Commit Graph

8249 Commits

Author SHA1 Message Date
Praveen K Paladugu
af5a9677c8 vmm: Introduce Landlock module
This module introduces methods to apply Landlock LSM to cloud-hypervisor
threads.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
1d89f98edf vmm: Introduce landlock-rules cmdline param
Users can use this parameter to pass extra paths that 'vmm' and its
child threads can use at runtime. Hotplug is the primary usecase for
this parameter.

In order to hotplug devices that use local files: disks, memory zones,
pmem devices etc, users can use this option to pass the path/s that will
be used during hotplug while starting cloud-hypervisor. Doing this will
allow landlock to add required rules to grant access to these paths when
cloud-hypervisor process starts.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
287dbd4fc9 vmm: Introduce landlock cmdline parameter
Users can use this cmdline option to enable/disable Landlock based
sandboxing while running cloud-hypervisor.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
c50ea2c708 vmm: Add seccomp rules to allow landlock syscalls
landlock syscalls are required by event_monitor, signal_handler,
http-server and vmm threads. Rest of the threads are spawned by the vmm
thread and they automatically inherit the ruleset from the vmm thread.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Wei Liu
14b45e4d2e hypervisor: mshv: handle GPA intercept
We will start receiving GPA intercepts. For our use cases they are
handled the same way as UNMAPPED GPA intercepts.

Put in some logging to distinguish the two cases.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
Wei Liu
519476e842 hypervisor: mshv: relax the requirement for instruction emulation
Previously we required the hypervisor to give us a valid instruction
stream. That worked well enough because we never hit any edge conditions
(such as when the instruction stream crosses page boundary).

Now that MSHV can deal with partial or empty instruction stream, we can
remove that requirement.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
Wei Liu
5fec858130 hypervisor: mshv: implement fetching instructions in emulator
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
Wei Liu
67f22b6aa4 hypervisor: mshv: fix GVA translation flags
Original we checked for R and W, but that code path never got executed.

It is now understood that we can only get here when we execute code. Fix
the permission flags.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
Wei Liu
1eb4133034 hypervisor: x86: emulator: set IP properly for newly fetched stream
The default value of IP is zero. If the decoder's state not set
properly, then the guest state is going to be wrong.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
dependabot[bot]
9f3bea3e3f build: Bump anstyle-parse from 0.2.3 to 0.2.4 in /fuzz
Bumps [anstyle-parse](https://github.com/rust-cli/anstyle) from 0.2.3 to 0.2.4.
- [Commits](https://github.com/rust-cli/anstyle/compare/anstyle-parse-v0.2.3...anstyle-parse-v0.2.4)

---
updated-dependencies:
- dependency-name: anstyle-parse
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-03 21:54:50 +00:00
Alyssa Ross
e7c7a304e8 virtio-devices: fix UB getting tty size
TIOCGWINSZ modifies its argument, so it needs to mutably borrow it.
Unfortunately, ioctl()'s signature is not able to enforce this, and
the write happens in the kernel, so I don't think anything like miri,
valgrind, UBSan, etc. would have been able to catch this.

The UB passing an immutable reference caused resulted, for me, in
get_win_size() returning (0, 0) since LLVM commit
9a09c737a052 ("[BasicAA] Make isNotCapturedBeforeOrAt() check for
calls more precise (#69931)").

I've had a look through the other ioctl() calls in Cloud Hypervisor,
and I don't think any others have the same problem.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-07-03 21:26:04 +00:00
Bo Chen
b5cce0d371 build: Enable vfio and sgx worker
This reverts commit 7d84654a79.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2024-07-03 00:34:28 +00:00
Wei Liu
7c608f6380 hypervisor: x86: emulator: accept empty instruction stream input
The emulator should fetch from memory just fine.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-02 14:59:50 +00:00
Wei Liu
3ad8d24943 hypervisor: x86: emulator: fix a variable
Comparing RAX with RIP makes no logical sense other than RIP happens to
be the correct value. Use `target_rax` instead.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-02 14:59:50 +00:00
Wei Liu
56c6c02724 hypervisor: x86: emulator: test executing only one instruction
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-02 14:59:50 +00:00
Wei Liu
19b0ea842b hypervisor: x86: emulator: add the second instruction to test comment
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-02 14:59:50 +00:00
dependabot[bot]
16bd88b4b5 build: Bump cc from 1.0.99 to 1.0.101 in /fuzz
Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.0.99 to 1.0.101.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/cc-rs/compare/1.0.99...cc-v1.0.101)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-28 00:28:40 +00:00
dependabot[bot]
09136c50b5 build: Bump syn from 2.0.66 to 2.0.68 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.66 to 2.0.68.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.66...2.0.68)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-27 17:44:00 +00:00
Nuno Das Neves
380b7d398c build: Bump openssl-src to 3.3.1
Signed-off-by: Nuno Das Neves <nudasnev@microsoft.com>
2024-06-25 18:55:52 +00:00
Nuno Das Neves
764959c9a8 build: Bump libz-sys to 1.1.18
Signed-off-by: Nuno Das Neves <nudasnev@microsoft.com>
2024-06-25 18:55:52 +00:00
Bo Chen
7d84654a79 build: Temporarily disable vfio and sgx worker
The corresponding bare-metal runner needs to be offline for
maintenance.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2024-06-25 17:40:20 +00:00
Julian Stecklina
246cb94dc5 build: Fix license string to comply with SPDX list
cargo-cyclonedx rejects the current license key in Cargo.toml, because
it doesn't comply with the SPDX standard:

