A Virtual Machine Monitor for modern Cloud workloads.
Go to file
Jinank Jain 8914ce9da8 build: Bump mshv-ioctls from 10d0c52 to ef01a5a
With this bump there was a change in one of the externally exposed
variable. Thus, the use of that variable in CLH must be adjusted
accordingly.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
2022-12-20 10:10:34 +00:00
.github .github: Add musl variants to quality (clippy) checks 2022-12-07 17:50:48 +00:00
acpi_tables acpi_tables: sdt: Implement Std::is_empty() 2022-12-13 18:10:42 +00:00
api_client misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
arch build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
block_util block_util: Use anonymous case to handle ioctl signature difference 2022-12-13 18:10:42 +00:00
devices misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
docs docs: update UEFI.md to reference upstream tianocore EDK2 repository 2022-12-13 18:16:34 +01:00
event_monitor build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
fuzz build: Bump serde_json from 1.0.89 to 1.0.91 in /fuzz 2022-12-19 23:18:39 +00:00
hypervisor build: Bump mshv-ioctls from 10d0c52 to ef01a5a 2022-12-20 10:10:34 +00:00
net_gen build: Bulk update dependencies 2022-11-28 16:57:49 +00:00
net_util build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
option_parser misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
pci build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
performance-metrics build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
qcow misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
rate_limiter misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
resources build: Update development container to Rust 1.62 2022-07-05 11:50:46 +01:00
scripts tests: Enable VFIO integration tests 2022-11-25 08:55:14 +00:00
serial_buffer vmm: Move SerialBuffer to its own crate 2022-08-30 13:47:51 +02:00
src misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
test_data/cloud-init/ubuntu test_data: Use bash TCP support instead of netcat for boot check 2022-10-12 23:04:42 +01:00
test_infra build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
tests misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
tpm misc: Bulk update dependencies 2022-12-07 18:24:58 +00:00
tracer build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
vfio_user build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
vhdx misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
vhost_user_block misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
vhost_user_net misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
virtio-devices build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
vm-allocator build: Bump libc from 0.2.137 to 0.2.138 2022-12-06 00:10:07 +00:00
vm-device build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
vm-migration build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
vm-virtio misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
vmm build: Bump serde from 1.0.150 to 1.0.151 2022-12-17 00:08:58 +00:00
.gitignore .build: Add .vscode to .gitignore 2022-12-14 14:27:32 +00:00
.rustfmt.toml build: migrate to Rust 2021 edition 2022-04-11 09:51:12 +01:00
build.rs misc: Automatically fix cargo clippy issues added in 1.65 (stable) 2022-12-14 14:27:19 +00:00
Cargo.lock build: Bump mshv-ioctls from 10d0c52 to ef01a5a 2022-12-20 10:10:34 +00:00
Cargo.toml build: Bump libc from 0.2.137 to 0.2.138 2022-12-06 00:10:07 +00:00
CODE_OF_CONDUCT.md cloud-hypervisor: Adopt the Contributor Covenant code of conduct 2019-05-12 23:15:30 +02:00
CODEOWNERS ci: Adding a CODEOWNERS file 2022-05-18 14:03:37 +01:00
CONTRIBUTING.md CONTRIBUTING.md: Add sample pre-commit hook 2022-08-16 09:42:39 +01:00
CREDITS.md cloud-hypervisor: Add CREDITS 2019-05-12 23:15:30 +02:00
Jenkinsfile build: Skip Jenkins build on .github only changes 2022-12-16 09:39:55 +00:00
LICENSE-APACHE cloud-hypervisor: Add proper licensing 2019-05-09 15:44:17 +02:00
LICENSE-BSD-3-Clause cloud-hypervisor: Add proper licensing 2019-05-09 15:44:17 +02:00
MAINTAINERS.md docs: Update MAINTAINERS.md 2021-07-29 14:40:31 +02:00
README.md docs: Consolidate AArch64 guest booting doc into README 2022-12-13 13:38:11 +00:00
release-notes.md build: Release v28.0 2022-11-17 15:40:14 +00:00

1. What is Cloud Hypervisor?

Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on top of the KVM hypervisor and the Microsoft Hypervisor (MSHV).

The project focuses on running modern, Cloud Workloads, on specific, common, hardware architectures. In this case Cloud Workloads refers to those that are run by customers inside a Cloud Service Provider. This means modern operating systems with most I/O handled by paravirtualised devices (e.g. virtio), no requirement for legacy devices, and 64-bit CPUs.

Cloud Hypervisor is implemented in Rust and is based on the Rust VMM crates.

