From 61430fb345dffcaa56bd184299ba32d848f31eb6 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 22 Feb 2024 09:38:25 +0000 Subject: [PATCH 01/63] build: Add GitHub action for unit/integration testing Signed-off-by: Rob Bradford (cherry picked from commit 307a0166c5c0bd623f26f5701d9ee60f3b6641be) --- .github/workflows/integration-x86-64.yaml | 38 +++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/integration-x86-64.yaml diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml new file mode 100644 index 0000000000..5252b87a1c --- /dev/null +++ b/.github/workflows/integration-x86-64.yaml @@ -0,0 +1,38 @@ +name: Cloud Hypervisor Tests (x86-64) +on: [pull_request, create] + +jobs: + build: + if: github.event_name == 'pull_request' + name: Tests (x86-64) + runs-on: garm-jammy + steps: + - name: Code checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Install Docker + run: | + sudo apt-get update + sudo apt-get -y install ca-certificates curl gnupg + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + sudo chmod a+r /usr/share/keyrings/docker-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + sudo apt-get update + sudo apt install -y docker-ce docker-ce-cli + - name: Prepare for VDPA + run: scripts/prepare_vdpa.sh + - name: Run unit tests + run: scripts/dev_cli.sh tests --unit + - name: Load openvswitch module + run: sudo modprobe openvswitch + - name: Run integration tests + run: scripts/dev_cli.sh tests --integration + - name: Run live-migration integration tests + run: scripts/dev_cli.sh tests --integration-live-migration + - name: Run unit tests (musl) + run: scripts/dev_cli.sh tests --unit --libc musl + - name: Run integration tests (musl) + run: scripts/dev_cli.sh tests --integration --libc musl + - name: Run live-migration integration tests (musl) + run: scripts/dev_cli.sh tests --integration-live-migration --libc musl \ No newline at end of file From 8b0d43e2fe58951f5764e4f12021b5d2ed9b271a Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 22 Feb 2024 11:22:27 +0000 Subject: [PATCH 02/63] build: Add GitHub action for ARM64 integration tests Signed-off-by: Rob Bradford (cherry picked from commit 89f2a4882ebb6f5416d531e72577399b55aca4d3) --- .github/workflows/integration-arm64.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/integration-arm64.yaml diff --git a/.github/workflows/integration-arm64.yaml b/.github/workflows/integration-arm64.yaml new file mode 100644 index 0000000000..fc48655c50 --- /dev/null +++ b/.github/workflows/integration-arm64.yaml @@ -0,0 +1,19 @@ +name: Cloud Hypervisor Tests (ARM64) +on: [pull_request, create] + +jobs: + build: + if: github.event_name == 'pull_request' + name: Tests (ARM64) + runs-on: focal-arm64 + steps: + - name: Code checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Run unit tests + run: scripts/dev_cli.sh tests --unit + - name: Load openvswitch module + run: sudo modprobe openvswitch + - name: Run integration tests + run: scripts/dev_cli.sh tests --integration \ No newline at end of file From 78f0f30751f9b255496671ef63f0405145d20e57 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 22 Feb 2024 12:02:07 +0000 Subject: [PATCH 03/63] tests: Remove download of unused bionic image for aarch64 The bionic image was being downloaded and converted but no test uses this image any longer. Signed-off-by: Rob Bradford (cherry picked from commit 6930370a03f8764b0054925515420fd20f3169df) --- scripts/run_integration_tests_aarch64.sh | 27 ------------------------ scripts/sha1sums-aarch64 | 3 --- tests/integration.rs | 1 - 3 files changed, 31 deletions(-) diff --git a/scripts/run_integration_tests_aarch64.sh b/scripts/run_integration_tests_aarch64.sh index 3dd38b7803..e8ecb0e3aa 100755 --- a/scripts/run_integration_tests_aarch64.sh +++ b/scripts/run_integration_tests_aarch64.sh @@ -53,33 +53,6 @@ build_virtiofsd() { update_workloads() { cp scripts/sha1sums-aarch64 $WORKLOADS_DIR - BIONIC_OS_IMAGE_DOWNLOAD_NAME="bionic-server-cloudimg-arm64.img" - BIONIC_OS_IMAGE_DOWNLOAD_URL="https://cloud-hypervisor.azureedge.net/$BIONIC_OS_IMAGE_DOWNLOAD_NAME" - BIONIC_OS_DOWNLOAD_IMAGE="$WORKLOADS_DIR/$BIONIC_OS_IMAGE_DOWNLOAD_NAME" - if [ ! -f "$BIONIC_OS_DOWNLOAD_IMAGE" ]; then - pushd $WORKLOADS_DIR - time wget --quiet $BIONIC_OS_IMAGE_DOWNLOAD_URL || exit 1 - popd - fi - - BIONIC_OS_RAW_IMAGE_NAME="bionic-server-cloudimg-arm64.raw" - BIONIC_OS_RAW_IMAGE="$WORKLOADS_DIR/$BIONIC_OS_RAW_IMAGE_NAME" - if [ ! -f "$BIONIC_OS_RAW_IMAGE" ]; then - pushd $WORKLOADS_DIR - time qemu-img convert -p -f qcow2 -O raw $BIONIC_OS_IMAGE_DOWNLOAD_NAME $BIONIC_OS_RAW_IMAGE_NAME || exit 1 - popd - fi - - # Convert the raw image to qcow2 image to remove compressed blocks from the disk. Therefore letting the - # qcow2 format image can be directly used in the integration test. - BIONIC_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME="bionic-server-cloudimg-arm64.qcow2" - BIONIC_OS_QCOW2_UNCOMPRESSED_IMAGE="$WORKLOADS_DIR/$BIONIC_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME" - if [ ! -f "$BIONIC_OS_QCOW2_UNCOMPRESSED_IMAGE" ]; then - pushd $WORKLOADS_DIR - time qemu-img convert -p -f raw -O qcow2 $BIONIC_OS_RAW_IMAGE_NAME $BIONIC_OS_QCOW2_UNCOMPRESSED_IMAGE || exit 1 - popd - fi - FOCAL_OS_RAW_IMAGE_NAME="focal-server-cloudimg-arm64-custom-20210929-0.raw" FOCAL_OS_RAW_IMAGE_DOWNLOAD_URL="https://cloud-hypervisor.azureedge.net/$FOCAL_OS_RAW_IMAGE_NAME" FOCAL_OS_RAW_IMAGE="$WORKLOADS_DIR/$FOCAL_OS_RAW_IMAGE_NAME" diff --git a/scripts/sha1sums-aarch64 b/scripts/sha1sums-aarch64 index a3c0af386d..4585509712 100644 --- a/scripts/sha1sums-aarch64 +++ b/scripts/sha1sums-aarch64 @@ -1,6 +1,3 @@ -6fee67adbfed8db7a225be23ee9d90b5bd7f19e6 bionic-server-cloudimg-arm64.img -786fe1c33588334e92b35c65e414da068df180bc bionic-server-cloudimg-arm64.raw -6e66f9f4b01adc72c884c1c1111e60afadc9c871 bionic-server-cloudimg-arm64.qcow2 e4addb6e212a298144f9eb0eb6e36019d013f0e7 alpine-minirootfs-aarch64.tar.gz 25b4f9ac308898d63b73d7db0e0e2d4768853723 focal-server-cloudimg-arm64-custom-20210929-0.qcow2 9953b31bb1923cdd8d91b1b7cc9ad3a9be1e0a59 focal-server-cloudimg-arm64-custom-20210929-0.raw diff --git a/tests/integration.rs b/tests/integration.rs index 5b21eb0527..0d4ed78806 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -53,7 +53,6 @@ use x86_64::*; #[cfg(target_arch = "aarch64")] mod aarch64 { - pub const BIONIC_IMAGE_NAME: &str = "bionic-server-cloudimg-arm64.raw"; pub const FOCAL_IMAGE_NAME: &str = "focal-server-cloudimg-arm64-custom-20210929-0.raw"; pub const FOCAL_IMAGE_UPDATE_KERNEL_NAME: &str = "focal-server-cloudimg-arm64-custom-20210929-0-update-kernel.raw"; From bc84ac46996ec996fd77c59e2888ab9ab39aa016 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 22 Feb 2024 12:26:41 +0000 Subject: [PATCH 04/63] build: Extend x86-64 GitHub action to AMD runner Use the matrix to add a build runnind on the AMD variant of the garm runner. Signed-off-by: Rob Bradford (cherry picked from commit 84a6da5e93f15b1df4e088255f51e2840b15c041) --- .github/workflows/integration-x86-64.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml index 5252b87a1c..c646c65594 100644 --- a/.github/workflows/integration-x86-64.yaml +++ b/.github/workflows/integration-x86-64.yaml @@ -3,9 +3,12 @@ on: [pull_request, create] jobs: build: + strategy: + matrix: + runner: ["garm-jammy", "garm-jammy-amd"] if: github.event_name == 'pull_request' name: Tests (x86-64) - runs-on: garm-jammy + runs-on: ${{ matrix.runner }} steps: - name: Code checkout uses: actions/checkout@v4 From 6e544d0a30d260df5b35006b6668ccce1c17c0f2 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 22 Feb 2024 16:17:09 +0000 Subject: [PATCH 05/63] build: Switch GitHub action ARM64 builds to musl Signed-off-by: Rob Bradford (cherry picked from commit 6ec83c7d8ee17e7db00a8e0be70484145d7171aa) --- .github/workflows/integration-arm64.