  Package cloud-hypervisor has an invalid license expression (LICENSE-APACHE & LICENSE-BSD-3-Clause), using as named license: Invalid Lax SPDX expression: unknown term

Fix by using the names from the SPDX list:
https://spdx.github.io/license-list-data/

Signed-off-by: Julian Stecklina <julian.stecklina@cyberus-technology.de>
2024-06-25 09:14:19 -07:00
dependabot[bot]
165c2c476f build: Bump proc-macro2 from 1.0.83 to 1.0.86 in /fuzz
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.83 to 1.0.86.
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.83...1.0.86)

---
updated-dependencies:
- dependency-name: proc-macro2
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-22 09:04:44 +00:00
dependabot[bot]
5e8f380698 build: Bump anyhow from 1.0.82 to 1.0.86 in /fuzz
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.82 to 1.0.86.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.82...1.0.86)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-21 16:45:25 +00:00
Rob Bradford
e9b2639757 build: Release v40.0
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-06-21 08:40:44 +00:00
dependabot[bot]
98d0aabb99 build: Bump clap from 4.5.4 to 4.5.7 in /fuzz
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.4 to 4.5.7.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.4...v4.5.7)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-20 00:36:09 +00:00
dependabot[bot]
d206586683 build: Bump crossbeam-utils from 0.8.19 to 0.8.20
Bumps [crossbeam-utils](https://github.com/crossbeam-rs/crossbeam) from 0.8.19 to 0.8.20.
- [Release notes](https://github.com/crossbeam-rs/crossbeam/releases)
- [Changelog](https://github.com/crossbeam-rs/crossbeam/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crossbeam-rs/crossbeam/compare/crossbeam-utils-0.8.19...crossbeam-utils-0.8.20)

---
updated-dependencies:
- dependency-name: crossbeam-utils
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-19 00:32:27 +00:00
dependabot[bot]
19f2800d9e build: Bump clap_lex from 0.7.0 to 0.7.1 in /fuzz
Bumps [clap_lex](https://github.com/clap-rs/clap) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_lex-v0.7.0...clap_lex-v0.7.1)

---
updated-dependencies:
- dependency-name: clap_lex
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-19 00:09:29 +00:00
Rob Bradford
08cf983d42 build: Fix Cargo.toml formatting
In 42e9632c53 a fix was made to address a
typo in the taplo configuration file. Fixing this typo indicated that
many Cargo.toml files were no longer adhering to the formatting rules.
Fix the formatting by running `taplo fmt`.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-06-18 16:19:12 +00:00
dependabot[bot]
243dc5918c build: Bump regex-automata from 0.4.6 to 0.4.7
Bumps [regex-automata](https://github.com/rust-lang/regex) from 0.4.6 to 0.4.7.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/regex-automata-0.4.6...regex-automata-0.4.7)

---
updated-dependencies:
- dependency-name: regex-automata
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-18 14:26:39 +00:00
Songqian Li
544de7d000 tests: send SIGTERM to kill GuestCommand
Killing CLH by SIGKILL will cause inaccurate code coverage
information. This patch changes the signal to SIGTERM.

Fixes: #6507

Signed-off-by: Songqian Li <sionli@tencent.com>
2024-06-18 08:03:09 +00:00
dependabot[bot]
796db588ea build: Bump serde from 1.0.202 to 1.0.203 in /fuzz
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.202 to 1.0.203.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.202...v1.0.203)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-17 23:59:43 +00:00
dependabot[bot]
397c76dd20 build: Bump cc from 1.0.97 to 1.0.99
Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.0.97 to 1.0.99.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Commits](https://github.com/rust-lang/cc-rs/compare/1.0.97...1.0.99)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-15 08:23:35 +00:00
Bo Chen
cdd3ff5e5a virtio-devices: vdpa: Don't restore on paused state
Since vdpa device does not support pause/resume [1], it does not make
sense to restore on paused state.

