2447 Commits

Author SHA1 Message Date
Sebastien Boeuf
d9992b5b5f virtio-devices: console: Port to EpollHelper
Migrate to EpollHelper so as to remove code that is duplicated between
multiple virtio devices.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-08-11 19:17:50 +02:00
Sebastien Boeuf
bdef54ead6 vmm: Add brk syscall to the API thread
The brk syscall is not always called as the system might not need it.
But when it's needed from the API thread, this causes the thread to
terminate as it is not part of the authorized list of syscalls.

This should fix some sporadic failures on the CI with the musl build.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-08-11 15:04:21 +01:00
Alyssa Ross
cb96afaa2f vhost_user_net: don't claim to impl all features
Even if the vhost-user-net device did implement all currently-defined
features, it would be very short-sighted to use ::all(), because if a
new feature was defined later, the device would start claiming to
implement it even though it didn't.

More practically, claiming to implement all features breaks using QEMU
with the cloud-hypervisor vhost-user-net backend, because QEMU will
negotiate VHOST_USER_PROTOCOL_F_SLAVE_REQ, and then break when the
communication channel isn't actually set up.

I wasn't sure exactly which features the backend should claim to
implement, though.  Definitely MQ, and I'm fairly certain none of the
features I've ommitted are implemented.  But I'm not sure about
REPLY_ACK.  As far as I can tell it should be implemented entirely by
the vhost crate, with no cooperation required from the vhost-user-net
backend itself, so there should be no reason to let a frontend use it
if it wants to.  But despite this, neither vhost-user-fs nor
vhost-user-blk claims to implement it.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2020-08-11 12:58:26 +02:00
Rob Bradford
070f47246c tests: Port test_snapshot_restore to new methodology
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-11 12:57:18 +02:00
Rob Bradford
6cd31e7a4d tests: Introduce new test methodology
Rather than using a credible TestBlock to capture the test assertions
instead use a catch_unwind block to catch the panic and turn
it into a Result<>.

If block panicked or the child binary had non-zero exit then, and only
then, print out the child output.

This results in a clearer test output with no interleaving.

Currently only test_counters is ported to this methodology to
demonstrate its use.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-11 12:57:18 +02:00
Rob Bradford
5da55f0f2e tests: Remove "--nocapture" from tests
`cargo test` runs every test in its own process and by default will
collect the output from the test and only print it if the test fails.
`--nocapture` instead prints any output from the test immediately and
does not collate it - this leads to interleaving.

`--nocapture` might be useful for local test debugging but is not
something that is helpful, and is instead unhelpful for our CI as a
whole.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-11 12:57:18 +02:00
dependabot-preview[bot]
bfacf50d90 build(deps): bump serde_derive from 1.0.114 to 1.0.115
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.114 to 1.0.115.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.114...v1.0.115)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-11 05:47:30 +00:00
dependabot-preview[bot]
6812a63fca build(deps): bump serde from 1.0.114 to 1.0.115
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.114 to 1.0.115.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.114...v1.0.115)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-11 05:14:51 +00:00
Rob Bradford
c5a03d5ad4 build: Remove job directory on ARM64 build
This prevents the builder from running out of disk space.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-10 14:55:50 +01:00
Sebastien Boeuf
05c6136790 io-uring: Move to the crates.io 0.4.0 version
Now that io-uring crate has been stabilized, let's move to the latest
release 0.4.0 from crates.io.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-08-10 08:40:51 +01:00
Rob Bradford
66efe3cf53 virtio-devices: mem: Port to EpollHelper
Migrate to EpollHelper so as to remove code that is duplicated between
multiple virtio devices.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-10 08:46:35 +02:00
Anatol Belski
d4754e18f9 Cargo.toml: add missing [package] entries
These are required by some tools, but also by crates.io one day.

