Commit Graph

2510 Commits

Author SHA1 Message Date
dependabot[bot]
5641e3a283 build: Bump libc from 0.2.151 to 0.2.153
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.151 to 0.2.153.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.151...0.2.153)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-08 09:51:55 +00:00
Sean Banko
7633d47293 vmm: prefault memory in parallel to optimize boot time
On guests with large amounts of memory, using the `prefault` option can
lead to a very long boot time. This commit implements the strategy
taken by QEMU to prefault memory in parallel using multiple threads,
decreasing the time to allocate memory for large guests by
an order of magnitude or more.

For example, this commit reduces the time to allocate memory for a
guest configured with 704 GiB of memory on 1 NUMA node using 1 GiB
hugepages from 81.44134669s to just 6.865287881s.

Signed-off-by: Sean Banko <sbanko@crusoeenergy.com>
2024-02-07 08:59:03 -08:00
dependabot[bot]
939cc348ed build: Bump futures from 0.3.28 to 0.3.30
Bumps [futures](https://github.com/rust-lang/futures-rs) from 0.3.28 to 0.3.30.
- [Release notes](https://github.com/rust-lang/futures-rs/releases)
- [Changelog](https://github.com/rust-lang/futures-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/futures-rs/compare/0.3.28...0.3.30)

---
updated-dependencies:
- dependency-name: futures
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-07 10:10:40 +00:00
Rob Bradford
9dfc39d336 vmm: Make thread local initialiser constant
Beta clippy fix:

warning: initializer for `thread_local` value can be made `const`
  --> vmm/src/sigwinch_listener.rs:27:40
   |
27 |     static TX: RefCell<Option<File>> = RefCell::new(None);
   |                                        ^^^^^^^^^^^^^^^^^^ help: replace with: `const { RefCell::new(None) }`
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#thread_local_initializer_can_be_made_const
   = note: `#[warn(clippy::thread_local_initializer_can_be_made_const)]` on by default

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-02-07 09:25:40 +00:00
Rob Bradford
e70bf59809 vmm: Directly clone console resize pipe
Beta clippy fix:

warning: this call to `as_ref.map(...)` does nothing
    --> vmm/src/device_manager.rs🔢9
     |
1234 |         self.console_resize_pipe.as_ref().map(Arc::clone)
     |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: try: `self.console_resize_pipe.clone()`
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#useless_asref
     = note: `#[warn(clippy::useless_asref)]` on by default

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-02-07 09:25:40 +00:00
Muminul Islam
9b84c6c3f5 vmm: check correct buffer size during import
When we import a page, we have a page with
some data or empty, empty does not mean there is no data,
it rather means it's full of zeros. We can skip writing the
data as guest memory of the page is already zeroed.

A page could be partially filled and the rest of the content is zero.
Our IGVM generation tool only fills data here if there is some data
without zeros. Rest of them are padded. We only write data
without padding and compare whether we complete  writing
the buffer content. Still it's a full page and update the variable
with length of the full page.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2024-02-06 14:28:42 -08:00
dependabot[bot]
3945253619 build: Bump zerocopy from 0.7.31 to 0.7.32
Bumps [zerocopy](https://github.com/google/zerocopy) from 0.7.31 to 0.7.32.
- [Release notes](https://github.com/google/zerocopy/releases)
- [Changelog](https://github.com/google/zerocopy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/zerocopy/compare/v0.7.31...v0.7.32)

---
updated-dependencies:
- dependency-name: zerocopy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-27 00:35:32 +00:00
dependabot[bot]
7acfff5da7 build: Bump gdbstub from 0.7.0 to 0.7.1
Bumps [gdbstub](https://github.com/daniel5151/gdbstub) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/daniel5151/gdbstub/releases)
- [Changelog](https://github.com/daniel5151/gdbstub/blob/master/CHANGELOG.md)
- [Commits](https://github.com/daniel5151/gdbstub/compare/0.7.0...0.7.1)

---
updated-dependencies:
- dependency-name: gdbstub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-26 10:03:23 +00:00
Philipp Schuster
e50a641126 devices: add debug-console device
This commit adds the debug-console (or debugcon) device to CHV. It is a
very simple device on I/O port 0xe9 supported by QEMU and BOCHS. It is
meant for printing information as easy as possible, without any
necessary configuration from the guest at all.

It is primarily interesting to OS/kernel and firmware developers as they
can produce output as soon as the guest starts without any configuration
of a serial device or similar. Furthermore, a kernel hacker might use
this device for information of type B whereas information of type A are
printed to the serial device.

This device is not used by default by Linux, Windows, or any other
"real" OS, but only by toy kernels and during firmware development.

In the CLI, it can be configured similar to --console or --serial with
the --debug-console parameter.

Signed-off-by: Philipp Schuster <philipp.schuster@cyberus-technology.de>
2024-01-25 10:25:14 -08:00
dependabot[bot]
8f90fba250 build: Bump serde from 1.0.168 to 1.0.193
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.168 to 1.0.193.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.168...v1.0.193)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-25 11:09:33 +00:00
Bo Chen
3ce0fef7fd build: Bump vmm-sys-util crate and its consumers
This patch bumps the following crates, including `kvm-bindings@0.7.0`*,
`kvm-ioctls@0.16.0`**, `linux-loader@0.11.0`, `versionize@0.2.0`,
`versionize_derive@0.1.6`***, `vhost@0.10.0`,
`vhost-user-backend@0.13.1`, `virtio-queue@0.11.0`, `vm-memory@0.14.0`,
`vmm-sys-util@0.12.1`, and the latest of `vfio-bindings`, `vfio-ioctls`,
`mshv-bindings`,`mshv-ioctls`, and `vfio-user`.

* A fork of the `kvm-bindings` crate is being used to support
serialization of various structs for migration [1]. Also, code changes
are made to accommodate the updated `struct xsave` from the Linux
kernel. Note: these changes related to `struct xsave` break
live-upgrade.

** The new `kvm-ioctls` crate introduced breaking changes for
the `get/set_one_reg` API on `aarch64` [2], so code changes are made to
the new APIs.

*** A fork of the `versionize_derive` crate is being used to support
versionize on packed structs [3].

[1] https://github.com/cloud-hypervisor/kvm-bindings/tree/ch-v0.7.0
[2] https://github.com/rust-vmm/kvm-ioctls/pull/223
[3] https://github.com/cloud-hypervisor/versionize_derive/tree/ch-0.1.6

Fixes: #6072

Signed-off-by: Bo Chen <chen.bo@intel.com>
2024-01-25 10:14:54 +00:00
Muminul Islam
51ebc3ac92 vmm: set SEV control register for SEV-Enabled guest
Set the SEV control register so we know where to
start running.  This register configures the
SEV feature control state on a virtual processor.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
Signed-off-by: Muminul Islam <muislam@microsoft.com>
2024-01-24 14:32:16 -08:00
Alyssa Ross
7674196113 vmm: remove Default impls for config
These Default implementations either don't produce valid configs, are
no longer used outside of tests, or both.

For the tests, we can define our own local "default" values that make
the most sense for the tests, without worrying about what's
a (somewhat) sensible "global" default value.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-01-23 12:44:44 +00:00
dependabot[bot]
c71cb00a5a build: Bump anyhow from 1.0.75 to 1.0.79
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.75 to 1.0.79.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.75...1.0.79)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-23 12:44:21 +00:00
Ravi kumar Veeramally
895dc12a74 vmm: Replace Debug with Display rendering in HTTP error message
Bumping anyhow crate from 1.0.75 to 1.0.79 will cause seccomp
failures through integration tests. Newly added backtrace support
relies on readlink and many other syscalls.

Issue noticed with test_api_http_pause_resume test, where second time
of VM PAUSE or VM RESUME prints error and causes panic.
Noticed that panic message in a thread which is not allowed to write
output triggered the issue.

So implementing Display trait for HttpError and ApiError enums to avoid
adding many syscalls to seccomp filter section.

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@intel.com>
2024-01-23 12:44:21 +00:00
Sean Banko
e33279471f vmm: support setting cpu affinity with host cpu indices >255
On hosts with >256 cpus, setting the cpu affinity to a host cpu index
>255 will return an error because type of `host_cpu` is `u8`.
This commit changes the type of `host_cpu` to `usize` to remove this
limitation.

Signed-off-by: Sean Banko <sbanko@crusoeenergy.com>
2024-01-19 09:30:16 +00:00
Alyssa Ross
4ae5503b58 vmm: remove redundant tests
These are all duplicates.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-01-18 15:03:24 +00:00
Alyssa Ross
4ca18c082e vmm: use trait objects for API actions
Uses of the old ApiRequest enum conflated two different concerns:
identifying an API request endpoint, and storing data for an API
request.  This led to ApiRequest values being passed around with junk
data just to communicate a request type, which forced all API request
body types to implement Default, which in some cases doesn't make any
sense — what's the "default" path for a vhost-user socket?  The
nonsensical Default values have led to tests relying on being able to
use nonsensical data, which is an impediment to adding better
validation for these types.

