Commit Graph

440 Commits

Author SHA1 Message Date
Omer Faruk Bayram
a0c8bf4f9f vmm: seccomp: implement seccomp filtering for the event-monitor thread
Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-08-09 17:22:25 +01:00
Omer Faruk Bayram
02e1c54426 event_monitor: refactor the implementation to support concurrent access
This patch modifies `event_monitor` to ensure that concurrent access to
`event_log` from multiple threads is safe. Previously, the `event_log`
function would acquire a reference to the event log file and write
to it without doing any synchronization, which made it prone to
data races. This issue likely went under the radar because the
relevant `SAFETY` comment on the unsafe block was incomplete.

The new implementation spawns a dedicated thread named `event-monitor`
solely for writing to the file. It uses the MPMC channel exposed by
`flume` to pass messages to the `event-monitor` thread. Since
`flume::Sender<T>` implements `Sync`, it is safe for multiple threads
to share it and send messages to the `event-monitor` thread.
This is not possible with `std::sync::mpsc::Sender<T>` since it's
`!Sync`, meaning it is not safe for it to be shared between different
threads.

The `event_monitor::set_monitor` function now only initializes
the required global state and returns an instance of the
`Monitor` struct. This decouples the actual logging logic from the
`event_monitor` crate. The `event-monitor` thread is then spawned by
the `vmm` crate.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-08-09 17:22:25 +01:00
Yu Li
f03c3b737f main: add missing comma in for net param
Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-07-14 09:36:27 -07:00
Yu Li
d0dbc7fb4d build: Fix beta clippy issue (useless_vec)
warning: useless use of `vec!`
   --> test_infra/src/lib.rs:111:30
    |
111 |             let mut events = vec![epoll::Event::new(epoll::Events::empty(), 0); 1];
    |                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: you can use an array directly: `[epoll::Event::new(epoll::Events::empty(), 0); 1]`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#useless_vec
    = note: `#[warn(clippy::useless_vec)]` on by default

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-07-13 08:16:30 -07:00
Yi Wang
d99c0c0d1d devices: pvpanic: add method for DeviceManager
Add method for DeviceManager to invoke.

Signed-off-by: Yi Wang <foxywang@tencent.com>
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-07-06 11:14:54 +01:00
Yu Li
499989fb17 logger: use write with \r\n instead of writeln
The device manager will set tty or pty to raw mode, all the `\n` will
be LF without CR, which makes the output difficult to read.

This commit solves it by using `write` with `\r\n` instead of
`writeln`, which can print CR and LF explicitly.

Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
2023-06-16 14:15:03 -07:00
Omer Faruk Bayram
a64d27f841 ch-remote: full support for calling the D-Bus API
Support calling into the D-Bus API in a non-breaking way.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
7a458d85d1 main: cli: add D-Bus API related CLI options
Introduces three new CLI options, `dbus-service-name`,
`dbus-object-path` and `dbus-system-bus` to configure the DBus API.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
f00df25d40 vmm: dbus: graceful shutdown of the DBusApi thread
This commit adds support for graceful shutdown of the DBusApi thread
using `futures::channel::oneshot` channels. By using oneshot channels,
we ensure that the thread has enough time to send a response to the
`VmmShutdown` method call before it is terminated. Without this step,
the thread may be terminated before it can send a response, resulting
in an error message on the client side stating that the message
recipient disconnected from the message bus without providing a reply.

Also changes the default values for DBus service name, object path
and interface name.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Omer Faruk Bayram
c016a0d4d3 vmm: dbus: implement the D-Bus API
This commit introduces three new dependencies: `zbus`, `futures`
and `blocking`. `blocking` is used to call the Internal API in zbus'
async context which is driven by `futures::executor`. They are all
behind the `dbus_api` feature flag.

The D-Bus API implementation is behind the same `dbus_api` feature
flag as well.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-06-06 10:18:26 -07:00
Ravi kumar Veeramally
612621bb46 vmm: Improve "cloud-hypervisor --help" view format
Rust documentation comments follows 80 char per line. But some of
these help options doesn't have space in between. Longlines of
text is starting from beginning of the next line instead of
proper format.

