm compiled in debug with Rust
1.80.0 or later, where this check was introduced.

Signed-off-by: Wenyu Huang <huangwenyuu@outlook.com>
2024-08-27 18:13:21 +00:00
dependabot[bot]
5f814308d6 build: Bump clap from 4.5.4 to 4.5.13
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.4 to 4.5.13.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.4...clap_complete-v4.5.13)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-20 00:02:25 +00:00
Jinank Jain
4c99aea6c4 hypervisor: Switch to use the new StandardRegisters
With this we are removing the CloudHypervisor definition of
StandardRegisters instead using an enum which contains different
variants of StandardRegisters coming from their bindigs crate.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2024-08-19 21:41:22 +00:00
dependabot[bot]
a229afbc24 build: Bump serde from 1.0.203 to 1.0.208
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.203 to 1.0.208.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.203...v1.0.208)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-17 00:02:04 +00:00
Nuno Das Neves
00b4d97826 vmm: Replace hardcoded mshv IOCTL numbers in seccomp
Use the IOCTL numbers directly from mshv-ioctls instead of hardcoding
them in the seccomp filters.

Remove seccomp rules for unused ioctls:
MSHV_GET_VERSION_INFO,
MSHV_ASSERT_INTERRUPT.

Signed-off-by: Nuno Das Neves <nudasnev@microsoft.com>
2024-08-13 18:52:46 +00:00
dependabot[bot]
36cdd67b9c build: Bump bitflags from 2.5.0 to 2.6.0
Bumps [bitflags](https://github.com/bitflags/bitflags) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/bitflags/bitflags/releases)
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bitflags/bitflags/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: bitflags
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-13 00:21:45 +00:00
dependabot[bot]
fee769bed4 build: Bump libc from 0.2.153 to 0.2.155
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.153 to 0.2.155.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.153...0.2.155)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-10 00:43:15 +00:00
Muminul Islam
1e967697c2 vmm: pass AccessPlatform implementation for SEV-SNP guest
Passing AccessPlatform trait to virtio-device for requesting
restricting page access during IO for SEV-SNP guest.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2024-08-09 17:40:13 +00:00
Muminul Islam
959ea7115f vmm: implement AccessPlatform for SEV-SNP proxy struct
Implement AccessPlatform for SEV-SNP guest to access
restricted page using IO. VMM calls MSHV api to get access
of the pages, MSHV requests guest to release the access.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2024-08-09 17:40:13 +00:00
Muminul Islam
398e9338a7 vmm: add a proxy struct for SEV-SNP guest
Add a structure to hold the reference of the Vm trait
from Hypervisor crate to access of restricted page
from SEV-SNP guest.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2024-08-09 17:40:13 +00:00
Yuanchu Xie
5f18ac3bc0 devices: Add pvmemcontrol device
Pvmemcontrol provides a way for the guest to control its physical memory
properties, and enables optimizations and security features. For
example, the guest can provide information to the host where parts of a
hugepage may be unbacked, or sensitive data may not be swapped out, etc.

Pvmemcontrol allows guests to manipulate its gPTE entries in the SLAT,
and also some other properties of the memory map the back's host memory.
This is achieved by using the KVM_CAP_SYNC_MMU capability. When this
capability is available, the changes in the backing of the memory region
on the host are automatically reflected into the guest. For example, an
mmap() or madvise() that affects the region will be made visible
immediately.

There are two components of the implementation: the guest Linux driver
and Virtual Machine Monitor (VMM) device. A guest-allocated shared
buffer is negotiated per-cpu through a few PCI MMIO registers, the VMM
device assigns a unique command for each per-cpu buffer. The guest
writes its pvmemcontrol request in the per-cpu buffer, then writes the
corresponding command into the command register, calling into the VMM
device to perform the pvmemcontrol request.

The synchronous per-cpu shared buffer approach avoids the kick and busy
waiting that the guest would have to do with virtio virtqueue transport.

The Cloud Hypervisor component can be enabled with --pvmemcontrol.

Co-developed-by: Stanko Novakovic <stanko@google.com>
Co-developed-by: Pasha Tatashin <tatashin@google.com>
Signed-off-by: Yuanchu Xie <yuanchu@google.com>
2024-08-05 22:41:56 +00:00
Yuanchu Xie
954f3dd057 vm-device: generalize BusDevice to use a shared reference
BusDevice trait functions currently holds a mutable reference to self,
and exclusive access is guaranteed by taking a Mutex when dispatched by
the Bus object. However, this prevents individual devices from serving
accesses that do not require an mutable reference or is better served
with different synchronization primitives. We switch Bus to dispatch via
BusDeviceSync, which holds a shared reference, and delegate locking to
the BusDeviceSync trait implementation for Mutex<BusDevice>.

Other changes are made to make use of the dyn BusDeviceSync
trait object.

Signed-off-by: Yuanchu Xie <yuanchu@google.com>
2024-08-05 22:41:56 +00:00
Praveen K Paladugu
be9f57dcf9 vmm: Add landlock elements to openapi spec
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-08-05 17:46:30 +00:00