Rather than having API request types be represented by an enum, which
has to carry associated body data everywhere it's used, it makes more
sense to represent API request types as trait objects.  These can have
an associated type for the type of the request body, and this makes it
possible to pass API request types and data around as siblings in a
type-safe way without forcing them into a single value even where it
doesn't make sense.  Trait objects also give us dynamic dispatch,
which lets us get rid of several large match blocks.

To keep it possible to fuzz the HTTP API, all the Vmm methods called
by the HTTP API are pulled out into a trait, so the fuzzer can provide
its own stub implementation of the VMM.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-01-17 10:20:02 +00:00
Rob Bradford
81bd07fc8b vmm: openapi: String quote the enum members of ConsoleConfig::Mode
This disambiguates from the null keyword.

Fixes: #6107

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-01-16 11:05:51 -08:00
Alyssa Ross
451d3fb2f0 vmm: limit VSOCK CIDs to 32 bits
The VIRTIO specification[1] says:

> The upper 32 bits of the CID are reserved and zeroed.

We should therefore not allow the user to supply a VSOCK CID with
those bits set.  To accomplish this, limit the public API of the
virtio-vsock device to only accept 32-bit CIDs, while still using
64-bit CIDs internally since that's how virtio-vsock works.

[1]: https://docs.oasis-open.org/virtio/virtio/v1.2/csd01/virtio-v1.2-csd01.html#x1-4400004

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-01-10 17:28:56 +00:00
Alyssa Ross
7d0b85d727 vmm: forbid using special VSOCK CIDs for guests
I accidentally ran a VM with CID 2 (VMADDR_CID_HOST), and very strange
and difficult to debug behavior ensued.  I don't think a virtio-vsock
device should be allowed to have any of the special CIDs
(VMADDR_CID_ANY, VMADDR_CID_HYPERVISOR, VMADDR_CID_LOCAL, VMADDR_CID_HOST).

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-01-10 10:43:21 +00:00
Muminul Islam
dc68a6e30f vmm: igvm: complete isolated import
Complete the isolated import, telling the
Microsoft hypervisor that import is done so that
MSHV can issue SNP_LAUNCH_FINISH command.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2024-01-08 15:55:39 -08:00
Muminul Islam
433d4ddc0c vmm: igvm: import the isolated pages
Import all the isolated pages after parsing is
done on the iGVM file. Hypervisor adds those
pages for PSP measurement(part of the hashing).

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2024-01-08 15:55:39 -08:00
Thomas Barrett
c297d8d796 vmm: use RateLimiterGroup for virtio-blk devices
Add a 'rate_limit_groups' field to VmConfig that defines a set of
named RateLimiterGroups.

When the 'rate_limit_group' field of DiskConfig is defined, all
virtio-blk queues will be rate-limited by a shared RateLimiterGroup.
The lifecycle of all RateLimiterGroups is tied to the Vm.
A RateLimiterGroup may exist even if no Disks are configured to use
the RateLimiterGroup. Disks may be hot-added or hot-removed from the
RateLimiterGroup.

When the 'rate_limiter' field of DiskConfig is defined, we construct
an anonymous RateLimiterGroup whose lifecycle is tied to the Disk.
This is primarily done for api backwards compatability. Importantly,
the behavior is not the same! This implementation rate_limits the
aggregate bandwidth / iops of an individual disk rather than the
bandwidth / iops of an individual queue of a disk.

When neither the 'rate_limit_group' or the 'rate_limiter' fields of
DiskConfig is defined, the Disk is not rate-limited.

Signed-off-by: Thomas Barrett <tbarrett@crusoeenergy.com>
2024-01-03 10:21:06 -08:00
dependabot[bot]
d11480197e build: Bump serde_json from 1.0.107 to 1.0.109
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.107 to 1.0.109.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.107...v1.0.109)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-02 08:58:51 +00:00
Thomas Barrett
5c0b66529a arch: x86_64: handle npot CPU topology
This PR addresses a bug in which the cpu topology of a guest
with non power-of-two number of cores is incorrect. For example,
in some contexts, a virtual machine with 2-sockets and 12-cores
will incorrectly believe that 16 cores are on socket 1 and 8
cores are on socket 2. In other cases, common topology enumeration
software such as hwloc will crash.

The root of the problem was the way that cloud-hypervisor generates
apic_id. On x86_64, the (x2) apic_id embeds information about cpu
topology. The cpuid instruction is primarily used to discover the
number of sockets, dies, cores, threads, etc. Using this information,
the (x2) apic_id is masked to determine which {core, die, socket} the
cpu is on. When the cpu topology is not a power of two
(e.g. a 12-core machine), this requires non-contiguous (x2) apic_id.

Signed-off-by: Thomas Barrett <tbarrett@crusoeenergy.com>
2024-01-01 10:05:03 +00:00
dependabot[bot]
48fc91467b build: Bump thiserror from 1.0.40 to 1.0.52
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.40 to 1.0.52.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.40...1.0.52)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-30 10:28:17 +00:00
dependabot[bot]
f8195faaa1 build: Bump once_cell from 1.18.0 to 1.19.0
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.18.0 to 1.19.0.
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.18.0...v1.19.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-22 00:19:29 +00:00
dependabot[bot]
580b45505b build: Bump blocking from 1.3.1 to 1.5.1
Bumps [blocking](https://github.com/smol-rs/blocking) from 1.3.1 to 1.5.1.
- [Release notes](https://github.com/smol-rs/blocking/releases)
- [Changelog](https://github.com/smol-rs/blocking/blob/master/CHANGELOG.md)
- [Commits](https://github.com/smol-rs/blocking/compare/v1.3.1...v1.5.1)

---
updated-dependencies:
- dependency-name: blocking
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-21 00:24:38 +00:00
Jinank Jain
9b151d06ca vmm: igvm: Generate memory map for SEV-SNP guests
For SEV-SNP guests we need to provide the extended memory. It follows a
very simple layout and very similar to other x86 guests.

First segment: [HIGH_RAM_START - MEM_32BIT_RESERVED_START]
PCI hole: [MEM_32BIT_RESERVED_START - RAM_64BIT_START]
Second segment: [RAM_64BIT_START - RAM_END]

Fixes #5993

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2023-12-18 08:55:43 -08:00
dependabot[bot]
b2a78c6188 build: Bump zerocopy from 0.7.21 to 0.7.31
Bumps [zerocopy](https://github.com/google/zerocopy) from 0.7.21 to 0.7.31.
- [Release notes](https://github.com/google/zerocopy/releases)
- [Changelog](https://github.com/google/zerocopy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/zerocopy/compare/v0.7.21...v0.7.31)

---
updated-dependencies:
- dependency-name: zerocopy
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-15 04:39:12 +00:00
Bo Chen
e64b66054e vmm: tdx: Error out early for TD migration
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-12-12 11:45:40 -08:00
Bo Chen
ceb1be9f50 vmm: Fix a typo from send_migration()
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-12-12 11:45:40 -08:00
Jinank Jain
2197989782 vmm: igvm: Remove redundant copy_from_slice
There is no requirement to call copy_from_slice, since all the member
variables are identical and we can directly assign them value.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2023-12-11 13:30:05 +00:00
Jinank Jain
638e29bdcc hypervisor: vmm: Fix warnings in Cargo.toml
Currently there are some inconsistencies in Cargo.toml which is causing
the following warnings during the build process:

Error parsing Cargo.toml manifest, fallback to caching entire file:
Invalid TOML document: expected key-value, found comma

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2023-12-11 13:29:11 +00:00
Muminul Islam
f38adfa166 vmm: Pass IGVM file to the loader
Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
Signed-off-by: Muminul Islam <muislam@microsoft.com>
2023-12-08 09:22:42 -08:00
Muminul Islam
7030b15e63 vmm: Add igvm module and loader module
vmm: Add igvm module and loader module

Add a separate module named igvm to the vmm crate
with definitions to parse and load igvm to the guest memory.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
Signed-off-by: Muminul Islam <muislam@microsoft.com>
2023-12-08 09:22:42 -08:00
Muminul Islam
13ef424bf1 vmm: Add IGVM to the config/commandline
This patch adds igvm to the Vm config and params as well as
the command line argument to pass igvm file to load into
guest memory. The file must maintain the IGVM format.
The CLI option is featured guarded by igvm feature gate.

The IGVM(Independent Guest Virtual Machine) file format
is designed to encapsulate all information required to
launch a virtual machine on any given virtualization stack,
with support for different isolation technologies such as
AMD SEV-SNP and Intel TDX.

At a conceptual level, this file format is a set of commands created
by the tool that generated the file, used by the loader to construct
the initial guest state. The file format also contains measurement
information that the underlying platform will use to confirm that
the file was loaded correctly and signed by the appropriate authorities.

