3556 Commits

Author SHA1 Message Date
dependabot-preview[bot]
5599cbef50 build(deps): bump syn from 1.0.62 to 1.0.63 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.62 to 1.0.63.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.62...1.0.63)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-10 08:03:10 +00:00
dependabot-preview[bot]
4c52ad2550 build(deps): bump syn from 1.0.62 to 1.0.63
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.62 to 1.0.63.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.62...1.0.63)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-10 08:02:59 +00:00
Rob Bradford
a0c07474a3 vmm: seccomp: Add KVM_MEMORY_ENCRYPT_OP ioctl to seccomp filter
This is the basis for TDX based operations on the various KVM file
descriptors.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-09 16:26:06 +01:00
Rob Bradford
be0cbb09b1 build: Clippy check with "tdx" feature
In the absence of a way of integration testing this testing that it
compiles is reasonable compromise.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
d24aa887b6 vmm: Reject VM snapshot request if TDX in use
It is not possible to snapshot the contents of a TDX VM.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
835a31e283 vmm: config: Require max and boot vCPUs to be equal for TDX
CPU hotplug is not possible with TDX

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
57c8c250fd tdx: Permit starting Cloud Hypervisor without --kernel
This is not required if TDX is present.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
62abc117ab tdx: Configure TDX state for the VM
Load the sections backed from the file into their required addresses in
memory and populate the HOB with details of the memory. Using the HOB
address initialize the TDX state in the vCPUs and finalize the TDX
configuration.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
1c54fc3ab7 hypervisor: Support creating a VM of a specified KVM type
This is necessary to support creating a TD VM.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
57ce0986f7 vmm: cpu: Add functionality for enabling TDX for all vCPUs
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
c8cad394b5 vmm: cpu: Expose the common/shared CPUID data for all vCPUs
This allows the CPUID data to be passed into the VM level ioctl used for
initalizing TDX.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
b02aff5761 vmm: memory_manager: Disable dirty page logging when running on TDX
It is not permitted to have this enabled in memory that is part of a TD.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
f282cc001a tdx: Add abstraction to call TDX ioctls to hypervisor
Add API to the hypervisor interface and implement for KVM to allow the
special TDX KVM ioctls on the VM and vCPU FDs.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
c48e82915d vmm: Make kernel optional in VM internals
When booting with TDX no kernel is supplied as the TDFV is responsible
for loading the OS. The requirement to have the kernel is still
currently enforced at the validation entry point; this change merely
changes function prototypes and stored state to use Option<> to support.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
66a3bed086 vmm: config: Add "--tdx" option parsing
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
45cc26f940 tdx: Add support for generating a TD HOB list
This is used to communicate details of the memory configuration from the
VMM into the TDMF.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
77955bd8f9 tdx: Add support for parsing TDVF metadata
Add support extracting the sections out for a TDVF file which can be
then used to load the TDVF and TD HOB data into their appropriate
locations.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
e61ee6bcac tdx: Add "tdx" feature with an empty module inside arch to implement
Add the skeleton of the "tdx" feature with a module ready inside the
arch crate to store implementation details.

TEST=cargo build --features="tdx"

