Commit Graph

565 Commits

Author SHA1 Message Date
Sebastien Boeuf
85e1865cb5 vm-virtio: Implement reset() for vhost-user-fs
The virtio specification defines a device can be reset, which was not
supported by this vhost-user-fs implementation. The reason it is needed
is to support unbinding this device from the guest driver, and rebind it
to vfio-pci driver.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-10-07 10:12:07 +02:00
Sebastien Boeuf
4b1328a29c vm-virtio: Implement reset() for vhost-user-net
The virtio specification defines a device can be reset, which was not
supported by this vhost-user-net implementation. The reason it is needed
is to support unbinding this device from the guest driver, and rebind it
to vfio-pci driver.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-10-07 10:12:07 +02:00
Sebastien Boeuf
8225d4cd6e vm-virtio: Implement reset() for virtio-console
The virtio specification defines a device can be reset, which was not
supported by this virtio-console implementation. The reason it is needed
is to support unbinding this device from the guest driver, and rebind it
to vfio-pci driver.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-10-07 10:12:07 +02:00
Sebastien Boeuf
dac7737919 vm-virtio: Implement reset() for virtio-vsock
The virtio specification defines a device can be reset, which was not
supported by this virtio-vsock implementation. The reason it is needed
is to support unbinding this device from the guest driver, and rebind
it to vfio-pci driver.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-10-07 10:12:07 +02:00
Sebastien Boeuf
3e750de43f vm-virtio: Implement reset() for virtio-pmem
The virtio specification defines a device can be reset, which was not
supported by this virtio-pmem implementation. The reason it is needed
is to support unbinding this device from the guest driver, and rebind
it to vfio-pci driver.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-10-07 10:12:07 +02:00
Sebastien Boeuf
eb91bc812b vm-virtio: Implement reset() for virtio-rng
The virtio specification defines a device can be reset, which was not
supported by this virtio-rng implementation. The reason it is needed
is to support unbinding this device from the guest driver, and rebind
it to vfio-pci driver.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-10-07 10:12:07 +02:00
Sebastien Boeuf
59b4aaba87 vm-virtio: Implement reset() for virtio-net
The virtio specification defines a device can be reset, which was not
supported by this virtio-net implementation. The reason it is needed is
to support unbinding this device from the guest driver, and rebind it to
vfio-pci driver.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-10-07 10:12:07 +02:00
Samuel Ortiz
8288cb2ac8 micro_http: Use Firecracker version
As of commit 2b94334a, Firecracker includes all the changes we need.
We can now switch to using it instead of carrying a copy.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 06:52:34 -07:00
Samuel Ortiz
2a466132a0 vmm: api: Set the HTTP response header Server field
To "Cloud Hypervisor API" and not "Firecracker API".

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
fc5c210498 micro_http: Set the response headers Server value
And implement the Default trait for ResponseHeaders, falling back to
Firecracker API.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
8dbb16df4d main: Add a simple HTTP API integration test
For now we test that we can create and boot a guest from the HTTP API.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
7abbad0a62 vmm: Be more idiomatic when calling into the VMM API
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
7328ecdb3b vmm: Implement the /api/v1/vm.delete endpoint
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
f9daf2e247 vmm: Factorize the vm boot and shutdown code
So that the API handling state machine is cleaner and easier to read.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
43b3642955 vmm: Clean Error handling up
We used to have errors definitions spread across vmm, vm, api,
and http.

We now have a cleaner separation: All API routines only return an
ApiResult. All VM operations, including the VMM wrappers, return a
VmResult. This makes it easier to carry errors up to the HTTP caller.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
42758244a0 vmm: Implement the /api/v1/vm.info endpoint
This, for now, returns the VM config and its state.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
27af983ec9 vmm: Track the VM state
We will expose it through the api/v1/vm.info endpoint.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
b70344158b vmm: Handle the missing VM error
When trying to boot or shut a VM down, return an error if the VM was not
previously created.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
7e0cb078ed vmm: Only build a new VM when booting it
In order to support further use cases where a VM configuration could be
modified through the HTTP API, we only store the passed VM config when
being asked to create a VM. The actual creation will happen when booting
a new config for the first time.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
9a93f4f0a6 micro_http: Fix clippy warning
Use a more idiomatic "let Ok(foo) = result" construct for:

105 |           if try_numeric.is_ok() {
    |              ------------------- the check is happening here
106 |              self.content_length = try_numeric.unwrap();
    |                                   ^^^^^^^^^^^^^^^^^^^^

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
c505cfae2b vmm: Implement the VM HTTP endpoint handlers
Implement the vm.create, vm.boot, vm.shutdown and vm.reboot HTTP endpoint
handlers.

