Commit Graph

4600 Commits

Author SHA1 Message Date
Sebastien Boeuf
12db6e5068 vmm: Allow restoring virtio-fs with no cache region
It's totally acceptable to snapshot and restore a virtio-fs device that
has no cache region, since this is a valid mode of functioning for
virtio-fs itself.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-29 06:35:03 -07:00
Rob Bradford
0852287fee docs: Update MAINTAINERS.md
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-07-29 14:40:31 +02:00
Sebastien Boeuf
dcc646f5b1 clippy: Fix redundant allocations
With the new beta version, clippy complains about redundant allocation
when using Arc<Box<dyn T>>, and suggests replacing it simply with
Arc<dyn T>.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-29 13:28:57 +02:00
dependabot[bot]
91bd4ee8cc build: bump serde_json from 1.0.64 to 1.0.65
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.64 to 1.0.65.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.64...v1.0.65)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-29 00:17:13 +00:00
dependabot[bot]
6761868a69 build: bump serde_json from 1.0.64 to 1.0.65 in /fuzz
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.64 to 1.0.65.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.64...v1.0.65)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-28 23:33:46 +00:00
dependabot[bot]
9ccd23ebb0 build: bump vm-fdt from 561558a to 679ed6f
Bumps [vm-fdt](https://github.com/rust-vmm/vm-fdt) from `561558a` to `679ed6f`.
- [Release notes](https://github.com/rust-vmm/vm-fdt/releases)
- [Commits](561558a9ba...679ed6fc8e)

---
updated-dependencies:
- dependency-name: vm-fdt
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-28 23:32:35 +00:00
Bo Chen
b00a6a8519 vmm: Create guest memory regions with explicit dirty-pages-log flags
As we are now using an global control to start/stop dirty pages log from
the `hypervisor` crate, we need to explicitly tell the hypervisor (KVM)
whether a region needs dirty page tracking when it is created.

This reverts commit f063346de3.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-28 09:08:32 -07:00
Bo Chen
e7c9954dc1 hypervisor, vmm: Abstract the interfaces to start/stop dirty log
Following KVM interfaces, the `hypervisor` crate now provides interfaces
to start/stop the dirty pages logging on a per region basis, and asks
its users (e.g. the `vmm` crate) to iterate over the regions that needs
dirty pages log. MSHV only has a global control to start/stop dirty
pages log on all regions at once.

This patch refactors related APIs from the `hypervisor` crate to provide
a global control to start/stop dirty pages log (following MSHV's
behaviors), and keeps tracking the regions need dirty pages log for
KVM. It avoids leaking hypervisor-specific behaviors out of the
`hypervisor` crate.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-28 09:08:32 -07:00
Bo Chen
2723995cfa arch: Support fine-grained CPUID compatibility check
To support different CPUID entry semantics, we now allow to
specify the compatible condition for each feature entry. Most entries
are considered compatible when they are "bitwise subset", with few
exceptions: 1. "equal", e.g. EBX/ECX/EDX of leaf `0x4000_0000` (KVM
CPUID SIGNATURE); 2. "smaller or equal as a number", e.g. EAX of leaf
`0x7` and leaf `0x4000_0000`;

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-28 09:26:02 +02:00
Bo Chen
ca09638491 vmm: Add CPUID compatibility check for snapshot/restore
Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-28 09:26:02 +02:00
Bo Chen
0835198ddd vmm: Factorize CPUID check for live-migration and snapshot/restore
This patch adds a common function "Vmm::vm_check_cpuid_compatibility()"
to be shared by both live-migration and snapshot/restore.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-28 09:26:02 +02:00
Bo Chen
6d9c1eb638 arch, vmm: Add CPUID check to the 'Config' step of live migration
We now send not only the 'VmConfig' at the 'Command::Config' step of
live migration, but also send the 'common CPUID'. In this way, we can
check the compatibility of CPUID features between the source and
destination VMs, and abort live migration early if needed.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-28 09:26:02 +02:00
dependabot[bot]
b4c2772031 build: bump backtrace from 0.3.60 to 0.3.61
Bumps [backtrace](https://github.com/rust-lang/backtrace-rs) from 0.3.60 to 0.3.61.
- [Release notes](https://github.com/rust-lang/backtrace-rs/releases)
- [Commits](https://github.com/rust-lang/backtrace-rs/compare/0.3.60...0.3.61)

---
updated-dependencies:
- dependency-name: backtrace
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-26 23:57:19 +00:00
Yu Li
9106afae38 docs: Add more information of hugepages.
Add missing option of hugepage_size in argument of memory,
and add some details about lacking huge pages.

