8096 Commits

Author SHA1 Message Date
Wei Liu
824e83ab0d hypervisor: x86: emulate STOS
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-22 15:07:59 +00:00
dependabot[bot]
29675cfe68 build: Bump piper from 0.2.1 to 0.2.3
Bumps [piper](https://github.com/smol-rs/piper) from 0.2.1 to 0.2.3.
- [Release notes](https://github.com/smol-rs/piper/releases)
- [Changelog](https://github.com/smol-rs/piper/blob/main/CHANGELOG.md)
- [Commits](https://github.com/smol-rs/piper/compare/v0.2.1...v0.2.3)

---
updated-dependencies:
- dependency-name: piper
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-20 00:48:21 +00:00
dependabot[bot]
43632f255b build: Bump clap from 4.5.7 to 4.5.9 in /fuzz
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.7 to 4.5.9.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.7...v4.5.9)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-19 23:51:34 +00:00
dependabot[bot]
a1941ad10b build: Bump regex from 1.10.4 to 1.10.5
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.4...1.10.5)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-19 16:50:49 +00:00
dependabot[bot]
70db454b90 build: Bump windows_i686_msvc from 0.52.5 to 0.52.6 in /fuzz
Bumps [windows_i686_msvc](https://github.com/microsoft/windows-rs) from 0.52.5 to 0.52.6.
- [Release notes](https://github.com/microsoft/windows-rs/releases)
- [Commits](https://github.com/microsoft/windows-rs/commits)

---
updated-dependencies:
- dependency-name: windows_i686_msvc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-19 02:49:59 +00:00
dependabot[bot]
7b3ffd89a5 build: Bump windows_i686_gnu from 0.52.5 to 0.52.6 in /fuzz
Bumps [windows_i686_gnu](https://github.com/microsoft/windows-rs) from 0.52.5 to 0.52.6.
- [Release notes](https://github.com/microsoft/windows-rs/releases)
- [Commits](https://github.com/microsoft/windows-rs/commits)

---
updated-dependencies:
- dependency-name: windows_i686_gnu
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-18 00:03:20 +00:00
Jinank Jain
c1f18fa634 arch: x86_64: Don't expose TSC deadline timer for MSHV guests
HV APIC(i.e., synthetic APIC controller exposed by Microsoft Hypervisor)
does not support one-shot operation using a TSC deadline value. Due to
which we see the following backtrace inside the guest when running with
hypervisor-fw/OVMF:

[    0.560765] unchecked MSR access error: WRMSR to 0x832 (tried to
write 0x00000000000400ec) at rIP: 0xffffffff8f473594
(native_write_msr+0x4/0x30)
[    0.560765] Call Trace:
[    0.560765]  ? native_apic_msr_write+0x2b/0x30
[    0.560765]  __setup_APIC_LVTT+0xbc/0xe0
[    0.560765]  lapic_timer_set_oneshot+0x27/0x30
[    0.560765]  clockevents_switch_state+0xaf/0xf0
[    0.560765]  tick_setup_periodic+0x47/0x90
[    0.560765]  tick_setup_device.isra.0+0x7c/0x110
[    0.560765]  tick_check_new_device+0xce/0xf0
[    0.560765]  clockevents_register_device+0x82/0x170
[    0.560765]  clockevents_config_and_register+0x2f/0x40
[    0.560765]  setup_APIC_timer+0xe1/0xf0
[    0.560765]  setup_boot_APIC_clock+0x5f/0x66
[    0.560765]  native_smp_prepare_cpus+0x1d6/0x286
[    0.560765]  kernel_init_freeable+0xcf/0x255
[    0.560765]  ? rest_init+0xb0/0xb0
[    0.560765]  kernel_init+0xe/0x110
[    0.560765]  ret_from_fork+0x22/0x40

Also, if this feature is exposed guest would not finish booting and get
stuck right before unpacking the root filesystem.

Fixes: 06e8d1c40 ("hypervisor: mshv: fix topology for Intel HW on MSHV")
Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2024-07-17 17:10:08 +00:00
Bo Chen
efb92d409f docs: performance_metrics: Add example section with sample numbers
Signed-off-by: Bo Chen <chen.bo@intel.com>
2024-07-17 15:25:03 +00:00
Bo Chen
e4aa3617c7 docs: performance_metrics: Wrap line at 80 characters
Signed-off-by: Bo Chen <chen.bo@intel.com>
2024-07-17 15:25:03 +00:00
Songqian Li
d7e8cd8258 docs: improve performance metrics documentation
Add a performance metrics list and the definition of output format.