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Vineeth Pillai
fd9bd1c86c main: minor fix in the help message for event monitor
Signed-off-by: Vineeth Pillai <viremana@linux.microsoft.com>
2021-03-08 15:32:18 +00:00
Rob Bradford
cf9e81c05a build: Update kvm-ioctls and kvm-bindings dependencies
These need to be updated together as the kvm-ioctls depends upon a
strictly newer version of kvm-bindings which requires a rebase in the CH
fork.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 14:52:30 +00:00
dependabot-preview[bot]
a4a2d6fbee build(deps): bump syn from 1.0.61 to 1.0.62 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.61 to 1.0.62.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.61...1.0.62)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-08 08:56:23 +00:00
dependabot-preview[bot]
94083793a6 build(deps): bump serde from 1.0.123 to 1.0.124 in /fuzz
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.123 to 1.0.124.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.123...v1.0.124)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-08 08:46:07 +00:00
dependabot-preview[bot]
8ae966e975 build(deps): bump syn from 1.0.61 to 1.0.62
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.61 to 1.0.62.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.61...1.0.62)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-08 07:46:17 +00:00
dependabot-preview[bot]
f68fe54b9b build(deps): bump vhost from 62fd4ec to 7784304
Bumps [vhost](https://github.com/rust-vmm/vhost) from `62fd4ec` to `7784304`.
- [Release notes](https://github.com/rust-vmm/vhost/releases)
- [Commits](62fd4ec5a4...7784304860)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-08 07:45:52 +00:00
dependabot-preview[bot]
54e1796da6 build(deps): bump serde from 1.0.123 to 1.0.124
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.123 to 1.0.124.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.123...v1.0.124)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-07 23:09:32 +00:00
dependabot-preview[bot]
c8be08adf6 build(deps): bump serde_derive from 1.0.123 to 1.0.124
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.123 to 1.0.124.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.123...v1.0.124)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-07 21:54:56 +00:00
dependabot-preview[bot]
ccfa34d066 build(deps): bump libc from 0.2.87 to 0.2.88
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.87 to 0.2.88.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.87...0.2.88)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-05 18:39:37 +00:00
Sebastien Boeuf
d65a0b68b9 Revert "Jenkinsfile: Temporarily disable SGX CI"
This reverts commit 526cf32a78b0ef63dcbfe301cfab6ca78664deac.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 19:02:30 +01:00
William Douglas
56028fb214 Try to restore pty configuration on reboot
When a vm is created with a pty device, on reboot the pty fd (sub
only) will only be associated with the vmm through the epoll event
loop. The fd being polled will have been closed due to the vm itself
dropping the pty files (and potentially reopening the fd index to a
different item making things quite confusing) and new pty fds will be
opened but not polled on for input.

This change creates a structure to encapsulate the information about
the pty fd (main File, sub File and the path to the sub File). On
reboot, a copy of the console and serial pty structs is then passed
down to the new Vm  instance which will be used instead of creating a
new pty device.

This resolves the underlying issue from #2316.

Signed-off-by: William Douglas <william.r.douglas@gmail.com>
2021-03-05 18:34:52 +01:00
Sebastien Boeuf
933d41cf2f vmm: Provide DMA mapping handlers to virtio-mem devices
Now that virtio-mem devices can update VFIO mappings through dedicated
handlers, let's provide them from the DeviceManager.

Important to note these handlers should either be provided to virtio-mem
devices or to the unique virtio-iommu device. This must be mutually
exclusive.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 10:38:42 +01:00
Sebastien Boeuf
61f9a4ec6c virtio-devices: mem: Accept handlers to update DMA mappings
Create two functions for registering/unregistering DMA mapping handlers,
each handler being associated with a VFIO device.

Whenever the plugged_size is modified (which means triggered by the
virtio-mem driver in the guest), the virtio-mem backend is responsible
for updating the DMA mappings related to every VFIO device through the
handler previously provided.

It's important to update the map when the handler is either registered
or unregistered as well, as we don't want to miss some plugged memory
that would have been added before the VFIO device is added to the VM.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 10:38:42 +01:00
Sebastien Boeuf
080ea31813 pci, vmm: Manage VFIO DMA mapping from DeviceManager
Instead of letting the VfioPciDevice take the decision on how/when to
perform the DMA mapping/unmapping, we move this to the DeviceManager
instead.

