Commit Graph

171 Commits

Author SHA1 Message Date
Yuanchu Xie
5f18ac3bc0 devices: Add pvmemcontrol device
Pvmemcontrol provides a way for the guest to control its physical memory
properties, and enables optimizations and security features. For
example, the guest can provide information to the host where parts of a
hugepage may be unbacked, or sensitive data may not be swapped out, etc.

Pvmemcontrol allows guests to manipulate its gPTE entries in the SLAT,
and also some other properties of the memory map the back's host memory.
This is achieved by using the KVM_CAP_SYNC_MMU capability. When this
capability is available, the changes in the backing of the memory region
on the host are automatically reflected into the guest. For example, an
mmap() or madvise() that affects the region will be made visible
immediately.

There are two components of the implementation: the guest Linux driver
and Virtual Machine Monitor (VMM) device. A guest-allocated shared
buffer is negotiated per-cpu through a few PCI MMIO registers, the VMM
device assigns a unique command for each per-cpu buffer. The guest
writes its pvmemcontrol request in the per-cpu buffer, then writes the
corresponding command into the command register, calling into the VMM
device to perform the pvmemcontrol request.

The synchronous per-cpu shared buffer approach avoids the kick and busy
waiting that the guest would have to do with virtio virtqueue transport.

The Cloud Hypervisor component can be enabled with --pvmemcontrol.

Co-developed-by: Stanko Novakovic <stanko@google.com>
Co-developed-by: Pasha Tatashin <tatashin@google.com>
Signed-off-by: Yuanchu Xie <yuanchu@google.com>
2024-08-05 22:41:56 +00:00
Wei Liu
8aa2d7ab2a devices: use byte strings directly
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-07-23 21:07:17 +00:00
Wei Liu
9c42d98e6a devices: move LocalTime to test module
It is only used there.

Drop all its doc strings and pub annotations.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-06-12 16:59:20 +00:00
Josh Soref
42e9632c53 misc: Fix spelling issues
Misspellings were identified by:
  https://github.com/marketplace/actions/check-spelling

* Initial corrections based on forbidden patterns from the action
* Additional corrections by Google Chrome auto-suggest
* Some manual corrections
* Adding markdown bullets to readme credits section

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-06-08 16:31:30 +00:00
Wei Liu
1845e63e7c devices: make IOAPIC log a bit more useful
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-05-27 19:24:28 +00:00
SamrutGadde
89b429c768 devices: Use thiserror for errors
Updated error enums in device package to use thiserror crate

Signed-off-by: SamrutGadde <samrut.gadde@gmail.com>
2024-05-23 20:54:36 +00:00
Wei Liu
1aeaee221d devices: rtc_pl031: drop TimstampUs
It is not used anywhere in code.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-04-30 07:32:08 +00:00
Rob Bradford
10ab87d6a3 misc: Migrate away from versionize
Replace with serde instead.

Fixes: #6370

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-04-22 17:10:55 +00:00
Ruslan Mstoi
5e9886bba4 build: add REUSE Compliance Check
In accordance with reuse requirements:
- Place each license file in the LICENSES/ directory
- Add missing SPDX-License-Identifier to files.
- Add .reuse/dep5 to bulk-license files

Fixes: #5887

Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
2024-04-19 17:35:45 +00:00
Rob Bradford
f093ffcbef devices: uart_pl011: Remove redundant imports
error: the item `io` is imported redundantly
Error:    --> devices/src/legacy/uart_pl011.rs:468:9
    |
467 |     use super::*;
    |         -------- the item `io` is already imported here
468 |     use std::io;
    |         ^^^^^^^

error: the item `Arc` is imported redundantly
Error:    --> devices/src/legacy/uart_pl011.rs:469:21
    |
467 |     use super::*;
    |         -------- the item `Arc` is already imported here
468 |     use std::io;
469 |     use std::sync::{Arc, Mutex};
    |                     ^^^

error: could not compile `devices` (lib test) due to 8 previous errors
Error: warning: build failed, waiting for other jobs to finish...
Error: The process 'cross' failed with exit code 101

