Commit Graph

6922 Commits

Author SHA1 Message Date
Rob Bradford
b7c2a0f23f vfio_user: Add basic server side support
This allows the implementation of PCI devices in a different process
using the vfio-user protocol.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-16 09:59:14 -08:00
Rob Bradford
874d524a13 vfio_user: Add flags for DMA_UNMAP command
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-16 09:59:14 -08:00
Rob Bradford
91e2601523 vfio_user: Improve flags for DMA_MAP command
Replace the use of an enum with a bitfield representation which means
that is now possible to logical OR flags together.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-16 09:59:14 -08:00
Yong He
01900e3c2b vmm: properly set vcpu state when thread exited
Once error occur, vcpu thread may exit, this should
be critical event for the whole VM, we should fire
exit event and set vcpu state.

If we don't set vcpu state, the shutdown process
will hang at signal_thread, which is waiting the
vcpu state to change.

Signed-off-by: Yong He <alexyonghe@tencent.com>
2023-02-16 14:40:04 +00:00
dependabot[bot]
e35ef40029 build: Bump fdt from 0.1.4 to 0.1.5
Bumps [fdt](https://github.com/repnop/fdt) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/repnop/fdt/releases)
- [Commits](https://github.com/repnop/fdt/commits)

---
updated-dependencies:
- dependency-name: fdt
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-16 00:36:48 +00:00
dependabot[bot]
aa0af5f8d7 build: Bump proc-macro2 from 1.0.50 to 1.0.51 in /fuzz
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.50 to 1.0.51.
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.50...1.0.51)

---
updated-dependencies:
- dependency-name: proc-macro2
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-16 00:14:39 +00:00
Rob Bradford
46066d6ae1 vmm: config: Replace use of memfd_create with fd pointing to /dev/null
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-15 11:10:00 -08:00
Rob Bradford
51c1738d55 tests: Disable test_vfio test
This test (which relies on nesting) is failing on the VFIO worker. The tests that use the
dedicated hardware pass fine.

See: #5190

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-15 12:30:34 +00:00
Bo Chen
0567def931 vmm: config: Avoid closing invalid FDs from 'test_net_parsing()'
We need to provide valid FDs while creating 'NetConfig' instances even
for unit tests. Closing invalid FDs would cause random unit test
failures.

Also, two identical 'NetConfig' instances are not allowed any more,
because it would lead to close the same FD twice. This is consistent
with the fact that a clone of a "NetConfig" instance is no
longer *equal* to the instance itself.

Fixes: #5203

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-02-15 12:30:09 +00:00
Bo Chen
0110fb4edc vmm: config: Don't close reserved FDs from NetConfig::drop()
Fixes: #5203

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-02-15 12:30:09 +00:00
dependabot[bot]
4f945743cb build: Bump is-terminal from 0.4.2 to 0.4.3
Bumps [is-terminal](https://github.com/sunfishcode/is-terminal) from 0.4.2 to 0.4.3.
- [Release notes](https://github.com/sunfishcode/is-terminal/releases)
- [Commits](https://github.com/sunfishcode/is-terminal/compare/v0.4.2...v0.4.3)

---
updated-dependencies:
- dependency-name: is-terminal
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 11:27:27 +00:00
dependabot[bot]
8f6afec520 build: Bump once_cell from 1.17.0 to 1.17.1 in /fuzz
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.17.0 to 1.17.1.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.17.0...v1.17.1)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 00:14:51 +00:00
Rob Bradford
b14427540b vmm: config: Close FDs for TAP devices that are provided to VM
These are owned by the config (and are duplicated before being used to
create the `Tap` for the virtio-net device.)

By implementing Drop on NetConfig we have issues with moving out of
members that don't implement the Copy trait. This requires a small
adjustment to the unit tests that use the Default::default() function.