Signed-off-by: Songqian Li <sionli@tencent.com>
2024-07-17 15:25:03 +00:00
dependabot[bot]
8803e4a2e7 build: Bump thiserror from 1.0.61 to 1.0.62
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.61 to 1.0.62.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.61...1.0.62)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-17 08:00:35 +00:00
dependabot[bot]
d2a01f7cec build: Bump uuid from 1.8.0 to 1.10.0 in /fuzz
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.8.0 to 1.10.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.8.0...1.10.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-17 00:12:50 +00:00
dependabot[bot]
dec4a82058 build: Bump log from 0.4.21 to 0.4.22
Bumps [log](https://github.com/rust-lang/log) from 0.4.21 to 0.4.22.
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/log/compare/0.4.21...0.4.22)

---
updated-dependencies:
- dependency-name: log
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-16 06:20:32 +00:00
dependabot[bot]
5fc143205c build: Bump windows_aarch64_msvc from 0.52.5 to 0.52.6 in /fuzz
Bumps [windows_aarch64_msvc](https://github.com/microsoft/windows-rs) from 0.52.5 to 0.52.6.
- [Release notes](https://github.com/microsoft/windows-rs/releases)
- [Commits](https://github.com/microsoft/windows-rs/commits)

---
updated-dependencies:
- dependency-name: windows_aarch64_msvc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-16 00:29:11 +00:00
Jinank Jain
b73d94f969 hypervisor: mshv: Refactor x86 emulator into different module
This is a preparatory work to make space for ARM64 emulator.
There is no functional change in this commit, just moving code from one
file to another.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2024-07-15 23:05:11 +00:00
Jinank Jain
ead4f767ff hypervisor: mshv: Restrict dependency to x86
iced_x86 is only available on x86 architecture.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2024-07-15 23:05:11 +00:00
Changyuan Lyu
bc6acb842f block: fix status value size
As per VirtIO spec 1.2 section 5.2.6, the `status` field is a byte, not
u32. cloud-hypervisor writes an `u32` to guest memory, which
accidentally zeros out the following 3 bytes, and may corrupt guest OS
internal state.

Signed-off-by: Changyuan Lyu <changyuanl@google.com>
2024-07-14 19:23:06 +00:00
dependabot[bot]
d89f1f4f21 build: Bump serde_with from 3.8.1 to 3.8.3 in /fuzz
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.1 to 3.8.3.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.1...v3.8.3)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-13 00:23:33 +00:00
dependabot[bot]
dc90744ec3 build: Bump darling from 0.20.9 to 0.20.10
Bumps [darling](https://github.com/TedDriggs/darling) from 0.20.9 to 0.20.10.
- [Release notes](https://github.com/TedDriggs/darling/releases)
- [Changelog](https://github.com/TedDriggs/darling/blob/master/CHANGELOG.md)
- [Commits](https://github.com/TedDriggs/darling/commits/v0.20.10)

---
updated-dependencies:
- dependency-name: darling
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-12 23:46:59 +00:00
Wei Liu
18340d9761 hypervisor: mshv: fine-grained control over translation flags
The assertion that only code emulation requires GVA to GPA translation
is wrong.

Allow the caller of `translate` to pass in permission flags directly.

Provide a new method `read_memory_flags` so that we can add the EXECUTE
permission flag where necessary.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-12 16:12:33 +00:00
Wei Liu
cfaa192eb4 hypervisor: emulator: drop the unused gva_to_gpa hook
That function is too limiting. It doesn't consider page permissions. It
is not used, so just drop it.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-12 16:12:33 +00:00
dependabot[bot]
c67f799717 build: Bump windows_x86_64_msvc from 0.52.5 to 0.52.6 in /fuzz
Bumps [windows_x86_64_msvc](https://github.com/microsoft/windows-rs) from 0.52.5 to 0.52.6.
- [Release notes](https://github.com/microsoft/windows-rs/releases)
- [Commits](https://github.com/microsoft/windows-rs/commits)

---
updated-dependencies:
- dependency-name: windows_x86_64_msvc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-12 00:02:26 +00:00
dependabot[bot]
b47efc3bc2 build: Bump enumflags2 from 0.7.9 to 0.7.10
Bumps [enumflags2](https://github.com/meithecatte/enumflags2) from 0.7.9 to 0.7.10.
- [Release notes](https://github.com/meithecatte/enumflags2/releases)
- [Commits](https://github.com/meithecatte/enumflags2/compare/v0.7.9...v0.7.10)

---
updated-dependencies:
- dependency-name: enumflags2
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-11 23:55:37 +00:00
dependabot[bot]
498f35a1ab build: Bump zerocopy from 0.7.34 to 0.7.35 in /fuzz
Bumps [zerocopy](https://github.com/google/zerocopy) from 0.7.34 to 0.7.35.
- [Release notes](https://github.com/google/zerocopy/releases)
- [Changelog](https://github.com/google/zerocopy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/zerocopy/commits)

---
updated-dependencies:
- dependency-name: zerocopy
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-11 00:52:33 +00:00
dependabot[bot]
2d61bc36ed build: Bump anstyle from 1.0.6 to 1.0.7
Bumps [anstyle](https://github.com/rust-cli/anstyle) from 1.0.6 to 1.0.7.
- [Commits](https://github.com/rust-cli/anstyle/compare/v1.0.6...v1.0.7)

