Commit Graph

4946 Commits

Author SHA1 Message Date
Rob Bradford
33a55bac0f virtio-devices: seccomp: Split out common seccomp rules
As well as reducing the amount of code this also improves the binary
size slightly:

cargo bloat --release -n 2000 --bin cloud-hypervisor | grep virtio_devices::seccomp_filters::get_seccomp_rules

Before:
 0.1%   0.2%   7.8KiB       virtio_devices virtio_devices::seccomp_filters::get_seccomp_rules
After:
 0.0%   0.1%   3.0KiB       virtio_devices virtio_devices::seccomp_filters::get_seccomp_rules

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-10 10:11:12 -07:00
Rob Bradford
82ace6e327 build: Update version of toolchain in container
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-10 10:10:11 -07:00
Bo Chen
2e56f0df77 ci: Rustify ovs-dpdk setup and cleanup
Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-09-10 07:41:15 +01:00
Bo Chen
a181b77bc8 ci: Add integration test for live migration with OVS-DPDK
Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-09-10 07:41:15 +01:00
Bo Chen
9023412e31 tests: Refactor test_ovs_dpdk
This patch adds a separate function to launch two guest VMs and ensure
they are connected through ovs-dpdk, so that we can reuse this function
in other tests, e.g. the test for live-migration with ovs-dpdk.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-09-10 07:41:15 +01:00
Rob Bradford
977a893d86 .github: Add aarch64 cross build to release
Fixes: #3099

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-09 15:10:10 +01:00
Rob Bradford
2c4f8d2218 build: Release v18.0
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-09 14:16:14 +01:00
Bo Chen
4f37a273d9 vmm: Fix clippy issue
error: all if blocks contain the same code at the end
   --> vmm/src/memory_manager.rs:884:9
    |
884 | /             Ok(mm)
885 | |         }
    | |_________^

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-09-08 13:31:19 -07:00
Rob Bradford
d64a77a5c6 vmm: Shutdown VMM if signal thread panics
See: #3031

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-08 11:26:48 -07:00
Rob Bradford
e0d05683ab vmm: Split up functions for creating signal handler and tty setup
These are quite separate and should be in their own functions.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-08 11:26:48 -07:00
Rob Bradford
387753ae1d vmm: Remove concept of "input_enabled"
This concept ends up being broken with multiple types on input connected
e.g. console on TTY and serial on PTY. Already the code for checking for
injecting into the serial device checks that the serial is configured.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-08 11:26:48 -07:00
Rob Bradford
951ad3495e vmm: Only resize virtio-console when attached to TTY
Fixes: #3092

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-08 11:26:48 -07:00
Rob Bradford
0dbb2683e3 vmm: Consolidate duplicated code for setting up signal handler
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-08 11:26:48 -07:00
Jianyong Wu
579710d3e0 tests: Enable some virtio-pmem test for Arm64
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2021-09-08 09:40:48 +01:00
Henry Wang
4d8a73735b tests: Enable Arm64 user defined mem regions test
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-08 09:40:48 +01:00
Rob Bradford
687d646c60 virtio-devices, vmm: Shutdown VMM on virtio thread panic
Shutdown the VMM in the virtio (or VMM side of vhost-user) thread
panics.

See: #3031

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-08 09:40:36 +01:00
Rob Bradford
54e523c302 virtio-devices: Use a common method for spawning virtio threads
Introduce a common solution for spawning the virtio threads which will
make it easier to add the panic handling.

During this effort I discovered that there were no seccomp filters
registered for the vhost-user-net thread nor the vhost-user-block
thread. This change also incorporates basic seccomp filters for those as
part of the refactoring.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-08 09:40:36 +01:00
Wei Liu
4737679661 github: also build mshv enabled binaries
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-09-07 16:09:36 +01:00
Wei Liu
9c5b404415 vmm: MSHV now supports VFIO-based device passthrough
Drop a few feature gates and adjust code a bit.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-09-07 15:17:08 +01:00
Wei Liu
6e9d3eccd6 hypervisor: implement devicefd management for MSHV
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-09-07 15:17:08 +01:00
Wei Liu
10b954e954 build: use vfio-ioctls that supports MSHV
Disable default features and propagate hypervisor selection where
necessary.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2021-09-07 15:17:08 +01:00
dependabot[bot]
e4abf2ce6c build: bump vm-fdt from 720e48e to 06cbff3
Bumps [vm-fdt](https://github.com/rust-vmm/vm-fdt) from `720e48e` to `06cbff3`.
- [Release notes](https://github.com/rust-vmm/vm-fdt/releases)
- [Commits](720e48e435...06cbff3a02)

