Commit Graph

5076 Commits

Author SHA1 Message Date
Rob Bradford
20b9f95afd vmm: Attach all devices from specified segments to the IOMMU
Since the devices behind the IOMMU cannot be changed at runtime we offer
the ability to place all devices on user chosen segments behind the
IOMMU. This allows the hotplugging of devices behind the IOMMU provided
that they are assigned to a segment that is located behind the iommu.

Fixes: #911

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-02-11 11:20:04 +00:00
Rob Bradford
6994b33a24 vmm: Add "iommu_segments" to --platform
This provides a list of segments on which all devices will be placed
behind the IOMMU.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-02-11 11:20:04 +00:00
Sebastien Boeuf
da20fa74c6 tests: Add new integration test for free page reporting
Introducing a new integration test relying on the virtio-balloon ability
to free host pages that have been reported as freed by the guest.

This test checks that after consuming a lot of RAM in the guest, the VMM
process is able to releases the pages reported by the guest. Simply done
by checking the RSS associated with the VMM's process follows the memory
trend in the guest.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-11 12:10:07 +01:00
Sebastien Boeuf
384752647a virtio-devices: balloon: Implement free page reporting
Implement the VIRTIO_BALLOON_F_REPORTING feature, indicating to the
guest it can report set of free pages. A new virtqueue dedicated for
receiving the information about the free pages is created. The VMM
releases the memory by punching holes with fallocate() if the guest
memory is backed by a file, and madvise() the host about the ranges of
memory that shouldn't be needed anymore.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-11 12:10:07 +01:00
Sebastien Boeuf
052f38fa96 vmm: Enable guest to report free pages through virtio-balloon
Adding a new parameter free_page_reporting=on|off to the balloon device
so that we can enable the corresponding feature from virtio-balloon.

Running a VM with a balloon device where this feature is enabled allows
the guest to report pages that are free from guest's perspective. This
information is used by the VMM to release the corresponding pages on the
host.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-11 12:10:07 +01:00
Sebastien Boeuf
414e8e068b virtio-devices: balloon: Factorization and cleanup
Improving the existing code for better readability and in anticipation
for adding an additional virtqueue for the free page reporting feature.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-11 12:10:07 +01:00
Sebastien Boeuf
c325aa3297 Jenkinsfile: Filter out pull requests containing only documentation
No need to run the Jenkins CI on pull request for which exclusively
markdown files have been modified.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-10 14:48:30 +00:00
Sebastien Boeuf
db5d74cb26 Jenkinsfile: Remove unnecessary environment variables
Since AZURE_CONNECTION_STRING is only useful for the Windows build,
let's remove it from other builds where it's not invoked.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-10 14:48:30 +00:00
dependabot[bot]
3982a2af0f build: bump arbitrary from 1.0.3 to 1.1.0 in /fuzz
Bumps [arbitrary](https://github.com/rust-fuzz/arbitrary) from 1.0.3 to 1.1.0.
- [Release notes](https://github.com/rust-fuzz/arbitrary/releases)
- [Changelog](https://github.com/rust-fuzz/arbitrary/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-fuzz/arbitrary/commits)

---
updated-dependencies:
- dependency-name: arbitrary
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-10 00:58:10 +00:00
Sebastien Boeuf
072114d7c5 docs: Add TDShim to the Intel TDX documentation
Adding a bit of documentation and links about the TDShim and how to run
it with Cloud Hypervisor.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-09 13:50:45 +00:00
Rob Bradford
5e19422fcf vmm: config: Fix PCI segment validation error format string
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-02-09 13:50:36 +00:00
Rob Bradford
26d1a76ad9 vmm: config: Validate balloon size is less than RAM size
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-02-09 13:50:36 +00:00
Rob Bradford
e864e35c29 virtio-devices: Print error on notification BAR read/write
This should not occur as ioeventfd is used for notification. Such an
error message would have made the discovery of the underlying cause of

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-02-09 11:45:08 +01:00
dependabot[bot]
8c170570c4 build: bump virtio-queue from 1ec72eb to f2a46b3 in /fuzz
Bumps [virtio-queue](https://github.com/rust-vmm/vm-virtio) from `1ec72eb` to `f2a46b3`.
- [Release notes](https://github.com/rust-vmm/vm-virtio/releases)
- [Commits](1ec72eb067...f2a46b3f42)

---
updated-dependencies:
- dependency-name: virtio-queue
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-08 23:38:09 +00:00
Sebastien Boeuf
10676b74dc vmm: Split VM config and VM state for snapshot/restore
In order to allow for human readable output for the VM configuration, we
pull it out of the snapshot, which becomes effectively the list of
states from the VM. The configuration is stored through a dedicated file
in JSON format (not including any binary output).