Before fix:

Options:
  --cpus            boot=<boot_vcpus>,max=<max_vcpus>,topology=<threads_per_core>:<cores_per_die>:<dies_per_package>:<packages>,kvm_hyperv=on|off,max_phys_bits=<maximum_number_of_physical_bits>,affinity=<list_of_vcpus_with_their_associated_cpuset>,features=<list_of_features_to_enable>

After fix:

Options:
  --cpus            boot=<boot_vcpus>, max=<max_vcpus>,
                    topology=<threads_per_core>:<cores_per_die>:<dies_per_package>:<packages>,
                    kvm_hyperv=on|off,
                    max_phys_bits=<maximum_number_of_physical_bits>,
                    affinity=<list_of_vcpus_with_their_associated_cpuset>,
                    features=<list_of_features_to_enable>

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@intel.com>
2023-06-01 13:46:57 +01:00
Rafael Mendonca
1976157761 main: Fix error propagation if starting the VM fails
Commit 21d40d7 ("main: reset tty if starting the VM fails") changed
start_vmm() to join the vmm thread if an error happens after the vmm
thread is started. The implementation put all the error-prone code that
is run after the vmm is started in a closure, to be able to always join
the vmm thread, regardless of any error happening. However, it missed
propagating the error that might happen inside the closure back to the
main function, after joining the vmm thread.

For some cmd line options, the above issue inhibits proper error
reporting when starting a VM with invalid commands, as many parameters
are parsed after the vmm is started, thus if such parsing fails, no
error will be reported back to the user.

See: #5435
Fixes: 21d40d7 ("main: reset tty if starting the VM fails")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
2023-05-23 09:45:08 -07:00
Alyssa Ross
21d40d7489 main: reset tty if starting the VM fails
When I refactored this to centralise resetting the tty into
DeviceManager::drop, I tested that the tty was reset if an error
happened on the vmm thread, but not on the main thread.  It turns out
that if an error happened on the main thread, the process would just
exit, so drop handlers on other threads wouldn't get run.

To fix this, I've changed start_vmm() to write to the VMM's exit
eventfd and then join the thread if an error happens after the vmm
thread is started.

Fixes: b6feae0a ("vmm: only touch the tty flags if it's being used")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-05-02 09:33:53 +01:00
Bo Chen
a84b540b65 vmm: config: Extend 'VmConfig' with 'preserved_fds'
Preserved FDs are the ones that share the same life-time as its holding
VmConfig instance, such as FDs for creating TAP devices.

Preserved FDs will stay open as long as the holding VmConfig instance is
valid, and will be closed when the holding VmConfig instance is destroyed.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-04-17 16:33:29 +01:00
Alyssa Ross
b6feae0ace vmm: only touch the tty flags if it's being used
When neither serial nor console are connected to the tty,
cloud-hypervisor shouldn't touch the tty at all.  One way in which
this is annoying is that if I am running cloud-hypervisor without it
using my terminal, I expect to be able to suspend it with ^Z like any
other process, but that doesn't work if it's put the terminal into raw
mode.

Instead of putting the tty into raw mode when a VM is created or
restored, do it when a serial or console device is created.  Since we
now know it can't be put into raw mode until the Vm object is created,
we can move setting it back to canon mode into the drop handler for
that object, which should always be run in normal operation.  We still
also put the tty into canon mode in the SIGTERM / SIGINT handler, but
check whether the tty was actually used, rather than whether stdin is
a tty.  This requires passing on_tty around as an atomic boolean.

I explored more of an abstraction over the tty — having an object that
encapsulated stdout and put the tty into raw mode when initialized and
into canon mode when dropped — but it wasn't practical, mostly due to
the special requirements of the signal handler.  I also investigated
whether the SIGWINCH listener process could be used here, which I
think would have worked but I'm hesitant to involve it in serial
handling as well as conosle handling.

There's no longer a check for whether the file descriptor is a tty
before setting it into canon mode — it's redundant, because if it's
not a tty it just won't respond to the ioctl.

Tested by shutting down through the API, SIGTERM, and an error
injected after setting raw mode.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
2023-04-17 16:33:17 +01:00
Omer Faruk Bayram
346ee09e6b vmm: api: include BUILD_VERSION and CH pid in VmmPingResponse
Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-04-14 12:13:46 -07:00
Omer Faruk Bayram
59012ccc6e build: rename BUILT_VERSION to BUILD_VERSION
Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-04-14 12:13:46 -07:00
Omer Faruk Bayram
1b12790c13 ch-remote: fixed ShutdownVmm and Shutdown commands
Fixed `ShutdownVmm` and `Shutdown` commands to call the correct API
endpoint.