The point is to let the DeviceManager choose which guest memory regions
should be mapped or not. In particular, we don't want the virtio-mem
region to be mapped/unmapped as it will be virtio-mem device
responsibility to do so.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 10:38:42 +01:00
Sebastien Boeuf
d6db2fdf96 vmm: memory_manager: Add ACPI hotplug region to default memory zone
When memory is resized through ACPI, a new region is added to the guest
memory. This region must also be added to the corresponding memory zone
in order to keep everything in sync.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 10:38:42 +01:00
dependabot-preview[bot]
f1aa09f178 build(deps): bump syn from 1.0.60 to 1.0.61 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.60 to 1.0.61.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.60...1.0.61)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-05 07:49:52 +00:00
dependabot-preview[bot]
8cbb7b15a9 build(deps): bump syn from 1.0.60 to 1.0.61
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.60 to 1.0.61.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.60...1.0.61)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-05 07:14:58 +00:00
Rob Bradford
b65502c3c1 main: Refine event monitor control
Replace "--monitor-fd" with "--event-monitor" which can either take
"fd=<int>" or "path=<path>" which can point to e.g. a named pipe and
allow more flexibility.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-04 19:12:40 +01:00
dependabot-preview[bot]
3ef7c8eac5 build(deps): bump vhost from 576694b to 62fd4ec
Bumps [vhost](https://github.com/rust-vmm/vhost) from `576694b` to `62fd4ec`.
- [Release notes](https://github.com/rust-vmm/vhost/releases)
- [Commits](576694bcfb...62fd4ec5a4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-04 08:38:19 +00:00
Sebastien Boeuf
526cf32a78 Jenkinsfile: Temporarily disable SGX CI
Since the SGX server is down for maintenance, all builds are waiting on
the node agent to answer, causing all PRs to be blocked.

Let's disable temporarily the SGX CI until the server is back up.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-03 09:56:05 +00:00
dependabot-preview[bot]
b0ddc5bd60 build(deps): bump libc from 0.2.86 to 0.2.87 in /fuzz
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.86 to 0.2.87.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.86...0.2.87)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-03 10:21:43 +01:00
dependabot-preview[bot]
b72f6046e5 build(deps): bump vfio-ioctls from 0903c22 to a87b13b
Bumps [vfio-ioctls](https://github.com/rust-vmm/vfio-ioctls) from `0903c22` to `a87b13b`.
- [Release notes](https://github.com/rust-vmm/vfio-ioctls/releases)
- [Commits](0903c222fa...a87b13bdec)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-03 10:21:17 +01:00
dependabot-preview[bot]
8a2bd01e25 build(deps): bump once_cell from 1.7.1 to 1.7.2
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.7.1...v1.7.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-02 15:53:53 +00:00
dependabot-preview[bot]
d433ae1656 build(deps): bump libc from 0.2.86 to 0.2.87
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.86 to 0.2.87.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.86...0.2.87)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-02 11:14:57 +00:00
dependabot-preview[bot]
0348f480fa build(deps): bump once_cell from 1.7.0 to 1.7.1
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.7.0...v1.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-02 09:24:39 +00:00
Wei Liu
74565538ae hypervisor: mshv: hook up TranslateGVA hypercall
At this stage this is the bare minimum needed to make Windows server
2019 work on MSHV.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-03-02 07:08:36 +01:00
Rob Bradford
99baee8d37 tests: Move Windows integration test to updated OVMF
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-01 22:11:19 +00:00
Wei Liu
030a86db17 hypervisor: mshv: simplify GVA to GPA cache
So far we've only had the need to emulate one instruction. There is no
need to use a HashMap when a simple tuple for the initial mapping will
do.

We can bring back the HashMap once more sophisticated use cases surface.

No functional change.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-03-01 17:50:47 +00:00
Wei Liu
3eb5b67dc3 hypervisor: mshv: make SoftTLB part of MshvEmulatorContext
This avoids code complexity down the line when we get around
implementing Windows support.

No functional change.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-03-01 17:50:47 +00:00
Sebastien Boeuf
c27d6df233 vhost: Bump to latest version from upstream
Moving to the latest version of the rust-vmm/vhost crate, before it gets
published on crates.io.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-01 15:53:46 +01:00
dependabot-preview[bot]
30cd3cb764 deps: bump io-uring from 0.4.0 to 0.5.0
Bumps [io-uring](https://github.com/tokio-rs/io-uring) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/tokio-rs/io-uring/releases)
- [Commits](https://github.com/tokio-rs/io-uring/commits)

The API was changed, hence some changes were needed to keep the code
building and functional.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-01 11:08:25 +00:00
dependabot-preview[bot]
e31c2be60a build(deps): bump serde_json from 1.0.63 to 1.0.64
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.63 to 1.0.64.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.63...v1.0.64)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-02-28 18:35:17 +00:00