Having the ability to read and modify the VM configuration manually
between the snapshot and restore phases makes debugging easier, as well
as empowers users for extending the use cases relying on the
snapshot/restore feature.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-08 15:06:49 +00:00
dependabot[bot]
6717ac0cf2 build: bump autocfg from 1.0.1 to 1.1.0 in /fuzz
Bumps [autocfg](https://github.com/cuviper/autocfg) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/cuviper/autocfg/releases)
- [Commits](https://github.com/cuviper/autocfg/compare/1.0.1...1.1.0)

---
updated-dependencies:
- dependency-name: autocfg
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-08 01:38:49 +00:00
dependabot[bot]
df38ef56be build: bump semver from 1.0.4 to 1.0.5 in /fuzz
Bumps [semver](https://github.com/dtolnay/semver) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/dtolnay/semver/releases)
- [Commits](https://github.com/dtolnay/semver/compare/1.0.4...1.0.5)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-08 00:38:02 +00:00
dependabot[bot]
747003d33c build: bump autocfg from 1.0.1 to 1.1.0
Bumps [autocfg](https://github.com/cuviper/autocfg) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/cuviper/autocfg/releases)
- [Commits](https://github.com/cuviper/autocfg/compare/1.0.1...1.1.0)

---
updated-dependencies:
- dependency-name: autocfg
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-08 00:07:13 +00:00
dependabot[bot]
5ec693aa2a build: bump virtio-queue from 2ca74a6 to 1ec72eb in /fuzz
Bumps [virtio-queue](https://github.com/rust-vmm/vm-virtio) from `2ca74a6` to `1ec72eb`.
- [Release notes](https://github.com/rust-vmm/vm-virtio/releases)
- [Commits](2ca74a6d77...1ec72eb067)

---
updated-dependencies:
- dependency-name: virtio-queue
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-07 23:49:01 +00:00
dependabot[bot]
52e2286916 build: bump semver from 1.0.4 to 1.0.5
Bumps [semver](https://github.com/dtolnay/semver) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/dtolnay/semver/releases)
- [Commits](https://github.com/dtolnay/semver/compare/1.0.4...1.0.5)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-07 23:40:23 +00:00
Rob Bradford
507912385a vmm: Ensure that PIO and MMIO exits complete before pausing
As per this kernel documentation:

      For KVM_EXIT_IO, KVM_EXIT_MMIO, KVM_EXIT_OSI, KVM_EXIT_PAPR, KVM_EXIT_XEN,
      KVM_EXIT_EPR, KVM_EXIT_X86_RDMSR and KVM_EXIT_X86_WRMSR the corresponding
      operations are complete (and guest state is consistent) only after userspace
      has re-entered the kernel with KVM_RUN.  The kernel side will first finish
      incomplete operations and then check for pending signals.

      The pending state of the operation is not preserved in state which is
      visible to userspace, thus userspace should ensure that the operation is
      completed before performing a live migration.  Userspace can re-enter the
      guest with an unmasked signal pending or with the immediate_exit field set
      to complete pending operations without allowing any further instructions
      to be executed.

Since we capture the state as part of the pause and override it as part
of the resume we must ensure the state is consistent otherwise we will
lose the results of the MMIO or PIO operation that caused the exit from
which we paused.

Fixes: #3658

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-02-07 15:26:22 +00:00
Sebastien Boeuf
b552aebbd4 docs: Update snapshot/restore documentation
Remove the bits about this feature being experimental, as well as
limitations around virtio-mem and vhost-user devices.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-07 10:53:51 +00:00
Sebastien Boeuf
85f5364594 build: Fix cargo patch warning
The patch mechanism in Cargo.toml doesn't support features to be
specified, and was leading to the following warning:

    warning: patch for `kvm-bindings` uses the features mechanism.
    default-features and features will not take effect because the patch
    dependency does not support this mechanism