Objectives

High Level

  • Runs on KVM or MSHV
  • Minimal emulation
  • Low latency
  • Low memory footprint
  • Low complexity
  • High performance
  • Small attack surface
  • 64-bit support only
  • CPU, memory, PCI hotplug
  • Machine to machine migration

Architectures

Cloud Hypervisor supports the x86-64 and AArch64 architectures. There are minor differences in functionality between the two architectures (see #1125).

Guest OS

Cloud Hypervisor supports 64-bit Linux and Windows 10/Windows Server 2019.

2. Getting Started

The following sections describe how to build and run Cloud Hypervisor.

Prerequisites for AArch64

  • AArch64 servers (recommended) or development boards equipped with the GICv3 interrupt controller.

Host OS

For required KVM functionality the minimum host kernel version is 4.11. For adequate performance the minimum recommended host kernel version is 5.6. The majority of the CI currently tests with kernel version 5.15.

Use Pre-built Binaries

The recommended approach to getting started with Cloud Hypervisor is by using a pre-built binary. Binaries are available for the latest release. Use cloud-hypervisor-static for x86-64 or cloud-hypervisor-static-aarch64 for AArch64 platform.

Packages

For convenience, packages are also available targeting some popular Linux distributions. This is thanks to the Open Build Service. The OBS README explains how to enable the repository in a supported Linux distribution and install Cloud Hypervisor and accompanying packages. Please report any packaging issues in the obs-packaging repository.

Building from Source

Please see the instructions for building from source if you do not wish to use the pre-built binaries.

Booting Linux

Cloud Hypervisor supports direct kernel boot (the x86-64 kernel requires the kernel built with PVH support) or booting via a firmware (either Rust Hypervisor Firmware or an edk2 UEFI firmware called CLOUDHV / CLOUDHV_EFI.)

Binary builds of the firmware files are available for the latest release of Rust Hyperivor Firmware and our edk2 repository

The choice of firmware depends on your guest OS choice; some experimentation may be required.

Firmware Booting

Cloud Hypervisor supports booting disk images containing all needed components to run cloud workloads, a.k.a. cloud images.

The following sample commands will download an Ubuntu Cloud image, converting it into a format that Cloud Hypervisor can use and a firmware to boot the image with.

$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-amd64.img focal-server-cloudimg-amd64.raw
$ wget https://github.com/cloud-hypervisor/rust-hypervisor-firmware/releases/download/0.4.2/hypervisor-fw

The Ubuntu cloud images do not ship with a default password so it necessary to use a cloud-init disk image to customise the image on the first boot. A basic cloud-init image is generated by this script. This seeds the image with a default username/password of cloud/cloud123. It is only necessary to add this disk image on the first boot.

$ sudo setcap cap_net_admin+ep ./cloud-hypervisor
$ ./create-cloud-init.sh
$ ./cloud-hypervisor \
	--kernel ./hypervisor-fw \
	--disk path=focal-server-cloudimg-amd64.raw path=/tmp/ubuntu-cloudinit.img \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask="

If access to the firmware messages or interaction with the boot loader (e.g. GRUB) is required then it necessary to switch to the serial console instead of virtio-console.

$ ./cloud-hypervisor \
	--kernel ./hypervisor-fw \
	--disk path=focal-server-cloudimg-amd64.raw path=/tmp/ubuntu-cloudinit.img \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask=" \
	--serial tty \
	--console off

Custom Kernel and Disk Image

Building your Kernel

Cloud Hypervisor also supports direct kernel boot. For x86-64, a vmlinux ELF kernel (compiled with PVH support) is needed. In order to support development there is a custom branch; however provided the required options are enabled any recent kernel will suffice.

To build the kernel:

# Clone the Cloud Hypervisor Linux branch
$ git clone --depth 1 https://github.com/cloud-hypervisor/linux.git -b ch-5.15.12 linux-cloud-hypervisor
$ pushd linux-cloud-hypervisor
# Use the x86-64 cloud-hypervisor kernel config to build your kernel for x86-64
$ wget https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/main/resources/linux-config-x86_64
# Use the AArch64 cloud-hypervisor kernel config to build your kernel for AArch64
$ wget https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/main/resources/linux-config-aarch64
$ cp linux-config-x86_64 .config  # x86-64
$ cp linux-config-aarch64 .config # AArch64
# Do native build of the x86-64 kernel
$ KCFLAGS="-Wa,-mx86-used-note=no" make bzImage -j `nproc`
# Do native build of the AArch64 kernel
$ make -j `nproc`
$ popd

For x86-64, the vmlinux kernel image will then be located at linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin. For AArch64, the Image kernel image will then be located at linux-cloud-hypervisor/arch/arm64/boot/Image.

Disk image

For the disk image the same Ubuntu image as before can be used. This contains an ext4 root filesystem.