Fixes: #5197

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-14 12:37:50 +01:00
Rob Bradford
ea4a95c4f6 vmm: config: Implement Clone for NetConfig
The custom version duplicates any FDs that have been provided so that
the validation logic used on hotplug, which takes a clone of the config,
can be safely carried out.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-14 12:37:50 +01:00
dependabot[bot]
f5084f7c65 build: Bump uuid from 1.2.2 to 1.3.0
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.2.2 to 1.3.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.2.2...1.3.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 00:37:27 +00:00
dependabot[bot]
45ab9f77b7 build: Bump signal-hook-registry from 1.4.0 to 1.4.1 in /fuzz
Bumps [signal-hook-registry](https://github.com/vorner/signal-hook) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/vorner/signal-hook/releases)
- [Changelog](https://github.com/vorner/signal-hook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vorner/signal-hook/compare/registry-v1.4.0...registry-v1.4.1)

---
updated-dependencies:
- dependency-name: signal-hook-registry
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 00:24:21 +00:00
dependabot[bot]
f0ea8eb70b build: Bump serde_json from 1.0.91 to 1.0.93
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.91 to 1.0.93.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.91...v1.0.93)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 14:09:46 +01:00
Bo Chen
3377e0e983 docs: hotplug: Fix link to booting with uefi on aarch64
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-02-12 14:40:04 +08:00
dependabot[bot]
e9435b1327 build: Bump serde_json from 1.0.92 to 1.0.93 in /fuzz
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.92 to 1.0.93.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.92...v1.0.93)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-11 00:17:12 +00:00
Rob Bradford
09fca4a5dd build: Move to rust-vmm acpi_tables crate
This code is indentical to what is in this repository. When a release
gets made we can then switch to that.

Fixes: #5122

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-10 18:58:12 +01:00
Praveen K Paladugu
1143d54ee0 tpm: Add recv timeout while running recvmsg
If swtpm becomes unresponsive, guest gets blocked at "recvmsg" on tpm's
data FD. This change adds a timeout to the data fd socket. If swtpm
becomes unresponsive guest waits for "timeout" (secs) and continues to
run after returning an I/O error to tpm commands.

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2023-02-10 17:49:03 +01:00
Anatol Belski
934b20a77a ci: Switch to Windows Server 2022
The updated image is configured in a same way as the previously used
2019, it has same

- Credentials
- Services configured, like SAC, SSH, RDP
- Size

All the Windows updates are applied so the state is current to the date.
Also, the latest stable version 0.1.229 of the VirtIO Windows drivers
is installed.

Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
2023-02-10 17:48:46 +01:00
Jinank Jain
b54ce6c3db vmm: Defer address space allocation
We can ideally defer the address space allocation till we start the
vCPUs for the very first time. Because the VM will not access the memory
until the CPUs start running. Thus there is no need to allocate the
address space eagerly and wait till the time we are going to start the
vCPUs for the first time.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2023-02-10 11:52:20 +01:00
Kaihang Zhang
3dd01443d5 openapi: Make 'vcpu' and 'host_cpus' required in CpuAffinity
Signed-off-by: Kaihang Zhang <kaihang.zhang@smartx.com>
2023-02-10 10:06:43 +01:00
dependabot[bot]
43227cd5c4 build: Bump anyhow from 1.0.68 to 1.0.69
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.68 to 1.0.69.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.68...1.0.69)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-10 00:55:05 +00:00
dependabot[bot]
176e438d17 build: Bump anyhow from 1.0.68 to 1.0.69 in /fuzz
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.68 to 1.0.69.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.68...1.0.69)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-10 00:13:38 +00:00
Rob Bradford
c22c4675b3 arch, hypervisor: Populate CPUID leaf 0x4000_0010 (TSC frequency)
This hypervisor leaf includes details of the TSC frequency if that is
available from KVM. This can be used to efficiently calculate time
passed when there is an invariant TSC.

TEST=Run `cpuid` in the guest and observe the frequency populated.

Fixes: #5178

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-09 18:32:21 +01:00
Rob Bradford
7ccf58a019 Revert "build: Temporarily disable bare metal x86-64 workers"
This reverts commit 496f932276.

The systems are back online and reachable.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-09 16:30:07 +01:00
dependabot[bot]
48e1af7d3c build: Bump fdt from 0.1.4 to 0.1.5 in /fuzz
Bumps [fdt](https://github.com/repnop/fdt) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/repnop/fdt/releases)
- [Commits](https://github.com/repnop/fdt/commits)

---
updated-dependencies:
- dependency-name: fdt
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-08 23:20:11 +00:00
dependabot[bot]
341a69c39c build: Bump openssl-src from 111.24.0+1.1.1s to 111.25.0+1.1.1t
Bumps [openssl-src](https://github.com/alexcrichton/openssl-src-rs) from 111.24.0+1.1.1s to 111.25.0+1.1.1t.
- [Release notes](https://github.com/alexcrichton/openssl-src-rs/releases)
- [Commits](https://github.com/alexcrichton/openssl-src-rs/commits)