Signed-off-by: Omer Faruk Bayram <omer.faruk@sartura.hr>
2023-03-30 09:37:02 -07:00
Rob Bradford
3a81f9328f build: Add optional dhat heap profiling
Add new "dhat-heap" build feature which enables dhat heap profiling.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-01-17 14:02:01 +00:00
Wei Liu
111225a2a5 main: switch to argh
A few breaking changes:

1. `-vvv` needs to be written as `-v -v -v`.
2. `--disk D1 D2` and others need to be written as `--disk D1 --disk D2`.
3. `--option=value` needs to be written as `--option value`

Change integration tests to adapt to the breaking changes.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-16 16:39:03 +00:00
Wei Liu
fe49056129 main: split out a few functions
Switching to `argh` requires individual default functions.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-16 16:39:03 +00:00
Wei Liu
d5558aea2a ch-remote: switch to argh
Since argh does not support `--option=value`, we need to change the
integration test code to become `--option value`.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-16 16:39:03 +00:00
Rob Bradford
c89b8e061f Revert "vmm: Deprecate MemoryZoneConfig::file"
This reverts commit 9fb0274479.

A user was identified of this functionality.

See: #4837
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-01-10 10:31:18 +00:00
Philipp Schuster
9e8296b696 log: align log message timestamp
With this change, all log messages will have the same width for the
timestamp. The number of ms is rounded to 6 decimal places.

Signed-off-by: Philipp Schuster <philipp.schuster@cyberus-technology.de>
2023-01-09 16:38:29 +01:00
Wei Liu
0389190c64 build: drop the need to import macros from Clap
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-06 13:06:16 -08:00
Rob Bradford
5e52729453 misc: Automatically fix cargo clippy issues added in 1.65 (stable)
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-12-14 14:27:19 +00:00
Rob Bradford
9fb0274479 vmm: Deprecate MemoryZoneConfig::file
Remove from the documentation and API definition but continue support
using the field (with a deprecation warning.)

See: #4837

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-12-12 16:44:04 +00:00
Shuaiyi Zhang
389264351e ch-remote: Add support for vmm.shutdown
Signed-off-by: Shuaiyi Zhang <zhangsy28@lenovo.com>
2022-12-06 13:21:55 -08:00
Shuaiyi Zhang
0e09b537e3 ch-remote: Add support for vmm.ping
Signed-off-by: Shuaiyi Zhang <zhangsy28@lenovo.com>
2022-12-05 07:45:01 -08:00
Rob Bradford
ad817f19b5 main: Allow the use of let ahead and immediate return
On aarch64 there is no modification of the app struct however
refactoring to remove this would be very intrusive.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-12-01 17:02:30 +00:00
Wei Liu
d5f294b326 main: add safety comments
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-11-18 12:50:01 +00:00
Praveen K Paladugu
7122e2989c vmm: Add tpm parameter
Add an optional --tpm parameter that takes UNIX Domain
Socket from swtpm.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2022-11-15 16:42:21 +00:00
Rob Bradford
f603afc46e vmm: Make Transparent Huge Pages controllable (default on)
Add MemoryConfig::thp and `--memory thp=on|off` to allow control of
Transparent Huge Pages.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-11-09 16:51:21 +00:00
Bo Chen
a9ec0f33c0 misc: Fix clippy issues
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-11-02 09:41:43 +01:00
Rob Bradford
83cc554f90 vmm: Remove deprecated VmConfig::{kernel, initramfs, cmdline} members
These have been replaced by members of PayloadConfig and should be
removed in v28.0 (mentioned in v26.0 release notes.)

Fixes: #4737

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-10-06 14:25:29 +01:00
Sebastien Boeuf
89677c3181 build: Bump clap from 3.2.22 to 4.0.9
Bumps [clap](https://github.com/clap-rs/clap) from 3.2.22 to 4.0.9.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@v3.2.22...v4.0.9)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Moving to the major version 4 introduced some breaking changes which had
to be handled manually.

