Commit Graph

2781 Commits

Author SHA1 Message Date
Sergio Lopez
6aab0a5458 vhost_user_fs: Implement support for optional sandboxing
Implement support for setting up a sandbox for running the
service. The technique for this has been borrowed from virtiofsd, and
consists on switching to new PID, mount and network namespaces, and
then switching root to the directory to be shared.

Future patches will implement additional hardening features like
dropping capabilities and seccomp filters.

Signed-off-by: Sergio Lopez <slp@redhat.com>
2020-05-14 17:16:23 +02:00
Sergio Lopez
c4bf383fd7 vhost_user_*: Create a vhost::Listener in advance
Changes is vhost crate require VhostUserDaemon users to create and
provide a vhost::Listener in advance. This allows us to adopt
sandboxing strategies in the future, by being able to create the UNIX
socket before switching to a restricted namespace.

Update also the reference to vhost crate in Cargo.lock to point to the
latest commit from the dragonball branch.

Signed-off-by: Sergio Lopez <slp@redhat.com>
2020-05-14 17:16:23 +02:00
Sergio Lopez
fa844865a5 vhost_user_fs: Allow callers to provide a fd for /proc/self/fd
Allow callers to provide a file descriptor for /proc/self/fd. This is
useful for sandboxing, as we may be running in a namespace that
doesn't have access to /proc.

Signed-off-by: Sergio Lopez <slp@redhat.com>
2020-05-14 17:16:23 +02:00
Sergio Lopez
831cff3fee vhost_user_fs: Use a fd for /proc/self/fd instead of /proc
Open a file descriptor to /proc/self/fd instead of /proc. We aren't
using any other entries from that directory, and doing this allows us
to keep working even if /proc is no longer present in our
namespace (useful for sandboxing).

Signed-off-by: Sergio Lopez <slp@redhat.com>
2020-05-14 17:16:23 +02:00
Sebastien Boeuf
ba4ec7fce2 ci: Extend snapshot_restore_test with hotplug
There's a simple way to trigger PCI BAR reprogramming for a given
device, by removing it and then hotplugging it back. The Linux kernel
will simply choose to place the BARs at different location than the ones
chosen by Cloud-Hypervisor. By doing so, and creating the snapshot after
this hotplug operation, we can manage to validate that the resource are
correctly restored for a given virtio-pci device.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-14 11:02:22 +02:00
Sebastien Boeuf
9e165c2c17 ci: Enable snapshot/restore integration test
Now that snapshot/restore feature is stable for both virtio-mmio and
virtio-pci devices, we re-enable the integration test for validating
snapshot/restore does not get broken.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-14 11:02:22 +02:00
dependabot-preview[bot]
c566f1f024 build(deps): bump once_cell from 1.3.1 to 1.4.0
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.3.1...v1.4.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-14 09:01:57 +02:00
dependabot-preview[bot]
7ffde29593 build(deps): bump backtrace from 0.3.47 to 0.3.48
Bumps [backtrace](https://github.com/rust-lang/backtrace-rs) from 0.3.47 to 0.3.48.
- [Release notes](https://github.com/rust-lang/backtrace-rs/releases)
- [Commits](https://github.com/rust-lang/backtrace-rs/compare/0.3.47...0.3.48)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-13 23:36:55 +02:00
dependabot-preview[bot]
e9c2dbc866 build(deps): bump anyhow from 1.0.29 to 1.0.30
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.29 to 1.0.30.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.29...1.0.30)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-13 19:56:23 +02:00
Rob Bradford
9ccc7daa83 build, vmm: Update to latest kvm-ioctls
The ch branch has been rebased to incorporate the latest upstream code
requiring a small change to the unit tests.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-13 17:14:49 +02:00
Rob Bradford
80aa0a753d tests: Test unplugging virtio-fs
Now that virtio-fs has unplug support try unplugging and readding the
virtio-fs device.

