4981 Commits

Author SHA1 Message Date
dependabot[bot]
25ce38bee1 build: bump serde_derive from 1.0.133 to 1.0.134
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.133 to 1.0.134.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.133...v1.0.134)

---
updated-dependencies:
- dependency-name: serde_derive
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-22 00:26:15 +00:00
dependabot[bot]
5847e73f40 build: bump serde_derive from 1.0.133 to 1.0.134 in /fuzz
Bumps [serde_derive](https://github.com/serde-rs/serde) from 1.0.133 to 1.0.134.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.133...v1.0.134)

---
updated-dependencies:
- dependency-name: serde_derive
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-21 23:33:44 +00:00
Rob Bradford
53caa565bb virtio-devices: Add openat() syscall to seccomp filter
When freeing memory sometimes glibc will attempt to read
"/proc/sys/vm/overcommit_memory" to find out how it should release the
blocks. This happens sporadically with Cloud Hypervisor but has been
seen in use. It is not necessary to add the read() syscall to the list
as it is already included in the virtio devices common set. Similarly
the vCPU and vmm threads already have both these in the allowed list.

Fixes: #3609

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-01-21 17:58:15 +00:00
Rob Bradford
db5583d6a3 resources: Update Rust toolchain used in container to 1.58.1
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-01-21 14:01:50 +00:00
dependabot[bot]
1ed49a2306 build: bump syn from 1.0.85 to 1.0.86
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.85 to 1.0.86.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.85...1.0.86)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-21 10:16:23 +00:00
Jianyong Wu
e9b069bf38 tests: add test case for testing PMU on direct kernel boot
Add integration tests for "pmu=on". It depends on checking if there
is "arm-pmu" item in "/proc/interrupts". As PMU info has not been added
to ACPI, the tests are only for dt.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2022-01-21 17:59:36 +08:00
Henry Wang
8f4aa07a80 vmm: vm: Init PMU during the VM restore process
If a PMU is enabled in a VM, we also need to initialize the PMU
when the VM is restored. Otherwise, vCPUs cannot be started after
the VM is restored.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2022-01-21 17:59:36 +08:00
Jianyong Wu
5462fd810c seccomp: add ioctl group to seccomp authorized list for arm64
When enable PMU on arm64, ioctl with group KVM_HAS_DEVICE_ATTR will be
blocked by seccomp, add it to authorized list.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2022-01-21 17:59:36 +08:00
Jianyong Wu
81c5855184 fdt: add PMU node to fdt
PMU node in fdt stores some important info like irq number.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2022-01-21 17:59:36 +08:00
Jianyong Wu
53060874a7 vmm: Init PMU for vcpu when create vm
PMU is needed in guest for performance profiling, thus should be
enabled.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2022-01-21 17:59:36 +08:00
Jianyong Wu
9bcb984962 hypervisor: add has/set trait for vcpu
Like devicefd, vcpufd also has ability to set/has attribute through kvm
ioctl. These traits are used when enable PMU on arm64, so add it here.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
2022-01-21 17:59:36 +08:00
Sebastien Boeuf
ae68c2f31a tests: Increase timeout when booting with firmware
As it might take more time for the VM to boot (especially under high
load) when using the firmware, let's increase the timeout waiting for
the VM to be reachable.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-21 09:46:19 +00:00
dependabot[bot]
1f5e2a38a7 build: bump libc from 0.2.112 to 0.2.113
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.112 to 0.2.113.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.112...0.2.113)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-21 00:44:12 +00:00
dependabot[bot]
cf1c64171a build: bump libc from 0.2.112 to 0.2.113 in /fuzz
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.112 to 0.2.113.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.112...0.2.113)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-20 23:43:14 +00:00
dependabot[bot]
9fe33890f8 build: bump syn from 1.0.85 to 1.0.86 in /fuzz
Bumps [syn](https://github.com/dtolnay/syn) from 1.0.85 to 1.0.86.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.85...1.0.86)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-20 23:36:35 +00:00
Sebastien Boeuf
7b9a110540 vmm: tdx: Pass ACPI tables through the HOB
Relying on helpers for creating the ACPI tables and to add each table to
the HOB, this patch connects the dot to provide the set of ACPI tables
to the TD firmware.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-20 16:50:55 +00:00
Sebastien Boeuf
2acb50f752 arch: x86_64: tdx: Add ACPI table helper to TdHob
Adding a new method to the TdHob structure so that we can easily insert
a ACPI_TABLE_HOB into the HOB.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-20 16:50:55 +00:00
Sebastien Boeuf
ea0729c016 vmm: acpi: Create ACPI tables for TDX
The way to create ACPI tables for TDX is different as each table must be
passed through the HOB. This means the XSDT table is not required since
the firmware will take care of creating it. Same for RSDP, this is
firmware responsibility to provide it to the guest.

