6171 Commits

Author SHA1 Message Date
Sebastien Boeuf
26006974e8 virtio-devices: iommu: Error out if couldn't translate address
It doesn't matter if we're trying to translate a GVA or a GPA address,
but in both cases we must error out if the address couldn't be
translated.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-06 11:21:46 +02:00
Rob Bradford
76b1a009e4 README: Update OS list and clarify release stability
Remove EOLed distributions and clarify the stability guarantees and what
the experimental features are.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-04-05 20:35:33 +01:00
Bo Chen
044b57c927 scripts: Bump container version and SPDK version for aarch64
In this way, CI jobs on both `x86_64` and `aarch64` will start to use
the latest version of SPDK.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-04-05 13:04:12 +01:00
Bo Chen
0ad3d5196f Dockerfile: Update to build the latest upstream SPDK
The latest upstream SPDK contains the live-migration support for the
NVMe backend.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-04-05 13:04:12 +01:00
Michael Zhao
261e39d8ab tests: Improve test_live_migration_numa
Set various initial memory node sizes in test case
`test_live_migration_numa`.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-04-05 11:04:52 +08:00
Michael Zhao
9069cc889f aarch64: Update NUMA node in FDT for memory hole
Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-04-05 11:04:52 +08:00
Michael Zhao
96ed1327f8 aarch64: Update FDT for the new memory layout
If the RAM is across the hole, 2 `memory` nodes are needed in FDT.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-04-05 11:04:52 +08:00
Michael Zhao
d60d6713fa aarch64: Unit test for new memory layout
Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-04-05 11:04:52 +08:00
Michael Zhao
848d88c122 aarch64: Reserve a hole in 32-bit space
The reserved space is for devices.
Some devices (like TPM) require arbitrary addresses close to 4GiB.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-04-05 11:04:52 +08:00
Michael Zhao
a3dbc3b415 aarch64: Change RAM_START type GuestAddress
Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-04-05 11:04:52 +08:00
Michael Zhao
ef9f37cd5f aarch64: Rename RAM_64BIT_START in layout
`RAM_64BIT_START` was set to 1 GiB, not a real 64-bit address. Now
rename it `RAM_START` to avoid confusion.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-04-05 11:04:52 +08:00
dependabot[bot]
c035e5a836 build: bump mshv-bindings from d241ffc to ef7d561
Bumps [mshv-bindings](https://github.com/rust-vmm/mshv) from `d241ffc` to `ef7d561`.
- [Release notes](https://github.com/rust-vmm/mshv/releases)
- [Commits](d241ffcacd...ef7d56169c)

---
updated-dependencies:
- dependency-name: mshv-bindings
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-04 23:39:24 +00:00
Sebastien Boeuf
a2acc02f50 tests: Update test_vdpa_block to include vIOMMU testing
The extra vDPA device in the test is hotplugged behind the vIOMMU, which
covers the use case of placing a vDPA device behind a virtual IOMMU.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-05 00:09:52 +02:00
Sebastien Boeuf
590361aeb6 virtio-devices: Translate queue addresses back to GVA if needed
Whenever a virtio device is placed behind a vIOMMU, we have some code in
pci_common_config.rs to translate the queue addresses (descriptor table,
available ring and used ring) from GVA to GPA, so that they can be used
correctly.

But in case of vDPA, we also need to provide the queue addresses to the
vhost backend. And since the vhost backend deals with consistent IOVAs,
all addresses being provided should be GVAs if the device is placed
being a vIOMMU. For that reason, we perform a translation of the queue
addresses back from GPA to GVA if necessary, and only to be provided to
the vhost backend.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-05 00:09:52 +02:00
Sebastien Boeuf
b3d7ad0b91 virtio-devices: vdpa: Add extra debug!() logs
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-05 00:09:52 +02:00
Sebastien Boeuf
e76a5969e8 vmm: Add iommu parameter to VdpaConfig
Add a new iommu parameter to VdpaConfig in order to place the vDPA
device behind a virtual IOMMU.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-05 00:09:52 +02:00
Sebastien Boeuf
e9b1ad9558 virtio-devices: iommu: Fix list of external mappings
In case an external mapping would have been added after the virtio-iommu
device has been activated, it would have simply be ignored because the
code wasn't using a shared object between the vmm thread and the iommu
thread. This behavior is only triggered on the hotplug codepath, and
only if the hotplugged device is placed behind the virtual IOMMU.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-05 00:09:52 +02:00
Sebastien Boeuf
1cdf8b232d virtio-devices: Introduce new function translating GPAs into GVAs
In anticipation for the vDPA need to translate a GPA back into a GVA, we
extend the existing trait DmaRemapping and AccessPlatform to perform
such operation.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-05 00:09:52 +02:00
Sebastien Boeuf
059e787cb5 virtio-devices: Rename address translation function for more clarity
Renaming translate() to translate_gva() to clarify we want to translate
a GVA address into a GPA.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-05 00:09:52 +02:00
dependabot[bot]
16c525b2c0 build: bump clap from 3.1.7 to 3.1.8
Bumps [clap](https://github.com/clap-rs/clap) from 3.1.7 to 3.1.8.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.1.7...v3.1.8)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-02 00:04:16 +00:00
dependabot[bot]
cd599c9e64 build: bump clap from 3.1.7 to 3.1.8 in /fuzz
Bumps [clap](https://github.com/clap-rs/clap) from 3.1.7 to 3.1.8.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.1.7...v3.1.8)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 23:35:45 +00:00
Sebastien Boeuf
2963e5c954 docs: Update TDX documentation
According to latest official images based on latest TDX guest kernel, we
update the documentation to reflect the change regarding serial support.