Fixes: #1050

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-13 09:11:50 +01:00
Rob Bradford
88ec93d075 vmm: config: Add missing "id" from FsConfig parsing
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-13 09:11:50 +01:00
dependabot-preview[bot]
0f89f5eca0 build(deps): bump anyhow from 1.0.28 to 1.0.29
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.28 to 1.0.29.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.28...1.0.29)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-13 09:32:48 +02:00
dependabot-preview[bot]
ab3d374ab7 build(deps): bump syn from 1.0.20 to 1.0.21
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.20 to 1.0.21.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.20...1.0.21)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-13 09:32:38 +02:00
dependabot-preview[bot]
35b8992ede build(deps): bump thiserror from 1.0.16 to 1.0.17
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.16 to 1.0.17.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.16...1.0.17)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-13 08:54:23 +02:00
dependabot-preview[bot]
3415b11d79 build(deps): bump quote from 1.0.4 to 1.0.5
Bumps [quote](https://github.com/dtolnay/quote) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.4...1.0.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-13 08:54:12 +02:00
dependabot-preview[bot]
6989bf054c build(deps): bump backtrace from 0.3.46 to 0.3.47
Bumps [backtrace](https://github.com/rust-lang/backtrace-rs) from 0.3.46 to 0.3.47.
- [Release notes](https://github.com/rust-lang/backtrace-rs/releases)
- [Commits](https://github.com/rust-lang/backtrace-rs/compare/0.3.46...0.3.47)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-12 20:27:38 +02:00
dependabot-preview[bot]
2991fd2a48 build(deps): bump libc from 0.2.69 to 0.2.70
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.69 to 0.2.70.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.69...0.2.70)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-12 20:26:43 +02:00
Sebastien Boeuf
c37da600e8 vmm: Update DeviceTree upon PCI BAR reprogramming
By passing a reference of the DeviceTree to the AddressManager, we can
now update the DeviceTree whenever a PCI BAR is reprogrammed. This is
mandatory to maintain the correct resources information related to each
virtio-pci device, which will ensure correct information will be stored
upon VM snapshot.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-12 17:37:31 +01:00
Sebastien Boeuf
d0ae9d7ce6 vmm: Share the DeviceTree across threads
We want to be able to share the same DeviceTree across multiple threads,
particularly to handle the use case where PCI BAR reprogramming might
need to update the tree while from another thread a new device is being
added to the tree.

That's why this patch moves the DeviceTree instance into an Arc<Mutex<>>
so that we can later share a reference of the same mutable tree with the
AddressManager responsible for handling PCI BAR reprogramming.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-12 17:37:31 +01:00
Sebastien Boeuf
5e9d254564 vmm: Store and restore virtio-pci BAR resources
By using the vector of resources provided by the DeviceNode, the device
manager can store the information related to PCI BARs from a virtio-pci
device. Based on this, and upon VM restoration, the device manager can
restore the BARs in the expected location in the guest address space.

One thing to note is that we only need to provide the VirtioPciDevice
with the configuration BAR (BAR 0) since the SHaredMemory BAR info comes
from the virtio device directly.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-12 17:37:31 +01:00
Sebastien Boeuf
02bd50f6ab vm-virtio: Add helper to set the configuration BAR value
From a VirtioPciDevice perspective, there are two types of BARs, either
the virtio configuration BAR or the SHaredMemory BAR.

The SHaredMemory BAR address comes from the virtio device directly as
the memory region had been previously allocated when the virtio device
has been created. So for this BAR, there's nothing to do when restoring
a VM, since the associated virtio device is already restored with the
appropriate resources, hence the BAR will already be at the right
address.

The remaining configuration BAR is different, as we usually get its
address from the SystemAllocator. This means in case we restore a VM,
we must provide this value, bypassing the allocator. This is what this
commit takes care of, by letting the caller set the base address for the
configuration BAR prior to allocating the BARs.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-12 17:37:31 +01:00
Sebastien Boeuf
8a826ae24c vmm: Store and restore virtio-pci device on right PCI slot
Based on the new field "pci_bdf", a virtio-pci device can be restored at
the same place on the PCI bus it was located before the VM snapshot.

