Commit Graph

4370 Commits

Author SHA1 Message Date
Sebastien Boeuf
00873e5f84 vmm: device_manager: Update virtio devices memory with a single region
Relies on the preliminary work allowing virtio devices to be updated
with a single memory at a time instead of updating the entire memory at
once.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
9e53efa3ca virtio-devices: Add support for adding a single memory region
Assuming vhost-user devices support CONFIGURE_MEM_SLOTS protocol
feature, we introduce a new method to the VirtioDevice trait in order to
update one single memory at a time.

In case CONFIGURE_MEM_SLOTS is not supported by the backend (feature not
acked), we fallback onto the current way of updating the memory
mappings, that is with SET_MEM_TABLE.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
4f22f57651 vhost_user_net: Enable CONFIGURE_MEM_SLOTS protocol feature
In order to support GET_MAX_MEM_SLOTS, ADD_MEM_REG and REM_MEM_REG, the
protocol feature CONFIGURE_MEM_SLOTS must be enabled.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
1e1cbc53c1 vhost_user_blk: Enable CONFIGURE_MEM_SLOTS protocol feature
In order to support GET_MAX_MEM_SLOTS, ADD_MEM_REG and REM_MEM_REG, the
protocol feature CONFIGURE_MEM_SLOTS must be enabled.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
8255d5f774 vhost_user_backend: Move to latest vhost version
The latest vhost version adds the support for the new commands
get_max_mem_slots(), add_mem_region() and remove_mem_region(), all
related to the new vhost-user protocol feature CONFIGURE_MEM_SLOTS.

The vhost_user_backend crate is updated accordingly in order to support
these new commands, mostly related to the capability of updating the
guest memory mappings with a finer control than set_mem_table() command.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
e3a8d6c13c virtio-devices: vhost-user: net: Fix seccomp filters
On x86_64 architecture, multiple syscalls were missing when shutting
down the vhost-user-net device along with the VM. This was causing the
usual crash related to seccomp filters.

This commit adds these missing syscalls to fix the issue.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Sebastien Boeuf
581bf4aad5 virtio-devices: vhost-user: Fix device reset
There is no need to get the vring base when resetting the vhost-user
device. This was mostly ignored, but in some cases, it was causing some
actual errors.

A reset must simply be a combination of disabling the vrings along with
the reset of the owner.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-11 19:04:21 +01:00
Jiachen Zhang
16b82f3dfe vhost-user: Make ActivateError messages more consistent
Originally, VhostUserSetup is only used by vhost-user-fs. While
vhost-user-blk and vhost-user-net have their own error messages,
we rename VhostUserSetup to VhostUserFsSetup.

Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
2021-03-11 15:09:07 +00:00
dependabot-preview[bot]
675a8f808c build(deps): bump signal-hook from 0.3.6 to 0.3.7 in /fuzz
Bumps [signal-hook](https://github.com/vorner/signal-hook) from 0.3.6 to 0.3.7.
- [Release notes](https://github.com/vorner/signal-hook/releases)
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-11 09:29:26 +00:00
dependabot-preview[bot]
59e5048436 build(deps): bump byteorder from 1.4.2 to 1.4.3 in /fuzz
Bumps [byteorder](https://github.com/BurntSushi/byteorder) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/BurntSushi/byteorder/releases)
- [Changelog](https://github.com/BurntSushi/byteorder/blob/master/CHANGELOG.md)
- [Commits](https://github.com/BurntSushi/byteorder/compare/1.4.2...1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-11 08:45:59 +00:00
dependabot-preview[bot]
7b3e79cdfa build(deps): bump signal-hook from 0.3.6 to 0.3.7
Bumps [signal-hook](https://github.com/vorner/signal-hook) from 0.3.6 to 0.3.7.
- [Release notes](https://github.com/vorner/signal-hook/releases)
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-11 08:45:27 +00:00
Rob Bradford
66ffaceffc vmm: tdx: Correctly populate the 64-bit MMIO region
The MMIO structure contains the length rather than the maximum address
so it is necessary to subtract the starting address from the end address
to calculate the length.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-10 14:45:51 +00:00
dependabot-preview[bot]
4e307788b7 build(deps): bump byteorder from 1.4.2 to 1.4.3
Bumps [byteorder](https://github.com/BurntSushi/byteorder) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/BurntSushi/byteorder/releases)
- [Changelog](https://github.com/BurntSushi/byteorder/blob/master/CHANGELOG.md)
- [Commits](https://github.com/BurntSushi/byteorder/compare/1.4.2...1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-10 13:14:58 +00:00
Muminul Islam
8739f6cccb scripts: Fix windows test script for running on MSHV
In order to run Windows test on MSHV we need to build and test using
MSHV feature.

