Commit Graph

6403 Commits

Author SHA1 Message Date
Praveen K Paladugu
58b902d036 tpm: Add socket module
Add SocketDev struct. Methods in SocketDev will be used to read & write
to Ctrl channel created by swtpm.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
Co-authored-by: Sean Yoo <t-seanyoo@microsoft.com>
2022-11-15 16:42:21 +00:00
Praveen K Paladugu
e3213c8a79 tpm: Add library module
Add structures and related methods to process Ctrl requests and responses
from swtpm to tpm library.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
Co-authored-by: Sean Yoo <t-seanyoo@microsoft.com>
2022-11-15 16:42:21 +00:00
Wei Liu
2e2ce47271 hypervisor: do not get and set MSR_IA32_TSC for MSHV
Setting that MSR causes the reference TSC page to be disabled.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-11-15 10:19:57 +00:00
Rob Bradford
d3a8332282 tests: Remove test_reboot
There is no need for this test any longer as we have plenty of other
tests that reboot the VM.

Further this test used unmodified bionic image, which not only will be
EOLed soon but also took a long time to shutdown as it still had snapd
installed.

Fixes: #4849

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-15 09:30:16 +00:00
dependabot[bot]
c64004b9a9 build: Bump mshv-ioctls from ac9c92f to 1a9ca01
Bumps [mshv-ioctls](https://github.com/rust-vmm/mshv) from `ac9c92f` to `1a9ca01`.
- [Release notes](https://github.com/rust-vmm/mshv/releases)
- [Commits](ac9c92f9b3...1a9ca01801)

---
updated-dependencies:
- dependency-name: mshv-ioctls
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-14 23:45:35 +00:00
Rob Bradford
149e424b6e virtio-devices: block: Return error to driver on writes if read-only
TEST=Boot `--disk readonly=on` along with a guest that tries to write
(unmodified hypervisor-fw) and observe that the virtio device thread no
longer panics.

Fixes: #4888

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-14 15:28:30 +00:00
Wei Liu
b07d471d4f virtio-devices: show the failed block request to help debugging
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-11-14 14:19:17 +00:00
Michael Zhao
345e65c9c2 Jenkins: Temporarily turn off AArch64 CI
Temporarily turn off AArch64 integration test in Jenkins for server
maintenance.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-11-14 08:34:47 +00:00
dependabot[bot]
f93aa42319 build: Bump once_cell from 1.15.0 to 1.16.0
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 08:30:12 +00:00
dependabot[bot]
fa4bf92feb build: Bump io-uring from 0.5.8 to 0.5.9 in /fuzz
Bumps [io-uring](https://github.com/tokio-rs/io-uring) from 0.5.8 to 0.5.9.
- [Release notes](https://github.com/tokio-rs/io-uring/releases)
- [Commits](https://github.com/tokio-rs/io-uring/commits)

---
updated-dependencies:
- dependency-name: io-uring
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 08:30:01 +00:00
Rob Bradford
f30d460fa3 virtio-devices: seccomp: Move mprotect() to virtio common rules
It's perfectly reasonable to expect if that some virtio threads trigger
libc behaviour that needs mprotect() that all virtio threads would do
the same.

Fixes: #4874

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-12 08:29:47 +00:00
Rob Bradford
2c94773bdc docs: seccomp: Enhance strace command to print thread name
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-11 16:47:24 +00:00
dependabot[bot]
9f1d2d34e8 build: Bump darling from 0.14.1 to 0.14.2
Bumps [darling](https://github.com/TedDriggs/darling) from 0.14.1 to 0.14.2.
- [Release notes](https://github.com/TedDriggs/darling/releases)
- [Changelog](https://github.com/TedDriggs/darling/blob/master/CHANGELOG.md)
- [Commits](https://github.com/TedDriggs/darling/compare/v0.14.1...v0.14.2)

---
updated-dependencies:
- dependency-name: darling
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-11 08:15:25 +00:00
Rob Bradford
57508a4b1c virtio-net: net: Wait for threads to exit on Drop
It is required to close all file descriptors pointing to an opened TAP
device prior to reopening the TAP device; otherwise it will return
-EBUSY as the device can only be opened once (excluding MQ use cases.)

When rebooting the VM the virtio-net threads would still be running and
so the TAP file descriptor may not have been closed. To ensure that the
TAP FD is closed wait for all the epoll threads to exit after receiving the
KILL_EVENT.