---
updated-dependencies:
- dependency-name: vm-fdt
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-07 09:41:02 +00:00
dependabot[bot]
ad07a275c5 build: bump thiserror from 1.0.28 to 1.0.29 in /fuzz
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.28 to 1.0.29.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.28...1.0.29)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-07 08:36:08 +00:00
dependabot[bot]
a20041ba68 build: bump thiserror from 1.0.28 to 1.0.29
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.28 to 1.0.29.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.28...1.0.29)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-07 08:35:50 +00:00
Henry Wang
eed0c927fd scripts: AArch64: Add missing tests in sequential mod
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-07 09:35:06 +01:00
Henry Wang
fb5cbd966e scripts: AArch64: Run test cases for split modules
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-07 09:35:06 +01:00
Henry Wang
25798a97b3 tests: Restructure AArch64 tests
Currently we need to test both device tree and ACPI on AArch64. As
the number of ACPI test cases is gradually increasing and expected
to increase in the future, it is better to extract all ACPI test
cases on AArch64 to a single module.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-07 09:35:06 +01:00
Jianyong Wu
2752b07762 enable virtio-mem test for arm64
virtio-mem has enabled on arm64. let's test it.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2021-09-07 09:34:22 +01:00
Jianyong Wu
a2e72774a9 bump kernel version to 5.14 for arm
Bump kernel version and update kernel config file accordingly.
Especially, enable virtio-mem and MEMORY_HOTPLUG_DEFAULT_ONLINE here.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2021-09-07 09:34:22 +01:00
dependabot[bot]
584d5c5596 build: bump vm-fdt from fbf4f7f to 720e48e
Bumps [vm-fdt](https://github.com/rust-vmm/vm-fdt) from `fbf4f7f` to `720e48e`.
- [Release notes](https://github.com/rust-vmm/vm-fdt/releases)
- [Commits](fbf4f7f054...720e48e435)

---
updated-dependencies:
- dependency-name: vm-fdt
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-04 15:57:21 +00:00
dependabot[bot]
828dbd5227 build: bump micro_http from c1a38b5 to 36e59a0
Bumps [micro_http](https://github.com/firecracker-microvm/micro-http) from `c1a38b5` to `36e59a0`.
- [Release notes](https://github.com/firecracker-microvm/micro-http/releases)
- [Commits](c1a38b507c...36e59a083e)

---
updated-dependencies:
- dependency-name: micro_http
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-04 15:12:01 +00:00
dependabot[bot]
b2e88967e4 build: bump vfio-ioctls from bc30df3 to 1080e80
Bumps [vfio-ioctls](https://github.com/rust-vmm/vfio-ioctls) from `bc30df3` to `1080e80`.
- [Release notes](https://github.com/rust-vmm/vfio-ioctls/releases)
- [Commits](bc30df33be...1080e80799)

---
updated-dependencies:
- dependency-name: vfio-ioctls
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-04 15:10:39 +00:00
dependabot[bot]
ea396afdfa build: bump syn from 1.0.75 to 1.0.76
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.75 to 1.0.76.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.75...1.0.76)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-04 14:51:04 +00:00
dependabot[bot]
bfe0e90671 build: bump syn from 1.0.75 to 1.0.76 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.75 to 1.0.76.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.75...1.0.76)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-04 14:20:48 +00:00
dependabot[bot]
282484120d build: bump mshv-bindings from 4e9a304 to 0d6e4e8
Bumps [mshv-bindings](https://github.com/rust-vmm/mshv) from `4e9a304` to `0d6e4e8`.
- [Release notes](https://github.com/rust-vmm/mshv/releases)
- [Commits](4e9a304b04...0d6e4e82b9)