Signed-off-by: Anatol Belski <ab@php.net>
2020-08-10 08:44:09 +02:00
dependabot-preview[bot]
3bbed83e8e build(deps): bump io-uring from c00d968 to 445fbc4
Bumps [io-uring](https://github.com/tokio-rs/io-uring) from `c00d968` to `445fbc4`.
- [Release notes](https://github.com/tokio-rs/io-uring/releases)
- [Commits](c00d968b03...445fbc4ae4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-09 17:01:24 +00:00
Rob Bradford
1c4e8ac5ce Revert "build: Temporarily disable ARM64 builds"
This reverts commit 743ebe2fa64f09bd83924b45a59296fec4e46835.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-07 10:35:50 +01:00
Rob Bradford
d714cf8131 build, release-notes.md: Document 0.9.0 release
Update release notes and version number for the new release.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
v0.9.0
2020-08-06 14:31:36 +01:00
Rob Bradford
8286b316c1 build: Bump vm-memory dependency
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-06 14:26:47 +01:00
Muminul Islam
96caf6b03b rpm: Add spec file for packaging cloud-hypervisor
Packaging the cloud-hyperviosr binary is useful for enterprise use.
This patch adds the spec file for x86_64. Aarch64 support is not added
yet.
Signed-off-by: Muminul Islam <muislam@microsoft.com>
2020-08-06 09:29:36 +01:00
Sebastien Boeuf
20cd778c5b ci: Retry integration tests if failing
Both gnu and musl workers will retry integration tests up to 3 times if
they fail. This should give us a better pass rate, without having to
restart the entire build every time a single glitch happens.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-08-06 08:29:50 +01:00
dependabot-preview[bot]
7529a9ac05 build(deps): bump seccomp from v0.21.2 to v0.22.0
Bumps [seccomp](https://github.com/firecracker-microvm/firecracker) from v0.21.2 to v0.22.0.
- [Release notes](https://github.com/firecracker-microvm/firecracker/releases)
- [Changelog](cc5387637c/CHANGELOG.md)
- [Commits](a06d358b2e...cc5387637c)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-06 07:25:30 +00:00
Bo Chen
f65372ea4a dev_cli: Remove the use of undefined '$libc' for the 'shell' command
Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-06 08:30:40 +02:00
dependabot-preview[bot]
8e8ec74b2a build(deps): bump clap from 2.33.1 to 2.33.2
Bumps [clap](https://github.com/clap-rs/clap) from 2.33.1 to 2.33.2.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-05 20:36:12 +00:00
dependabot-preview[bot]
1ac6ccb300 build(deps): bump signal-hook-registry from 1.2.0 to 1.2.1
Bumps [signal-hook-registry](https://github.com/vorner/signal-hook) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/vorner/signal-hook/releases)
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-05 20:35:55 +00:00
Jose Carlos Venegas Munoz
90acb01bad vmm: seccomp: add mprotect to API thread filter
Add mprotect to API thread rules. Prevent the VMM is
killed when it is used.

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
2020-08-05 21:35:21 +01:00
Rob Bradford
743ebe2fa6 build: Temporarily disable ARM64 builds
The builder is not currently responding to pings.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-05 17:51:20 +01:00
Anatol Belski
4f33ea89cf pci: use vfio-bindings from crates.io
This fixes `cargo vendor` throwing an error

```
$ cargo vendor
error: failed to sync

Caused by:
  found duplicate version of package `vfio-bindings v0.2.0` vendored from two sources:

	source 1: https://github.com/rust-vmm/vfio-bindings#f08cbcbf
	source 2: registry `https://github.com/rust-lang/crates.io-index`
```

Both sources are indeed same, the conflict is only cause by the
different URLs.

Signed-off-by: Anatol Belski <ab@php.net>
2020-08-05 17:50:45 +01:00
Sebastien Boeuf
0f1ab38ded hypervisor: kvm: Make MSRs set/get more flexible
Based on the way KVM_GET_MSRS and KVM_SET_MSRS work, both function are
very unlikely to fail, as they simply stop looping through the list of
MSRs as soon as getting or setting one fails. This is causing some
issues with the snapshot/restore feature, as on some platforms, we only
save a subset of the list of MSRs, leading to unproper way of saving the
VM.

The way to address this issue is by checking the number of MSRs get/set
matches the expected amount from the list. In case it does not match, we
simply ignore the failing MSR and continue getting/setting the rest of
the list. By doing this by iterations, we end up getting/setting as many
MSRs as the platform can support.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2020-08-05 14:52:35 +01:00
Rob Bradford
44cf97e2fd build: Fix Jenkinsfile syntax
Turns out that "when" blocks are permitted but not effectual in "post"
sections so instead use a script behaviour to make the message
conditional on build change.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-05 14:49:33 +01:00
Rob Bradford
b5d64be479 virtio-devices: iommu: Port to EpollHelper
Migrate to EpollHelper so as to remove code that is duplicated between
multiple virtio devices.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-05 13:15:23 +02:00
Rob Bradford
2e98208af5 build: Alert on Slack when master build regresses or is fixed
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-05 13:14:20 +02:00
Rob Bradford
55c16fecbf virtio-devices: seccomp: Add missing dup() syscalls
The refactoring to use EpollHelper added a requirement on this system
call.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-05 11:32:31 +02:00
Rob Bradford
0e335a709d virtio-devices: Print out worker error messages
Currently any messages generated during the worker thread are not
shown anywhere as the thread is never join()ed on. Instead output the
error immediately.