Fixes: #4868

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-10 07:46:16 -08:00
dependabot[bot]
012f2572d5 build: Bump terminal_size from 0.2.1 to 0.2.2
Bumps [terminal_size](https://github.com/eminence/terminal-size) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/eminence/terminal-size/releases)
- [Commits](https://github.com/eminence/terminal-size/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: terminal_size
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-10 09:39:09 +00:00
dependabot[bot]
b9dbe3a2f7 build: Bump rustix from 0.35.12 to 0.35.13 in /fuzz
Bumps [rustix](https://github.com/bytecodealliance/rustix) from 0.35.12 to 0.35.13.
- [Release notes](https://github.com/bytecodealliance/rustix/releases)
- [Commits](https://github.com/bytecodealliance/rustix/compare/v0.35.12...v0.35.13)

---
updated-dependencies:
- dependency-name: rustix
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-09 23:43:39 +00:00
Rob Bradford
6230929d51 openapi: Add thp option to MemoryConfig
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-09 16:51:21 +00:00
Rob Bradford
04d034a0bc docs: Update memory.md for THP
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-09 16:51:21 +00:00
Rob Bradford
f603afc46e vmm: Make Transparent Huge Pages controllable (default on)
Add MemoryConfig::thp and `--memory thp=on|off` to allow control of
Transparent Huge Pages.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-09 16:51:21 +00:00
Rob Bradford
b68add2d0d vmm: Enable THP when using anonymous memory
If the memory is not backed by a file then it is possible to enable
Transparent Huge Pages on the memory and take advantage of the benefits
of huge pages without requiring the specific allocation of an appropriate
number of huge pages.

TEST=Boot and see that in /proc/`pidof cloud-hypervisor`/smaps that the
region is now THPeligible (and that also pages are being used.)

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-09 16:51:21 +00:00
dependabot[bot]
0f44db5da4 build: Bump openssl-src from 111.23.0+1.1.1r to 111.24.0+1.1.1s
Bumps [openssl-src](https://github.com/alexcrichton/openssl-src-rs) from 111.23.0+1.1.1r to 111.24.0+1.1.1s.
- [Release notes](https://github.com/alexcrichton/openssl-src-rs/releases)
- [Commits](https://github.com/alexcrichton/openssl-src-rs/commits)

---
updated-dependencies:
- dependency-name: openssl-src
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-08 23:44:15 +00:00
dependabot[bot]
a7dccf94cf build: Bump terminal_size from 0.2.1 to 0.2.2 in /fuzz
Bumps [terminal_size](https://github.com/eminence/terminal-size) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/eminence/terminal-size/releases)
- [Commits](https://github.com/eminence/terminal-size/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: terminal_size
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-08 23:36:26 +00:00
Jianyong Wu
0e6e539d9b AArch64/fdt: fix PMU irqflag calculation
Currently, CPU mask involved into PMU irqflag caculation which is used
for Gicv2. It limits the CPU number up to 31. For Gicv3+, CPU mask is no
longer needed. More info see [1].

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>

[1] https://lore.kernel.org/all/165668798833.3744902.12084627427900181326.b4-ty@kernel.org/t/
2022-11-08 11:24:11 +00:00
dependabot[bot]
1cb1cff882 build: Bump env_logger from 0.9.1 to 0.9.3
Bumps [env_logger](https://github.com/env-logger-rs/env_logger) from 0.9.1 to 0.9.3.
- [Release notes](https://github.com/env-logger-rs/env_logger/releases)
- [Changelog](https://github.com/env-logger-rs/env_logger/blob/main/CHANGELOG.md)
- [Commits](https://github.com/env-logger-rs/env_logger/compare/v0.9.1...v0.9.3)

---
updated-dependencies:
- dependency-name: env_logger
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-07 23:55:26 +00:00
dependabot[bot]
fefbc356a2 build: Bump once_cell from 1.15.0 to 1.16.0 in /fuzz
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-07 23:52:05 +00:00
Muminul Islam
8b37448d28 tests: Disable test_snapshot_restore_hotplug_virtiomem for MSHV
Signed-off-by: Muminul Islam <muislam@microsoft.com>
2022-11-04 12:24:33 -07:00
Muminul Islam
92d083f593 tests: Add a basic test for snapshot/retsore
Signed-off-by: Muminul Islam <muislam@microsoft.com>
2022-11-04 12:24:33 -07:00
Muminul Islam
58d8795b53 tests: Make a wrapper function for snapshot/restore
Signed-off-by: Muminul Islam <muislam@microsoft.com>
2022-11-04 12:24:33 -07:00
Bo Chen
b37e2ed378 virtio-devices: mem: Handle integer overflow properly
An integer overflow from our virtio-mem device can be triggered
from (misbehaved) guest driver with malicious requests. This patch
handles this integer overflow explicitly and treats it as an invalid
request.

Note: this bug was detected by our virtio-mem fuzzer through 'oss-fuzz'.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-11-04 09:33:21 +00:00
Bo Chen
ef8fb9bd25 fuzz: Add fuzzer for virtio-console
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-11-03 09:10:41 -07:00
Bo Chen
cfafc85b9c virtio-devices: Custom 'EpollHelper::run_with_timeout' for fuzz
To support all virtio-devices, this patch replaces the customized
EpollHelper::run` with customized `EpollHelper::run_with_timeout` for
fuzzing.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-11-03 09:10:41 -07:00
Bo Chen
683491a955 virtio-devices: console: Provide 'wait_for_epoll_threads'
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-11-03 09:10:41 -07:00
dependabot[bot]
2bbb08b2a4 build: Bump io-uring from 0.5.7 to 0.5.8
Bumps [io-uring](https://github.com/tokio-rs/io-uring) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/tokio-rs/io-uring/releases)
- [Commits](https://github.com/tokio-rs/io-uring/commits)