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2021-07-26 11:01:15 -07:00
Bo Chen
f063346de3 vmm: Create guest memory regions without dirty-pages-log by default
With the support of dynamically turning on/off dirty-pages-log during
live-migration (only for guest RAM regions), we now can create guest
memory regions without dirty-pages-log by default both for guest RAM
regions and other regions backed by file/device.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-26 09:19:35 -07:00
Bo Chen
5e0d498582 hypervisor, vmm: Add dynamic control of logging dirty pages
This patch extends slightly the current live-migration code path with
the ability to dynamically start and stop logging dirty-pages, which
relies on two new methods added to the `hypervisor::vm::Vm` Trait. This
patch also contains a complete implementation of the two new methods
based on `kvm` and placeholders for `mshv` in the `hypervisor` crate.

Fixes: #2858

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-26 09:19:35 -07:00
dependabot[bot]
a33280b8ad build: bump vhost from 99fbfc9 to c1f77c7
Bumps [vhost](https://github.com/rust-vmm/vhost) from `99fbfc9` to `c1f77c7`.
- [Release notes](https://github.com/rust-vmm/vhost/releases)
- [Commits](99fbfc9692...c1f77c778b)

---
updated-dependencies:
- dependency-name: vhost
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-26 10:01:17 +00:00
dependabot[bot]
ec0a0adaab build: bump seccomp from v0.24.4 to v0.24.5 in /fuzz
Bumps [seccomp](https://github.com/firecracker-microvm/firecracker) from v0.24.4 to v0.24.5.
- [Release notes](https://github.com/firecracker-microvm/firecracker/releases)
- [Changelog](cd36c699f3/CHANGELOG.md)
- [Commits](8f44986a0e...cd36c699f3)

---
updated-dependencies:
- dependency-name: seccomp
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-26 11:18:42 +02:00
dependabot[bot]
49c72beda5 build: bump seccomp from v0.24.4 to v0.24.5
Bumps [seccomp](https://github.com/firecracker-microvm/firecracker) from v0.24.4 to v0.24.5.
- [Release notes](https://github.com/firecracker-microvm/firecracker/releases)
- [Changelog](cd36c699f3/CHANGELOG.md)
- [Commits](8f44986a0e...cd36c699f3)

---
updated-dependencies:
- dependency-name: seccomp
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-26 11:18:42 +02:00
dependabot[bot]
bcd45efdd3 build: bump proc-macro2 from 1.0.27 to 1.0.28
Bumps [proc-macro2](https://github.com/alexcrichton/proc-macro2) from 1.0.27 to 1.0.28.
- [Release notes](https://github.com/alexcrichton/proc-macro2/releases)
- [Commits](https://github.com/alexcrichton/proc-macro2/compare/1.0.27...1.0.28)

---
updated-dependencies:
- dependency-name: proc-macro2
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-26 07:41:14 +00:00
dependabot[bot]
1b2e51d4d9 build: bump proc-macro2 from 1.0.27 to 1.0.28 in /fuzz
Bumps [proc-macro2](https://github.com/alexcrichton/proc-macro2) from 1.0.27 to 1.0.28.
- [Release notes](https://github.com/alexcrichton/proc-macro2/releases)
- [Commits](https://github.com/alexcrichton/proc-macro2/compare/1.0.27...1.0.28)

---
updated-dependencies:
- dependency-name: proc-macro2
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-26 09:40:55 +02:00
Rob Bradford
5bcbd5607e README: Update recommended version of Rust Hypervisor Firmware
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-07-23 14:53:03 +02:00
Rob Bradford
02f2ecee61 README: Update table of contents
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-07-23 14:53:03 +02:00
dependabot[bot]
4c840f04e1 build: bump vm-fdt from 3c05f2d to 561558a
Bumps [vm-fdt](https://github.com/rust-vmm/vm-fdt) from `3c05f2d` to `561558a`.
- [Release notes](https://github.com/rust-vmm/vm-fdt/releases)
- [Commits](3c05f2dc84...561558a9ba)

---
updated-dependencies:
- dependency-name: vm-fdt
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-23 06:58:38 +00:00
Rob Bradford
e6db599907 build: Release 17.0
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-07-22 17:15:32 +01:00
dependabot[bot]
72092a9733 build: bump vhost from 12fa070 to 99fbfc9
Bumps [vhost](https://github.com/rust-vmm/vhost) from `12fa070` to `99fbfc9`.
- [Release notes](https://github.com/rust-vmm/vhost/releases)
- [Commits](12fa07029b...99fbfc9692)