Removing the "features" parameter from the patch fixes this warning
without breaking the build.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-07 10:53:29 +00:00
Bo Chen
7f987552ef test_infra: Move struct Guest and struct GuestCommand from tests
In this way, these structs can be reused for performance tests.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-02-07 10:34:00 +01:00
Bo Chen
a3a175216a tests: Remove reference to hardcoded constants from struct Guest
In this way, we allows to reuse the struct `Guest` with kernel paths and
kernel commands (e.g. hardcoded constants) that are tests-specific.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-02-07 10:34:00 +01:00
Bo Chen
7a3d8c6299 tests: Construct firmware path from tests explicitly
Instead of using hardcoded firmware paths inside the `Guest` struct
constructor, this commit removes `fw_path` related code paths from the
`Guest` struct and asks each test constructs its firmware path
explicitly. This allows better flexibility for the `Guest` struct so
that it can be reused for the performance tests we are adding soon.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-02-07 10:34:00 +01:00
Sebastien Boeuf
832f09a075 vmm: tdx: Insert payload into the HOB
If a payload is found in the TDVF section, and after it's been copied to
the guest memory, make sure to create the corresponding TdPayload
structure and insert it through the HOB.

Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-04 13:57:56 +01:00
Sebastien Boeuf
2f0073544a arch: x86_64: tdx: Add a payload helper to TdHob
Adding a new method to the TdHob structure so that we can easily insert
a HOB_PAYLOAD_INFO_TABLE into the HOB.

Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-04 13:57:56 +01:00
Sebastien Boeuf
3c421593c3 vmm: tdx: Don't load the kernel the usual way
In case of TDX, if a kernel and/or a command line are provided by the
user, they can't be treated the same way as for the non-TDX case. That
is why this patch ensures the function load_kernel() is only invoked for
the non-TDX case.

For the TDX case, whenever TDVF contains a Payload and/or PayloadParam
sections, the file provided through --kernel and the parameters provided
through --cmdline are copied at the locations specified by each TDVF
section.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-04 13:57:56 +01:00
Sebastien Boeuf
2198baa547 arch: x86_64: tdx: Extend TDVF section types
Based on the recent updates of the TDVF specification introducing new
types of TDVF sections, let's extend the enum in our code.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-04 13:57:56 +01:00
Sebastien Boeuf
7b93a8dd78 vmm: config: Allow --kernel to be used with TDX
The TDVF specification has been updated with the ability to provide a
specific payload, which means we will be able to achieve direct kernel
boot.

For that reason, let's not prevent the user from using --kernel
parameter when running with TDX.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-04 13:57:56 +01:00
Sebastien Boeuf
1bd30dc69f vfio-ioctls: Move away from archived crate rust-vmm/vfio-ioctls
Make sure Cloud Hypervisor relies on upstream and actively maintained
vfio-ioctls crate from the rust-vmm/vfio repository instead of the
deprecated version coming from rust-vmm/vfio-ioctls repository.

Fixes #3673

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-04 13:57:46 +01:00
dependabot[bot]
e5bc5e632d build: bump iced-x86 from 1.15.0 to 1.16.0 in /fuzz
Bumps [iced-x86](https://github.com/icedland/iced) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/icedland/iced/releases)
- [Commits](https://github.com/icedland/iced/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: iced-x86
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-04 08:43:37 +00:00
dependabot[bot]
5cdb284db2 build: bump vm-fdt from 9cfa0c8 to dccd69c
Bumps [vm-fdt](https://github.com/rust-vmm/vm-fdt) from `9cfa0c8` to `dccd69c`.
- [Release notes](https://github.com/rust-vmm/vm-fdt/releases)
- [Commits](9cfa0c8d7c...dccd69c9b2)

---
updated-dependencies:
- dependency-name: vm-fdt
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-04 00:00:44 +00:00
dependabot[bot]
4c23f38759 build: bump iced-x86 from 1.15.0 to 1.16.0
Bumps [iced-x86](https://github.com/icedland/iced) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/icedland/iced/releases)
- [Commits](https://github.com/icedland/iced/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: iced-x86
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-03 23:36:06 +00:00
Sebastien Boeuf
b3ca1d90e9 vmm: Stop dirty logging only if it has been started
Now that we introduced a separate method to indicate when the migration
is started, both start_dirty_log() and stop_dirty_log() don't have to
carry an implicit meaning as they can focus entirely on the dirty log
being started or stopped.

For that reason, we can now safely move stop_dirty_log() to the code
section performing non-local migration. It makes only sense to stop
logging dirty pages if this has been started before.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-03 13:33:26 +01:00
lizhaoxin1
a45e458c50 vm-migration: Add start_migration() to Migratable trait
In order to clearly decouple when the migration is started compared to
when the dirty logging is started, we introduce a new method to the
Migratable trait. This clarifies the semantics as we don't end up using
start_dirty_log() for identifying when the migration has been started.
And similarly, we rely on the already existing complete_migration()
method to know when the migration has been ended.