Signed-off-by: Muminul Islam <muislam@microsoft.com>
2021-03-10 10:08:12 +00:00
dependabot-preview[bot]
5599cbef50 build(deps): bump syn from 1.0.62 to 1.0.63 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.62 to 1.0.63.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.62...1.0.63)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-10 08:03:10 +00:00
dependabot-preview[bot]
4c52ad2550 build(deps): bump syn from 1.0.62 to 1.0.63
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.62 to 1.0.63.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.62...1.0.63)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-10 08:02:59 +00:00
Rob Bradford
a0c07474a3 vmm: seccomp: Add KVM_MEMORY_ENCRYPT_OP ioctl to seccomp filter
This is the basis for TDX based operations on the various KVM file
descriptors.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-09 16:26:06 +01:00
Rob Bradford
be0cbb09b1 build: Clippy check with "tdx" feature
In the absence of a way of integration testing this testing that it
compiles is reasonable compromise.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
d24aa887b6 vmm: Reject VM snapshot request if TDX in use
It is not possible to snapshot the contents of a TDX VM.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
835a31e283 vmm: config: Require max and boot vCPUs to be equal for TDX
CPU hotplug is not possible with TDX

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
57c8c250fd tdx: Permit starting Cloud Hypervisor without --kernel
This is not required if TDX is present.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
62abc117ab tdx: Configure TDX state for the VM
Load the sections backed from the file into their required addresses in
memory and populate the HOB with details of the memory. Using the HOB
address initialize the TDX state in the vCPUs and finalize the TDX
configuration.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
1c54fc3ab7 hypervisor: Support creating a VM of a specified KVM type
This is necessary to support creating a TD VM.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
57ce0986f7 vmm: cpu: Add functionality for enabling TDX for all vCPUs
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
c8cad394b5 vmm: cpu: Expose the common/shared CPUID data for all vCPUs
This allows the CPUID data to be passed into the VM level ioctl used for
initalizing TDX.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
b02aff5761 vmm: memory_manager: Disable dirty page logging when running on TDX
It is not permitted to have this enabled in memory that is part of a TD.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
f282cc001a tdx: Add abstraction to call TDX ioctls to hypervisor
Add API to the hypervisor interface and implement for KVM to allow the
special TDX KVM ioctls on the VM and vCPU FDs.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
c48e82915d vmm: Make kernel optional in VM internals
When booting with TDX no kernel is supplied as the TDFV is responsible
for loading the OS. The requirement to have the kernel is still
currently enforced at the validation entry point; this change merely
changes function prototypes and stored state to use Option<> to support.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
66a3bed086 vmm: config: Add "--tdx" option parsing
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
45cc26f940 tdx: Add support for generating a TD HOB list
This is used to communicate details of the memory configuration from the
VMM into the TDMF.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
77955bd8f9 tdx: Add support for parsing TDVF metadata
Add support extracting the sections out for a TDVF file which can be
then used to load the TDVF and TD HOB data into their appropriate
locations.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Rob Bradford
e61ee6bcac tdx: Add "tdx" feature with an empty module inside arch to implement
Add the skeleton of the "tdx" feature with a module ready inside the
arch crate to store implementation details.

TEST=cargo build --features="tdx"

