dependabot[bot]
d89f1f4f21
build: Bump serde_with from 3.8.1 to 3.8.3 in /fuzz
...
Bumps [serde_with](https://github.com/jonasbb/serde_with ) from 3.8.1 to 3.8.3.
- [Release notes](https://github.com/jonasbb/serde_with/releases )
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.1...v3.8.3 )
---
updated-dependencies:
- dependency-name: serde_with
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-13 00:23:33 +00:00
dependabot[bot]
dc90744ec3
build: Bump darling from 0.20.9 to 0.20.10
...
Bumps [darling](https://github.com/TedDriggs/darling ) from 0.20.9 to 0.20.10.
- [Release notes](https://github.com/TedDriggs/darling/releases )
- [Changelog](https://github.com/TedDriggs/darling/blob/master/CHANGELOG.md )
- [Commits](https://github.com/TedDriggs/darling/commits/v0.20.10 )
---
updated-dependencies:
- dependency-name: darling
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-12 23:46:59 +00:00
Wei Liu
18340d9761
hypervisor: mshv: fine-grained control over translation flags
...
The assertion that only code emulation requires GVA to GPA translation
is wrong.
Allow the caller of `translate` to pass in permission flags directly.
Provide a new method `read_memory_flags` so that we can add the EXECUTE
permission flag where necessary.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-12 16:12:33 +00:00
Wei Liu
cfaa192eb4
hypervisor: emulator: drop the unused gva_to_gpa hook
...
That function is too limiting. It doesn't consider page permissions. It
is not used, so just drop it.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-12 16:12:33 +00:00
dependabot[bot]
c67f799717
build: Bump windows_x86_64_msvc from 0.52.5 to 0.52.6 in /fuzz
...
Bumps [windows_x86_64_msvc](https://github.com/microsoft/windows-rs ) from 0.52.5 to 0.52.6.
- [Release notes](https://github.com/microsoft/windows-rs/releases )
- [Commits](https://github.com/microsoft/windows-rs/commits )
---
updated-dependencies:
- dependency-name: windows_x86_64_msvc
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-12 00:02:26 +00:00
dependabot[bot]
b47efc3bc2
build: Bump enumflags2 from 0.7.9 to 0.7.10
...
Bumps [enumflags2](https://github.com/meithecatte/enumflags2 ) from 0.7.9 to 0.7.10.
- [Release notes](https://github.com/meithecatte/enumflags2/releases )
- [Commits](https://github.com/meithecatte/enumflags2/compare/v0.7.9...v0.7.10 )
---
updated-dependencies:
- dependency-name: enumflags2
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-11 23:55:37 +00:00
dependabot[bot]
498f35a1ab
build: Bump zerocopy from 0.7.34 to 0.7.35 in /fuzz
...
Bumps [zerocopy](https://github.com/google/zerocopy ) from 0.7.34 to 0.7.35.
- [Release notes](https://github.com/google/zerocopy/releases )
- [Changelog](https://github.com/google/zerocopy/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/zerocopy/commits )
---
updated-dependencies:
- dependency-name: zerocopy
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-11 00:52:33 +00:00
dependabot[bot]
2d61bc36ed
build: Bump anstyle from 1.0.6 to 1.0.7
...
Bumps [anstyle](https://github.com/rust-cli/anstyle ) from 1.0.6 to 1.0.7.
- [Commits](https://github.com/rust-cli/anstyle/compare/v1.0.6...v1.0.7 )
---
updated-dependencies:
- dependency-name: anstyle
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-10 23:53:26 +00:00
dependabot[bot]
46447962b8
build: Bump windows_i686_gnullvm from 0.52.5 to 0.52.6 in /fuzz
...
Bumps [windows_i686_gnullvm](https://github.com/microsoft/windows-rs ) from 0.52.5 to 0.52.6.
- [Release notes](https://github.com/microsoft/windows-rs/releases )
- [Commits](https://github.com/microsoft/windows-rs/commits )
---
updated-dependencies:
- dependency-name: windows_i686_gnullvm
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-10 00:21:49 +00:00
dependabot[bot]
9a6bc025a7
build: Bump backtrace from 0.3.71 to 0.3.73
...
Bumps [backtrace](https://github.com/rust-lang/backtrace-rs ) from 0.3.71 to 0.3.73.
- [Release notes](https://github.com/rust-lang/backtrace-rs/releases )
- [Commits](https://github.com/rust-lang/backtrace-rs/compare/0.3.71...0.3.73 )
---
updated-dependencies:
- dependency-name: backtrace
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-10 00:08:56 +00:00
Rob Bradford
de1abe0e30
vmm: Use Response::ok_or_abandon() in migration logic
...