That's why this patch creates a TDX dedicated function, returning a list
of Sdt objects, which will let the calling code copy the content of each
table through the HOB.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-20 16:50:55 +00:00
Sebastien Boeuf
cdc14815be vmm: tdx: Only create ACPI tables if not running TDX
In case of TDX, we don't want to create the ACPI tables the same way we
do for all the other use cases. That's because the ACPI tables don't
need to be written to guest memory at a specific address, instead they
are passed directly through the HOB.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-20 16:50:55 +00:00
Sebastien Boeuf
4fda4ad6c9 arch, vmm: tdx: Remove TD_VMM_DATA mechanism
It's been decided the ACPI tables will be passed to the firmware in a
different way, rather than using TD_VMM_DATA. Since TD_VMM_DATA was
introduced for this purpose, there's no reason to keep it in our
codebase.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-20 16:50:55 +00:00
Rob Bradford
95ca79974a build: Release v21.0
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
v21.0
2022-01-20 14:48:11 +00:00
Sebastien Boeuf
eb5c5f2c7f tests: Add integration test for O_DIRECT
Both OVMF and RHF firmwares triggered an error when O_DIRECT was used
because they didn't align the buffers to the block sector size.

In order to prevent regressions, we're adding a new test validating the
VM can properly boot when the OS disk is opened with O_DIRECT and booted
from the rust-hypervisor-fw.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-20 11:49:02 +00:00
Sebastien Boeuf
85bbf75fe8 block_util: Align buffers for O_DIRECT
Whenever the backing file of our virtio-block device is opened with
O_DIRECT, there's a requirement about the buffer address and size to be
aligned to the sector size.

We know virtio-block requests are sector aligned in terms of size, but
we must still check if the buffer address is. In case it's not, we
create an intermediate buffer that will be passed through the system
call. In case of a write operation, the content of the non-aligned
buffer must be copied beforehand, and in case of a read operation, the
content of the aligned buffer must be copied to the non-aligned one
after the operation has been completed.

Fixes #3587

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-20 11:49:02 +00:00
Henry Wang
b4566b9eab tests: ignore the result from test_vfio_user
As it is currently unstable.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2022-01-20 11:40:30 +00:00
Anatol Belski
e2a8a1483f acpi: aarch64: Implement DBG2 table
This table is listed as required in the ARM Base Boot Requirements
document. The particular need arises to make the serial debugging of
Windows guest functional.

Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
2022-01-20 09:11:21 +08:00
Rob Bradford
ea60d48853 resources: Update Rust version in container to 1.58
Update to the latest stable release.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-01-19 09:53:42 -08:00
Rob Bradford
658658e76c hypervisor: kvm: Ignore -EINVAL from KVM_KVMCLOCK_CTRL ioctl()
If the guest hasn't initialised a PV clock then the KVM_KVMCLOCK_CTRL
ioctl will return -EINVAL. Therefore if running in the firmware or an OS
that doesn't use the PV clock then we should ignore that error

Tested by migrating a VM that has not yet booted into the Linux kernel
(just in firmware) by specifying no disk image:

e.g. target/debug/cloud-hypervisor --kernel ~/workloads/hypervisor-fw --api-socket /tmp/api --serial tty --console off

Fixes: #3586

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-01-19 10:12:57 +01:00
Henry Wang
b7b3b45364 tests: Enable test_vfio_user for AArch64
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2022-01-18 18:00:00 -08:00
Henry Wang
d5b4d0d951 resources: AArch64: Enable Device Mapper and NVME Multipath in config
From 15358ef79d4d6298570bd33b5078de659f62e090: Device Mapper Multipath
config can avoid systemd errors related to Device Mapper multipath while
guest booting.

From 46672c384cfc5b5b56fdc5a1ecce270000f31ce6: CONFIG_NVME_MULTIPATH is
needed to fix the observed guest hanging issue cased by systemd crash
while booting.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2022-01-18 18:00:00 -08:00
Henry Wang
1c18d124dc scripts: Add more huge pages for AArch64 integration test
Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2022-01-18 18:00:00 -08:00
Henry Wang
7a42ce9310 scripts: AArch64: Build SPDK NVMe before running integration tests
The SPDK-NVMe is needed for the integration test for vfio_user.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-01-18 18:00:00 -08:00
Michael Zhao
1db7718589 pci, vmm: Pass PCI BDF to vfio and vfio_user
On AArch64, PCI BDF is used for devId in MSI-X routing entry.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
2022-01-18 18:00:00 -08:00
Henry Wang
cf68f03ab6 pci: vfio: Skip IOBAR allocation on AArch64
AArch64 does not use IOBAR, and current code of panics the whole VMM if
we need to allocate the IOBAR.