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-03-19 18:36:22 +00:00
Rob Bradford
2f5e48d295 devices: rtc_pl031: Remove redundant imports
error: the item `read_le_u32` is imported redundantly
Error:    --> devices/src/legacy/rtc_pl031.rs:332:61
    |
330 |     use super::*;
    |         -------- the item `read_le_u32` is already imported here
331 |     use crate::{
332 |         read_be_u16, read_be_u32, read_le_i32, read_le_u16, read_le_u32, read_le_u64, write_be_u16,
    |                                                             ^^^^^^^^^^^

error: the item `write_le_u32` is imported redundantly
Error:    --> devices/src/legacy/rtc_pl031.rs:333:51
    |
330 |     use super::*;
    |         -------- the item `write_le_u32` is already imported here
...
333 |         write_be_u32, write_le_i32, write_le_u16, write_le_u32, write_le_u64,
    |                                                   ^^^^^^^^^^^^

error: the item `Arc` is imported redundantly
Error:    --> devices/src/legacy/rtc_pl031.rs:335:9
    |
330 |     use super::*;
    |         -------- the item `Arc` is already imported here
...
335 |     use std::sync::Arc;
    |         ^^^^^^^^^^^^^^

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-03-19 18:36:22 +00:00
Rob Bradford
4d52150b87 devices: gpio_pl061: Remove redundant imports
error: the item `read_le_u32` is imported redundantly
Error:    --> devices/src/legacy/gpio_pl061.rs:342:17
    |
341 |     use super::*;
    |         -------- the item `read_le_u32` is already imported here
342 |     use crate::{read_le_u32, write_le_u32};
    |                 ^^^^^^^^^^^
    |
    = note: `-D unused-imports` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(unused_imports)]`

error: the item `write_le_u32` is imported redundantly
Error:    --> devices/src/legacy/gpio_pl061.rs:342:30
    |
341 |     use super::*;
    |         -------- the item `write_le_u32` is already imported here
342 |     use crate::{read_le_u32, write_le_u32};
    |                              ^^^^^^^^^^^^

error: the item `Arc` is imported redundantly
Error:    --> devices/src/legacy/gpio_pl061.rs:343:9
    |
341 |     use super::*;
    |         -------- the item `Arc` is already imported here
342 |     use crate::{read_le_u32, write_le_u32};
343 |     use std::sync::Arc;
    |         ^^^^^^^^^^^^^^

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-03-19 18:36:22 +00:00
Rob Bradford
f1856bb27c devices: Fix clippy warning for use of .clone()
warning: assigning the result of `Clone::clone()` may be inefficient
   --> devices/src/pvpanic.rs:213:9
    |
213 |         self.bar_regions = bars.clone();
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: use `clone_from()`: `self.bar_regions.clone_from(&bars)`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#assigning_clones
    = note: `#[warn(clippy::assigning_clones)]` on by default

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-03-19 18:36:22 +00:00
Rob Bradford
adb318f4cd misc: Remove redundant "use" imports
With the nightly toolchain (2024-02-18) cargo check will flag up
redundant imports either because they are pulled in by the prelude on
earlier match.

Remove those redundant imports.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2024-02-19 17:54:30 +00:00
Philipp Schuster
e50a641126 devices: add debug-console device
This commit adds the debug-console (or debugcon) device to CHV. It is a
very simple device on I/O port 0xe9 supported by QEMU and BOCHS. It is
meant for printing information as easy as possible, without any
necessary configuration from the guest at all.

It is primarily interesting to OS/kernel and firmware developers as they
can produce output as soon as the guest starts without any configuration
of a serial device or similar. Furthermore, a kernel hacker might use
this device for information of type B whereas information of type A are
printed to the serial device.

This device is not used by default by Linux, Windows, or any other
"real" OS, but only by toy kernels and during firmware development.

In the CLI, it can be configured similar to --console or --serial with
the --debug-console parameter.

Signed-off-by: Philipp Schuster <philipp.schuster@cyberus-technology.de>
2024-01-25 10:25:14 -08:00
Thomas Barrett
45b01d592a vmm: assign each pci segment 32-bit mmio allocator
Signed-off-by: Thomas Barrett <tbarrett@crusoeenergy.com>
2023-11-20 15:33:50 -08:00
Thomas Barrett
5f3ff3c44a devices: fix pv_panic alignment
Signed-off-by: Thomas Barrett <tbarrett@crusoeenergy.com>
2023-11-16 08:28:23 +00:00
Praveen K Paladugu
6d1077fc3c vmm: Unix socket backend for serial port
Cloud-Hypervisor takes a path for Unix socket, where it will listen
on. Users can connect to the other end of the socket and access serial
port on the guest.