This ensures consistent placement on the PCI bus, based on the stored
information related to each device.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-12 17:37:31 +01:00
Sebastien Boeuf
98dac352b8 vmm: Add optional PCI b/d/f to each DeviceNode
We need a way to store the information about where a PCI device was
placed on the PCI bus before the VM was snapshotted. The way to do this
is by adding an extra field to the DeviceNode structure.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-12 17:37:31 +01:00
Sebastien Boeuf
1e0ebb760f pci: Allow specific PCI b/d/f to be reserved
In order to let the PciBus user choose where a device should be placed
on the bus, a new function get_device_id() is introduced. This will be
helpful in the context of snapshot/restore as the caller will be able to
place the PCI devices on the same slot they were placed before the
snapshot was taken.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-12 17:37:31 +01:00
dependabot-preview[bot]
e577b64a58 build(deps): bump syn from 1.0.19 to 1.0.20
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.19 to 1.0.20.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.19...1.0.20)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-12 10:20:15 +02:00
Rob Bradford
36bffff22a tests: Expand the test_large_memory() test to cover lots of vCPUs
Ensure that there is no regression in our support for a large number of
vCPUS.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 19:34:34 +01:00
Rob Bradford
b9ba81c30d arch, vmm: Don't build mptable when using ACPI
Use the ACPI feature to control whether to build the mptable. This is
necessary as the mptable and ACPI RSDP table can easily overwrite each
other leading to it failing to boot.

TEST=Compile with default features and see that --cpus boot=48 now
works, try with --no-default-features --features "pci" and observe the
--cpus boot=48 also continues to work.

Fixes: #1132

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 19:34:34 +01:00
Rob Bradford
16ac24d8f7 tests: Only test "noacpi" test when we don't build with ACPI
The mmio integration test build currently doesn't use ACPI so piggyback
on that test variation.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 19:34:34 +01:00
Rob Bradford
bb8d19bbd6 arch: Check RSDP address does not go past memory
The setup_mptables() call which is not used on ACPI builds has a side
effect of testing whether there was enough RAM which one of the unit
tests was relying on. Add a similar check for the RSDP address.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 19:34:34 +01:00
dependabot-preview[bot]
1c44e917f9 build(deps): bump clap from 2.33.0 to 2.33.1
Bumps [clap](https://github.com/clap-rs/clap) from 2.33.0 to 2.33.1.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/v2.33.1/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v2.33.0...v2.33.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-11 20:15:13 +02:00
dependabot-preview[bot]
4cd2eccf2f build(deps): bump signal-hook from 0.1.14 to 0.1.15
Bumps [signal-hook](https://github.com/vorner/signal-hook) from 0.1.14 to 0.1.15.
- [Release notes](https://github.com/vorner/signal-hook/releases)
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/compare/v0.1.14...v0.1.15)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-11 20:15:03 +02:00
Sebastien Boeuf
308b790cfc vm-virtio: Implement Snapshottable trait for VirtioPciDevice
This gives Cloud-Hypervisor the possibility to snapshot and restore a
VM running with virtio-pci devices attached to it.

The VirtioPciDevice snapshot contains a vector of sub-snapshots to store
and restore information related to MsixConfig, VirtioPciCommonConfig and
PciConfiguration structures, along with snapshot data related to
VirtioPciDevice itself.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-11 11:38:16 +01:00
Sebastien Boeuf
6d59428641 vm-virtio: Implement Snapshottable trait for VirtioPciCommonConfig
This structure contains all the virtio generic information, and as part
of restoring a VM with virtio-pci devices, it is important to restore
these values to ensure the device's proper functioning.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-11 11:38:16 +01:00
Sebastien Boeuf
e1701f11b1 pci: Implement Snapshottable trait for PciConfiguration
The PCI configuration from each PCI device is modified at runtime as we
can expect the guest OS to write to some PCI capability structure, or
move the BAR to a different location in the guest address space.

For all the reasons why such configuration might differ from the initial
configuration, we must store the registers values to be able to restore
them with the right values whenever a PCI device is being restored.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-11 11:38:16 +01:00
Sebastien Boeuf
376db31107 pci: Implement Snapshottable trait for MsixConfig
In order to restore devices relying on MSI-X, the MsixConfig structure
must be restored with the correct values. Additionally, the KVM routes
must be restored so that interrupts can be delivered through KVM the way
they were configured before the snapshot was taken.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-11 11:38:16 +01:00
Rob Bradford
52ac3779df tests: Remove network interface from test_memory_overhead
Continue to try and track down the instability in the numbers generated
by this test by removing the (unused) network interface. It's possible
we are getting broadcast packets into the tap device and generating a
variable size of allocations.