The IGVM file is generated by the tool:
https://github.com/microsoft/igvm-tooling

The IGVM file is parsed by the following crates:
https://github.com/microsoft/igvm

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2023-12-08 09:22:42 -08:00
Markus Sütter
0e9513f2b7 vmm: Allow IP configuration on named TAP interfaces
This commit changes existing behavior of named TAP interfaces.
When booting a VM with configuration for a named TAP interface,
cloud-hypervisor will create the interface and apply a given
IP configuration to that interface. If the named interface
already exists on the system, the configuration is NOT overwritten.

Setting the ip and netmask fields in a tap interface configuration
for a named tap interface now works by handing this configuration
to the virtio_devices::Net object when it is created with a name.

This commit also touches net_util to make sure that the ip configuration
of existing TAP interfaces is not modified with ip or netmask handed to
open_tap.

Signed-off-by: Markus Sütter <markus.suetter@secunet.com>
2023-12-05 08:59:04 -08:00
Bo Chen
283ae7b33e build: Bump gdbstub and gdbstub_arch
This commit also makes changes due to the breaking API changes from the
`gdbstub` crate [1].

[1] https://github.com/daniel5151/gdbstub/releases/tag/0.7.0

Fix: #5997

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-12-05 10:50:06 +00:00
dependabot[bot]
81b30bf390 build: Bump log from 0.4.17 to 0.4.20
Bumps [log](https://github.com/rust-lang/log) from 0.4.17 to 0.4.20.
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/log/compare/0.4.17...0.4.20)

---
updated-dependencies:
- dependency-name: log
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-24 08:47:05 +00:00
Rui Chang
2b457584e0 vmm: add add-user-device support in cloud-hypervisor.yaml
The change is missed when add "add-user-device" support in
53b2e19934, use this commit to fix it.

Signed-off-by: Rui Chang <rui.chang@arm.com>
2023-11-21 09:13:22 +00:00
Thomas Barrett
45b01d592a vmm: assign each pci segment 32-bit mmio allocator
Signed-off-by: Thomas Barrett <tbarrett@crusoeenergy.com>
2023-11-20 15:33:50 -08:00
Yi Wang
a69d8c63b3 vmm: speed up JSON load when reading snap files
We found that it's slow to load JSON when reading snap files. As
described in [1], using from_slice instead of from_reader can fix
this.

Also, fix the error type being returned.

1. https://github.com/serde-rs/json/issues/160

Signed-off-by: Yi Wang <foxywang@tencent.com>
2023-11-16 14:56:04 -08:00
Bo Chen
d4892f41b3 misc: Stop using deprecated functions from vm-memory crate
See: https://github.com/rust-vmm/vm-memory/pull/247

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-11-14 09:17:42 +00:00
Bo Chen
4d7a4c598a build: Upgrade vm-memory crates and its consumers
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-11-14 09:17:42 +00:00
dependabot[bot]
815c7f45c4 build: Bump clap from 4.3.11 to 4.4.7
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.11 to 4.4.7.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.11...v4.4.7)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-08 17:01:37 -08:00
Yong He
bb38e4e599 vmm: Allow simultaneously set serial and console as TTY mode
Cloud Hypovrisor supports legacy serial device and virito console device
for VMs. Using legacy serial device, CH can capture full VM console logs,
but its implementation is based on KVM PIO emulation and has poor
performance. Using the virtio console device, the VM console logs will
be sent to CH through the virtio ring, the performance is better, but CH
will only capture the VM console logs after the virtio console device is
initialized, the VM early startup logs will be discarded.

This patch provides a way to enable both the legacy serial device and the
virtio console device as a TTY mode by setting the leagcy serial port as
the VM's early printk device and setting the virtio console as the VM's
main console device.

Then CH can capture early boot logs from the legacy serial device and
capture later logs from the virito console device with better performance.

Signed-off-by: Yong He <alexyonghe@tencent.com>
2023-11-02 11:06:30 -07:00
dependabot[bot]
e1a893793a build: Bump zerocopy from 0.7.8 to 0.7.21
Bumps [zerocopy](https://github.com/google/zerocopy) from 0.7.8 to 0.7.21.
- [Commits](https://github.com/google/zerocopy/compare/v0.7.8...v0.7.21)

---
updated-dependencies:
- dependency-name: zerocopy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 23:55:45 +00:00
Bo Chen
d2f71cebca virtio-devices, vmm: Update seccomp list
The seccompiler v0.4.0 started to use `seccomp` syscall instead of the
`prctl` syscall. Also, threads for virtio-deivces should not need any of
these syscalls anyway.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-10-31 15:34:17 +00:00
Bo Chen
c1f496d912 build: Bump seccompiler from 0.3.0 to 0.4.0
Bumps [seccompiler](https://github.com/rust-vmm/seccompiler) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/rust-vmm/seccompiler/releases)
- [Changelog](https://github.com/rust-vmm/seccompiler/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-vmm/seccompiler/compare/seccompiler-v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: seccompiler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-10-31 15:34:17 +00:00
Thomas Barrett
bae13c5c56 block: add aio disk backend
Signed-off-by: Thomas Barrett <tbarrett@crusoeenergy.com>
2023-10-25 10:19:23 -07:00
Muminul Islam
afe798fc19 vmm: Fix clippy warnings
This patch fixes following warnings:

error: boolean to int conversion using if
   --> vmm/src/vm.rs:866:42
|
|                       .create_vm_with_type(if sev_snp_enabled.into() {
    |  __________________________________________^
| |                         1 // SEV_SNP_ENABLED
| |                     } else {
| |                         0 // SEV_SNP_DISABLED
| |                     })
| |_____________________^ help: replace with from: `u64::from(sev_snp_enabled.into())`
|
  = note: `-D clippy::bool-to-int-with-if` implied by `-D warnings`
  = note: `sev_snp_enabled.into() as u64` or `sev_snp_enabled.into().into()` can also be valid options
  = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#bool_to_int_with_if

error: useless conversion to the same type: `bool`
   --> vmm/src/vm.rs:866:45
|
|                     .create_vm_with_type(if sev_snp_enabled.into() {
|                                             ^^^^^^^^^^^^^^^^^^^^^^ help: consider removing `.into()`: `sev_snp_enabled`
|
  = note: `-D clippy::useless-conversion` implied by `-D warnings`
  = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#useless_conversion

error: could not compile `vmm` due to 2 previous errors

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2023-10-23 16:03:16 -07:00
Bo Chen
43a6eda400 vmm: Add help information for "--numa pci_segments="
See: #5844

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-10-20 11:44:28 -07:00
Wei Liu
7bc3452139 main: switch command parsing to use clap
Partially revert 111225a2a5
and add the new dbus and pvpanic arguments.

As we are switching back to clap observe the following changes.

A few examples:

1. `-v -v -v` needs to be written as`-vvv`
2. `--disk D1 --disk D2` and others need to be written as `--disk D1 D2`.
3. `--option value` needs to be written as `--option=value.`

Change integration tests to adapt to the breaking changes.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@intel.com>
2023-10-20 11:44:28 -07:00
dependabot[bot]
6e35fe741e build: Bump bitflags from 2.3.3 to 2.4.1
Bumps [bitflags](https://github.com/bitflags/bitflags) from 2.3.3 to 2.4.1.
- [Release notes](https://github.com/bitflags/bitflags/releases)
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bitflags/bitflags/compare/2.3.3...2.4.1)

---
updated-dependencies:
- dependency-name: bitflags
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-18 23:58:34 +00:00
Thomas Barrett
3029fbeafd vmm: Allow assignment of PCI segments to NUMA node
Signed-off-by: Thomas Barrett <tbarrett@crusoeenergy.com>
2023-10-18 11:18:15 -07:00
Bo Chen
0b4c153d4d arch, vmm: Clear AMX CPUID bits if the feature is not enabled
Fixes: #5833

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-10-18 11:13:12 -07:00
Bo Chen
7dd260f82f arch, vmm: Add new struct CpuidConfig
This struct contains all configuration fields that controls the way how
we generate CPUID for the guest on x86_64. This allows cleaner extension
when adding new configuration fields.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-10-18 11:13:12 -07:00
Bo Chen
aa6e83126c vmm: tdx: Fix a deadlock while accessing vm_config
The lock to `vm_config` is held for accessing `cpus.kvm_hyperv` passing
as a reference to `arch::generate_common_cpuid()`, so acquiring the same
lock again while calling to the same function is a deadlock.