    "--serial socket=/path/to/socket" is the cmdline option to pass to
cloud-hypervisor.

Users can use socat like below to access guest's serial port once the
guest starts to boot:

    socat -,crnl UNIX-CONNECT:/path/to/socket

Signed-off-by: Praveen K Paladugu <prapal@linux.microsoft.com>
2023-10-05 15:26:29 +01:00
Philipp Schuster
7bf0cc1ed5 misc: Fix various spelling errors using typos
This fixes all typos found by the typos utility with respect to the config file.

Signed-off-by: Philipp Schuster <philipp.schuster@cyberus-technology.de>
2023-09-09 10:46:21 +01:00
Rob Bradford
4548de194d build: Bump acpi_tables version
Fix newly added deprecation for mispelling of cacheable.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-09-07 13:58:33 +01:00
Rob Bradford
cd7eecc0b0 devices: pvpanic: Clean up struct visibility
There is no need for this struct to be public and since it is used in
this module the #[allow(dead_code)] invocation can be removed.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-08-23 08:05:53 +01:00
Rob Bradford
a00d29867c fuzz, vmm: Avoid infinite loop in CMOS fuzzer
With the addition of the spinning waiting for the exit event to be
received in the CMOS device a regression was introduced into the CMOS
fuzzer. Since there is nothing to receive the event in the fuzzer and
there is nothing to update the bit the that the device is looping on;
introducing an infinite loop.

Use an Option<> type so that when running the device in the fuzzer no
Arc<AtomicBool> is provided effectively disabling the spinning logic.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61165

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-08-07 08:04:55 +08:00
Rob Bradford
06dc708515 vmm: Only return from reset driven I/O once event received
The reset system is asynchronous with an I/O event (PIO or MMIO) for
ACPI/i8042/CMOS triggering a write to the reset_evt event handler. The
VMM thread will pick up this event on the VMM main loop and then trigger
a shutdown in the CpuManager. However since there is some delay between
the CPU threads being marked to be killed (through the
CpuManager::cpus_kill_signalled bool) it is possible for the guest vCPU
that triggered the exit to be re-entered when the vCPU KVM_RUN is called
after the I/O exit is completed.

This is undesirable and in particular the Linux kernel will attempt to
jump to real mode after a CMOS based exit - this is unsupported in
nested KVM on AMD on Azure and will trigger an error in KVM_RUN.

Solve this problem by spinning in the device that has triggered the
reset until the vcpus_kill_signalled boolean has been updated
indicating that the VMM thread has received the event and called
CpuManager::shutdown(). In particular if this bool is set then the vCPU
threads will not re-enter the guest.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-08-04 09:57:25 +08:00
Yong He
0149e65081 vm-device: support batch update interrupt source group GSI
Split interrupt source group restore into two steps, first restore
the irqfd for each interrupt source entry, and second restore the
GSI routing of the entire interrupt source group.

This patch will reduce restore latency of interrupt source group,
and in a 200-concurrent restore test, the patch reduced the
average IOAPIC restore time from 15ms to 1ms.

Signed-off-by: Yong He <alexyonghe@tencent.com>
2023-08-03 15:58:36 +01:00
Yi Wang
d99c0c0d1d devices: pvpanic: add method for DeviceManager
Add method for DeviceManager to invoke.

Signed-off-by: Yi Wang <foxywang@tencent.com>
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-07-06 11:14:54 +01:00
Yi Wang
8e9ce3ab7c devices: pvpanic: add snapshot support
Add PvPanicDeviceState to retore events of pvpanic from snapshot,
and also PciConfigurationState.

Signed-off-by: Yi Wang <foxywang@tencent.com>
2023-07-06 11:14:54 +01:00
Yi Wang
3acb988c1a devices: pvpanic: Add pci configuration for pvpanic device
Implemetion of BusDevice and PciDevice trait for pvpanic device.

Pvpanic device can be implemented as an ISA device or as a
PCI device, we choose PCI device for now.

Signed-off-by: Yi Wang <foxywang@tencent.com>
2023-07-06 11:14:54 +01:00
Yi Wang
ef67eab8c3 devices: Add support for pvpanic device
Introduce emulation of pvpanic device to allow cloud hypervisor to get
the notify from guest's pvpanic driver when guest kernel crash.