---
updated-dependencies:
- dependency-name: openssl-src
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-08 23:09:51 +00:00
dependabot[bot]
5d34d85b92 build: Bump darling from 0.14.2 to 0.14.3
Bumps [darling](https://github.com/TedDriggs/darling) from 0.14.2 to 0.14.3.
- [Release notes](https://github.com/TedDriggs/darling/releases)
- [Changelog](https://github.com/TedDriggs/darling/blob/master/CHANGELOG.md)
- [Commits](https://github.com/TedDriggs/darling/compare/v0.14.2...v0.14.3)

---
updated-dependencies:
- dependency-name: darling
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-07 23:40:55 +00:00
dependabot[bot]
bcd46906ec build: Bump serde_json from 1.0.91 to 1.0.92 in /fuzz
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.91 to 1.0.92.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.91...v1.0.92)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-07 23:17:44 +00:00
Bo Chen
bc59ca72f3 docs: Update the intel_tdx documentation
Updates include:
- Add references to 'TDX Tools'
- Expand instructions on buidling and using TDShim
- Add version information of guest/host kernel, TDVF, TDShim being tested

Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-02-07 06:30:38 -08:00
dependabot[bot]
995945dd25 build: Bump rustix from 0.36.7 to 0.36.8
Bumps [rustix](https://github.com/bytecodealliance/rustix) from 0.36.7 to 0.36.8.
- [Release notes](https://github.com/bytecodealliance/rustix/releases)
- [Commits](https://github.com/bytecodealliance/rustix/compare/v0.36.7...v0.36.8)

---
updated-dependencies:
- dependency-name: rustix
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 23:42:06 +00:00
dependabot[bot]
8edd81ec82 build: Bump darling from 0.14.2 to 0.14.3 in /fuzz
Bumps [darling](https://github.com/TedDriggs/darling) from 0.14.2 to 0.14.3.
- [Release notes](https://github.com/TedDriggs/darling/releases)
- [Changelog](https://github.com/TedDriggs/darling/blob/master/CHANGELOG.md)
- [Commits](https://github.com/TedDriggs/darling/compare/v0.14.2...v0.14.3)

---
updated-dependencies:
- dependency-name: darling
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 23:21:38 +00:00
dependabot[bot]
726cfa41f4 build: Bump pnet and pnet_datalink from 0.31.0 to 0.33.0
Bumps [pnet](https://github.com/libpnet/libpnet) from 0.31.0 to 0.33.0.
- [Release notes](https://github.com/libpnet/libpnet/releases)
- [Commits](https://github.com/libpnet/libpnet/compare/v0.31.0...v0.33.0)

---
updated-dependencies:
- dependency-name: pnet
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 19:26:36 +00:00
dependabot[bot]
d19a5d5356 build: Bump mshv-bindings from 48b389a to 0b2af25
Bumps [mshv-bindings](https://github.com/rust-vmm/mshv) from `48b389a` to `0b2af25`.
- [Release notes](https://github.com/rust-vmm/mshv/releases)
- [Commits](48b389af1f...0b2af25128)

---
updated-dependencies:
- dependency-name: mshv-bindings
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-02 23:42:08 +00:00
Rob Bradford
69e8f60b91 tdx: Set the SEPT_VE_DISABLE attribute
This is required for booting Linux:

From: https://lore.kernel.org/all/20221028141220.29217-3-kirill.shutemov@linux.intel.com/

"""

Virtualization Exceptions (#VE) are delivered to TDX guests due to
specific guest actions such as using specific instructions or accessing
a specific MSR.

Notable reason for #VE is access to specific guest physical addresses.
It requires special security considerations as it is not fully in
control of the guest kernel. VMM can remove a page from EPT page table
and trigger #VE on access.

The primary use-case for #VE on a memory access is MMIO: VMM removes
page from EPT to trigger exception in the guest which allows guest to
emulate MMIO with hypercalls.

MMIO only happens on shared memory. All conventional kernel memory is
private. This includes everything from kernel stacks to kernel text.

Handling exceptions on arbitrary accesses to kernel memory is
essentially impossible as handling #VE may require access to memory
that also triggers the exception.