Fixes #4709

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-10-05 12:59:14 +01:00
Rob Bradford
06eb82d239 build: Consolidate "gdb" build feature into "guest_debug"
This simplifies the CI process but also logical with the existing
functionality under "guest_debug" (dumping guest memory).

Fixes: #4679

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-09-27 14:30:57 +01:00
Rob Bradford
f32487f8e8 misc: Automatic beta clippy fixes
e.g. cargo clippy --all --tests --all-targets --fix --features=..

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-09-20 10:59:48 +01:00
Sebastien Boeuf
3793ffe888 vmm: config: Move TDX to rely on PayloadConfig
Removing the option --tdx to specify that we want to run a TD VM. Rely
on --platform option by adding the "tdx" boolean parameter. This is the
new way for enabling TDX with Cloud Hypervisor.

Along with this change, the way to retrieve the firmware path has been
updated to rely on the recently introduced PayloadConfig structure.

Fixes #4556

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-09-05 12:14:59 +01:00
Rob Bradford
8ec5a248cd main, vmm: Add option to pass firmware parameter in payload
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-08-17 09:50:42 +01:00
Rob Bradford
cef51a9de0 vmm: Encompass guest payload configuration in PayloadConfig
Introduce a new top level member of VmConfig called PayloadConfig that
(currently) encompasses the kernel, commandline and initramfs for the
guest to use.

In future this can be extended for firmware use. The existing
"--kernel", "--cmdline" and "initramfs" CLI parameters now fill the
PayloadConfig.

Any config supplied which uses the now deprecated config members have
those members mapped to the new version with a warning.

See: #4445

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-08-10 15:12:34 +01:00
Wei Liu
57e9b80123 vmm: provide oem_strings option
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-08-08 08:59:19 +01:00
lizhaoxin1
3abc1e1e51 vmm: config: Add "uuid" option to "--platform"
The uuid indicates the unique ID of a virtual machine.
cloud-hypervisor takes the uuid passed by libvirt
and uses it to initialize cloud-init.

Signed-off-by: lizhaoxin1 <Lxiaoyouling@163.com>
2022-08-04 09:20:06 +02:00
Wei Liu
d56263706d main: unify error message for hypervisor availability
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-07-22 12:50:12 +01:00
Rob Bradford
121729a3b0 vmm: Split signal handling for VM and VMM signals
The VM specific signal (currently only SIGWINCH) should only be handled
when the VM is running.

The generic VMM signals (SIGINT and SIGTERM) need handling at all times.

Split the signal handling into two separate threads which have differing
lifetimes.

Tested by:
1.) Boot full VM and check resize handling (SIGWINCH) works & sending
    SIGTERM leads to cleanup (tested that API socket is removed.)
2.) Start without a VM and send SIGTERM/SIGINT and observe cleanup (API
    socket removed)
3.) Boot full VM, delete VM and observe 2.) holds.
4.) Boot full VM, delete VM, recreate VM and observe 1.) holds.

Fixes: #4269

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-07-08 15:15:46 +01:00
Rob Bradford
46bbe0e612 ch-remote: Simplify ch-remote create from config file
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-07-04 09:18:18 +02:00
Rob Bradford
b0afeeeb65 ch-remote: Add "create" command to ch-remote
Tested by:
1. Path: ch-remote --api-socket .. create test-config.json
2. stdin with "-" path: ch-remote --api-socket .. create - < test-config.json
2. stding with implicit "-": ch-remote --api-socket .. create < test-config.json

Fixes: #4250

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-06-30 21:29:54 +01:00
Rob Bradford
2e664dca64 vmm: Always reset the console mode on VMM exit
Tested:

1. SIGTERM based
2. VM shutdown/poweroff
3. Injected VM boot failure after calling Vm::setup_tty()

Fixes: #4248

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-06-28 16:45:27 +01:00
Rob Bradford
b3569f084d ch-remote: Add missing boot and delete commands
These are simple commands so require no further enabling than adding to
the list of commands.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-06-16 11:29:33 +01:00
Yi Wang
0bb2060ca7 ch-remote: add support for coredump
Adding the wrapping layer to be able to coredump the guest
from the ch-remote tool.

Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
2022-05-30 13:41:40 +02:00