---
updated-dependencies:
- dependency-name: mshv-bindings
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-04 14:20:44 +00:00
Henry Wang
4d52a84ef7 docs: api: Add documentation for vm.power-button
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-03 10:27:52 -07:00
Henry Wang
1bf083bf00 tests: Add a test case for Arm64 ACPI power button
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-03 10:27:52 -07:00
Henry Wang
c50051a686 device_manager: Enable power button for ACPI on AArch64
Current AArch64 power button is only for device tree using a PL061
GPIO controller device. Since AArch64 now supports ACPI, this
commit extend the power button on AArch64 to:

- Using GED for ACPI+UEFI boot.
- Using PL061 for device tree boot.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-03 10:27:52 -07:00
Rob Bradford
e475b12cf7 virtio-devices, vmm: Upgrade restore related messages to info!()
These happen only sporadically so can be included at the info!() level.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-03 09:30:55 -07:00
Rob Bradford
64e217cf39 pci: configuration: Upgrade log level of PCI BAR reprogramming message
This message only occurs sporadically and so it should be included at
info!() level. Enhance the output to also include the BAR number.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-03 09:30:55 -07:00
Rob Bradford
968902dfec devices, vmm: Upgrade exit reasons to info!() level debugging
These statements are useful for understanding the cause of reset or
shutdown of the VM and are not spammy so should be included at info!()
level.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-03 09:30:55 -07:00
Rob Bradford
df3b20f472 Revert "build: Temporarily disable baremetal testing"
This reverts commit d475b953b8.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-03 16:32:14 +01:00
Bo Chen
6c142e35f7 tests: Add test_live_migration_numa
This patch refactors and reuses the existing 'test_live_migration' for
adding 'test_live_migraiton_numa'.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-09-03 06:50:01 +01:00
Bo Chen
32da33eacd tests: Refactor common checks on numa
This patch adds a separate function to perform common numa checks, so
that we can reuse this function in other tests, e.g. the test for
live-migration with numa.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-09-03 06:50:01 +01:00
Henry Wang
5d53648762 scripts: Enable the live-migration test on AArch64
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-03 06:36:17 +01:00
Alyssa Ross
7549149bb5 vmm: ensure signal handlers run on the right thread
Despite setting up a dedicated thread for signal handling, we weren't
making sure that the signals we were listening for there were actually
dispatched to the right thread.  While the signal-hook provides an
iterator API, so we can know that we're only processing the signals
coming out of the iterator on our signal handling thread, the actual
signal handling code from signal-hook, which pushes the signals onto
the iterator, can run on any thread.  This can lead to seccomp
violations when the signal-hook signal handler does something that
isn't allowed on that thread by our seccomp policy.

To reproduce, resize a terminal running cloud-hypervisor continuously
for a few minutes.  Eventually, the kernel will deliver a SIGWINCH to
a thread with a restrictive seccomp policy, and a seccomp violation
will trigger.

As part of this change, it's also necessary to allow rt_sigreturn(2)
on the signal handling thread, so signal handlers are actually allowed
to run on it.  The fact that this didn't seem to be needed before
makes me think that signal handlers were almost _never_ actually
running on the signal handling thread.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2021-09-02 21:33:31 +01:00
Rob Bradford
c2144b5690 vmm, virtio-console: Move input reading into virtio-console thread
Move the processing of the input from stdin, PTY or file from the VMM
thread to the existing virtio-console thread. The handling of the resize
of a virtio-console has not changed but the name of the struct used to
support that has been renamed to reflect its usage.

Fixes: #3060

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-09-02 21:17:33 +01:00
Henry Wang
0d01eac1d4 vmm: Do the downcast of GicDevice in a safer way for AArch64
Downcasting of GicDevice trait might fail. Therefore we try to
downcast the trait first and only if the downcasting succeeded we
can then use the object to call methods. Otherwise, do nothing and
log the failure.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-02 15:18:41 +01:00
Henry Wang
46c60183cd arch, vmm: Implement GIC Pausable trait
This commit implements the GIC (including both GICv3 and GICv3ITS)
Pausable trait. The pause of device manager will trigger a "pause"
of GIC, where we flush GIC pending tables and ITS tables to the
guest RAM.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2021-09-02 15:18:41 +01:00
Bo Chen
7b80709595 build: Add Jenkinsfile entry for live-migration integration tests
Signed-off-by: Bo Chen <chen.bo@intel.com>
2021-09-02 14:57:31 +01:00