A Virtual Machine Monitor for modern Cloud workloads.
Go to file
Henry Wang 3ea4a0797d vmm: seccomp: unify AArch64 and x86_64 FTRUNCATE syscall
The definition of libc::SYS_ftruncate on AArch64 is different
from that on x86_64. This commit unifies the previously hard-coded
syscall number for AArch64.

Signed-off-by: Henry Wang <Henry.Wang@arm.com>
2020-09-23 12:37:25 +01:00
.github/workflows build: Add quality checks workflow for AArch64 2020-08-24 10:59:08 +02:00
acpi_tables vmm: acpi_tables: Fix PM timer I/O port width 2020-07-23 17:48:22 +02:00
arch vmm: decouple vCPU init from configure_vcpus 2020-09-23 12:37:25 +01:00
arch_gen arch, pci, vmm: Initial switch to the hypervisor crate 2020-06-22 15:03:15 +02:00
block_util block_util: Ensure all io_uring operations are asynchronous 2020-09-17 23:16:27 +02:00
devices devices: remove the migration traits for the Gic struct 2020-09-23 12:37:25 +01:00
docs ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
fuzz fuzz: qcow: Remove unnecessary "use libc" 2020-07-20 20:22:47 +02:00
hypervisor hypervisor: Implement get_device_attr method for AArch64 2020-09-23 12:37:25 +01:00
net_gen vmm: Port to latest vmm-sys-util 2019-12-11 14:11:11 +00:00
net_util build(deps): bump serde from 1.0.115 to 1.0.116 2020-09-14 06:52:01 +00:00
option_parser ch-remote: Support using unit suffices for "resize" 2020-09-08 22:27:34 +02:00
pci ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
qcow ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
resources resources: x86_64: Enable auto onlining of memory blocks 2020-09-16 19:20:04 +02:00
rpm rpm: Add spec file for packaging cloud-hypervisor 2020-08-06 09:29:36 +01:00
scripts ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
src vmm: Add 'hotplugged_size' to memory parameters 2020-09-16 19:20:04 +02:00
test_data/cloud-init/ubuntu vmm: Remove 'file' option from MemoryConfig 2020-08-25 16:43:10 +02:00
tests ci: Extend virtio-mem integration test with reboot 2020-09-16 19:20:04 +02:00
vhost_user_backend build: Move to rust-vmm vhost crate 2020-09-11 13:43:57 +02:00
vhost_user_block build: Move to rust-vmm vhost crate 2020-09-11 13:43:57 +02:00
vhost_user_fs ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
vhost_user_net build: Move to rust-vmm vhost crate 2020-09-11 13:43:57 +02:00
virtio-devices ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
vm-allocator build(deps): bump libc from 0.2.76 to 0.2.77 2020-09-10 06:45:09 +00:00
vm-device ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
vm-migration vmm: refactor vCPU save/restore code in restoring VM 2020-09-23 12:37:25 +01:00
vm-virtio ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
vmm vmm: seccomp: unify AArch64 and x86_64 FTRUNCATE syscall 2020-09-23 12:37:25 +01:00
.gitignore .gitignore: Add build directory 2020-04-03 15:44:14 +01:00
.rustfmt.toml Add .rustfmt.toml to the project 2020-03-13 15:20:34 +00:00
build.rs build: Use the crate version when the 'git describe' command failed 2020-09-07 12:03:57 +02:00
Cargo.lock acpi: Add hotplug numa node 2020-09-22 13:11:39 +02:00
Cargo.toml build, release-notes.md: Document 0.10.0 release 2020-09-18 14:06:10 +01:00
CODE_OF_CONDUCT.md cloud-hypervisor: Adopt the Contributor Covenant code of conduct 2019-05-12 23:15:30 +02:00
CONTRIBUTING.md ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00
CREDITS.md cloud-hypervisor: Add CREDITS 2019-05-12 23:15:30 +02:00
Jenkinsfile Jenkinsfile: Remove "Build" steps from Jenkinsfile 2020-09-18 12:48:30 +01:00
LICENSE-APACHE cloud-hypervisor: Add proper licensing 2019-05-09 15:44:17 +02:00
LICENSE-BSD-3-Clause cloud-hypervisor: Add proper licensing 2019-05-09 15:44:17 +02:00
MAINTAINERS.md cloud-hypervisor: Add initial list of maintainers 2019-05-12 23:15:30 +02:00
README.md README: Reference the aarch64 tracking issue. 2020-09-18 10:25:04 +01:00
release-notes.md ch: Fix various misspelled words 2020-09-23 08:59:31 +01:00

Build Status

1. What is Cloud Hypervisor?

Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on top of KVM. The project focuses on exclusively running modern, cloud workloads, on top of a limited set of hardware architectures and platforms. Cloud workloads refers to those that are usually run by customers inside a cloud provider. For our purposes this means modern operating systems with most I/O handled by paravirtualised devices (i.e. virtio), no requirement for legacy devices, and 64-bit CPUs.