Fixes: #244

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
8a5e47f989 vmm: Implement the shutdown and reboot API
We factorize some of the code for both the API helpers and the VMM
thread.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
46cde1a38e vmm: Rename the VM start and stop operations to boot and shutdown
To match the OpenAPI description. And also to map the real life
terminology.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
ce0b475ef7 vmm: Move the VM creation and startup helpers to the api module
They're API wrappers, not VMM ones.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
f674019ea1 vmm: {De}serialize VmConfig
We use the serde crate to serialize and deserialize the VmVConfig
structure. This structure will be passed from the HTTP API caller as a
JSON payload and we need to deserialize it into a VmConfig.

For a convenient use of the HTTP API, we also provide Default traits
implementations for some of the VmConfig fields (vCPUs, memory, etc...).

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
f2de4d0315 vmm: config: Make the cmdline config serializable
The linux_loader crate Cmdline struct is not serializable.
Instead of forcing the upstream create to carry a serde dependency, we
simply use a String for the passed command line and build the actual
CmdLine when we need it (in vm::new()).
Also, the cmdline offset is not a configuration knob, so we remove it.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
6a722e5c0b vmm: config: Make VhostUser configs serializable
They point to a vm_virtio structure (VhostUserConfig) and in order to
make the whole config serializable (through the serde crate for
example), we'd have to add a serde dependency to the vm_virtio crate.

Instead we use a local, serializable structure and convert it to
VhostUserConfig from the DeviceManager code.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
aa31748781 vmm: Start the HTTP server thread
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
b14fd37db9 vmm: Make --kernel optional
The kernel path was the only mandatory command line option.
With the addition of the --api-socket option, we can run without a
kernel path and get it later through the API.

Since we can end up with VM configurations that are no longer valid by
default, we need to provide a validation check for it. For now, if the
kernel path is not defined, the VM configuration is invalid.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
f27aa21e3f main: Add API socket option
The API server will unconditionally run through a UNIX domain socket
which default path is /run/user/<uid>/cloud-hypervisor.<pid>.

The --api-socket command line option allows to override that default
value with some custom socket path.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
fe5561df50 main: Group cli options logically
With the API server socket option, we will be able to support a model
where the user can start cloud-hypervisor with no options or an
alternative API server socket path. In this case, we don't want to try
to start a new guest VM, and for that we need to know if the user has
set any VM configuration at all. Grouping all VM configuration specific
options together is one way to be able to know about it.

If the user has not set any VM configuration, we only start the API
server. If it has set anything, we will verify that the overall
configuration is valid and will implicitly convert that configuration
into a request to the API server.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
2371325f9c vmm: api: Add HTTP server
The Cloud Hyper HTTP server runs a synchronous, multi-threaded
loop that receives HTTP requests and tries to call the corresponding
endpoint handlers for the requests URIs.

An endpoint handler will parse the HTTP request and potentially
translate it into and IPC request. The handler holds an notifier and an
mspc Sender for respectively notifying and sending the IPC payload to
the VMM API server. The handler then waits for an API server response
and translate it back into an HTTP response.
The HTTP server is responsible for sending the reponse back to the
caller.

The HTTP server uses a static routes hash table that maps URIs to
endpoint handlers.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
e50f4418a2 micro_http: Import Firecracker HTTP 1.x implementation
Based on Firecracker commit 58edf03b.

We're going to use the micro_http crate to serve the cloud-hypervisor
HTTP API.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
Samuel Ortiz
8916dad2da vmm: api: Add cloud-hypervisor OpenAPI documentation
The cloud-hypervisor API uses HTTP as a transport and is accessible
through a local UNIX socket.

The API root path is /api/v1 and is a collection of RPC-style methods.
All methods are static, unlike typical REST APIs. Variable (e.g. device
IDs) are passed through the request body.

Fixes: #244

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-04 09:36:33 +02:00
dependabot-preview[bot]
1b66a2fa60 build(deps): bump serde_json from 1.0.40 to 1.0.41
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.40 to 1.0.41.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.40...v1.0.41)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-10-03 22:06:24 +00:00
Rob Bradford
8ea4145f98 devices, vmm: Add legacy CMOS device
Based off of crosvm revision b5237bbcf074eb30cf368a138c0835081e747d71
add a CMOS device. This environments that can't use KVM clock to get the
current time (e.g. Windows and EFI.)