[1] 099cdd2af8

Signed-off-by: Bo Chen <chen.bo@intel.com>
2024-06-15 07:32:58 +00:00
Bo Chen
6cb76abbf1 virtio-devices: vdpa: Don't error out on resume if not paused
Signed-off-by: Bo Chen <chen.bo@intel.com>
2024-06-15 07:32:58 +00:00
dependabot[bot]
3a5e5364b9 build: Bump cc from 1.0.98 to 1.0.99 in /fuzz
Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.0.98 to 1.0.99.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Commits](https://github.com/rust-lang/cc-rs/compare/1.0.98...1.0.99)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-15 00:37:02 +00:00
dependabot[bot]
f2b2d033f7 build: Bump colorchoice from 1.0.0 to 1.0.1 in /fuzz
Bumps [colorchoice](https://github.com/rust-cli/anstyle) from 1.0.0 to 1.0.1.
- [Commits](https://github.com/rust-cli/anstyle/compare/colorchoice-v1.0.0...colorchoice-v1.0.1)

---
updated-dependencies:
- dependency-name: colorchoice
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-14 00:52:33 +00:00
dependabot[bot]
c41461c9c2 build: Bump getrandom from 0.2.13 to 0.2.14
Bumps [getrandom](https://github.com/rust-random/getrandom) from 0.2.13 to 0.2.14.
- [Changelog](https://github.com/rust-random/getrandom/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-random/getrandom/compare/v0.2.13...v0.2.14)

---
updated-dependencies:
- dependency-name: getrandom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-13 23:55:04 +00:00
Yu Li
9257322330 block: qcow: add unit test for max nesting depth
Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2024-06-13 01:42:11 +00:00
Yu Li
220455caaf block: qcow: limit max nesting depth for backing file
Impose a limit on the maximum nesting of file formats that can open more
files. For example, a qcow2 file can have a backing file, which could be
another qcow2 file with a backing file (or even the same file as the
original), potentially causing unbounded recursion.

This commit is based on crosvm implementation:
eb1640e301

Fixes: #6472

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2024-06-13 01:42:11 +00:00
dependabot[bot]
c206c14318 build: Bump anstyle-query from 1.0.2 to 1.1.0 in /fuzz
Bumps [anstyle-query](https://github.com/rust-cli/anstyle) from 1.0.2 to 1.1.0.
- [Commits](https://github.com/rust-cli/anstyle/compare/anstyle-query-v1.0.2...anstyle-query-v1.1.0)

---
updated-dependencies:
- dependency-name: anstyle-query
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-13 00:31:02 +00:00
dependabot[bot]
777757254b build: Bump async-io from 2.3.2 to 2.3.3
Bumps [async-io](https://github.com/smol-rs/async-io) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/smol-rs/async-io/releases)
- [Changelog](https://github.com/smol-rs/async-io/blob/master/CHANGELOG.md)
- [Commits](https://github.com/smol-rs/async-io/compare/v2.3.2...v2.3.3)

---
updated-dependencies:
- dependency-name: async-io
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-13 00:22:10 +00:00
Wei Liu
9c42d98e6a devices: move LocalTime to test module
It is only used there.

Drop all its doc strings and pub annotations.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-06-12 16:59:20 +00:00
Wei Liu
254db7b96a vmm: fix documentation formatting
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-06-12 16:59:20 +00:00
Wei Liu
b3a73d6634 virtio-devices: fix documentation formatting
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-06-12 16:59:20 +00:00
Wei Liu
9cd214b0a1 rate_limiter: fix documentation indentation
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-06-12 16:59:20 +00:00
Praveen K Paladugu
9f969ee18d vmm: Use cloned fd to check if dev is a tty
While checking if the console device is a tty use the cloned fd instead
of libc::STDOUT_FILENO.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-06-12 15:47:19 +00:00
Praveen K Paladugu
c3fcddf830 vmm: Fix console dev handling in live migration
Console devices are created after vm_config is received and the created
devices are passed Vm during vm_receive_state.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-06-12 15:47:19 +00:00
Praveen K Paladugu
11d98fccac vmm: fix a typo in ioctl name
Rename TIOCGTPEER ioctl to it proper name:TIOCGPTPEER.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-06-12 15:47:19 +00:00
Praveen K Paladugu
a8fa2af64b vmm: dup serial fds to preserve them across reboots
During vm_shutdown or vm_snapshot, all the console devices will be
closed. When this happens stdout (FD #2) will also be closed as the
console device using these FD is closed. If the VM were to be started
later, FD#2 can be assigned to a different file. But
pre_create_console_devices looks for FD#2 while opening tty device,
which could point to any file.

To avoid this problem, the STDOUT FD is duplicated when being
assigned to a console device. Even if the console devices were to be
closed, the duplicated FD will be closed and FD#2 will continue to
point to STDOUT.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-06-12 15:47:19 +00:00