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 18:30:00 +00:00
Vineeth Pillai
fd9bd1c86c main: minor fix in the help message for event monitor
Signed-off-by: Vineeth Pillai <viremana@linux.microsoft.com>
2021-03-08 15:32:18 +00:00
Rob Bradford
cf9e81c05a build: Update kvm-ioctls and kvm-bindings dependencies
These need to be updated together as the kvm-ioctls depends upon a
strictly newer version of kvm-bindings which requires a rebase in the CH
fork.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-08 14:52:30 +00:00
dependabot-preview[bot]
a4a2d6fbee build(deps): bump syn from 1.0.61 to 1.0.62 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.61 to 1.0.62.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.61...1.0.62)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-08 08:56:23 +00:00
dependabot-preview[bot]
94083793a6 build(deps): bump serde from 1.0.123 to 1.0.124 in /fuzz
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.123 to 1.0.124.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.123...v1.0.124)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-08 08:46:07 +00:00
dependabot-preview[bot]
8ae966e975 build(deps): bump syn from 1.0.61 to 1.0.62
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.61 to 1.0.62.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.61...1.0.62)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-08 07:46:17 +00:00
dependabot-preview[bot]
f68fe54b9b build(deps): bump vhost from 62fd4ec to 7784304
Bumps [vhost](https://github.com/rust-vmm/vhost) from `62fd4ec` to `7784304`.
- [Release notes](https://github.com/rust-vmm/vhost/releases)
- [Commits](62fd4ec5a4...7784304860)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-08 07:45:52 +00:00
dependabot-preview[bot]
54e1796da6 build(deps): bump serde from 1.0.123 to 1.0.124
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.123 to 1.0.124.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.123...v1.0.124)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-07 23:09:32 +00:00
dependabot-preview[bot]
c8be08adf6 build(deps): bump serde_derive from 1.0.123 to 1.0.124
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.123 to 1.0.124.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.123...v1.0.124)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-07 21:54:56 +00:00
dependabot-preview[bot]
ccfa34d066 build(deps): bump libc from 0.2.87 to 0.2.88
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.87 to 0.2.88.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.87...0.2.88)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-05 18:39:37 +00:00
Sebastien Boeuf
d65a0b68b9 Revert "Jenkinsfile: Temporarily disable SGX CI"
This reverts commit 526cf32a78.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 19:02:30 +01:00
William Douglas
56028fb214 Try to restore pty configuration on reboot
When a vm is created with a pty device, on reboot the pty fd (sub
only) will only be associated with the vmm through the epoll event
loop. The fd being polled will have been closed due to the vm itself
dropping the pty files (and potentially reopening the fd index to a
different item making things quite confusing) and new pty fds will be
opened but not polled on for input.

This change creates a structure to encapsulate the information about
the pty fd (main File, sub File and the path to the sub File). On
reboot, a copy of the console and serial pty structs is then passed
down to the new Vm  instance which will be used instead of creating a
new pty device.

This resolves the underlying issue from #2316.

Signed-off-by: William Douglas <william.r.douglas@gmail.com>
2021-03-05 18:34:52 +01:00
Sebastien Boeuf
933d41cf2f vmm: Provide DMA mapping handlers to virtio-mem devices
Now that virtio-mem devices can update VFIO mappings through dedicated
handlers, let's provide them from the DeviceManager.

Important to note these handlers should either be provided to virtio-mem
devices or to the unique virtio-iommu device. This must be mutually
exclusive.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 10:38:42 +01:00
Sebastien Boeuf
61f9a4ec6c virtio-devices: mem: Accept handlers to update DMA mappings
Create two functions for registering/unregistering DMA mapping handlers,
each handler being associated with a VFIO device.

Whenever the plugged_size is modified (which means triggered by the
virtio-mem driver in the guest), the virtio-mem backend is responsible
for updating the DMA mappings related to every VFIO device through the
handler previously provided.

It's important to update the map when the handler is either registered
or unregistered as well, as we don't want to miss some plugged memory
that would have been added before the VFIO device is added to the VM.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 10:38:42 +01:00
Sebastien Boeuf
080ea31813 pci, vmm: Manage VFIO DMA mapping from DeviceManager
Instead of letting the VfioPciDevice take the decision on how/when to
perform the DMA mapping/unmapping, we move this to the DeviceManager
instead.

The point is to let the DeviceManager choose which guest memory regions
should be mapped or not. In particular, we don't want the virtio-mem
region to be mapped/unmapped as it will be virtio-mem device
responsibility to do so.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 10:38:42 +01:00
Sebastien Boeuf
d6db2fdf96 vmm: memory_manager: Add ACPI hotplug region to default memory zone
When memory is resized through ACPI, a new region is added to the guest
memory. This region must also be added to the corresponding memory zone
in order to keep everything in sync.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2021-03-05 10:38:42 +01:00
dependabot-preview[bot]
f1aa09f178 build(deps): bump syn from 1.0.60 to 1.0.61 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.60 to 1.0.61.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.60...1.0.61)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-05 07:49:52 +00:00
dependabot-preview[bot]
8cbb7b15a9 build(deps): bump syn from 1.0.60 to 1.0.61
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.60 to 1.0.61.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.60...1.0.61)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-03-05 07:14:58 +00:00
Rob Bradford
b65502c3c1 main: Refine event monitor control
Replace "--monitor-fd" with "--event-monitor" which can either take
"fd=<int>" or "path=<path>" which can point to e.g. a named pipe and
allow more flexibility.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2021-03-04 19:12:40 +01:00