---
updated-dependencies:
- dependency-name: vhost
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-22 10:06:22 +00:00
dependabot[bot]
624af4f9af build: bump syn from 1.0.73 to 1.0.74
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.73 to 1.0.74.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.73...1.0.74)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-22 00:20:27 +00:00
dependabot[bot]
2b7b26374a build: bump syn from 1.0.73 to 1.0.74 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.73 to 1.0.74.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.73...1.0.74)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-21 23:47:50 +00:00
Sebastien Boeuf
48d1a31e08 tests: Introduce test_macvtap_hotplug
The existing test_macvtap is factorized to be able to support both
coldplug and hotplug of a macvtap interface through virtio-net. Adding
the new test_macvtap_hotplug test allows for validating that sending a
TAP file descriptor through control message along with the add-net
command works.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-21 15:34:22 +02:00
Sebastien Boeuf
2ecced376e tests: Update test_macvtap to rely on exec_host_command_status()
To help with readability, we rely on exec_host_command_status() from the
macvtap test, which replaces the former "bash -c ..." syntax.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-21 15:34:22 +02:00
Sebastien Boeuf
da4cde70c3 ch-remote: Allow file descriptors to be sent along with add-net
Enable specifically for the add-net command the ability to send file
descriptors along with the HTTP request. This is useful to hotplug a
macvtap interface after the VMM has already been started.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-21 15:34:22 +02:00
Sebastien Boeuf
9af2968a7d api_client: Add ability to send file descriptors
Allow the user to send a list of file descriptors along with the HTTP
request.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-21 15:34:22 +02:00
Sebastien Boeuf
0ac4545c5b vmm: Extend seccomp filters with fcntl() for HTTP thread
Whenever a file descriptor is sent through the control message, it
requires fcntl() syscall to handle it, meaning we must allow it through
the list of syscalls authorized for the HTTP thread.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-21 15:34:22 +02:00
dependabot[bot]
2aa43d3554 build: bump mshv-bindings from 3bdb6ca to 9481c71
Bumps [mshv-bindings](https://github.com/cloud-hypervisor/mshv) from `3bdb6ca` to `9481c71`.
- [Release notes](https://github.com/cloud-hypervisor/mshv/releases)
- [Commits](3bdb6cae41...9481c711c3)

---
updated-dependencies:
- dependency-name: mshv-bindings
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-21 06:45:01 +00:00
Sebastien Boeuf
3e482c9c74 vmm: Limit physical address space for TDX
When running TDX guest, the Guest Physical Address space is limited by
a shared bit that is located on bit 47 for 4 level paging, and on bit 51
for 5 level paging (when GPAW bit is 1). In order to keep things simple,
and since a 47 bits address space is 128TiB large, we ensure to limit
the physical addressable space to 47 bits when runnning TDX.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-20 15:00:04 +02:00
Sebastien Boeuf
05f7651cf5 vmm: Force VIRTIO_F_IOMMU_PLATFORM when running TDX
When running a TDX guest, we need the virtio drivers to use the DMA API
to share specific memory pages with the VMM on the host. The point is to
let the VMM get access to the pages related to the buffers pointed by
the virtqueues.

The way to force the virtio drivers to use the DMA API is by exposing
the virtio devices with the feature VIRTIO_F_IOMMU_PLATFORM. This is a
feature indicating the device will require some address translation, as
it will not deal directly with physical addresses.

Cloud Hypervisor takes care of this requirement by adding a generic
parameter called "force_iommu". This parameter value is decided based on
the "tdx" feature gate, and then passed to the DeviceManager. It's up to
the DeviceManager to use this parameter on every virtio device creation,
which will imply setting the VIRTIO_F_IOMMU_PLATFORM feature.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-20 14:47:01 +02:00
Bo Chen
569be6e706 arch, vmm: Move "generate_common_cpuid" from "CpuManager" to "arch"
This refactoring ensures all CPUID related operations are centralized in
`arch::x86_64` module, and exposes only two related public functions to
the vmm crate, e.g. `generate_common_cpuid` and `configure_vcpu`.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-19 09:59:34 -07:00
Wei Liu
972e96ea68 scripts: honour --volumes in cmd_shell
It is useful to mount custom volumes sometimes.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-07-19 09:52:51 +02:00
Sebastien Boeuf
d4316d0228 vmm: http: Allow file descriptor to be sent with add-net
In order to let a separate process open a TAP device and pass the file
descriptor through the control message mechanism, this patch adds the
support for sending a file descriptor over to the Cloud Hypervisor
process along with the add-net HTTP API command.