Fixes: 3793ffe888

Reported-by: Yi Wang <foxywang@tencent.com>
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-10-17 19:41:33 +01:00
Jinank Jain
1b59ab3d7b vmm, hypervisor: Initialize SEV-SNP VM
As part of this initialization for a SEV-SNP VM on MSHV, it is required
that we transition the guest state to secure state using partition
hypercall. This implies all the created VPs will transition to secure
state and could access the guest encrypted memory.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2023-10-17 17:45:28 +01:00
Anatol Belski
311fc05417 cpu: Store hypervisor object directly instead of separate props
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
2023-10-17 18:43:22 +02:00
Anatol Belski
b52966a12c cpu: Implement AMD compatible topology handling
cpu: Pass APIC id explicitly where needed
topology: Set subleaf number explicitly

Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
2023-10-17 18:43:22 +02:00
dependabot[bot]
032098b10c build: Bump zerocopy from 0.7.1 to 0.7.8
Bumps [zerocopy](https://github.com/google/zerocopy) from 0.7.1 to 0.7.8.
- [Commits](https://github.com/google/zerocopy/compare/v0.7.1...v0.7.8)

---
updated-dependencies:
- dependency-name: zerocopy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-10 00:17:50 +00:00
Praveen K Paladugu
044f3f758e serial_manager: Remove serial socket
Remove the backend socket of serial port while shutting down guest.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2023-10-05 15:26:29 +01:00
Praveen K Paladugu
6d1077fc3c vmm: Unix socket backend for serial port
Cloud-Hypervisor takes a path for Unix socket, where it will listen
on. Users can connect to the other end of the socket and access serial
port on the guest.

    "--serial socket=/path/to/socket" is the cmdline option to pass to
cloud-hypervisor.

Users can use socat like below to access guest's serial port once the
guest starts to boot:

    socat -,crnl UNIX-CONNECT:/path/to/socket

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2023-10-05 15:26:29 +01:00
Bo Chen
ff651e0e28 vmm: Report enabled features from the '/vmm.ping' endpoint
Fixes: #5817

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-10-05 08:40:50 +01:00
Bo Chen
9abb12fd71 vmm: Return the right error from Vcpu::snapshot()
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-09-27 08:51:40 +01:00
Bo Chen
3ca684b26e build: Bump versions of acpi_tables and zerocopy
The 'derive' feature of `zerocopy` crate now is optional and requires to
be enabled explicitly [1]. Also, a version bump on `acpi_tables` is
needed to reply on a single version of `zerocopy` to avoid compilation
errors.

[1] https://github.com/google/zerocopy/pull/176

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-09-26 08:47:39 +01:00
Rob Bradford
44f200d67d hypervisor: Set destination vCPU TSC frequency to source
Include the TSC frequency as part of the KVM state so that it will be
restored at the destination.

This ensures migration works correctly between hosts that have a
different TSC frequency if the guest is running with TSC as the source
of timekeeping.

Fixes: #5786

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-09-20 09:13:42 -07:00
dependabot[bot]
885412a99e build: Bump serde_json from 1.0.96 to 1.0.107
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.96 to 1.0.107.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.96...v1.0.107)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-19 00:45:18 +00:00
Thomas Barrett
c4e8e653ac block: Add support for user specified ID_SERIAL
Signed-off-by: Thomas Barrett <tbarrett@crusoeenergy.com>
2023-09-11 12:50:41 +01:00
Julian Stecklina
0d9749282a vmm: simplify EntryPoint
EntryPoint had an optional entry_addr, but there is no usage of this
struct that makes it necessary that the address is optional.

Remove the Option to avoid being able to express things that are not
useful.

Signed-off-by: Julian Stecklina <julian.stecklina@cyberus-technology.de>
2023-09-09 10:46:51 +01:00
Philipp Schuster
7bf0cc1ed5 misc: Fix various spelling errors using typos
This fixes all typos found by the typos utility with respect to the config file.

Signed-off-by: Philipp Schuster <philipp.schuster@cyberus-technology.de>
2023-09-09 10:46:21 +01:00
Rob Bradford
07d1208dd5 build: Bump vm-memory and its consumers
Update to the latest vm-memory and all the crates that also depend upon
it.

Fix some deprecation warnings.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-09-07 11:34:51 -07:00
Rob Bradford
4548de194d build: Bump acpi_tables version
Fix newly added deprecation for mispelling of cacheable.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-09-07 13:58:33 +01:00
Jinank Jain
200cba0e20 vmm: Refactor VM creation workflow
This refactoring is required to add support for creating SEV-SNP enabled
VM.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2023-09-07 12:52:27 +01:00
Jinank Jain
5fd79571b7 vmm: Add a feature flag for SEV-SNP support
This feature flag gates the development for SEV-SNP enabled guest.

Also add a helper function to identify if SNP should be enabled for the
guest.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2023-09-07 12:52:27 +01:00
Omer Faruk Bayram
2ed96cd3ed vmm: dbus: broadcast event_monitor events over the DBus API
This commit builds on top of the `Monitor::subscribe` function and
makes it possible to broadcast events published from `event-monitor`
over D-Bus.

The broadcasting functionality is enabled if the D-Bus API is enabled
and users who wish to also enable the file based `event-monitor` can do
so with the CLI arg `--event-monitor`.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-08-28 17:01:03 -07:00
Omer Faruk Bayram
e02efe9ba0 event_monitor: make it possible to subscribe to Monitor
Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-08-28 17:01:03 -07:00
dependabot[bot]
f45bbbfcac build: Bump serde from 1.0.164 to 1.0.168
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.164 to 1.0.168.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.164...v1.0.168)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-25 09:53:12 +00:00
Rob Bradford
9d5c5a6410 vmm: sigwinch_listener: Remove unncessary mut from reference
warning: this argument is a mutable reference, but not used mutably
   --> vmm/src/sigwinch_listener.rs:121:38
    |
121 | fn set_foreground_process_group(tty: &mut File) -> io::Result<()> {
    |                                      ^^^^^^^^^ help: consider changing to: `&File`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#needless_pass_by_ref_mut

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-08-22 12:01:54 +01:00
Rob Bradford
8d072fef15 vmm: device_manager: Remove unnecessary mut from reference
warning: this argument is a mutable reference, but not used mutably
    --> vmm/src/device_manager.rs:1908:35
     |
1908 |     fn set_raw_mode(&mut self, f: &mut dyn AsRawFd) -> vmm_sys_util::errno::Result<()> {
     |                                   ^^^^^^^^^^^^^^^^ help: consider changing to: `&dyn AsRawFd`
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#needless_pass_by_ref_mut
     = note: `#[warn(clippy::needless_pass_by_ref_mut)]` on by default

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-08-22 12:01:54 +01:00
Rob Bradford
0bead9ebe1 vmm: cpu: Fix slow vector initialization
warning: slow zero-filling initialization
    --> vmm/src/cpu.rs:1780:9
     |
1779 |         let mut mat_data: Vec<u8> = Vec::new();
     |                                     ---------- help: consider replacing this with: `vec![0; std::mem::size_of_val(&lapic)]`
1780 |         mat_data.resize(std::mem::size_of_val(&lapic), 0);
     |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     |
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#slow_vector_initialization
     = note: `#[warn(clippy::slow_vector_initialization)]` on by default

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-08-22 12:01:54 +01:00
Yi Wang
d46dd4b31f vmm: cpu: Add pending removed vcpu check to avoid resize vcpu hang
Add pending removed vcpu check according to VcpuState.removing, which
can avoid cloud hypervisor hangup during continual vcpu resize.

Fix #5419

Signed-off-by: Yi Wang <foxywang@tencent.com>
2023-08-20 10:40:43 +01:00
dependabot[bot]
ddfac7df0b build: Bump anyhow from 1.0.71 to 1.0.75
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.71 to 1.0.75.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.71...1.0.75)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-19 21:40:49 +00:00
dependabot[bot]
2571e59438 build: Bump libc from 0.2.144 to 0.2.147
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.144 to 0.2.147.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.144...0.2.147)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-15 00:53:20 +00:00
Omer Faruk Bayram
a0c8bf4f9f vmm: seccomp: implement seccomp filtering for the event-monitor thread
Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-08-09 17:22:25 +01:00
Omer Faruk Bayram
02e1c54426 event_monitor: refactor the implementation to support concurrent access
This patch modifies `event_monitor` to ensure that concurrent access to
`event_log` from multiple threads is safe. Previously, the `event_log`
function would acquire a reference to the event log file and write
to it without doing any synchronization, which made it prone to
data races. This issue likely went under the radar because the
relevant `SAFETY` comment on the unsafe block was incomplete.

The new implementation spawns a dedicated thread named `event-monitor`
solely for writing to the file. It uses the MPMC channel exposed by
`flume` to pass messages to the `event-monitor` thread. Since
`flume::Sender<T>` implements `Sync`, it is safe for multiple threads
to share it and send messages to the `event-monitor` thread.
This is not possible with `std::sync::mpsc::Sender<T>` since it's
`!Sync`, meaning it is not safe for it to be shared between different
threads.