Cloud Hypervisor is implemented in Rust and is based on the rust-vmm crates.

Objectives

High Level

  • KVM based
  • Minimal emulation
  • Low latency
  • Low memory footprint
  • Low complexity
  • High performance
  • Small attack surface
  • 64-bit support only
  • CPU, memory, PCI hotplug
  • Machine to machine migration

Architectures

Cloud Hypervisor supports the x86-64 and AArch64 architecture. There are some small differences in functionality between the two architecture (see #1125).

Guest OS

Cloud Hypervisor supports 64-bit Linux with support for modern 64-bit Windows guests currently under development.

2. Getting Started

We create a folder to build and run cloud-hypervisor at $HOME/cloud-hypervisor

$ export CLOUDH=$HOME/cloud-hypervisor
$ mkdir $CLOUDH

Clone and build

First you need to clone and build the cloud-hypervisor repo:

$ pushd $CLOUDH
$ git clone https://github.com/cloud-hypervisor/cloud-hypervisor.git
$ cd cloud-hypervisor
$ cargo build --release

# We need to give the cloud-hypervisor binary the NET_ADMIN capabilities for it to set TAP interfaces up on the host.
$ sudo setcap cap_net_admin+ep ./target/release/cloud-hypervisor

$ popd

This will build a cloud-hypervisor binary under $CLOUDH/cloud-hypervisor/target/release/cloud-hypervisor.

Containerized builds and tests

If you want to build and test Cloud Hypervisor without having to install all the required dependencies (The rust toolchain, cargo tools, etc), you can also use Cloud Hypervisor's development script: dev_cli.sh. Please note that upon its first invocation, this script will pull a fairly large container image.

For example, to build the Cloud Hypervisor release binary:

$ pushd $CLOUDH
$ cd cloud-hypervisor
$ ./scripts/dev_cli.sh build --release

With dev_cli.sh, one can also run the Cloud Hypervisor CI locally. This can be very convenient for debugging CI errors without having to fully rely on the Cloud Hypervisor CI infrastructure.

For example, to run the Cloud Hypervisor unit tests:

$ ./scripts/dev_cli.sh tests --unit

Run the ./scripts/dev_cli.sh --help command to view all the supported development script commands and their related options.

Run

You can run a guest VM by either using an existing cloud image or booting into your own kernel and disk image.

Cloud image

Cloud Hypervisor supports booting disk images containing all needed components to run cloud workloads, a.k.a. cloud images. To do that we rely on the Rust Hypervisor Firmware project to provide an ELF formatted KVM firmware for cloud-hypervisor to directly boot into.

We need to get the latest rust-hypervisor-firmware release and also a working cloud image. Here we will use a Ubuntu image:

$ pushd $CLOUDH
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-amd64.img focal-server-cloudimg-amd64.raw
$ wget https://github.com/cloud-hypervisor/rust-hypervisor-firmware/releases/download/0.2.8/hypervisor-fw
$ popd
$ pushd $CLOUDH
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor/target/release/cloud-hypervisor
$ ./cloud-hypervisor/target/release/cloud-hypervisor \
	--kernel ./hypervisor-fw \
	--disk path=focal-server-cloudimg-amd64.raw \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask=" \
	--rng
$ popd

Multiple arguments can be given to the --disk parameter.

Custom kernel and disk image

Building your kernel

Cloud Hypervisor also supports direct kernel boot into a vmlinux ELF kernel or bzImage. In order to support virtio-fs and virtio-iommu we have our own development branch. You are of course able to use your own kernel but these instructions will continue with the version that we develop and test against.

To build the kernel:


# Clone the Cloud Hypervisor Linux branch
$ pushd $CLOUDH
$ git clone --depth 1 https://github.com/cloud-hypervisor/linux.git -b virtio-fs-virtio-iommu-virtio-mem-5.6-rc4 linux-cloud-hypervisor
$ pushd linux-cloud-hypervisor

# Use the cloud-hypervisor kernel config to build your kernel
$ cp $CLOUDH/cloud-hypervisor/resources/linux-config-x86_64 .config
$ make bzImage -j `nproc`
$ popd

The vmlinux kernel image will then be located at linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin.

