Commit Graph

2720 Commits

Author SHA1 Message Date
Sebastien Boeuf
bf37ebdcb6 arch: x86_64: Add 5th level of paging when needed
For correctness, when the CPUID supports the LA57 feature, the VMM sets
the CR4.LA57 register, which means a fifth level of page table might be
needed. Even if it's not needed because the kernel should not use
addresses over 1GiB, it's better to define this new level anyway.

This patch only applies to the Linux boot codepath, which means it
affects both vmlinux without PVH and bzImage binaries. The bzImage
does not need this since the page tables and CR4 registers are set in
the decompression code from the kernel.

And for vmlinux with PVH, if we follow the PVH specification, the kernel
must be responsible for setting things up, but the implementation is
missing. This means for now that PVH does not support LA57 with 5 levels
of paging.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-06-11 09:18:52 +02:00
Anatol Belski
abd6204d27 source: Fix file permissions
Rust sources and some data files should not be executable. The perms are
set to 644.

Signed-off-by: Anatol Belski <ab@php.net>
2020-06-10 18:47:27 +01:00
Rob Bradford
02ac1820b1 scripts: Ensure musl-gcc is used by musl build
"cc" is invoked as part of the Cloud Hypervisor Rust build however due
to a copy and paste error the wrong variable was being tested for
overriding the CC and the CFLAGS.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-10 18:22:50 +02:00
Bo Chen
cc85d896a5 tests: Extend test_*_reboot with checks on fd leaking
This revised version of the patch reuses the back-off strategy from
'ssh_command()' to deal with varying booting time.

Fixes: #1209

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-06-10 13:54:18 +01:00
dependabot-preview[bot]
2ae547cf71 build(deps): bump vmm-sys-util from 0.6.0 to 0.6.1
Bumps [vmm-sys-util](https://github.com/rust-vmm/vmm-sys-util) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/rust-vmm/vmm-sys-util/releases)
- [Changelog](https://github.com/rust-vmm/vmm-sys-util/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-vmm/vmm-sys-util/compare/v0.6.0...v0.6.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-10 13:24:53 +01:00
dependabot-preview[bot]
f3556279d5 build(deps): bump serde_json from 1.0.54 to 1.0.55
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.54 to 1.0.55.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.54...v1.0.55)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-10 11:48:39 +01:00
Rob Bradford
dc034eb3b0 scripts: Only use musl for the Rust components
Don't use the musl toolchain for the virtiofsd build as it does not
work.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-10 10:16:57 +01:00
Rob Bradford
176d671609 build: Run musl builds in parallel to glibc builds
Run these builds against every PR rather than just master.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-10 10:16:57 +01:00
dependabot-preview[bot]
083189e5a1 build(deps): bump vcpkg from 0.2.9 to 0.2.10
Bumps [vcpkg](https://github.com/mcgoo/vcpkg-rs) from 0.2.9 to 0.2.10.
- [Release notes](https://github.com/mcgoo/vcpkg-rs/releases)
- [Changelog](https://github.com/mcgoo/vcpkg-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mcgoo/vcpkg-rs/compare/vcpkg-rs-0.2.9...vcpkg-rs-0.2.10)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-10 09:21:10 +02:00
dependabot-preview[bot]
2334b521da build(deps): bump syn from 1.0.30 to 1.0.31
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.30 to 1.0.31.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.30...1.0.31)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-10 07:35:29 +02:00
dependabot-preview[bot]
99c99c2476 build(deps): bump serde_json from 1.0.53 to 1.0.54
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.53 to 1.0.54.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.53...v1.0.54)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-09 21:17:48 +01:00
Sebastien Boeuf
96a5e22bd6 resources: kernel: Enable 5 levels of page table
Some CPUs might support up to 52 bits of addressable space, that's the
reason why we need the guest kernel to support 5 levels of page table.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-06-09 18:08:09 +01:00
Sebastien Boeuf
653087d7a3 vmm: Reduce MMIO address space by 4KiB
In order to workaround a Linux bug that happens when we place devices at
the end of the physical address space on recent hardware (52 bits limit)
we reduce the MMIO address space by one 4k page. This way, nothing gets
allocated in the last 4k of the address space, which is negligible given
the amount of space in the address space.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-06-09 18:08:09 +01:00
Sebastien Boeuf
5f0b620148 arch: x86_64: Enable CR4 LA57 feature
In case the host CPU exposes the support for LA57 feature through its
cpuid, the CR4.LA57 bit is enabled accordingly.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-06-09 18:08:09 +01:00
Rob Bradford
09fd325963 build: Use fork of vm-memory with less performance impact
Currently released vm-memory uses aligned and volatile copying for all
data. The version in the fork only uses the assured (and slower) path
for data upto the natural data width.