The `event_monitor::set_monitor` function now only initializes
the required global state and returns an instance of the
`Monitor` struct. This decouples the actual logging logic from the
`event_monitor` crate. The `event-monitor` thread is then spawned by
the `vmm` crate.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-08-09 17:22:25 +01:00
Rob Bradford
a00d29867c fuzz, vmm: Avoid infinite loop in CMOS fuzzer
With the addition of the spinning waiting for the exit event to be
received in the CMOS device a regression was introduced into the CMOS
fuzzer. Since there is nothing to receive the event in the fuzzer and
there is nothing to update the bit the that the device is looping on;
introducing an infinite loop.

Use an Option<> type so that when running the device in the fuzzer no
Arc<AtomicBool> is provided effectively disabling the spinning logic.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61165

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-08-07 08:04:55 +08:00
Rob Bradford
06dc708515 vmm: Only return from reset driven I/O once event received
The reset system is asynchronous with an I/O event (PIO or MMIO) for
ACPI/i8042/CMOS triggering a write to the reset_evt event handler. The
VMM thread will pick up this event on the VMM main loop and then trigger
a shutdown in the CpuManager. However since there is some delay between
the CPU threads being marked to be killed (through the
CpuManager::cpus_kill_signalled bool) it is possible for the guest vCPU
that triggered the exit to be re-entered when the vCPU KVM_RUN is called
after the I/O exit is completed.

This is undesirable and in particular the Linux kernel will attempt to
jump to real mode after a CMOS based exit - this is unsupported in
nested KVM on AMD on Azure and will trigger an error in KVM_RUN.

Solve this problem by spinning in the device that has triggered the
reset until the vcpus_kill_signalled boolean has been updated
indicating that the VMM thread has received the event and called
CpuManager::shutdown(). In particular if this bool is set then the vCPU
threads will not re-enter the guest.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-08-04 09:57:25 +08:00
Yong He
0149e65081 vm-device: support batch update interrupt source group GSI
Split interrupt source group restore into two steps, first restore
the irqfd for each interrupt source entry, and second restore the
GSI routing of the entire interrupt source group.

This patch will reduce restore latency of interrupt source group,
and in a 200-concurrent restore test, the patch reduced the
average IOAPIC restore time from 15ms to 1ms.

Signed-off-by: Yong He <alexyonghe@tencent.com>
2023-08-03 15:58:36 +01:00
dependabot[bot]
c559f52fe5 build: Bump signal-hook from 0.3.15 to 0.3.17
Bumps [signal-hook](https://github.com/vorner/signal-hook) from 0.3.15 to 0.3.17.
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/compare/v0.3.15...v0.3.17)

---
updated-dependencies:
- dependency-name: signal-hook
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-02 04:25:49 +00:00
Yi Wang
3225c0c7c8 vmm: Automatically pause VM for coredump
If the VMM is not already paused then pause the VM prior to executing
the coredump and then resume it after. If the VM is already paused then
the original state is maintained.

Signed-off-by: Yi Wang <foxywang@tencent.com>
2023-07-31 17:05:46 +01:00
Praveen K Paladugu
dd09a0a890 vmm: Extend mshv ioctls in seccomp filters
Add MSHV_CREATE_DEVICE, MSHV_SET_DEVICE_ATTR ioctls to filters. These
ioctls are required to passthrough PCI devices on mshv.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2023-07-26 10:14:43 -07:00
Yi Wang
92cf2816b0 vmm: Ensure vcpu pause is synchronised
The pause of vcpu is async now, which makes the vm pause is not
synchronised. As virtio device calls paused_sync wait() to make
sure device_manager pause synchronously, if we make vcpu pause
synchronously, the vm pause can be synchronously then. After
vm.pause() returns the vm is really paused now.

This patch adds a AtomicBool variable to mark vcpu paused state,
to make sure the pause of CpuManager is synchronised.

Signed-off-by: Yi Wang <foxywang@tencent.com>
2023-07-25 09:48:24 -07:00
Yu Li
447cad3861 block: merge qcow, vhdx and block_util into block crate
This commit merges crates `qcow`, `vhdx` and `block_util` into the
crate `block`, which can allow `qcow` to use functions from `block_util`
without introducing a circular crate dependency.

This commit is based on crosvm implementation:
f2eecc4152

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-07-19 13:52:43 +01:00
Rob Bradford
0039f45276 vmm: Use LocalX2Apic in MADT/MAT
Using this over the LocalApic supports APIC IDs (and hence number of
vCPUs) above 256 (size increases from u8 to u32.)

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-07-18 09:35:13 -07:00
Rob Bradford
b792d4751d vmm: Encode ACPI name for CPUs using hexadecimal
This increases the number of CPUs that are supported.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-07-17 09:57:51 -07:00
Alyssa Ross
69bd0036d9 vmm: support removing devices before VM is booted
If the VM has been configured but not yet booted, all we need to do to
support removing a device is to remove it from the config, so it will
never be created.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-07-14 10:01:23 -07:00
Alyssa Ross
f346687e3d vmm: default GDB to false when deserializing
This fixes the valid VM config unit tests, which would otherwise fail
to deserialize their expected JSON config due to the missing "gdb" field.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-07-14 09:34:39 -07:00
Yu Li
63226e2b80 build: Fix beta clippy issue (arc_with_non_send_sync)
warning: usage of `Arc<T>` where `T` is not `Send` or `Sync`
   --> virtio-devices/src/vsock/device.rs:376:22
    |
376 |             backend: Arc::new(RwLock::new(backend)),
    |                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: consider using `Rc<T>` instead or wrapping `T` in a std::sync type like `Mutex<T>`
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#arc_with_non_send_sync
    = note: `#[warn(clippy::arc_with_non_send_sync)]` on by default

The vsock backend may be shared between threads, so the type `B` in
`Vsock` should be `VsockBackend` and `Sync`.

Considering that `api_receiver` and `gdb_receiver` are only used in vmm
threads, the `Arc` can be replaced by `Rc`.

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-07-13 08:16:30 -07:00
Yu Li
d0dbc7fb4d build: Fix beta clippy issue (useless_vec)
warning: useless use of `vec!`
   --> test_infra/src/lib.rs:111:30
    |
111 |             let mut events = vec![epoll::Event::new(epoll::Events::empty(), 0); 1];
    |                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: you can use an array directly: `[epoll::Event::new(epoll::Events::empty(), 0); 1]`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#useless_vec
    = note: `#[warn(clippy::useless_vec)]` on by default

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-07-13 08:16:30 -07:00
Manish Goregaokar
6fdba7ca11 build: Allow disabling io_uring
This gives users the chance to reduce the number of dependencies
included, which is generally good practice and also reduces code size.

Furthermore, `io_uring` specifically is a strong contender for something
one may wish to disable due to the syscall API's many security issues[1]

 [1]: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html

Signed-off-by: Manish Goregaokar <manishsmail@gmail.com>
2023-07-11 06:19:30 -07:00
dependabot[bot]
d2e42a0ed4 build: Bump once_cell from 1.17.1 to 1.18.0
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.17.1 to 1.18.0.
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.17.1...v1.18.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 23:58:31 +00:00
Changyuan Lyu
7f18d0a281 memory_manager: improve memory region creation
Instead of making an owned `zones`, using an iterator is cheaper
since `Vec::remove` may have the performance O(n) [1].

[1]: https://doc.rust-lang.org/std/vec/struct.Vec.html#method.remove

Signed-off-by: Changyuan Lyu <changyuanl@google.com>
2023-07-10 11:54:05 -07:00
Yi Wang
d99c0c0d1d devices: pvpanic: add method for DeviceManager
Add method for DeviceManager to invoke.

Signed-off-by: Yi Wang <foxywang@tencent.com>
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-07-06 11:14:54 +01:00
dependabot[bot]
aa13ede316 build: Bump epoll from 4.3.1 to 4.3.3
Bumps [epoll](https://github.com/nathansizemore/epoll) from 4.3.1 to 4.3.3.
- [Release notes](https://github.com/nathansizemore/epoll/releases)
- [Commits](https://github.com/nathansizemore/epoll/compare/4.3.1...4.3.3)

---
updated-dependencies:
- dependency-name: epoll
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-05 09:23:19 +01:00
dependabot[bot]
1917e86206 build: Bump bitflags from 2.3.2 to 2.3.3
Bumps [bitflags](https://github.com/bitflags/bitflags) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/bitflags/bitflags/releases)
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bitflags/bitflags/compare/2.3.2...2.3.3)

---
updated-dependencies:
- dependency-name: bitflags
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-28 18:11:01 -07:00
dependabot[bot]
fec39ccf51 build: Bump serde from 1.0.163 to 1.0.164
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.163 to 1.0.164.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.163...v1.0.164)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-28 00:44:59 +00:00
Ravi kumar Veeramally
8c117a8117 vmm: Remove identity_op audit clippy
Avoid identity operations with 0.