---
updated-dependencies:
- dependency-name: anstyle
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-10 23:53:26 +00:00
dependabot[bot]
46447962b8 build: Bump windows_i686_gnullvm from 0.52.5 to 0.52.6 in /fuzz
Bumps [windows_i686_gnullvm](https://github.com/microsoft/windows-rs) from 0.52.5 to 0.52.6.
- [Release notes](https://github.com/microsoft/windows-rs/releases)
- [Commits](https://github.com/microsoft/windows-rs/commits)

---
updated-dependencies:
- dependency-name: windows_i686_gnullvm
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-10 00:21:49 +00:00
dependabot[bot]
9a6bc025a7 build: Bump backtrace from 0.3.71 to 0.3.73
Bumps [backtrace](https://github.com/rust-lang/backtrace-rs) from 0.3.71 to 0.3.73.
- [Release notes](https://github.com/rust-lang/backtrace-rs/releases)
- [Commits](https://github.com/rust-lang/backtrace-rs/compare/0.3.71...0.3.73)

---
updated-dependencies:
- dependency-name: backtrace
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-10 00:08:56 +00:00
Rob Bradford
de1abe0e30 vmm: Use Response::ok_or_abandon() in migration logic
The use of this method removes duplicated code yet provides clarity on
the logic.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-07-09 19:53:26 +00:00
Rob Bradford
e97cee99ef vm-migration: Introduce Response::ok_or_abandon()
This method will return the existing Response if the status is
successful (Status::Ok) otherwise issue a command to abandon the
migration and return the desired error.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-07-09 19:53:26 +00:00
Wei Liu
3103526153 build: update pnet crates
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-09 19:52:59 +00:00
dependabot[bot]
08ff89ba6e build: Bump zvariant from 4.1.1 to 4.1.2
Bumps [zvariant](https://github.com/dbus2/zbus) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/dbus2/zbus/releases)
- [Commits](https://github.com/dbus2/zbus/compare/zvariant-4.1.1...zvariant-4.1.2)

---
updated-dependencies:
- dependency-name: zvariant
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 00:34:10 +00:00
dependabot[bot]
514f36fb5a build: Bump syn from 2.0.68 to 2.0.70 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.68 to 2.0.70.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.68...2.0.70)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 00:00:14 +00:00
dependabot[bot]
fe3506976e build: Bump cc from 1.0.101 to 1.0.104 in /fuzz
Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.0.101 to 1.0.104.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.0.101...cc-v1.0.104)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-06 04:54:03 +00:00
Wei Liu
94929889ac vmm: make landlock configs VMM-level config
This requires stashing the config values in `struct Vmm`. The configs
should be validated before before creating the VMM thread. Refactor the
code and update documentation where necessary.

The place where the rules are applied remain the same.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
8452edfcc7 tests: Test live migration with Landlock
Add a test case to check Live Migration with Landlock support.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
466cc5e043 tests: Add disk_hotplug test with Landlock
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
034c674c4c tests: Add a basic Landlock test
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
b785e00317 docs: Add doc for Landlock feature
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
7f6731cd05 vmm: Limit the visibility of Landlock objects
Limit the visibility of objects and methods introduced by Landlock
implementation.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
457fd9ef96 vmm: enable landlock during live migration
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
eea45a2c78 vmm: Enable Landlock in restore path
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
11c17ca319 main: Enable landlock on main thread
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
249e362c70 vmm: Enable Landlock on vmm thread
Add file/dir paths from landlock-rules arguments to ruleset. Invoke
apply_landlock on VmConfig to apply config specific rules to ruleset.

Once done, any threads spawned by vmm thread will be automatically
sandboxed with the ruleset in vmm thread.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
b3e5738b40 vmm: Introduce ApplyLandlock trait
Introduce ApplyLandlock trait and add implementations to VmConfig
elements with PathBufs. This trait adds config specific rules to
landlock ruleset.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
1dd53c3d24 vmm: Enable Landlock on http-server thread
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
130c988380 vmm: Enable Landlock on signal-handler thread
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
8c76a3e4b5 vmm: Enable Landlock on event-monitor thread
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
af5a9677c8 vmm: Introduce Landlock module
This module introduces methods to apply Landlock LSM to cloud-hypervisor
threads.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
1d89f98edf vmm: Introduce landlock-rules cmdline param
Users can use this parameter to pass extra paths that 'vmm' and its
child threads can use at runtime. Hotplug is the primary usecase for
this parameter.

In order to hotplug devices that use local files: disks, memory zones,
pmem devices etc, users can use this option to pass the path/s that will
be used during hotplug while starting cloud-hypervisor. Doing this will
allow landlock to add required rules to grant access to these paths when
cloud-hypervisor process starts.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
287dbd4fc9 vmm: Introduce landlock cmdline parameter
Users can use this cmdline option to enable/disable Landlock based
sandboxing while running cloud-hypervisor.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00