Disk image

For the disk image, we will use a Ubuntu cloud image that contains a root partition:

$ pushd $CLOUDH
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-amd64.img focal-server-cloudimg-amd64.raw
$ popd

Booting the guest VM

Now we can directly boot into our custom kernel and make it use the Ubuntu root partition. If we want to have 4 vCPUs and 512 MBytes of memory:

$ pushd $CLOUDH
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor/target/release/cloud-hypervisor
$ ./cloud-hypervisor/target/release/cloud-hypervisor \
	--kernel ./linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin \
	--disk path=focal-server-cloudimg-amd64.raw \
	--cmdline "console=hvc0 root=/dev/vda1 rw" \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask=" \
	--rng

The above example use the virtio-console device as the guest console, and this device may not be enabled soon enough by the guest kernel to get early kernel debug messages.

When in need for earlier debug messages, using the legacy serial device based console is preferred:

$ ./cloud-hypervisor/target/release/cloud-hypervisor \
	--kernel ./linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin \
	--console off \
	--serial tty \
	--disk path=focal-server-cloudimg-amd64.raw \
	--cmdline "console=ttyS0 root=/dev/vda1 rw" \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask=" \
	--rng

3. Status

Cloud Hypervisor is under active development. No API or feature stability is guaranteed.

As of 2020-07-02, the following cloud images are supported:

Direct kernel boot to userspace should work with a rootfs from most distributions.

Hot Plug

Cloud Hypervisor supports hotplug of CPUs, passthrough devices (VFIO), virtio-{net,block,pmem,fs,vsock} and memory resizing. This document details how to add devices to a running VM.

Device Model

Details of the device model can be found in this documentation.

TODO

We are not tracking the Cloud Hypervisor TODO list from a specific git tracked file but through github issues instead.

4. rust-vmm project dependency

In order to satisfy the design goal of having a high-performance, security-focused hypervisor the decision was made to use the Rust programming language. The language's strong focus on memory and thread safety makes it an ideal candidate for implementing VMMs.

Instead of implementing the VMM components from scratch, Cloud Hypervisor is importing the rust-vmm crates, and sharing code and architecture together with other VMMs like e.g. Amazon's Firecracker and Google's crosvm.

Cloud Hypervisor embraces the rust-vmm project goals, which is to be able to share and re-use as many virtualization crates as possible. As such, the Cloud Hypervisor relationship with the rust-vmm project is twofold:

  1. It will use as much of the rust-vmm code as possible. Any new rust-vmm crate that's relevant to the project goals will be integrated as soon as possible.
  2. As it is likely that the rust-vmm project will lack some of the features that Cloud Hypervisor needs (e.g. ACPI, VFIO, vhost-user, etc), we will be using the Cloud Hypervisor VMM to implement and test them, and contribute them back to the rust-vmm project.

Firecracker and crosvm

A large part of the Cloud Hypervisor code is based on either the Firecracker or the crosvm projects implementations. Both of these are VMMs written in Rust with a focus on safety and security, like Cloud Hypervisor.

However we want to emphasize that the Cloud Hypervisor project is neither a fork nor a reimplementation of any of those projects. The goals and use cases we're trying to meet are different. We're aiming at supporting cloud workloads, i.e. those modern, full Linux distribution images currently being run by Cloud Service Provider (CSP) tenants.

Our primary target is not to support client or serverless use cases, and as such our code base already diverges from the crosvm and Firecracker ones. As we add more features to support our use cases, we believe that the divergence will increase while at the same time sharing as much of the fundamental virtualization code through the rust-vmm project crates as possible.

5. Community

The Cloud Hypervisor project follows the governance, and community guidelines described in the Community repository.

Contribute

We are working on building a global, diverse and collaborative community around the Cloud Hypervisor project. Anyone who is interested in contributing to the project is welcome to participate.

We believe that contributing to a open source project like Cloud Hypervisor covers a lot more than just sending code. Testing, documentation, pull request reviews, bug reports, feature requests, project improvement suggestions, etc, are all equal and welcome means of contribution. See the CONTRIBUTING document for more details.

Join us

Get an invite to our Slack channel and join us on Slack.