The use of this method removes duplicated code yet provides clarity on
the logic.
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-07-09 19:53:26 +00:00
Rob Bradford
e97cee99ef
vm-migration: Introduce Response::ok_or_abandon()
...
This method will return the existing Response if the status is
successful (Status::Ok) otherwise issue a command to abandon the
migration and return the desired error.
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-07-09 19:53:26 +00:00
Wei Liu
3103526153
build: update pnet crates
...
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-09 19:52:59 +00:00
dependabot[bot]
08ff89ba6e
build: Bump zvariant from 4.1.1 to 4.1.2
...
Bumps [zvariant](https://github.com/dbus2/zbus ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/dbus2/zbus/releases )
- [Commits](https://github.com/dbus2/zbus/compare/zvariant-4.1.1...zvariant-4.1.2 )
---
updated-dependencies:
- dependency-name: zvariant
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 00:34:10 +00:00
dependabot[bot]
514f36fb5a
build: Bump syn from 2.0.68 to 2.0.70 in /fuzz
...
Bumps [syn](https://github.com/dtolnay/syn ) from 2.0.68 to 2.0.70.
- [Release notes](https://github.com/dtolnay/syn/releases )
- [Commits](https://github.com/dtolnay/syn/compare/2.0.68...2.0.70 )
---
updated-dependencies:
- dependency-name: syn
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-09 00:00:14 +00:00
dependabot[bot]
fe3506976e
build: Bump cc from 1.0.101 to 1.0.104 in /fuzz
...
Bumps [cc](https://github.com/rust-lang/cc-rs ) from 1.0.101 to 1.0.104.
- [Release notes](https://github.com/rust-lang/cc-rs/releases )
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.0.101...cc-v1.0.104 )
---
updated-dependencies:
- dependency-name: cc
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-06 04:54:03 +00:00
Wei Liu
94929889ac
vmm: make landlock configs VMM-level config
...
This requires stashing the config values in `struct Vmm`. The configs
should be validated before before creating the VMM thread. Refactor the
code and update documentation where necessary.
The place where the rules are applied remain the same.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
8452edfcc7
tests: Test live migration with Landlock
...
Add a test case to check Live Migration with Landlock support.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
466cc5e043
tests: Add disk_hotplug test with Landlock
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
034c674c4c
tests: Add a basic Landlock test
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
b785e00317
docs: Add doc for Landlock feature
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
7f6731cd05
vmm: Limit the visibility of Landlock objects
...
Limit the visibility of objects and methods introduced by Landlock
implementation.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
457fd9ef96
vmm: enable landlock during live migration
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
eea45a2c78
vmm: Enable Landlock in restore path
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
11c17ca319
main: Enable landlock on main thread
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
249e362c70
vmm: Enable Landlock on vmm thread
...
Add file/dir paths from landlock-rules arguments to ruleset. Invoke
apply_landlock on VmConfig to apply config specific rules to ruleset.
Once done, any threads spawned by vmm thread will be automatically
sandboxed with the ruleset in vmm thread.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
b3e5738b40
vmm: Introduce ApplyLandlock trait
...
Introduce ApplyLandlock trait and add implementations to VmConfig
elements with PathBufs. This trait adds config specific rules to
landlock ruleset.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
1dd53c3d24
vmm: Enable Landlock on http-server thread
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
130c988380
vmm: Enable Landlock on signal-handler thread
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
8c76a3e4b5
vmm: Enable Landlock on event-monitor thread
...
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
af5a9677c8
vmm: Introduce Landlock module
...
This module introduces methods to apply Landlock LSM to cloud-hypervisor
threads.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
1d89f98edf
vmm: Introduce landlock-rules cmdline param
...
Users can use this parameter to pass extra paths that 'vmm' and its
child threads can use at runtime. Hotplug is the primary usecase for
this parameter.
In order to hotplug devices that use local files: disks, memory zones,
pmem devices etc, users can use this option to pass the path/s that will
be used during hotplug while starting cloud-hypervisor. Doing this will
allow landlock to add required rules to grant access to these paths when
cloud-hypervisor process starts.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
287dbd4fc9
vmm: Introduce landlock cmdline parameter
...
Users can use this cmdline option to enable/disable Landlock based
sandboxing while running cloud-hypervisor.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Praveen K Paladugu
c50ea2c708
vmm: Add seccomp rules to allow landlock syscalls
...
landlock syscalls are required by event_monitor, signal_handler,
http-server and vmm threads. Rest of the threads are spawned by the vmm
thread and they automatically inherit the ruleset from the vmm thread.
Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2024-07-06 04:42:58 +00:00
Wei Liu
14b45e4d2e
hypervisor: mshv: handle GPA intercept
...