---
updated-dependencies:
- dependency-name: io-uring
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-02 23:56:43 +00:00
dependabot[bot]
b77eb63688 build: Bump darling from 0.14.1 to 0.14.2 in /fuzz
Bumps [darling](https://github.com/TedDriggs/darling) from 0.14.1 to 0.14.2.
- [Release notes](https://github.com/TedDriggs/darling/releases)
- [Changelog](https://github.com/TedDriggs/darling/blob/master/CHANGELOG.md)
- [Commits](https://github.com/TedDriggs/darling/compare/v0.14.1...v0.14.2)

---
updated-dependencies:
- dependency-name: darling
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-02 23:51:00 +00:00
Rob Bradford
6722c303b0 docs: Fix broken link in windows.md
Fixes: #4840

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-02 11:40:44 +00:00
Rob Bradford
6e0bd73c90 build: Bump linux-loader from 0.6.0 to 0.7.0
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-02 11:02:00 +00:00
Rob Bradford
103fe1f48b tests: Skip building kernel if already present
When running the glibc and musl integration tests on the CI after each
other skip building the kernel a second time.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-02 09:42:07 +00:00
Rob Bradford
f4e1b72477 build: Consolidate integration testing to reused built assets
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-02 09:42:07 +00:00
Rob Bradford
65628e8d94 build: Run linter over Jenkinsfile
This has resulted in the content being indented with spaces rather tabs
per Groovy coding style.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-02 09:42:07 +00:00
dependabot[bot]
851de1e0b3 build: Bump io-uring from 0.5.7 to 0.5.8 in /fuzz
Bumps [io-uring](https://github.com/tokio-rs/io-uring) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/tokio-rs/io-uring/releases)
- [Commits](https://github.com/tokio-rs/io-uring/commits)

---
updated-dependencies:
- dependency-name: io-uring
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-02 09:21:17 +00:00
Bo Chen
a9ec0f33c0 misc: Fix clippy issues
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-11-02 09:41:43 +01:00
dependabot[bot]
9266ea4995 build: Bump clap from 4.0.17 to 4.0.18
Bumps [clap](https://github.com/clap-rs/clap) from 4.0.17 to 4.0.18.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.0.17...v4.0.18)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 00:41:51 +00:00
dependabot[bot]
6b8070de95 build: Bump io-lifetimes from 0.7.3 to 0.7.4
Bumps [io-lifetimes](https://github.com/sunfishcode/io-lifetimes) from 0.7.3 to 0.7.4.
- [Release notes](https://github.com/sunfishcode/io-lifetimes/releases)
- [Commits](https://github.com/sunfishcode/io-lifetimes/compare/v0.7.3...v0.7.4)

---
updated-dependencies:
- dependency-name: io-lifetimes
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 23:48:55 +00:00
dependabot[bot]
a5712641d2 build: Bump remain from 0.2.4 to 0.2.5 in /fuzz
Bumps [remain](https://github.com/dtolnay/remain) from 0.2.4 to 0.2.5.
- [Release notes](https://github.com/dtolnay/remain/releases)
- [Commits](https://github.com/dtolnay/remain/compare/0.2.4...0.2.5)

---
updated-dependencies:
- dependency-name: remain
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 23:46:39 +00:00
Rob Bradford
aad4dc3b6b docs: Update memory.md to indicated that hugepages overrides shared
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-10-31 22:28:29 +00:00
Rob Bradford
f4495de143 vmm: Improve handling of shared memory backing
As huge pages are always MAP_SHARED then where the shared memory would
be checked (for vhost-user and local migration) we can also check
instead for huge pages.

The checking is also extended to cover the memory zones based
configuration as well.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-10-31 22:28:29 +00:00
Rob Bradford
99d9a3d299 vmm: memory_manager: Avoid MAP_PRIVATE CoW with VFIO for hugepages too
We can't use MAP_ANONYMOUS and still have huge pages so MAP_SHARED is
effectively required when using huge pages.

Unfortunately it is not as simple as always forcing MAP_SHARED if
hugepages is on as this might be inappropriate in the backing file case
hence why there is additional complexity of assigning to mmap_flags on
each case and the MAP_SHARED is only turned on for the anonymous file
huge page case as well as anonymous shared file case.

See: #4805

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-10-31 22:28:29 +00:00
Rob Bradford
df7c728399 vmm: memory_manager: Only file back memory when required
If we do not need an anonymous file backing the memory then do not
create one.

As a side effect this addresses an issue with CoW (mmap with MAP_PRIVATE
but no MAP_ANONYMOUS) when the memory is pinned for VFIO.

Fixes: #4805

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-10-31 22:28:29 +00:00
Rob Bradford
1e5a4e8d77 vmm: memory_manager: Split filesystem backed and anonymous RAM creation
This simplifies the code somewhat making the code paths more readable.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-10-31 22:28:29 +00:00
Rob Bradford
ff3fb91ba6 vmm: Refactor creation of the FileOffset for GuestRegionMmap::new()
Create this earlier so that it is possible to pass a None in for
anonymous mappings.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-10-31 22:28:29 +00:00