See: #760

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 11:27:19 +02:00
Rob Bradford
b57eeb9628 vhost_user_block: Add "queue_size" to --block-backend
This allows the configuration of the queue size like other backends.

Fixes: #1131

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 09:40:40 +02:00
Rob Bradford
5016fcf8d5 vhost_user_block: Use config::OptionParser to simplify block backend parsing
Switch to using the recently added OptionParser in the code that parses
the block backend.

Fixes: #1092

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 09:40:40 +02:00
Rob Bradford
592de97fbd vhost_user_net: Use config::OptionParser to simplify net backend parsing
Switch to using the recently added OptionParser in the code that parses
the network backend.

Whilst doing this also update the net-backend syntax to use "sock"
rather than socket.

Fixes: #1092
Partially fixes: #1091

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 09:40:40 +02:00
Rob Bradford
f3f398eb44 vhost_user_block: Consolidate the vhost-user-block backend syntax
Rather than repeat syntax for the vhost-user-block backend in multiple
places store it in one place and reference it from the required places.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 09:40:40 +02:00
Rob Bradford
3220292d45 vhost_user_net: Consolidate the vhost-user-net backend syntax
Rather than repeat syntax for the vhost-user-net backend in multiple
places store it in one place and reference it from the required places.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-05-11 09:40:40 +02:00
dependabot-preview[bot]
0d2be3b6d4 build(deps): bump serde from 1.0.107 to 1.0.110
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.107 to 1.0.110.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.107...v1.0.110)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-11 06:43:33 +00:00
dependabot-preview[bot]
9d8754c620 build(deps): bump pin-project from 0.4.13 to 0.4.16
Bumps [pin-project](https://github.com/taiki-e/pin-project) from 0.4.13 to 0.4.16.
- [Release notes](https://github.com/taiki-e/pin-project/releases)
- [Changelog](https://github.com/taiki-e/pin-project/blob/master/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/pin-project/compare/v0.4.13...v0.4.16)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-11 08:01:33 +02:00
dependabot-preview[bot]
9bac13deb3 build(deps): bump serde_json from 1.0.52 to 1.0.53
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.52 to 1.0.53.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.52...v1.0.53)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-11 08:00:54 +02:00
dependabot-preview[bot]
e8d4a13e7f build(deps): bump serde_derive from 1.0.107 to 1.0.110
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.107 to 1.0.110.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.107...v1.0.110)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-11 08:00:37 +02:00
dependabot-preview[bot]
d8f181c576 build(deps): bump futures from 0.3.4 to 0.3.5
Bumps [futures](https://github.com/rust-lang/futures-rs) from 0.3.4 to 0.3.5.
- [Release notes](https://github.com/rust-lang/futures-rs/releases)
- [Changelog](https://github.com/rust-lang/futures-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/futures-rs/compare/0.3.4...0.3.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-09 12:31:12 +01:00
dependabot-preview[bot]
1e44ac515f build(deps): bump serde_derive from 1.0.106 to 1.0.107
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.106 to 1.0.107.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.106...v1.0.107)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-09 12:30:55 +01:00
dependabot-preview[bot]
c197bd6f82 build(deps): bump serde from 1.0.106 to 1.0.107
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.106 to 1.0.107.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.106...v1.0.107)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-05-09 12:30:30 +01:00
Sebastien Boeuf
475040b29e vm-virtio: Correctly reset the virtqueues
Upon a virtio reset, the driver expects that available and used indexes
will be reset to 0. That's why we need to reset these values from the
VMM for any virtio device that might get reset.

This issue was not detected before because the Vec<Queue> maintained
through VirtioPciDevice or MmioDevice was never updated from the virtio
device thread after the device had been actived. For this reason, upon
reset, both available and used indexes were already at the value 0.

The issue arose when trying to reset a device after the VM was restored.
That's because during the restore, each queue is assigned with the right
available and used indexes before it is passed to the device through the
activate function. And that's why upon reset, each queue was still
assigned with these indexes while it should have been reset to 0.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-05-08 11:31:50 +01:00