The implementation uses the NetConfig structure mutably to update the
list of fds with the one passed through control message. The list should
always be empty prior to this, as it makes no sense to provide a list of
fds once the Cloud Hypervisor process has already been started.

It is important to note that reboot is supported since the file
descriptor is duplicated upon receival, letting the VM only use the
duplicated one. The original file descriptor is kept open in order to
support a potential reboot.

Fixes #2525

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-19 09:51:32 +02:00
Muminul Islam
e481f97550 vmm, virtio-devices:seccomp: Add MSHV related seccomp rule
MSHV needs SYS_clock_gettime to pause and resume
the guest VM.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2021-07-15 11:05:11 -07:00
Muminul Islam
3937e03c02 vmm, virtio-devices: Extend mshv feature
There are some seccomp rules needed for MSHV
in virtio-devices but not for KVM. We only want to
add those rules based on MSHV feature guard.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2021-07-15 11:05:11 -07:00
Sebastien Boeuf
d68c388cac vmm: Update seccomp filters for HTTP thread
The micro-http crate now uses recvmsg() syscall in order to receive file
descriptors through control messages. This means the syscall must be
part of the authorized list in the seccomp filters.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-07-15 08:13:48 +00:00
dependabot[bot]
e60078d939 build: bump micro_http from 81a3c71 to 9517a30
Bumps [micro_http](https://github.com/firecracker-microvm/micro-http) from `81a3c71` to `9517a30`.
- [Release notes](https://github.com/firecracker-microvm/micro-http/releases)
- [Commits](81a3c71efb...9517a30037)

---
updated-dependencies:
- dependency-name: micro_http
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-15 08:13:48 +00:00
Wei Liu
39bc444db4 vmm, vm-device: make use of the kvm feature gate in vfio-ioctls
The vfio-ioctls crate now contains a KVM feature gate. Make use of it in
Cloud Hypervisor.

That crate has two users. For the vmm crate is it straight-forward. For
the vm-device crate, we introduce a KVM feature gate as well so that the
vmm crate can pass on the configuration.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-07-15 09:35:51 +02:00
Wei Liu
e8bafd8caa build: bump vfio-ioctls to 9b84069e9f41
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-07-15 09:35:51 +02:00
dependabot[bot]
50e0869a17 build: bump env_logger from 0.8.4 to 0.9.0
Bumps [env_logger](https://github.com/env-logger-rs/env_logger) from 0.8.4 to 0.9.0.
- [Release notes](https://github.com/env-logger-rs/env_logger/releases)
- [Changelog](https://github.com/env-logger-rs/env_logger/blob/main/CHANGELOG.md)
- [Commits](https://github.com/env-logger-rs/env_logger/compare/v0.8.4...v0.9.0)

---
updated-dependencies:
- dependency-name: env_logger
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-15 00:44:49 +00:00
Wei Liu
867016757e fuzz: patch versionize_derive in Cargo.toml
Just like how it is done in the top-level Cargo.toml.

This fixes a warning [0] when building the fuzzer binaries.

[0] https://github.com/rust-lang/rust/issues/82523

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-07-13 11:55:52 -07:00
Bo Chen
1365388f0b tests: Extend 'test_vfio' with block device passthrough
Fixes: #2822

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-07-13 14:08:57 +02:00
dependabot[bot]
73cc443213 build: bump cc from 1.0.68 to 1.0.69 in /fuzz
Bumps [cc](https://github.com/alexcrichton/cc-rs) from 1.0.68 to 1.0.69.
- [Release notes](https://github.com/alexcrichton/cc-rs/releases)
- [Commits](https://github.com/alexcrichton/cc-rs/compare/1.0.68...1.0.69)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-13 00:32:16 +00:00
dependabot[bot]
4e759ab437 build: bump synstructure from 0.12.4 to 0.12.5
Bumps [synstructure](https://github.com/mystor/synstructure) from 0.12.4 to 0.12.5.
- [Release notes](https://github.com/mystor/synstructure/releases)
- [Commits](https://github.com/mystor/synstructure/commits)

---
updated-dependencies:
- dependency-name: synstructure
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-12 23:59:15 +00:00