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@intel.com>
2023-06-20 14:25:54 -07:00
Alyssa Ross
fba0b5f93c vmm: ignore and warn TAP FDs send in vm.create
This does the same thing as df2a7c17 ("vmm: Ignore and warn TAP FDs
sent via the HTTP request body"), but for the vm.create endpoint,
which also previously would accept file descriptors in the body, and
try to use whatever fd occupied that number as a TAP device.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-06-20 15:45:43 +01:00
Alyssa Ross
05cc5f596c vmm: ignore and warn TAP FDs sent via the D-Bus request body
Port of df2a7c17 ("vmm: Ignore and warn TAP FDs sent via the HTTP
request body"), but for the vm.create endpoint, which would previously
accept file descriptors in the body, and try to use whatever fd
occupied that number as a TAP device.

Since I had to move the wrapping of the net config in an Arc until
after it was modified, I made the same change to all other endpoints,
so the style stays consistent.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-06-20 15:45:43 +01:00
Alyssa Ross
0809e7f675 vmm: allow restart_syscall() in PTY process
This can be triggered by debugging cloud-hypervisor using gdb, or
probably if the process is suspended and restarted.

Fixes: https://github.com/cloud-hypervisor/cloud-hypervisor/issues/5489
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-06-19 14:26:08 +01:00
Bo Chen
de31b3fadc vmm: Clarify memory regions are required to be page-size aligned
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-06-16 14:15:03 -07:00
Yu Li
8d89736c68 vmm: memory_manager: align down the rest space of ram_region
This commit renames `ram_region_sub_size` to `ram_region_available_size`
and make its value align down to the default page size or hugepage
size of the current memory zone, which can prevent the memory zone from
being split into misaligned parts.  And if the available size of ram
region is zero, this region will be marked as consumed even it has
unused space.

Note that there is two methods to use hugepages.

1. Specify `hugepages` for `memory` or `memory-zone`, if the
   `hugepage_size` is not specified, the value can be got by `statfs`
   for `/dev/hugepages`.
2. Specify a `file` in hugetlbfs for `memory-zone`, the hugepage size
   can also be got by `statfs` for the file.

The value for alignment will be the hugepage size if this memory zone
is using hugepages, otherwise the value will be default page size of
system.

Fixes: #5463

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-06-16 14:15:03 -07:00
Yu Li
55ee8eb482 arch: let arch_memory_regions return all available regions
The previous `arch_memory_regions` function will provide some memory
regions with the specified memory size and fill all the previous
regions before using the next one, but sometimes there may be no need
to fill up the previous one, e.g., the previous one should be aligned
with hugepage size.

This commit make `arch_memory_regions` function not take any
parameters and return the max available regions, the memory manager
can use them on demand.

Fixes: #5463

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-06-16 14:15:03 -07:00
Yu Li
ce0f30bb54 vmm: use unwrap_or instead of match for prefault
Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-06-16 14:15:03 -07:00
dependabot[bot]
95626ae564 build: Bump bitflags from 1.3.2 to 2.3.2
Bumps [bitflags](https://github.com/bitflags/bitflags) from 1.3.2 to 2.3.2.
- [Release notes](https://github.com/bitflags/bitflags/releases)
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bitflags/bitflags/compare/1.3.2...2.3.2)

---
updated-dependencies:
- dependency-name: bitflags
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-16 01:41:45 +00:00
dependabot[bot]
19c5c0af9f build: Bump uuid from 1.3.3 to 1.3.4
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.3.3 to 1.3.4.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.3.3...1.3.4)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-15 00:43:16 +00:00
Alyssa Ross
beed5e5d6d vmm, virtio-devices: allow mremap for consoles
SerialBuffer uses VecDeque::extend, which calls realloc, which a
maximum buffer size of 1 MiB.  Starting at allocation sizes of
128 KiB, musl's mallocng allocator will use mremap for the allocation.
Since this was not permitted by the seccomp rules, heavy write load
could crash cloud-hypervisor with a seccomp failure.  (Encountered
using virtio-console, but I don't see any reason it wouldn't happen
for the legacy serial device too.)

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-06-13 11:23:15 -07:00
Rob Bradford
f485922b78 build: Bump acpi_tables from cb5f06c to 05a6091
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-06-08 17:28:02 +00:00
Bo Chen
3b39c41a01 build: Bulk update rust-vmm dependencies
Bump to the latest rust-vmm crates, including vm-memory, vfio,
vfio-bindings, vfio-user, virtio-bindings, virtio-queue, linux-loader,
vhost, and vhost-user-backend,

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-06-08 13:15:25 +01:00
Omer Faruk Bayram
7a458d85d1 main: cli: add D-Bus API related CLI options
Introduces three new CLI options, `dbus-service-name`,
`dbus-object-path` and `dbus-system-bus` to configure the DBus API.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
a92d852848 vmm: dbus: apply seccomp filter
This commit applies the previously created seccomp filter
to the `DbusApi` thread.

Also encloses the main loop of the `DBusApi` thread using
`std::panic::catch_unwind` and `AssertUnwindSafe` in order to mirror
the behavior of the HTTP API.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
0664647109 vmm: seccomp: add new seccomp filter for the DBusApi thread
Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
f2c813e1cf vmm: seccomp: rename Thread::Api to Thread::HttpApi
Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
f00df25d40 vmm: dbus: graceful shutdown of the DBusApi thread
This commit adds support for graceful shutdown of the DBusApi thread
using `futures::channel::oneshot` channels. By using oneshot channels,
we ensure that the thread has enough time to send a response to the
`VmmShutdown` method call before it is terminated. Without this step,
the thread may be terminated before it can send a response, resulting
in an error message on the client side stating that the message
recipient disconnected from the message bus without providing a reply.

Also changes the default values for DBus service name, object path
and interface name.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
c016a0d4d3 vmm: dbus: implement the D-Bus API
This commit introduces three new dependencies: `zbus`, `futures`
and `blocking`. `blocking` is used to call the Internal API in zbus'
async context which is driven by `futures::executor`. They are all
behind the `dbus_api` feature flag.

The D-Bus API implementation is behind the same `dbus_api` feature
flag as well.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
5c96fbb19b vmm: move the http api into its own submodule
This commits moves the http API code into its own
submodule.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
dependabot[bot]
9014a5e59c build: Bump serde from 1.0.156 to 1.0.163
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.156 to 1.0.163.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.156...v1.0.163)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-02 00:38:59 +00:00
Anatol Belski
7bf2a2c382 vmm: arch: Make phys_bits functionality use CPU vendor API
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
2023-05-31 23:54:33 +02:00
Rob Bradford
89e658d9ff misc: Update for beta clippy failures on x86-64
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-05-30 07:18:17 -07:00
dependabot[bot]
681a30bd15 build: Bump thiserror from 1.0.39 to 1.0.40
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.39 to 1.0.40.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.39...1.0.40)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-24 00:39:08 +00:00
Bo Chen
0b1e626fe3 vmm: Allocate guest memory address space before TDX initialization
The refactoring on deferring address space allocation (#5169) broke TDX,
as TDX initialization needs to access guest memory for encryption and
measurement of guest pages.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-05-23 09:00:00 -07:00
dependabot[bot]
79bc42f3c2 build: Bump anyhow from 1.0.70 to 1.0.71
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.70 to 1.0.71.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.70...1.0.71)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-23 00:42:11 +00:00
dependabot[bot]
e6208d1c0e build: Bump uuid from 1.3.0 to 1.3.3
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.3.0 to 1.3.3.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.3.0...1.3.3)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-19 00:44:43 +00:00
dependabot[bot]
b7338c96eb build: Bump serde from 1.0.152 to 1.0.156
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.152 to 1.0.156.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.152...v1.0.156)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-18 13:54:52 +01:00
Hao Xu
c56a3ce59a vmm: reduce memory copy when BFT device tree
The current implementation of breadth first traversal for device tree
uses a temporary vector, therefore causes unnecessary memory copy.
Remove it and do it within vector nodes.

Signed-off-by: Hao Xu <howeyxu@tencent.com>
2023-05-15 17:19:48 +01:00
Anatol Belski
083ce323c0 seccomp: Add filter entry for MSHV_VP_REGISTER_INTERCEPT_RESULT
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
2023-05-08 08:50:09 -07:00
Anatol Belski
8fff4c1af3 mshv: Pass topology explicitly while constructing cpuid
Unlike KVM, there's no internal handling for topoolgy under MSHV. Thus,
if no topology has been passed during the CH launch, use the boot CPUs
count to construct the topology struct.

Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
2023-05-08 08:50:09 -07:00
Wei Liu
aa14fe214a pci: bump the number of supported PCI segments
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-05-02 09:34:05 +01:00
Wei Liu
45e3f49bba vmm: use MAX_NUM_PCI_SEGMENTS in test cases
No functional change.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-05-02 09:34:05 +01:00
Wei Liu
ba1e89139a pci: aml: support up to 256 PCI segments
Originally the AML only accepted one hex number for PCI segment
numbering. Change it to accept two numbers. That makes it possible to
add up to 256 PCI segments.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-05-02 09:34:05 +01:00
Alyssa Ross
21d40d7489 main: reset tty if starting the VM fails
When I refactored this to centralise resetting the tty into
DeviceManager::drop, I tested that the tty was reset if an error
happened on the vmm thread, but not on the main thread.  It turns out
that if an error happened on the main thread, the process would just
exit, so drop handlers on other threads wouldn't get run.

To fix this, I've changed start_vmm() to write to the VMM's exit
eventfd and then join the thread if an error happens after the vmm
thread is started.

Fixes: b6feae0a ("vmm: only touch the tty flags if it's being used")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-05-02 09:33:53 +01:00
Alyssa Ross
c90a0ffff6 vmm: reset to the original termios
Previously, we used two different functions for configuring ttys.
vmm_sys_util::terminal::Terminal::set_raw_mode() was used to configure
stdio ttys, and cfmakeraw() was used to configure ptys created by
cloud-hypervisor.  When I centralized the stdio tty cleanup, I also
switched to using cfmakeraw() everywhere, to avoid duplication.

cfmakeraw sets the OPOST flag, but when we later reset the ttys, we
used vmm_sys_util::terminal::Terminal::set_canon_mode(), which does
not unset this flag.  This meant that the terminal was getting mostly,
but not fully, reset.

To fix this without depending on the implementation of cfmakeraw(),
let's just store the original termios for stdio terminals, and restore
them to exactly the state we found them in when cloud-hypervisor exits.

Fixes: b6feae0a ("vmm: only touch the tty flags if it's being used")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-05-02 09:33:53 +01:00
dependabot[bot]
97fdb65012 build: Bump anyhow from 1.0.69 to 1.0.70
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.69 to 1.0.70.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.69...1.0.70)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-27 00:39:57 +00:00
Rob Bradford
d17d70fae1 vmm: Update for new acpi_tables version
In particular the Std::write() API requires that the value implements
AsBytes and copies the slice representation into the table data. This
avoids unaligned writes which can cause a panic with the updated
toolchain.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-04-26 23:25:57 +01:00
Rob Bradford
71d1296d09 vmm: Implemented zerocopy::AsBytes for SDT structures
For structures that are used in SDT ACPI tables it is necessary for them
to implement this trait for the newly safe Std::write() API.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-04-26 23:25:57 +01:00
dependabot[bot]
97012c511d build: Bump serde_json from 1.0.95 to 1.0.96
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.95 to 1.0.96.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.95...v1.0.96)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 08:45:18 +00:00
Alyssa Ross
3c0b389c82 vmm: allow getdents64 in seccomp filter
This is used on older kernels where close_range() is not available.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
Fixes: 505f4dfa ("vmm: close all unused fds in sigwinch listener")
2023-04-22 11:40:17 +01:00
Rob Bradford
ceb8151747 hypervisor, vmm: Limit max number of vCPUs to hypervisor maximum
On KVM this is provided by an ioctl, on MSHV this is constant. Although
there is a HV_MAXIMUM_PROCESSORS constant the MSHV ioctl API is limited
to u8.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-04-22 10:35:39 +01:00
Rafael Mendonca
6379074264 misc: Remove unnecessary clippy directives
Clippy passes fine without these.

Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
2023-04-18 10:48:31 -07:00
Bo Chen
a9623c7a28 vmm: Add valid FDs for TAP devices to 'VmConfig::preserved_fds'
In this way, valid FDs for TAP devices will be closed when the holding
VmConfig instance is destroyed.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Bo Chen
4baf85857a vmm: Add unit test for 'VmConfig::preserved_fds'
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Bo Chen
e3d2917d5f vmm: Implement Clone and Drop for VmConfig
The custom 'clone' duplicates 'preserved_fds' so that the validation
logic can be safely carried out on the clone of the VmConfig.

The custom 'drop' ensures 'preserved_fds' are safely closed when the
holding VmConfig instance is destroyed.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Bo Chen
a84b540b65 vmm: config: Extend 'VmConfig' with 'preserved_fds'
Preserved FDs are the ones that share the same life-time as its holding
VmConfig instance, such as FDs for creating TAP devices.

Preserved FDs will stay open as long as the holding VmConfig instance is
valid, and will be closed when the holding VmConfig instance is destroyed.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Bo Chen
8eb162e3d7 Revert "vmm: config: Implement Clone for NetConfig"
This reverts commit ea4a95c4f6.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Bo Chen
2804608a1c Revert "vmm: config: Close FDs for TAP devices that are provided to VM"
This reverts commit b14427540b.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Bo Chen
e0125653b1 Revert "vmm: config: Don't close reserved FDs from NetConfig::drop()"
This reverts commit 0110fb4edc.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Bo Chen
e431a48201 Revert "vmm: config: Avoid closing invalid FDs from 'test_net_parsing()'"
This reverts commit 0567def931.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Bo Chen
c143cb3af0 Revert "vmm: config: Replace use of memfd_create with fd pointing to /dev/null"
This reverts commit 46066d6ae1.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Alyssa Ross
b6feae0ace vmm: only touch the tty flags if it's being used
When neither serial nor console are connected to the tty,
cloud-hypervisor shouldn't touch the tty at all.  One way in which
this is annoying is that if I am running cloud-hypervisor without it
using my terminal, I expect to be able to suspend it with ^Z like any
other process, but that doesn't work if it's put the terminal into raw
mode.

Instead of putting the tty into raw mode when a VM is created or
restored, do it when a serial or console device is created.  Since we
now know it can't be put into raw mode until the Vm object is created,
we can move setting it back to canon mode into the drop handler for
that object, which should always be run in normal operation.  We still
also put the tty into canon mode in the SIGTERM / SIGINT handler, but
check whether the tty was actually used, rather than whether stdin is
a tty.  This requires passing on_tty around as an atomic boolean.

I explored more of an abstraction over the tty — having an object that
encapsulated stdout and put the tty into raw mode when initialized and
into canon mode when dropped — but it wasn't practical, mostly due to
the special requirements of the signal handler.  I also investigated
whether the SIGWINCH listener process could be used here, which I
think would have worked but I'm hesitant to involve it in serial
handling as well as conosle handling.

There's no longer a check for whether the file descriptor is a tty
before setting it into canon mode — it's redundant, because if it's
not a tty it just won't respond to the ioctl.

Tested by shutting down through the API, SIGTERM, and an error
injected after setting raw mode.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-04-17 16:33:17 +01:00
Alyssa Ross
520aff2efc vmm: don't redundantly set the TTY to canon mode
If the VM is shut down, either it's going to be started again, in
which case we still want to be in raw mode, or the process is about to
exit, in which case canon mode will be set at the end of main.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-04-17 16:33:17 +01:00
Omer Faruk Bayram
346ee09e6b vmm: api: include BUILD_VERSION and CH pid in VmmPingResponse
Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-04-14 12:13:46 -07:00
Alyssa Ross
9b724303ac vmm: only use KVM_ARM_VCPU_PMU_V3 if available
Having PMU in guests isn't critical, and not all hardware supports
it (e.g. Apple Silicon).

CpuManager::init_pmu already has a fallback for if PMU is not
supported by the VCPU, but we weren't getting that far, because we
would always try to initialise the VCPU with KVM_ARM_VCPU_PMU_V3, and
then bail when it returned with EINVAL.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-04-13 09:02:55 +08:00
Bo Chen
df2a7c1764 vmm: Ignore and warn TAP FDs sent via the HTTP request body
Valid FDs can only be sent from another process via `SCM_RIGHTS`.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-11 09:34:14 -07:00
Alyssa Ross
38a1b45783 vmm: use the SIGWINCH listener for TTYs too
Previously, we were only using it for PTYs, because for PTYs there's
no alternative.  But since we have to have it for PTYs anyway, if we
also use it for TTYs, we can eliminate all of the code that handled
SIGWINCH for TTYs.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-04-05 11:23:06 +01:00
Alyssa Ross
e9841db486 vmm: don't ignore errors from SIGWINCH listener
Now that the SIGWINCH listener has fallbacks for older kernels, we
don't expect it to routinely fail, so if there's an error setting it
up, we want to know about it.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-04-05 11:23:06 +01:00
Alyssa Ross
c1f555cde3 vmm: fall back if CLONE_CLEAR_SIGHAND unsupported
This will allow the SIGWINCH listener to run on kernels older than
5.5, although on those kernels it will have to make 64 syscalls to
reset all the signal handlers.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-04-05 11:23:06 +01:00
Alyssa Ross
505f4dfa53 vmm: close all unused fds in sigwinch listener
The PTY main file descriptor had to be introduced as a parameter to
start_sigwinch_listener, so that it could be closed in the child.
Really the SIGWINCH listener process should not have any file
descriptors open, except for the ones it needs to function, so let's
make it more robust by having it close all other file descriptors.