A bug was reported when running a local migration with a vhost-user-net
device in server mode. The reason was because the migration_started
variable was never set to "true", since the start_dirty_log() function
was never invoked.

Signed-off-by: lizhaoxin1 <Lxiaoyouling@163.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-03 13:33:26 +01:00
Sebastien Boeuf
a061bc32e4 vhost_user_backend: Remove local version of the crate
Since both vhost-user-block and vhost-user-net backend now rely on the
upstream vhost-user-backend crate from rust-vmm, we can simply remove
the local version of the crate from our repository.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-03 11:06:12 +01:00
Sebastien Boeuf
71148e1fa5 vhost_user_net: Rely on upstream vhost-user-backend crate
Instead of relying on the local version of vhost-user-backend, this
patch allows the block backend implementation to rely on the upstream
version of the crate from rust-vmm.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-03 11:06:12 +01:00
dependabot[bot]
41f2f41ed2 build: bump libc from 0.2.116 to 0.2.117 in /fuzz
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.116 to 0.2.117.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.116...0.2.117)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-03 00:16:27 +00:00
dependabot[bot]
8a066466ed build: bump libc from 0.2.116 to 0.2.117
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.116 to 0.2.117.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.116...0.2.117)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-02 23:46:18 +00:00
Sebastien Boeuf
9c759463c3 README: Update direct kernel boot explanation
Since virtio-iommu is now part of the upstream Linux kernel, the main
reason for having our own Linux kernel fork is to carry the patches for
virtio-watchdog support.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-02 22:06:06 +01:00
Sebastien Boeuf
424efe6c69 README: Fix formatting by keeping each line 80 characters long
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-02 22:06:06 +01:00
Sebastien Boeuf
bea100707f docs: Update OVMF related documentation
Since we moved to the CloudHvX64 target from EDK2, we can't use the same
OVMF firmware for both Cloud Hypervisor and QEMU. The documentation
needed some updates.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-02 22:06:06 +01:00
Sebastien Boeuf
ac00838f34 vhost_user_block: Rely on upstream vhost-user-backend crate
Instead of relying on the local version of vhost-user-backend, this
patch allows the block backend implementation to rely on the upstream
version of the crate from rust-vmm.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-02-02 17:25:30 +01:00
dependabot[bot]
e9b8126cf7 build: bump clap from 3.0.13 to 3.0.14 in /fuzz
Bumps [clap](https://github.com/clap-rs/clap) from 3.0.13 to 3.0.14.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.0.13...v3.0.14)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-02 00:08:07 +00:00
dependabot[bot]
e575582dfa build: bump clap from 3.0.13 to 3.0.14
Bumps [clap](https://github.com/clap-rs/clap) from 3.0.13 to 3.0.14.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.0.13...v3.0.14)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-01 23:35:12 +00:00
Rob Bradford
804bad53df docs: Update license to match the one specified in the project charter
The Linux Foundation have recommended the use of the this license for
documentation so this change included the license in the documentation
directory.

The file "networking.md" was remove as the copyright holder did not give
their consent.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-02-01 16:56:19 +00:00
Fabiano Fidêncio
0dafd47a7c vmm: openapi: Remove mention to net fds
While cloud-hypervisor does support receiving the file descriptors of a
tuntap device, advertising the fds structure via the openAPI can lead to
misinterpretations of what can and what should be done.

An unadvertised consumer will think that they could rather just set the
file descriptors there directly, or even pass them as a byte array.
However, the proper way to go in those cases would be actually sending
those via send_msg(), together with the request.

As hacking the openAPI auto-generated code to properly do this is not
*that* trivial, and as doing so during a `create VM` request is not
supported, we better not advertising those.

Please, for more details, also check:
https://github.com/cloud-hypervisor/cloud-hypervisor/pull/3607#issuecomment-1020935523

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-01-31 10:38:28 +00:00
Sebastien Boeuf
9bd1ece9cf virtio-queue: Move to upstream crate from rust-vmm
Now that all the preliminary work has been merged to make Cloud
Hypervisor work with the upstream crate virtio-queue from
rust-vmm/vm-virtio repository, we can move the whole codebase and remove
the local copy of the virtio-queue crate.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-31 10:38:12 +00:00