Signed-off-by: Yi Wang <foxywang@tencent.com>
2023-07-06 11:14:54 +01:00
Rob Bradford
f485922b78 build: Bump acpi_tables from cb5f06c to 05a6091
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-06-08 17:28:02 +00:00
Rob Bradford
73c4156775 vmm, devices: Update to latest acpi_tables crate API
Significant API changes have occured, most significantly is the switch
to an approach which does not require vm-memory and can run no_std.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
2023-03-03 13:08:36 +00:00
Wei Liu
2d2f356d94 devices: tpm: failure to deliver request is considered fatal
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-31 18:09:18 +00:00
Wei Liu
73af65f417 tpm: drop unused fields in BackendCmd struct
They are never used.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-26 07:57:48 +00:00
Wei Liu
cffde0ff65 devices: avoid unnecessary allocations in TPM code
Use the data buffer in the TPM device directly.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-26 07:57:48 +00:00
Wei Liu
60425471dd tpm: get_buffer_size always succeeds
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-26 07:57:48 +00:00
Wei Liu
2b76e1d7ba devices: simplify TPM handling
The error is never propagated anywhere. Drop it.

Avoid unwrapping unconditionally.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-26 07:57:48 +00:00
Wei Liu
15ace525be devices: drop cmd field from TPM struct
There is no need to hold on to it. It is only used locally in a
function.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-26 07:57:48 +00:00
Wei Liu
8db630763a devices: clean up two comments in TPM code
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-25 18:40:57 +00:00
Wei Liu
cd1470e289 devices: rework TPM register and field look-up
Match against enums instead.

This then drops the need to import phf.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-25 18:40:57 +00:00
Wei Liu
99d8c34861 devices: change TPM_CRB_R_MAX from u32 to usize
This simplifies the code a bit.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2023-01-25 18:40:57 +00:00
Rob Bradford
5e52729453 misc: Automatically fix cargo clippy issues added in 1.65 (stable)
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-12-14 14:27:19 +00:00
Rob Bradford
aea1f7743b devices: Remove unnecessary clippy directives
Clippy passes fine without these and remove some genuinely unused code.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-12-13 18:10:42 +00:00
Sebastien Boeuf
748018ace3 vm-migration: Don't store the id as part of Snapshot structure
The information about the identifier related to a Snapshot is only
relevant from the BTreeMap perspective, which is why we can get rid of
the duplicated identifier in every Snapshot structure.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-12-09 10:26:06 +01:00
Rob Bradford
7fb1280666 devices: gic: Pass slice rather than &Vec
This addresses a clippy issue

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-12-01 22:41:01 +00:00
Rob Bradford
3888f57600 aarch64: Remove unnecessary casts (beta clippy check)
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-12-01 17:02:30 +00:00
Michael Zhao
b173f6f654 vmm,devices: Change Gic snapshot and restore path
The snapshot and restore of AArch64 Gic was done in Vm. Now it is moved
to DeviceManager.

The benefit is that the restore can be done while the Gic is created in
DeviceManager.

While the moving of state data from Vm snapshot to DeviceManager
snapshot breaks the compatability of migration from older versions.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-12-01 17:07:25 +01:00
Sebastien Boeuf
81862e8ed3 devices, vmm: Move Gpio to new restore design
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-11-25 17:37:29 +00:00
Sebastien Boeuf
9fbf52b998 devices, vmm: Move Pl011 to new restore design
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-11-25 17:37:29 +00:00
Sebastien Boeuf
0bd910e8b0 devices, vmm: Move Serial to new restore design
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-11-25 17:37:29 +00:00
Sebastien Boeuf
ef92e55998 devices, vmm: Move Ioapic to new restore design
Moving the Ioapic object to the new restore design, meaning the Ioapic
is created directly with the right state, and it shares the same
codepath as when it's created from scratch.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-11-25 17:18:21 +01:00
Michael Zhao
7d16c74020 vmm: Refactor AArch64 GIC initialization process
In the new process, `device::Gic::new()` covers additional actions:
1. Creating `hypervisor::vGic`
2. Initializing interrupt routings

The change makes the vGic device ready in the beginning of
`DeviceManager::create_devices()`. This can unblock the GIC related
devices initialization in the `DeviceManager`.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-11-23 11:49:57 +01:00