3488 Commits

Author SHA1 Message Date
Michael Zhao
c3a75dafc5 tests: Enable serial test cases for AArch64
Enabled all "ttyS0" related test cases:
- test_serial_off
- test_serial_tty
- test_serial_file

Enabled mandatory guest kernel driver for "ns16550a" on AArch64.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2021-03-15 20:59:50 +08:00
Michael Zhao
ee7fcdb3cf aarch64: Correct wrong settings for serial device
Corrected:
- The device name in FDT
- MMIO mapping size

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2021-03-15 20:59:50 +08:00
Michael Zhao
afc83582be aarch64: Enable IRQ routing for legacy devices
On AArch64, interrupt controller (GIC) is emulated by KVM. VMM need to
set IRQ routing for devices, including legacy ones.

Before this commit, IRQ routing was only set for MSI. Legacy routing
entries of type KVM_IRQ_ROUTING_IRQCHIP were missing. That is way legacy
devices (like serial device ttyS0) does not work.

The setting of X86 IRQ routing entries are not impacted.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2021-03-15 20:59:50 +08:00
dependabot-preview[bot]
2a8bdf710d build(deps): bump syn from 1.0.63 to 1.0.64 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.63 to 1.0.64.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.63...1.0.64)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-15 08:35:57 +00:00
dependabot-preview[bot]
210a9d40c8 build(deps): bump regex from 1.4.4 to 1.4.5
Bumps [regex](https://github.com/rust-lang/regex) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.4.4...1.4.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-14 22:03:20 +00:00
dependabot-preview[bot]
5bb10adf22 build(deps): bump syn from 1.0.63 to 1.0.64
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.63 to 1.0.64.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.63...1.0.64)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-14 22:03:04 +00:00
dependabot-preview[bot]
97f8f0fb31 build(deps): bump openssl-sys from 0.9.60 to 0.9.61
Bumps [openssl-sys](https://github.com/sfackler/rust-openssl) from 0.9.60 to 0.9.61.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.60...openssl-sys-v0.9.61)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-14 22:02:49 +00:00
Rob Bradford
5bc311184e build: Remove url crate dependency
This removes multiple transitive dependencies and speeds up our build.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-12 16:52:55 +01:00
Rob Bradford
7f96eb2b67 vmm: migration: Simplify url socket handling in migration code
Extract URL handling to a common function and simplify to remove url
crate dependency.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-12 16:52:55 +01:00
Rob Bradford
ab4b30edd3 vmm: Switch MemoryManager::send() to url_to_path()
This continues the work in cc78a597cd579f49971d379626021300196ef548

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-12 16:52:55 +01:00
Rob Bradford
cc78a597cd vmm: Simplify snapshot/restore path handling
Extend the existing url_to_path() to take the URL string and then use
that to simplify the snapshot/restore code paths.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-12 13:03:01 +01:00
Bo Chen
ebcbab739e vmm: openapi: Add rate_limiter_config to the `DiskConfig
Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-03-12 09:35:03 +01:00
Bo Chen
0c7541473c docs: Add documentation on I/O throttling
Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-03-12 09:35:03 +01:00
Bo Chen
169d6f6756 fuzz: Update the 'block' fuzz target with the rate limiter support
Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-03-12 09:35:03 +01:00
Bo Chen
af8def364d virtio-devices, vmm: add I/O rate limiter on block device
This patch is based on the 'rate_limiter' module from firecracker[1]. To
simplify dependencies, we reply on 'vmm-sys-util::TimerFd' instead of
the `timerfd` crate.