This commit checks if IOBAR is enabled before the arch conditional code
of IOBAR allocation and if the IOBAR is not enabled, we can just skip
the IOBAR allocation and do nothing.

Fixes: https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3479

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2022-01-18 18:00:00 -08:00
Rob Bradford
4ecc778efe vmm: Avoid deadlock between virtio device activation and vcpu pausing
Ensure all pending virtio activations (as triggered by MMIO write on the
vCPU threads leading to a barrier wait) are completed before pausing the
vCPUs as otherwise there will a deadlock with the VMM waiting for the
vCPU to acknowledge it's pause and the vCPU waiting for the VMM to
activate the device and release the barrier.

Fixes: #3585

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-01-18 17:30:06 -08:00
Wei Liu
48ba999bd9 net_util: drop unneeded clippy::cast_lossless
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-01-18 17:23:27 -08:00
Wei Liu
ef05354c81 memory_manager: drop unneeded clippy suppressions
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-01-18 17:23:27 -08:00
Wei Liu
277cfd07ba device_manager: use if let to drop single match
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-01-18 17:23:27 -08:00
Wei Liu
4f05b8463c virtio-devices: fix clippy::needless_range_loop
Use iterator instead.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-01-18 17:23:27 -08:00
Wei Liu
c9983ff4ad arch: drop allow(clippy::transmute_ptr_to_ptr)
It is not needed.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-01-18 17:23:27 -08:00
Wei Liu
714b529bb2 arch: aarch64: drop unnecessary static lifetime
This also has the side effect for making access_redists_aux function
strictly more useful.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-01-18 17:23:27 -08:00
Wei Liu
99bcebad74 arch: aarch64: do not unnecessarily add mut keyword
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-01-18 17:23:27 -08:00
dependabot[bot]
22d86fb6d2 build: bump clap from 3.0.8 to 3.0.10
Bumps [clap](https://github.com/clap-rs/clap) from 3.0.8 to 3.0.10.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.0.8...v3.0.10)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-19 00:09:18 +00:00
dependabot[bot]
2eed24b4b2 build: bump serde_json from 1.0.74 to 1.0.75
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.74 to 1.0.75.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.74...v1.0.75)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-18 23:41:56 +00:00
dependabot[bot]
be7829b752 build: bump clap from 3.0.8 to 3.0.10 in /fuzz
Bumps [clap](https://github.com/clap-rs/clap) from 3.0.8 to 3.0.10.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.0.8...v3.0.10)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-18 23:35:44 +00:00
Wei Liu
ea2685e928 block_util: rewrite code and drop allow(clippy::ptr_arg)
The code can be written in a better form and the clippy warning
suppression can be dropped.

No functional change.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2022-01-18 16:22:21 +01:00
Henry Wang
14ba3f68d3 vmm: cpu: Remove unused import in unit tests
These are the leftovers from the commit 8155be2:
arch: aarch64: vm_memory is not required when configuring vcpu

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2022-01-18 20:34:50 +08:00
Sebastien Boeuf
779bc1a53a edk2: Rely on latest OVMF based on CloudHvX64 target
Update documentation and CI to rely on the new CLOUDHV.fd firmware built
from the newly introduced target CloudHvX64.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-18 11:58:26 +01:00
Rob Bradford
8b8daf571a README: Ensure kernel build includes the ELF PVH note
See: #3222

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-01-18 10:32:08 +01:00
Sebastien Boeuf
482e1ca435 scripts: Pin OVMF EDK2 version
By pinning the OVMF version, we will be able to update the EDK2 fork
with a new version without potentially breaking our Cloud Hypervisor CI.

Once the new version is ready on the EDK2 fork, we'll be able to update
Cloud Hypervisor codebase, replacing the fixed version with the latest,
as well as replacing OVMF.fd with CLOUDHV.fd. This is because we'll
start building from the new target CloudHvX64.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2022-01-18 10:21:51 +01:00
Rob Bradford
a61302f73f docs: Update Live migration documentation for local migration
Use new --local for efficient live migration when migrating locally for
live upgrade.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-01-18 09:07:47 +00:00