New guest kernels have been updated to disable usage of serial ports,
meaning adding console=ttyS0 to the kernel boot parameters will have no
effect.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-01 18:24:32 +01:00
Sebastien Boeuf
00ce8277aa vmm: tdx: Fix the logic for generating HOB memory resources
The list of memory resources provided through the HOB wasn't accurate
because of the broken logic. The fix provides correct ranges to the
firmware.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-01 18:24:32 +01:00
Sebastien Boeuf
70222ffc1a vmm: tdx: Only report TempMem as reserved memory
Based on latest QEMU patches from branch tdx-qemu-2022.03.29-v7.0.0-rc1
we should only report as memory resources the TempMem sections from TDVF
sections.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-01 18:24:32 +01:00
Sebastien Boeuf
dae77d8d43 arch: x86_64: tdx: Update EFI HOB attribute
Based on latest QEMU patches from branch tdx-qemu-2022.03.29-v7.0.0-rc1
we don't need EFI_RESOURCE_ATTRIBUTE_ENCRYPTED as part of the attributes
we must enable with EFI_RESOURCE_SYSTEM_MEMORY and
EFI_RESOURCE_MEMORY_RESERVED resource types.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-04-01 18:24:32 +01:00
dependabot[bot]
a575fd70ec build: bump clap from 3.1.6 to 3.1.7
Bumps [clap](https://github.com/clap-rs/clap) from 3.1.6 to 3.1.7.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.1.6...v3.1.7)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 13:52:38 +00:00
dependabot[bot]
28b56521f5 build: bump pkg-config from 0.3.24 to 0.3.25
Bumps [pkg-config](https://github.com/rust-lang/pkg-config-rs) from 0.3.24 to 0.3.25.
- [Release notes](https://github.com/rust-lang/pkg-config-rs/releases)
- [Changelog](https://github.com/rust-lang/pkg-config-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/pkg-config-rs/compare/0.3.24...0.3.25)

---
updated-dependencies:
- dependency-name: pkg-config
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 13:18:40 +00:00
dependabot[bot]
11d0e7aaf1 build: bump clap from 3.1.6 to 3.1.7 in /fuzz
Bumps [clap](https://github.com/clap-rs/clap) from 3.1.6 to 3.1.7.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.1.6...v3.1.7)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 13:59:28 +01:00
Rob Bradford
7fd76eff05 vmm: Don't error if live resizing is not possible
The introduction of a error if live resizing is not possible is a
regression compared to the original behaviour where the new size would
be stored in the config and reflected in the next boot. This behaviour
was also inconsistent with the effect of resizing with no VM booted.

Instead of generating an error allow the code to go ahead and update the
config so that the new size will be available upon the reboot.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-03-31 17:04:53 +01:00
Bo Chen
4af04d8f49 tests: Enable 'test_vfio_user' using Jammy on 'aarch64'
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-03-31 09:22:07 +01:00
Bo Chen
eed2a0d06b vmm: Add 'libc::SYS_shutdown' to vmm 'seccomp' filter list
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-03-31 09:22:07 +01:00
Bo Chen
d49363a5af tests: Enable guest console log for test_vfio_user
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-03-31 09:22:07 +01:00
Bo Chen
0e2cb9fd06 tests: Move to use Jammy guest image for test_vfio_user
Fixes: #3495

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-03-31 09:22:07 +01:00
Bo Chen
661e5eb084 scripts: Use the same spdk version from dev container for aarch64
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-03-31 09:22:07 +01:00
Bo Chen
cec035c6e0 tests: Increase timeout after vfio-user device hotplug
As reported by the periodic CI runs, it may take more time for the NVMe
device to present in the guest after being hotplugged as a VFIO user
device on `aarch64` (especially under high load). Let's increase the
timeout after device hotplug from `1s` to `10s` to increase the test
stability.

Fixes: #3495

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-03-31 09:22:07 +01:00
Bo Chen
3679be3721 tests: Enable hugepages for test_vfio_user
This is will fix a warning reported from the SPDK/NVMe backend when the
memory address is not 2M aligned.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-03-31 09:22:07 +01:00
dependabot[bot]
67727deb0a build: bump redox_syscall from 0.2.12 to 0.2.13
Bumps redox_syscall from 0.2.12 to 0.2.13.