Fixes: #1258

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-09 17:06:35 +02:00
Henry Wang
5f9e079a03 device: Add AArch64 RTC PL031 implementation
This commit adds the implementation for the AArch64 PL031
Real Time Clock (RTC) that provides a long time base counter. This
is achieved by generating an interrupt signal after counting a
programmed number of cycles of a real-time clock input. The AArch64
guest VM of the cloud-hypervisor will use this RTC to sync the time
in itself.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2020-06-09 06:27:46 +01:00
Bo Chen
625bab69bd vmm: api: Allow to delete non-booted VMs
The action of "vm.delete" should not report errors on non-booted
VMs. This patch also revised the "docs/api.md" to reflect the right
'Prerequisites' of different API actions, e.g. on "vm.delete" and
"vm.boot".

Fixes: #1110

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-06-09 05:58:32 +01:00
LiYa'nan
313883f6e4 remove duplicated structure InitrdConfig
structure InitrdConfig duplicated with InitramfsConfig

Signed-off-by: LiYa'nan <oliverliyn@gmail.com>
2020-06-09 05:53:37 +01:00
dependabot-preview[bot]
afe60808ac build(deps): bump synstructure from 0.12.3 to 0.12.4
Bumps [synstructure](https://github.com/mystor/synstructure) from 0.12.3 to 0.12.4.
- [Release notes](https://github.com/mystor/synstructure/releases)
- [Commits](https://github.com/mystor/synstructure/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-08 21:05:16 +01:00
Rob Bradford
aa79a92c35 tests: Add integration test for unprivileged network
This tests whether we can have a working network without having
CAP_NET_ADMIN.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-08 17:56:10 +02:00
Rob Bradford
9b71ba20ac vmm, vm-virtio: Stop always autogenerating a host MAC address
This removes the need to use CAP_NET_ADMIN privileges and instead the
host MAC addres is either provided by the user or alternatively it is
retrieved from the kernel.

TEST=Run cloud-hypervisor without CAP_NET_ADMIN permission and a
preconfigured tap device:

sudo ip tuntap add name tap0 mode tap
sudo ifconfig tap0 192.168.249.1 netmask 255.255.255.0 up
cargo clean
cargo build
target/debug/cloud-hypervisor --serial tty --console off --kernel ~/src/rust-hypervisor-firmware/target/target/release/hypervisor-fw --disk path=~/workloads/clear-33190-kvm.img --net tap=tap0

VM was also rebooted to check that works correctly.

Fixes: #1274

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-08 17:56:10 +02:00
Rob Bradford
1f8b6fa947 net_util: Allow retrieving the MAC address from the TAP device
This can be used to preserve the host MAC address as part of the
configuration when the TAP device is precreated.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-08 17:56:10 +02:00
Rob Bradford
929d70bc7f net_util: Only try and enable the TAP device if it not already enabled
This allows an existing TAP interface to be used without needing
CAP_NET_ADMIN permissions on the Cloud Hypervisor binary as the ioctl to
bring up the interface is avoided.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-08 17:56:10 +02:00
Bo Chen
eda9bfc7a1 vhost_user_fs: Replace the '--sock' parameter with '--socket'
We are keeping the '--sock' parameter for backward compatibility.

Fixes: #1091

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-06-08 17:41:12 +02:00
Bo Chen
a8cdf2f070 tests,vm-virtio,vmm: Use 'socket' for all CLI/API parameters
This patch unifies the inconsistent uses of 'socket' and 'sock' from our
CLI/API parameters.

Fixes: #1091

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-06-08 17:41:12 +02:00
Rob Bradford
90e7accf8b ch-remote: Show response body from error
If the server returns an error then print out the response body if there
is one present.