$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img # x86-64
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-arm64.img # AArch64
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-amd64.img focal-server-cloudimg-amd64.raw # x86-64
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-arm64.img focal-server-cloudimg-arm64.raw # AArch64

Booting the guest VM

These sample commands boot the disk image using the custom kernel whilst also supplying the desired kernel command line.

  • x86-64
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor
$ ./create-cloud-init.sh
$ ./cloud-hypervisor \
	--kernel ./linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin \
	--disk path=focal-server-cloudimg-amd64.raw path=/tmp/ubuntu-cloudinit.img \
	--cmdline "console=hvc0 root=/dev/vda1 rw" \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask="
  • AArch64
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor
$ ./create-cloud-init.sh
$ ./cloud-hypervisor \
	--kernel ./linux-cloud-hypervisor/arch/arm64/boot/Image \
	--disk path=focal-server-cloudimg-arm64.raw path=/tmp/ubuntu-cloudinit.img \
	--cmdline "console=hvc0 root=/dev/vda1 rw" \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask="

If earlier kernel messages are required the serial console should be used instead of virtio-console.

  • x86-64
$ ./cloud-hypervisor \
	--kernel ./linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin \
	--console off \
	--serial tty \
	--disk path=focal-server-cloudimg-amd64.raw \
	--cmdline "console=ttyS0 root=/dev/vda1 rw" \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask="
  • AArch64
$ ./cloud-hypervisor \
	--kernel ./linux-cloud-hypervisor/arch/arm64/boot/Image \
	--console off \
	--serial tty \
	--disk path=focal-server-cloudimg-arm64.raw \
	--cmdline "console=ttyAMA0 root=/dev/vda1 rw" \
	--cpus boot=4 \
	--memory size=1024M \
	--net "tap=,mac=,ip=,mask="

3. Status

Cloud Hypervisor is under active development. The following stability guarantees are currently made:

  • The API (including command line options) will not be removed or changed in a breaking way without a minimum of 2 major releases notice. Where possible warnings will be given about the use of deprecated functionality and the deprecations will be documented in the release notes.

  • Point releases will be made between individual releases where there are substantial bug fixes or security issues that need to be fixed. These point releases will only include bug fixes.

Currently the following items are not guaranteed across updates:

  • Snapshot/restore is not supported across different versions
  • Live migration is not supported across different versions
  • The following features are considered experimental and may change substantially between releases: TDX, vfio-user, vDPA.

Further details can be found in the release documentation.

As of 2022-10-13, the following cloud images are supported:

Direct kernel boot to userspace should work with a rootfs from most distributions although you may need to enable exotic filesystem types in the reference kernel configuration (e.g. XFS or btrfs.)

Hot Plug

Cloud Hypervisor supports hotplug of CPUs, passthrough devices (VFIO), virtio-{net,block,pmem,fs,vsock} and memory resizing. This document details how to add devices to a running VM.

Device Model

Details of the device model can be found in this documentation.

Roadmap

The project roadmap is tracked through a GitHub project.

4. Relationship with Rust VMM Project

In order to satisfy the design goal of having a high-performance, security-focused hypervisor the decision was made to use the Rust programming language. The language's strong focus on memory and thread safety makes it an ideal candidate for implementing VMMs.

Instead of implementing the VMM components from scratch, Cloud Hypervisor is importing the Rust VMM crates, and sharing code and architecture together with other VMMs like e.g. Amazon's Firecracker and Google's crosvm.

Cloud Hypervisor embraces the Rust VMM project's goals, which is to be able to share and re-use as many virtualization crates as possible.

Differences with Firecracker and crosvm

A large part of the Cloud Hypervisor code is based on either the Firecracker or the crosvm project's implementations. Both of these are VMMs written in Rust with a focus on safety and security, like Cloud Hypervisor.

The goal of the Cloud Hypervisor project differs from the aforementioned projects in that it aims to be a general purpose VMM for Cloud Workloads and not limited to container/serverless or client workloads.

The Cloud Hypervisor community thanks the communities of both the Firecracker and crosvm projects for their excellent work.

5. Community

The Cloud Hypervisor project follows the governance, and community guidelines described in the Community repository.

Contribute

The project strongly believes in building a global, diverse and collaborative community around the Cloud Hypervisor project. Anyone who is interested in contributing to the project is welcome to participate.

Contributing to a open source project like Cloud Hypervisor covers a lot more than just sending code. Testing, documentation, pull request reviews, bug reports, feature requests, project improvement suggestions, etc, are all equal and welcome means of contribution. See the CONTRIBUTING document for more details.

Slack

Get an invite to our Slack channel and join us on Slack.

Mailing list

Please report bugs using the GitHub issue tracker but for broader community discussions you may use our mailing list.

Security issues

Please contact the maintainers listed in the MAINTAINERS.md file with security issues.