For recent kernels, we can do this very conveniently with
close_range(2), but for older kernels, we have to fall back to closing
open file descriptors one at a time.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-04-05 11:23:06 +01:00
Ravi kumar Veeramally
a8d1849485 vmm: Remove directory support from MemoryZoneConfig::file
Fixes: #5082

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@intel.com>
2023-04-04 06:49:18 -07:00
dependabot[bot]
55937f63bc build: Bump serde_json from 1.0.93 to 1.0.95
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.93 to 1.0.95.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.93...v1.0.95)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-04 00:41:41 +00:00
dependabot[bot]
ded8959b9a build: Bump versionize from 0.1.9 to 0.1.10
Bumps [versionize](https://github.com/firecracker-microvm/versionize) from 0.1.9 to 0.1.10.
- [Release notes](https://github.com/firecracker-microvm/versionize/releases)
- [Changelog](https://github.com/firecracker-microvm/versionize/blob/main/CHANGELOG.md)
- [Commits](https://github.com/firecracker-microvm/versionize/compare/v0.1.9...v0.1.10)

---
updated-dependencies:
- dependency-name: versionize
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-24 23:46:46 +00:00
dependabot[bot]
64924d5c2b build: Bump signal-hook from 0.3.14 to 0.3.15
Bumps [signal-hook](https://github.com/vorner/signal-hook) from 0.3.14 to 0.3.15.
- [Release notes](https://github.com/vorner/signal-hook/releases)
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/compare/v0.3.14...v0.3.15)

---
updated-dependencies:
- dependency-name: signal-hook
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-14 00:40:33 +00:00
dependabot[bot]
a20e481abe build: Bump thiserror from 1.0.38 to 1.0.39
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.38 to 1.0.39.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.38...1.0.39)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-10 00:39:45 +00:00
Bo Chen
b71564f284 vmm: Remove unnecessary parentheses (beta 1.69 clippy check)
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-03-07 17:02:35 -08:00
Rob Bradford
73c4156775 vmm, devices: Update to latest acpi_tables crate API
Significant API changes have occured, most significantly is the switch
to an approach which does not require vm-memory and can run no_std.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-03-03 13:08:36 +00:00
dependabot[bot]
02f774824b build: Bump gdbstub from 0.6.3 to 0.6.4
Bumps [gdbstub](https://github.com/daniel5151/gdbstub) from 0.6.3 to 0.6.4.
- [Release notes](https://github.com/daniel5151/gdbstub/releases)
- [Changelog](https://github.com/daniel5151/gdbstub/blob/master/CHANGELOG.md)
- [Commits](https://github.com/daniel5151/gdbstub/compare/0.6.3...0.6.4)

---
updated-dependencies:
- dependency-name: gdbstub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-02 00:39:01 +00:00
dependabot[bot]
04ee1efa70 build: Bump virtio-queue from 0.7.0 to 0.7.1
Bumps [virtio-queue](https://github.com/rust-vmm/vm-virtio) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/rust-vmm/vm-virtio/releases)
- [Commits](https://github.com/rust-vmm/vm-virtio/compare/virtio-queue-v0.7.0...virtio-queue-v0.7.1)

---
updated-dependencies:
- dependency-name: virtio-queue
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-01 00:37:27 +00:00
Yong He
76d6d28f3e vmm: do not start signal thread to resize console if no need
Now cloud hypervisor will start signal thread to catch
SIGWINCH signal, cloud hypervisor then will resize the
guest console via vconsole.

This patch skip starting signal thread when there is no
need to resize guest console, such as console is not
configured.

Signed-off-by: Yong He <alexyonghe@tencent.com>
2023-02-28 09:40:07 -08:00
dependabot[bot]
191e865261 build: Bump once_cell from 1.17.0 to 1.17.1
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.17.0 to 1.17.1.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.17.0...v1.17.1)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-24 00:36:14 +00:00
Yu Li
74dcb37ec3 vmm: config: fix incorrect values of error
The PR #2333 added I/O rate limiter on block device, with some options
in `DiskConfig`.  And the PR #2401 added rate limiter on virtio-net
device with same options, but it still throws `Error::ParseDisk`.

This commit fixes it with correct values.

Fixes: #2401

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-02-23 09:57:48 +00:00
Rob Bradford
996bdc6e08 vfio_user: Use new Rust-VMM crate
This contains the same code as was included in tree.

Fixes: #5123

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-22 15:13:12 +00:00
Yong He
01900e3c2b vmm: properly set vcpu state when thread exited
Once error occur, vcpu thread may exit, this should
be critical event for the whole VM, we should fire
exit event and set vcpu state.

If we don't set vcpu state, the shutdown process
will hang at signal_thread, which is waiting the
vcpu state to change.

Signed-off-by: Yong He <alexyonghe@tencent.com>
2023-02-16 14:40:04 +00:00
Rob Bradford
46066d6ae1 vmm: config: Replace use of memfd_create with fd pointing to /dev/null
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-15 11:10:00 -08:00
Bo Chen
0567def931 vmm: config: Avoid closing invalid FDs from 'test_net_parsing()'
We need to provide valid FDs while creating 'NetConfig' instances even
for unit tests. Closing invalid FDs would cause random unit test
failures.

Also, two identical 'NetConfig' instances are not allowed any more,
because it would lead to close the same FD twice. This is consistent
with the fact that a clone of a "NetConfig" instance is no
longer *equal* to the instance itself.

Fixes: #5203

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-02-15 12:30:09 +00:00
Bo Chen
0110fb4edc vmm: config: Don't close reserved FDs from NetConfig::drop()
Fixes: #5203

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-02-15 12:30:09 +00:00
Rob Bradford
b14427540b vmm: config: Close FDs for TAP devices that are provided to VM
These are owned by the config (and are duplicated before being used to
create the `Tap` for the virtio-net device.)

By implementing Drop on NetConfig we have issues with moving out of
members that don't implement the Copy trait. This requires a small
adjustment to the unit tests that use the Default::default() function.

Fixes: #5197

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-14 12:37:50 +01:00
Rob Bradford
ea4a95c4f6 vmm: config: Implement Clone for NetConfig
The custom version duplicates any FDs that have been provided so that
the validation logic used on hotplug, which takes a clone of the config,
can be safely carried out.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-14 12:37:50 +01:00
dependabot[bot]
f5084f7c65 build: Bump uuid from 1.2.2 to 1.3.0
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.2.2 to 1.3.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.2.2...1.3.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 00:37:27 +00:00
dependabot[bot]
f0ea8eb70b build: Bump serde_json from 1.0.91 to 1.0.93
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.91 to 1.0.93.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.91...v1.0.93)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 14:09:46 +01:00
Rob Bradford
09fca4a5dd build: Move to rust-vmm acpi_tables crate
This code is indentical to what is in this repository. When a release
gets made we can then switch to that.

Fixes: #5122

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-10 18:58:12 +01:00
Praveen K Paladugu
1143d54ee0 tpm: Add recv timeout while running recvmsg
If swtpm becomes unresponsive, guest gets blocked at "recvmsg" on tpm's
data FD. This change adds a timeout to the data fd socket. If swtpm
becomes unresponsive guest waits for "timeout" (secs) and continues to
run after returning an I/O error to tpm commands.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2023-02-10 17:49:03 +01:00
Jinank Jain
b54ce6c3db vmm: Defer address space allocation
We can ideally defer the address space allocation till we start the
vCPUs for the very first time. Because the VM will not access the memory
until the CPUs start running. Thus there is no need to allocate the
address space eagerly and wait till the time we are going to start the
vCPUs for the first time.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2023-02-10 11:52:20 +01:00
Kaihang Zhang
3dd01443d5 openapi: Make 'vcpu' and 'host_cpus' required in CpuAffinity
Signed-off-by: Kaihang Zhang <kaihang.zhang@smartx.com>
2023-02-10 10:06:43 +01:00
dependabot[bot]
43227cd5c4 build: Bump anyhow from 1.0.68 to 1.0.69
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.68 to 1.0.69.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.68...1.0.69)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-10 00:55:05 +00:00
Rob Bradford
c22c4675b3 arch, hypervisor: Populate CPUID leaf 0x4000_0010 (TSC frequency)
This hypervisor leaf includes details of the TSC frequency if that is
available from KVM. This can be used to efficiently calculate time
passed when there is an invariant TSC.

TEST=Run `cpuid` in the guest and observe the frequency populated.

Fixes: #5178

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-09 18:32:21 +01:00
Wei Liu
34b3170680 vmm: fix two typos
Change "thead" to "thread".

Also make sure the two messages are distinguishable by adding "vmm" and
"vm" prefix.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-30 21:10:02 +00:00
Bo Chen
574576c8e9 misc: Automatically fix cargo clippy issues added in 1.68 (beta)
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-01-26 08:58:37 -08:00