TDX module provides mechanism to disable #VE delivery on access to
private memory. If SEPT_VE_DISABLE TD attribute is set, private EPT
violation will not be reflected to the guest as #VE, but will trigger
exit to VMM.

Make sure the attribute is set by VMM. Panic otherwise.

There's small window during the boot before the check where kernel has
early #VE handler. But the handler is only for port I/O and panic as
soon as it sees any other #VE reason.

SEPT_VE_DISABLE makes SEPT violation unrecoverable and terminating the
TD is the only option.

Kernel has no legitimate use-cases for #VE on private memory. It is
either a guest kernel bug (like access of unaccepted memory) or
malicious/buggy VMM that removes guest page that is still in use.

In both cases terminating TD is the right thing to do.

"""

With this change Cloud Hypervisor can boot the current Linux guest
kernel.

Reported-By: Jiaqi Gao <jiaqi.gao@intel.com
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-02 14:53:59 +00:00
dependabot[bot]
c6eb69caba build: Bump miniz_oxide from 0.6.2 to 0.6.4
Bumps [miniz_oxide](https://github.com/Frommi/miniz_oxide) from 0.6.2 to 0.6.4.
- [Release notes](https://github.com/Frommi/miniz_oxide/releases)
- [Changelog](https://github.com/Frommi/miniz_oxide/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Frommi/miniz_oxide/compare/0.6.2...0.6.4)

---
updated-dependencies:
- dependency-name: miniz_oxide
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 23:44:16 +00:00
dependabot[bot]
e4ed9bc557 build: Bump uuid from 1.2.2 to 1.3.0 in /fuzz
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.2.2 to 1.3.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.2.2...1.3.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 23:27:32 +00:00
dependabot[bot]
f4509c3611 build: Bump kvm-ioctls from 0.12.0 to 0.13.0
Bumps [kvm-ioctls](https://github.com/rust-vmm/kvm-ioctls) from 0.12.0 to 0.13.0.
- [Release notes](https://github.com/rust-vmm/kvm-ioctls/releases)
- [Changelog](https://github.com/rust-vmm/kvm-ioctls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-vmm/kvm-ioctls/commits)

---
updated-dependencies:
- dependency-name: kvm-ioctls
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2023-02-01 12:23:00 +00:00
Bo Chen
ecbb8ab282 docs: Add @likebreath to MAINTAINERS.md
Signed-off-by: Bo Chen <chen.bo@intel.com>
2023-02-01 12:19:07 +00:00
Wei Liu
29ebecccb0 tpm: be more consistent when converting responses
Do the following:

1. Use from_be_bytes to drop mutable slices.
2. Check for the exact buffer size throughout.
3. Simplify ptm_to_request where possible.
4. Make error messages style consistent.

Fix a typo in code comment while at it.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-31 18:09:28 +00:00
Wei Liu
5646a917ff tpm: handle short write
There is no guarantee that the write can send the whole buffer at once.

In those rare occasions, we should return a sensible error.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-31 18:09:28 +00:00
Wei Liu
6e22f23831 tpm: save almost 8KB stack space
The largest possible PTM response is only 16 bytes. Size the output
buffer correctly.

In the socket read function, rely on the caller to provide a
sufficiently large buffer. That eliminates another large stack variable.

In total this saves almost 8KB stack space.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-31 18:09:28 +00:00
Wei Liu
8e996ff2fe tpm: drop unnecessary cast
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-31 18:09:28 +00:00
Wei Liu
2d2f356d94 devices: tpm: failure to deliver request is considered fatal
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-31 18:09:18 +00:00
dependabot[bot]
938c16f2b2 build: Bump cc from 1.0.78 to 1.0.79
Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.0.78 to 1.0.79.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Commits](https://github.com/rust-lang/cc-rs/compare/1.0.78...1.0.79)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-31 13:51:07 +00:00
dependabot[bot]
105a7dd7aa build: Bump cc from 1.0.78 to 1.0.79 in /fuzz
Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.0.78 to 1.0.79.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Commits](https://github.com/rust-lang/cc-rs/compare/1.0.78...1.0.79)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 23:21:59 +00:00
Wei Liu
11ef495e6b performance-metrics: share build.rs from project root
No need to duplicate the same content in two places.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-30 21:10:02 +00:00