Fixes: #1262

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-08 17:35:54 +02:00
Henry Wang
e436bbf3bb build: Install libfdt in github cross-build workflow
In AArch64 prototype, there are code to construct the flattened device
tree, and to make such code compilable we need to install libfdt-dev. In
normal situation, this installation process can be done by either installing
libfdt-dev locally or in the development container.

Before formal AArch64 CI is setup, we use the workaround in this commit
to install libfdt in the github cross-build workflow.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2020-06-08 09:59:46 +01:00
Henry Wang
2d13751d7d aarch64: Porting fdt related files from Firecracker
When booting VM on AArch64 machines, we need to construct the
flattened device tree before loading kernel. Hence here we add
the implementation of the flattened device tree for AArch64.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2020-06-08 09:59:46 +01:00
Henry Wang
5a18dd36e2 aarch64: Porting AArch64 register implementation from Firecracker
As on AArch64 systems we need register mpidr to create the
flattened device tree, here in this commit we add ported AArch64
register implementation from Firecracker and related changes to
make this commit build.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2020-06-08 09:59:46 +01:00
Henry Wang
d605fda3f7 aarch64: Porting GIC source files from Firecracker
This commit adds ported code of Generic Interrupt Controller (GIC)
software implementation for AArch64, including both GICv2 and
GICv3 devices. These GIC devices are actually emulated by the
host kernel through KVM and will be used in the guest VM as the
interrupt controller for AArch64.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2020-06-08 09:59:46 +01:00
Michael Zhao
ce624a6dee aarch64: Add memory layout for AArch64
This commit adds the memory layout design for AArch64 in
`arch/src/aarch64/layout.rs` and related changes in
`arch/src/lib.rs` to make sure this commit can build.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2020-06-08 09:59:46 +01:00
dependabot-preview[bot]
c7d44b880e build(deps): bump quote from 1.0.6 to 1.0.7
Bumps [quote](https://github.com/dtolnay/quote) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.6...1.0.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-08 08:05:11 +02:00
dependabot-preview[bot]
7c91dfaeef build(deps): bump proc-macro-nested from 0.1.4 to 0.1.5
Bumps [proc-macro-nested](https://github.com/dtolnay/proc-macro-hack) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/dtolnay/proc-macro-hack/releases)
- [Commits](https://github.com/dtolnay/proc-macro-hack/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-08 08:04:48 +02:00
dependabot-preview[bot]
17c16e5c82 build(deps): bump pin-project from 0.4.19 to 0.4.20
Bumps [pin-project](https://github.com/taiki-e/pin-project) from 0.4.19 to 0.4.20.
- [Release notes](https://github.com/taiki-e/pin-project/releases)
- [Changelog](https://github.com/taiki-e/pin-project/blob/master/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/pin-project/compare/v0.4.19...v0.4.20)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-07 17:00:42 +01:00
dependabot-preview[bot]
a2398742da build(deps): bump arc-swap from 0.4.6 to 0.4.7
Bumps [arc-swap](https://github.com/vorner/arc-swap) from 0.4.6 to 0.4.7.
- [Release notes](https://github.com/vorner/arc-swap/releases)
- [Changelog](https://github.com/vorner/arc-swap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/arc-swap/compare/v0.4.6...v0.4.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-07 17:00:31 +01:00
dependabot-preview[bot]
b31fe72edc build(deps): bump openssl-sys from 0.9.57 to 0.9.58
Bumps [openssl-sys](https://github.com/sfackler/rust-openssl) from 0.9.57 to 0.9.58.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.57...openssl-sys-v0.9.58)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-06 09:50:31 +01:00
dependabot-preview[bot]
9649700420 build(deps): bump dirs-sys from 0.3.4 to 0.3.5
Bumps [dirs-sys](https://github.com/dirs-dev/dirs-sys-rs) from 0.3.4 to 0.3.5.
- [Release notes](https://github.com/dirs-dev/dirs-sys-rs/releases)
- [Commits](https://github.com/dirs-dev/dirs-sys-rs/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-05 19:41:36 +02:00
Rob Bradford
eabf43fbf6 Revert "tests: Extend test_*_reboot with checks on fd leaking"
This reverts commit 7dc4e91303.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-05 14:09:17 +01:00
Bo Chen
7dc4e91303 tests: Extend test_*_reboot with checks on fd leaking
Fixes: #1209