For now only cover the subset where the work to port to EpollHandler
clashed with the seccomp filtering for virtio devices.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-05 11:32:31 +02:00
dependabot-preview[bot]
ec9de259ba build(deps): bump seccomp from v0.21.1 to v0.21.2
Bumps [seccomp](https://github.com/firecracker-microvm/firecracker) from v0.21.1 to v0.21.2.
- [Release notes](https://github.com/firecracker-microvm/firecracker/releases)
- [Changelog](a06d358b2e/CHANGELOG.md)
- [Commits](047a379eb0...a06d358b2e)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-05 07:34:44 +00:00
Michael Zhao
fc2d9c6e31 ci: Remove unused image in sha1sums-aarch64
We no longer download focal-server-cloudimg-arm64.img, checking it
lead to a failure if "work_loads" folder is new.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2020-08-05 08:15:18 +01:00
Michael Zhao
f2db346127 tests: Enable more integration test cases on AArch64
Enabled 3 test cases:
- test_large_vm
- test_huge_memory
- test_serial_null

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2020-08-05 08:15:18 +01:00
Bo Chen
dc71d2765a virtio-devices: seccomp: Add seccomp filters for pmem thread
This patch enables the seccomp filters for the pmem worker thread.

Partially fixes: #925

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-05 08:13:31 +01:00
Bo Chen
d77977536d virtio-devices: seccomp: Add seccomp filters for net thread
This patch enables the seccomp filters for the net worker thread.

Partially fixes: #925

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-05 08:13:31 +01:00
Bo Chen
276df6b71c virtio-devices: seccomp: Add seccomp filters for console thread
This patch enables the seccomp filters for the console worker thread.

Partially fixes: #925

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-05 08:13:31 +01:00
Bo Chen
a426221167 virtio-devices: seccomp: Add seccomp filters for rng thread
This patch enables the seccomp filters for the rng worker thread.

Partially fixes: #925

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-05 08:13:31 +01:00
Bo Chen
6a26789222 virtio-devices: seccomp: Fix typos in the block module
Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-05 08:13:31 +01:00
dependabot-preview[bot]
3eeee63189 build(deps): bump syn from 1.0.37 to 1.0.38
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.37 to 1.0.38.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.37...1.0.38)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-05 06:43:20 +00:00
Rob Bradford
ce65093f8d virtio-devices: pmem: Port to EpollHelper
Migrate to EpollHelper so as to remove code that is duplicated between
multiple virtio devices.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-05 08:43:01 +02:00
Rob Bradford
e093f0e83e virtio-devices: rng: Port to EpollHelper
Migrate to EpollHelper so as to remove code that is duplicated between
multiple virtio devices.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-05 08:42:06 +02:00
Ricardo Koller
358b3c0b89 Dummy change to start the tests
Signed-off-by: Ricardo Koller <ricarkol@gmail.com>
2020-08-05 08:38:58 +02:00
Ricardo Koller
7589f1b3bf vhost_user_fs: increase RLIMIT_NOFILE
Increase the number of open files limit for the sandboxed process to the
maximum allowed in the system. The maximum is obtained by reading the
/proc/sys/fs/nr_open sysctl file, and the setting is done using the setrlimit
syscall. Failure to read or parse the nr_open file, or to set the rlimit
results in a panic.

Signed-off-by: Ricardo Koller <ricarkol@gmail.com>
2020-08-05 08:38:58 +02:00
Rob Bradford
8f39b5ef84 build: Update Cargo.lock for kvm-bindings
Point to the non-merge commit.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2020-08-04 16:50:06 +01:00
Henry Wang
a47da51539 ci: AArch64: Enable basic virtio_vsock test case for AArch64
This commit enables the test case for testing the basic function
of virtio_vsock (i.e. without the hotplug).

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2020-08-04 13:16:14 +01:00
Bo Chen
704edd544c virtio-devices: seccomp: Add seccomp_filter module
This patch added the seccomp_filter module to the virtio-devices crate
by taking reference code from the vmm crate. This patch also adds
allowed-list for the virtio-block worker thread.

Partially fixes: #925

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-04 11:40:49 +02:00
Bo Chen
ff7ed8f628 vmm: Propagate the SeccompAction value to the Vm struct constructor
This patch propagates the SeccompAction value from main to the
Vm struct constructor (i.e. Vm::new_from_memory_manager), so that we can
use it to construct the DeviceManager and CpuManager struct for
controlling the behavior of the seccomp filters for vcpu/virtio-device
worker threads.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-04 11:40:49 +02:00
Bo Chen
8e74637ebb main, vmm: seccomp: Add the '--seccomp log' option
This patch extends the CLI option '--seccomp' to accept the 'log'
parameter in addition 'true/false'. It also refactors the
vmm::seccomp_filters module to support both "SeccompAction::Trap" and
"SeccompAction::Log".

Fixes: #1180

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-04 11:40:49 +02:00
Bo Chen
b41884a406 main, vmm: seccomp: Use SeccompAction instead of SeccompLevel
This patch replaces the usage of 'SeccompLevel' with 'SeccompAction',
which is the first step to support the 'log' action over system
calls that are not on the allowed list of seccomp filters.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2020-08-04 11:40:49 +02:00