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2019-10-03 14:57:49 +01:00
dependabot-preview[bot]
47367eb61b build(deps): bump openssl-sys from 0.9.49 to 0.9.50
Bumps [openssl-sys](https://github.com/sfackler/rust-openssl) from 0.9.49 to 0.9.50.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.49...openssl-sys-v0.9.50)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-10-03 09:06:31 +00:00
Rob Bradford
df3e5c874f tests: Add support for integration testing Ubuntu "eoan"
Refactor the Ubuntu testing infrastructure to support testing different
versions.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2019-10-02 13:59:48 +01:00
Samuel Ortiz
8ec6cda0c5 ci: Do not look for vubridge to decide if qemu must be built
We no longer build vubridge, so we end up cloning qemu and building
virtiofs and the block backend all the time.

Fixes: #312

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2019-10-02 09:39:55 +02:00
Cathy Zhang
8c33eb3069 src: Add integration test for vhost-user-net backend
An integration test relying on the new vhost-user-net backend now
replaces the previous test using the QEMU test backend. This allows
us to avoid building the QEMU backend, and we now really exercise the
vhost-user-net implementation as it is used for the ssh communication
in this test.

Signed-off-by: Cathy Zhang <cathy.zhang@intel.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-09-30 13:06:00 -07:00
Cathy Zhang
f6d1a9d9b8 src: Add vhost-user-net backend
Create vhost-user-net backend with Tap interface, to offload network
transaction from cloud-hypervisor. The goal is to provide flexibility
about the backend being in use, but also more security as it will allow
users to isolate the backend with different security profiles since it
will run as a dedicated process on the host.

Signed-off-by: Cathy Zhang <cathy.zhang@intel.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-09-30 13:06:00 -07:00
Cathy Zhang
d724511a91 vm-virtio: Add set_protocol_features in vhost-user-net
While implement vhost-user-net backend with Tap interface, it keeps
failed to enable the tx vring, since there is a checking in
slave_req_handler.rs to require acked_protocol_features to be setup
as a pre-requirement, which is filled by set_protocol_features call.
Add this call in vhost-user-net device implementation to address the issue.

Signed-off-by: Cathy Zhang <cathy.zhang@intel.com>
2019-09-30 13:06:00 -07:00
Sebastien Boeuf
9ff42060e0 vhost_user_backend: Fix clippy issues
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2019-09-30 13:06:00 -07:00
Cathy Zhang
db151819f1 Cargo.toml: Add workspace config changes
Remove workspace from vhost_user_backend/Cargo.toml to have
vhost-user-backend compiled in cloud-hypervisor. Add workspace in
Cargo.toml to have vhost-user-backend consumed by vhost-user-net.

Signed-off-by: Cathy Zhang <cathy.zhang@intel.com>
2019-09-30 13:06:00 -07:00
Rob Bradford
9356af80c6 arch: Mark the PCI MMCONFIG region as reserved in the E820 tables
The PCI Express Firmware specification says that the region may
be included in the E820 tables (but it must always be in the ACPI
tables.)

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2019-09-30 18:00:31 +01:00
Rob Bradford
6a4a931b9e arch: acpi: Reserve the PCI MMCONFIG region
The PCI Express Firmware spec says that the region to be used for PCI
MMCONFIG should be reserved as part of the motherboard's resources in
the ACPI tables.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2019-09-30 18:00:31 +01:00
Rob Bradford
038f198129 arch: acpi: Fix off-by-one error in size of PCI device region
When comparing offsets it is necessry to increment by one to give the
appropriate size.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2019-09-30 18:00:31 +01:00
Rob Bradford
833a3d456c pci, vmm: Expose the PCI bus for configuration via MMIO
Refactor the PCI datastructures to move the device ownership to a PciBus
struct. This PciBus struct can then be used by both a PciConfigIo and
PciConfigMmio in order to expose the configuration space via both IO
port and also via MMIO for PCI MMCONFIG.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2019-09-30 18:00:31 +01:00
Rob Bradford
c0ca3b6b8e arch: acpi, layout: Correctly calculate and expose PCI MMCONFIG area
The PCI MMCONFIG area must be below 4GiB and must not be part of the
device space. Shrink the device area and put the PCI MMCONFIG region
above it.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2019-09-30 18:00:31 +01:00
Rob Bradford
a9eb352aea arch: acpi: Patch the 32-bit PCI device area in the APCI table
Patch the table with the currently used constants. This will be relevant
when we want to adjust the size of the PCI device area to accomodate the
PCI MMCONFIG region.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2019-09-30 18:00:31 +01:00