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-06-04 20:48:44 +01:00
dependabot-preview[bot]
601d898f8a build(deps): bump pin-project from 0.4.17 to 0.4.19
Bumps [pin-project](https://github.com/taiki-e/pin-project) from 0.4.17 to 0.4.19.
- [Release notes](https://github.com/taiki-e/pin-project/releases)
- [Changelog](https://github.com/taiki-e/pin-project/blob/master/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/pin-project/compare/v0.4.17...v0.4.19)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-06-04 18:44:30 +02:00
Arron Wang
6ff107afe4 vm-device: Switch to use get_host_address_range in vfio-ioctls
The API has change to use generic GuestMemory trait:
pub fn get_host_address_range<M: GuestMemory>(
    mem: &M,
    addr: GuestAddress,
    size: usize,
) -> Option<*mut u8> {

Signed-off-by: Arron Wang <arron.wang@intel.com>
2020-06-04 08:48:55 +02:00
Samuel Ortiz
3336e80192 vfio: Switch to the vfio-ioctls crate ch branch
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2020-06-04 08:48:55 +02:00
Samuel Ortiz
d24aa72d3e vfio: Rename to vfio-ioctls
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2020-06-04 08:48:55 +02:00
Samuel Ortiz
53ce529875 vfio: Move the PCI implementation to the PCI crate
There is a much stronger PCI dependency from vfio_pci.rs than a VFIO one
from pci/src/vfio.rs. It seems more natural to have the PCI specific
VFIO implementation in the PCI crate rather than the other way around.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2020-06-04 08:48:55 +02:00
Michael Zhao
8f7dc73562 vmm: Move Vcpu::configure() to arch crate
Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2020-06-03 11:27:29 +02:00
Michael Zhao
969e5e0b51 vmm: Split configure_system() from load_kernel() for x86_64
Now the flow of both architectures are aligned to:
1. load kernel
2. create VCPU's
3. configure system
4. start VCPU's

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2020-06-03 11:27:29 +02:00
Michael Zhao
20cf21cd9d vmm: Change booting process to cover AArch64 requirements
Between X86 and AArch64, there is some difference in booting a VM:
- X86_64 can setup IOAPIC before creating any VCPU.
- AArch64 have to create VCPU's before creating GIC.

The old process is:
1. load_kernel()
    load kernel binary
    configure system
2. activate_vcpus()
    create & start VCPU's

So we need to separate "activate_vcpus" into "create_vcpus" and
"activate_vcpus" (to start vcpus only). Setup GIC and create FDT
between the 2 steps.

The new procedure is:
1. load_kernel()
    load kernel binary
    (X86_64) configure system
2. create VCPU's
3. (AArch64) setup GIC
4. (AArch64) configure system
5. start VCPU's

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2020-06-03 11:27:29 +02:00
Rob Bradford
61aa4615e2 vhost_user_net: Implement VIRTIO_RING_F_EVENT_IDX
The general handling of VIRTIO_RING_F_EVENT_IDX is in the
vhost_user_backend functionality and the net specific handling is in the
NetQueuePair from virtio-net.

As such enabling for the vhost-user-net backend is just the case of
adding the feature.

Fixes: #789

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-03 08:28:49 +02:00
Rob Bradford
a4d377a066 vm-virtio: net: Implement VIRTIO_RING_F_EVENT_IDX
If VIRTIO_RING_F_EVENT_IDX is negotiated only generate suppress
interrupts if the guest has asked us to do so.

Fixes: #788

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-03 08:28:49 +02:00
Rob Bradford
f06970730b vm-virtio: net: Handle lost interrupts on restore
In some situations it is seen that the first interrupt sent to the guest
is lost upon a restore (due to the tap worker being awake ahead of the
vPUs).

This causes problems with VIRTIO_RING_F_EVENT_IDX interrupt suppression
as the guest will not be interrupted again in order to mitigate this we
always interrupt the guest until the device itself has been signalled by
the guest.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-06-03 08:28:49 +02:00