[1]https://github.com/firecracker-microvm/firecracker/tree/master/src/rate_limiter

Fixes: #1285

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-03-12 09:35:03 +01:00
dependabot-preview[bot]
c45a9a390d build(deps): bump regex from 1.4.3 to 1.4.4
Bumps [regex](https://github.com/rust-lang/regex) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.4.3...1.4.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-12 08:33:23 +00:00
dependabot-preview[bot]
b5929645c6 build(deps): bump regex-syntax from 0.6.22 to 0.6.23
Bumps [regex-syntax](https://github.com/rust-lang/regex) from 0.6.22 to 0.6.23.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-12 08:33:05 +00:00
Sebastien Boeuf
ec9e6edcd0 virtio-devices: Remove unused update_memory() from VirtioDevice trait
Now that virtio devices can be updated with add_memory_region(), there's
no need to keep update_memory() around.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
00873e5f84 vmm: device_manager: Update virtio devices memory with a single region
Relies on the preliminary work allowing virtio devices to be updated
with a single memory at a time instead of updating the entire memory at
once.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
9e53efa3ca virtio-devices: Add support for adding a single memory region
Assuming vhost-user devices support CONFIGURE_MEM_SLOTS protocol
feature, we introduce a new method to the VirtioDevice trait in order to
update one single memory at a time.

In case CONFIGURE_MEM_SLOTS is not supported by the backend (feature not
acked), we fallback onto the current way of updating the memory
mappings, that is with SET_MEM_TABLE.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
4f22f57651 vhost_user_net: Enable CONFIGURE_MEM_SLOTS protocol feature
In order to support GET_MAX_MEM_SLOTS, ADD_MEM_REG and REM_MEM_REG, the
protocol feature CONFIGURE_MEM_SLOTS must be enabled.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
1e1cbc53c1 vhost_user_blk: Enable CONFIGURE_MEM_SLOTS protocol feature
In order to support GET_MAX_MEM_SLOTS, ADD_MEM_REG and REM_MEM_REG, the
protocol feature CONFIGURE_MEM_SLOTS must be enabled.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
8255d5f774 vhost_user_backend: Move to latest vhost version
The latest vhost version adds the support for the new commands
get_max_mem_slots(), add_mem_region() and remove_mem_region(), all
related to the new vhost-user protocol feature CONFIGURE_MEM_SLOTS.

The vhost_user_backend crate is updated accordingly in order to support
these new commands, mostly related to the capability of updating the
guest memory mappings with a finer control than set_mem_table() command.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
e3a8d6c13c virtio-devices: vhost-user: net: Fix seccomp filters
On x86_64 architecture, multiple syscalls were missing when shutting
down the vhost-user-net device along with the VM. This was causing the
usual crash related to seccomp filters.

This commit adds these missing syscalls to fix the issue.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
581bf4aad5 virtio-devices: vhost-user: Fix device reset
There is no need to get the vring base when resetting the vhost-user
device. This was mostly ignored, but in some cases, it was causing some
actual errors.

A reset must simply be a combination of disabling the vrings along with
the reset of the owner.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Jiachen Zhang
16b82f3dfe vhost-user: Make ActivateError messages more consistent
Originally, VhostUserSetup is only used by vhost-user-fs. While
vhost-user-blk and vhost-user-net have their own error messages,
we rename VhostUserSetup to VhostUserFsSetup.

Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
2021-03-11 15:09:07 +00:00
dependabot-preview[bot]
675a8f808c build(deps): bump signal-hook from 0.3.6 to 0.3.7 in /fuzz
Bumps [signal-hook](https://github.com/vorner/signal-hook) from 0.3.6 to 0.3.7.
- [Release notes](https://github.com/vorner/signal-hook/releases)
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-11 09:29:26 +00:00
dependabot-preview[bot]
59e5048436 build(deps): bump byteorder from 1.4.2 to 1.4.3 in /fuzz
Bumps [byteorder](https://github.com/BurntSushi/byteorder) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/BurntSushi/byteorder/releases)
- [Changelog](https://github.com/BurntSushi/byteorder/blob/master/CHANGELOG.md)
- [Commits](https://github.com/BurntSushi/byteorder/compare/1.4.2...1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-11 08:45:59 +00:00
dependabot-preview[bot]
7b3e79cdfa build(deps): bump signal-hook from 0.3.6 to 0.3.7
Bumps [signal-hook](https://github.com/vorner/signal-hook) from 0.3.6 to 0.3.7.
- [Release notes](https://github.com/vorner/signal-hook/releases)
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-11 08:45:27 +00:00
Rob Bradford
66ffaceffc vmm: tdx: Correctly populate the 64-bit MMIO region
The MMIO structure contains the length rather than the maximum address
so it is necessary to subtract the starting address from the end address
to calculate the length.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-10 14:45:51 +00:00
dependabot-preview[bot]
4e307788b7 build(deps): bump byteorder from 1.4.2 to 1.4.3
Bumps [byteorder](https://github.com/BurntSushi/byteorder) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/BurntSushi/byteorder/releases)
- [Changelog](https://github.com/BurntSushi/byteorder/blob/master/CHANGELOG.md)
- [Commits](https://github.com/BurntSushi/byteorder/compare/1.4.2...1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-10 13:14:58 +00:00
Muminul Islam
8739f6cccb scripts: Fix windows test script for running on MSHV
In order to run Windows test on MSHV we need to build and test using
MSHV feature.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2021-03-10 10:08:12 +00:00
dependabot-preview[bot]
5599cbef50 build(deps): bump syn from 1.0.62 to 1.0.63 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.62 to 1.0.63.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.62...1.0.63)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-10 08:03:10 +00:00
dependabot-preview[bot]
4c52ad2550 build(deps): bump syn from 1.0.62 to 1.0.63
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.62 to 1.0.63.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.62...1.0.63)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-10 08:02:59 +00:00
Rob Bradford
a0c07474a3 vmm: seccomp: Add KVM_MEMORY_ENCRYPT_OP ioctl to seccomp filter
This is the basis for TDX based operations on the various KVM file
descriptors.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-09 16:26:06 +01:00
Rob Bradford
be0cbb09b1 build: Clippy check with "tdx" feature
In the absence of a way of integration testing this testing that it
compiles is reasonable compromise.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
d24aa887b6 vmm: Reject VM snapshot request if TDX in use
It is not possible to snapshot the contents of a TDX VM.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
835a31e283 vmm: config: Require max and boot vCPUs to be equal for TDX
CPU hotplug is not possible with TDX

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
57c8c250fd tdx: Permit starting Cloud Hypervisor without --kernel
This is not required if TDX is present.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
62abc117ab tdx: Configure TDX state for the VM
Load the sections backed from the file into their required addresses in
memory and populate the HOB with details of the memory. Using the HOB
address initialize the TDX state in the vCPUs and finalize the TDX
configuration.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
1c54fc3ab7 hypervisor: Support creating a VM of a specified KVM type
This is necessary to support creating a TD VM.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
57ce0986f7 vmm: cpu: Add functionality for enabling TDX for all vCPUs
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
c8cad394b5 vmm: cpu: Expose the common/shared CPUID data for all vCPUs
This allows the CPUID data to be passed into the VM level ioctl used for
initalizing TDX.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
b02aff5761 vmm: memory_manager: Disable dirty page logging when running on TDX
It is not permitted to have this enabled in memory that is part of a TD.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
f282cc001a tdx: Add abstraction to call TDX ioctls to hypervisor
Add API to the hypervisor interface and implement for KVM to allow the
special TDX KVM ioctls on the VM and vCPU FDs.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
c48e82915d vmm: Make kernel optional in VM internals
When booting with TDX no kernel is supplied as the TDFV is responsible
for loading the OS. The requirement to have the kernel is still
currently enforced at the validation entry point; this change merely
changes function prototypes and stored state to use Option<> to support.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
66a3bed086 vmm: config: Add "--tdx" option parsing
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
45cc26f940 tdx: Add support for generating a TD HOB list
This is used to communicate details of the memory configuration from the
VMM into the TDMF.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
77955bd8f9 tdx: Add support for parsing TDVF metadata
Add support extracting the sections out for a TDVF file which can be
then used to load the TDVF and TD HOB data into their appropriate
locations.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
e61ee6bcac tdx: Add "tdx" feature with an empty module inside arch to implement
Add the skeleton of the "tdx" feature with a module ready inside the
arch crate to store implementation details.

TEST=cargo build --features="tdx"

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00