We will start receiving GPA intercepts. For our use cases they are
handled the same way as UNMAPPED GPA intercepts.
Put in some logging to distinguish the two cases.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
Wei Liu
519476e842
hypervisor: mshv: relax the requirement for instruction emulation
...
Previously we required the hypervisor to give us a valid instruction
stream. That worked well enough because we never hit any edge conditions
(such as when the instruction stream crosses page boundary).
Now that MSHV can deal with partial or empty instruction stream, we can
remove that requirement.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
Wei Liu
5fec858130
hypervisor: mshv: implement fetching instructions in emulator
...
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
Wei Liu
67f22b6aa4
hypervisor: mshv: fix GVA translation flags
...
Original we checked for R and W, but that code path never got executed.
It is now understood that we can only get here when we execute code. Fix
the permission flags.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
Wei Liu
1eb4133034
hypervisor: x86: emulator: set IP properly for newly fetched stream
...
The default value of IP is zero. If the decoder's state not set
properly, then the guest state is going to be wrong.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-04 18:45:01 +00:00
dependabot[bot]
9f3bea3e3f
build: Bump anstyle-parse from 0.2.3 to 0.2.4 in /fuzz
...
Bumps [anstyle-parse](https://github.com/rust-cli/anstyle ) from 0.2.3 to 0.2.4.
- [Commits](https://github.com/rust-cli/anstyle/compare/anstyle-parse-v0.2.3...anstyle-parse-v0.2.4 )
---
updated-dependencies:
- dependency-name: anstyle-parse
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-03 21:54:50 +00:00
Alyssa Ross
e7c7a304e8
virtio-devices: fix UB getting tty size
...
TIOCGWINSZ modifies its argument, so it needs to mutably borrow it.
Unfortunately, ioctl()'s signature is not able to enforce this, and
the write happens in the kernel, so I don't think anything like miri,
valgrind, UBSan, etc. would have been able to catch this.
The UB passing an immutable reference caused resulted, for me, in
get_win_size() returning (0, 0) since LLVM commit
9a09c737a052 ("[BasicAA] Make isNotCapturedBeforeOrAt() check for
calls more precise (#69931 )").
I've had a look through the other ioctl() calls in Cloud Hypervisor,
and I don't think any others have the same problem.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2024-07-03 21:26:04 +00:00
Bo Chen
b5cce0d371
build: Enable vfio and sgx worker
...
This reverts commit 7d84654a79
.
Signed-off-by: Bo Chen <chen.bo@intel.com>
2024-07-03 00:34:28 +00:00
Wei Liu
7c608f6380
hypervisor: x86: emulator: accept empty instruction stream input
...
The emulator should fetch from memory just fine.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-02 14:59:50 +00:00
Wei Liu
3ad8d24943
hypervisor: x86: emulator: fix a variable
...
Comparing RAX with RIP makes no logical sense other than RIP happens to
be the correct value. Use `target_rax` instead.
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-02 14:59:50 +00:00
Wei Liu
56c6c02724
hypervisor: x86: emulator: test executing only one instruction
...
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-02 14:59:50 +00:00
Wei Liu
19b0ea842b
hypervisor: x86: emulator: add the second instruction to test comment
...
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-02 14:59:50 +00:00
dependabot[bot]
16bd88b4b5
build: Bump cc from 1.0.99 to 1.0.101 in /fuzz
...
Bumps [cc](https://github.com/rust-lang/cc-rs ) from 1.0.99 to 1.0.101.
- [Release notes](https://github.com/rust-lang/cc-rs/releases )
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/cc-rs/compare/1.0.99...cc-v1.0.101 )
---
updated-dependencies:
- dependency-name: cc
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-28 00:28:40 +00:00
dependabot[bot]
09136c50b5
build: Bump syn from 2.0.66 to 2.0.68 in /fuzz
...
Bumps [syn](https://github.com/dtolnay/syn ) from 2.0.66 to 2.0.68.
- [Release notes](https://github.com/dtolnay/syn/releases )
- [Commits](https://github.com/dtolnay/syn/compare/2.0.66...2.0.68 )
---
updated-dependencies:
- dependency-name: syn
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-27 17:44:00 +00:00
Nuno Das Neves
380b7d398c
build: Bump openssl-src to 3.3.1
...
Signed-off-by: Nuno Das Neves <nudasnev@microsoft.com>
2024-06-25 18:55:52 +00:00
Nuno Das Neves
764959c9a8
build: Bump libz-sys to 1.1.18
...
Signed-off-by: Nuno Das Neves <nudasnev@microsoft.com>
2024-06-25 18:55:52 +00:00