---
updated-dependencies:
- dependency-name: redox_syscall
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-31 00:50:41 +00:00
dependabot[bot]
caa15c5c02 build: bump lock_api from 0.4.6 to 0.4.7
Bumps [lock_api](https://github.com/Amanieu/parking_lot) from 0.4.6 to 0.4.7.
- [Release notes](https://github.com/Amanieu/parking_lot/releases)
- [Changelog](https://github.com/Amanieu/parking_lot/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Amanieu/parking_lot/compare/lock_api-0.4.6...lock_api-0.4.7)

---
updated-dependencies:
- dependency-name: lock_api
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-31 00:23:33 +00:00
dependabot[bot]
d1312c3143 build: bump redox_users from 0.4.2 to 0.4.3
Bumps redox_users from 0.4.2 to 0.4.3.

---
updated-dependencies:
- dependency-name: redox_users
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-30 23:44:27 +00:00
Fabiano Fidêncio
f049867cd9 vmm,memory_manager: Deny resizing only if the ram amount has changed
Similarly to the previous commit restricting the cpu resizing error only
to the situations where the vcpu amount has changed, let's do the same
with the memory and be consistent throughout our code base.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-03-30 21:29:08 +01:00
Fabiano Fidêncio
2c8045343c vmm,cpu: Deny resizing only if the vcpu amount has changed
188078467db42f50f5b7e7a7969738ebf8aec95c made clear that resize should
only happen when dealing with a "dynamic" CpuManager.  Although this is
very much correct, it causes a regression on Kata Containers (and on any
other consumer of Cloud Hypervisor) in cases where a resize would be
triggered but the vCPUs values wouldn't be changed.

There's no doubt Kata Containers could do better and do not call a
resize in such situations, and that's something that should **also** be
solved there.  However, we should also work this around on Cloud
Hypervisor side as it introduces a regression with the current Kata
Containers code.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-03-30 21:29:08 +01:00
Sebastien Boeuf
db06c31305 arch: x86_64: Patch CPUID based on TDX capabilities
Based on the XFAM masks retrieved from the TDX capabilities, the CPUID
must be patched.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-03-30 14:57:23 +01:00
Sebastien Boeuf
b0077f0b5e hypervisor: Implement retrieval of TDX capabilities
Extend the Hypervisor API in order to retrieve the TDX capabilities from
the underlying hypervisor.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-03-30 14:57:23 +01:00
Sebastien Boeuf
f310dc0916 hypervisor: Don't enable TDX debug
This might not be correctly supported, therefore best to keep it
disabled by default.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-03-30 14:57:23 +01:00
Sebastien Boeuf
3c973fa7ce virtio-devices: vhost-user: Add support for TDX
By enabling the VIRTIO feature VIRTIO_F_IOMMU_PLATFORM for all
vhost-user devices when needed, we force the guest to use the DMA API,
making these devices compatible with TDX. By using DMA API, the guest
triggers the TDX codepath to share some of the guest memory, in
particular the virtqueues and associated buffers so that the VMM and
vhost-user backends/processes can access this memory.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-03-30 10:32:23 +02:00
dependabot[bot]
d310abed44 build: bump indexmap from 1.8.0 to 1.8.1
Bumps [indexmap](https://github.com/bluss/indexmap) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/bluss/indexmap/releases)
- [Changelog](https://github.com/bluss/indexmap/blob/master/RELEASES.rst)
- [Commits](https://github.com/bluss/indexmap/compare/1.8.0...1.8.1)

---
updated-dependencies:
- dependency-name: indexmap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-30 00:32:21 +00:00
dependabot[bot]
a9b9251756 build: bump indexmap from 1.8.0 to 1.8.1 in /fuzz
Bumps [indexmap](https://github.com/bluss/indexmap) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/bluss/indexmap/releases)
- [Changelog](https://github.com/bluss/indexmap/blob/master/RELEASES.rst)
- [Commits](https://github.com/bluss/indexmap/compare/1.8.0...1.8.1)

---
updated-dependencies:
- dependency-name: indexmap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-29 23:46:58 +00:00
Rob Bradford
c66be2e974 tests: Split test_simple_launch() into separate tests
This will make it much easier identify which tests are failing.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-03-29 15:20:58 +01:00
Rob Bradford
ca68b9e7a9 build: Remove "cmos" feature gate
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-03-29 15:20:58 +01:00
Rob Bradford
e0d3efec6e devices: cmos: Implement CMOS based reset
If EFI reset fails on the Linux kernel then it will fallthrough to CMOS
reset. Implement this as one of our reset solutions.

Fixes: #3912

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-03-29 15:20:58 +01:00