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/integration-arm64.yaml b/.github/workflows/integration-arm64.yaml index fc48655c50..da6e9432e1 100644 --- a/.github/workflows/integration-arm64.yaml +++ b/.github/workflows/integration-arm64.yaml @@ -11,9 +11,9 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Run unit tests - run: scripts/dev_cli.sh tests --unit + - name: Run unit tests (musl) + run: scripts/dev_cli.sh tests --unit --libc musl - name: Load openvswitch module run: sudo modprobe openvswitch - - name: Run integration tests - run: scripts/dev_cli.sh tests --integration \ No newline at end of file + - name: Run integration tests (musl) + run: scripts/dev_cli.sh tests --integration --libc musl \ No newline at end of file From b312a970efa8a2218ac363c0d67e361c770f91b7 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 22 Feb 2024 16:19:01 +0000 Subject: [PATCH 06/63] build: Disable "fail fast" on x86-64 GitHub action This will help handle flakiness in the builds by requiring the minimum number of restarts. Signed-off-by: Rob Bradford (cherry picked from commit d32de07be7a1fb2e5dea1a09906578107ed9b5df) --- .github/workflows/integration-x86-64.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml index c646c65594..c783801b84 100644 --- a/.github/workflows/integration-x86-64.yaml +++ b/.github/workflows/integration-x86-64.yaml @@ -4,6 +4,7 @@ on: [pull_request, create] jobs: build: strategy: + fail-fast: false matrix: runner: ["garm-jammy", "garm-jammy-amd"] if: github.event_name == 'pull_request' From 23f149066756f286c48806bf6ce1c09398f3254a Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 22 Feb 2024 16:22:55 +0000 Subject: [PATCH 07/63] build: Add libc to matrix for x86-64 tests To reduce issues caused by flaky tests split the musl and glibc jobs into separate jobs. This means fewer jobs will need to be restarted for flaky tests. This will also increase CI throughput since the musl builds account for ~40% of the total CI time when run together with glibc. Signed-off-by: Rob Bradford (cherry picked from commit 2e4079becb785e1b948b9cd4ae97ca3ab846a9ef) --- .github/workflows/integration-x86-64.yaml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml index c783801b84..4eecbaa626 100644 --- a/.github/workflows/integration-x86-64.yaml +++ b/.github/workflows/integration-x86-64.yaml @@ -6,7 +6,8 @@ jobs: strategy: fail-fast: false matrix: - runner: ["garm-jammy", "garm-jammy-amd"] + runner: ["garm-jammy", "garm-jammy-amd"] + libc: ["musl", "gnu"] if: github.event_name == 'pull_request' name: Tests (x86-64) runs-on: ${{ matrix.runner }} @@ -31,12 +32,6 @@ jobs: - name: Load openvswitch module run: sudo modprobe openvswitch - name: Run integration tests - run: scripts/dev_cli.sh tests --integration + run: scripts/dev_cli.sh tests --integration --libc ${{ matrix.libc }} - name: Run live-migration integration tests - run: scripts/dev_cli.sh tests --integration-live-migration - - name: Run unit tests (musl) - run: scripts/dev_cli.sh tests --unit --libc musl - - name: Run integration tests (musl) - run: scripts/dev_cli.sh tests --integration --libc musl - - name: Run live-migration integration tests (musl) - run: scripts/dev_cli.sh tests --integration-live-migration --libc musl \ No newline at end of file + run: scripts/dev_cli.sh tests --integration-live-migration --libc ${{ matrix.libc }} From d1953633e2a1e8079e8e2920b7b452e9161a5937 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 22 Feb 2024 17:22:24 +0000 Subject: [PATCH 08/63] build: Add some timeouts to integration test workflow Add top-level timeout for the jobs and also more agressive per step timeouts. Signed-off-by: Rob Bradford (cherry picked from commit 1fe2771a0ddb05d5e952eb67a18a34d656efe3a7) --- .github/workflows/integration-arm64.yaml | 2 ++ .github/workflows/integration-x86-64.yaml | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration-arm64.yaml b/.github/workflows/integration-arm64.yaml index da6e9432e1..ee13b7816b 100644 --- a/.github/workflows/integration-arm64.yaml +++ b/.github/workflows/integration-arm64.yaml @@ -3,6 +3,7 @@ on: [pull_request, create] jobs: build: + timeout-minutes: 60 if: github.event_name == 'pull_request' name: Tests (ARM64) runs-on: focal-arm64 @@ -16,4 +17,5 @@ jobs: - name: Load openvswitch module run: sudo modprobe openvswitch - name: Run integration tests (musl) + timeout-minutes: 30 run: scripts/dev_cli.sh tests --integration --libc musl \ No newline at end of file diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml index 4eecbaa626..15204c82c0 100644 --- a/.github/workflows/integration-x86-64.yaml +++ b/.github/workflows/integration-x86-64.yaml @@ -3,6 +3,7 @@ on: [pull_request, create] jobs: build: + timeout-minutes: 60 strategy: fail-fast: false matrix: @@ -28,10 +29,12 @@ jobs: - name: Prepare for VDPA run: scripts/prepare_vdpa.sh - name: Run unit tests - run: scripts/dev_cli.sh tests --unit + run: scripts/dev_cli.sh tests --unit --libc ${{ matrix.libc }} - name: Load openvswitch module run: sudo modprobe openvswitch - name: Run integration tests + timeout-minutes: 40 run: scripts/dev_cli.sh tests --integration --libc ${{ matrix.libc }} - name: Run live-migration integration tests + timeout-minutes: 20 run: scripts/dev_cli.sh tests --integration-live-migration --libc ${{ matrix.libc }} From e082ed23edd5632a90b0bb4e3cb56c29dbdf909c Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Thu, 22 Feb 2024 21:38:26 +0200 Subject: [PATCH 09/63] build: Add GitHub action for SGX integration tests Signed-off-by: Ravi kumar Veeramally (cherry picked from commit 4fb86e99150eb428d0c35e44cd83b020c10bb7a6) --- .github/workflows/integration-sgx.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/integration-sgx.yaml diff --git a/.github/workflows/integration-sgx.yaml b/.github/workflows/integration-sgx.yaml new file mode 100644 index 0000000000..fdb865ec86 --- /dev/null +++ b/.github/workflows/integration-sgx.yaml @@ -0,0 +1,22 @@ +name: Cloud Hypervisor Tests (SGX) +on: + push: + branches: + - main + +jobs: + build: + if: github.event_name == 'push' + name: Tests (SGX) + runs-on: jammy-sgx + steps: + - name: Code checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Run SGX integration tests + timeout-minutes: 10 + run: scripts/dev_cli.sh tests --integration-sgx + - name: Run SGX integration tests for musl + timeout-minutes: 10 + run: scripts/dev_cli.sh tests --integration-sgx --libc musl From ea12024793b9f3cdf8faa563f1e008d5d6bee48e Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Thu, 22 Feb 2024 20:07:03 +0200 Subject: [PATCH 10/63] build: Add GitHub action for VFIO integration tests Signed-off-by: Ravi kumar Veeramally (cherry picked from commit b765acd6081c0d2e3e88f2d2f1a4db38661c3d37) --- .github/workflows/integration-vfio.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/integration-vfio.yaml diff --git a/.github/workflows/integration-vfio.yaml b/.github/workflows/integration-vfio.yaml new file mode 100644 index 0000000000..1124affce4 --- /dev/null +++ b/.github/workflows/integration-vfio.yaml @@ -0,0 +1,22 @@ +name: Cloud Hypervisor Tests (VFIO) +on: + push: + branches: + - main + +jobs: + build: + if: github.event_name == 'push' + name: Tests (VFIO) + runs-on: jammy-vfio + steps: + - name: Code checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Run VFIO integration tests + timeout-minutes: 15 + run: scripts/dev_cli.sh tests --integration-vfio + - name: Run VFIO integration tests for musl + timeout-minutes: 15 + run: scripts/dev_cli.sh tests --integration-vfio --libc musl From 690e10eef4296177b314c3bf4fa53d39313eff2e Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Mon, 26 Feb 2024 20:22:21 +0200 Subject: [PATCH 11/63] build: Add GitHub action for Rate Limiter integration tests Signed-off-by: Ravi kumar Veeramally (cherry picked from commit 57fb97e41f7dbeb5c7b588646940d53b2bae2cc8) --- .../workflows/integration-rate-limiter.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/integration-rate-limiter.yaml diff --git a/.github/workflows/integration-rate-limiter.yaml b/.github/workflows/integration-rate-limiter.yaml new file mode 100644 index 0000000000..2a30359313 --- /dev/null +++ b/.github/workflows/integration-rate-limiter.yaml @@ -0,0 +1,18 @@ +name: Cloud Hypervisor Tests (Rate-Limiter) +on: + push: + branches: + - main + +jobs: + build: + name: Tests (Rate-Limiter) + runs-on: jammy-rate-limiter + steps: + - name: Code checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Run rate-limiter integration tests + timeout-minutes: 10 + run: scripts/dev_cli.sh tests --integration-rate-limiter From 5fc018abddc13b65520e8247c2f65a3af189f1c9 Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Tue, 27 Feb 2024 20:23:34 +0200 Subject: [PATCH 12/63] build: Add GitHub action for Windows guest integration tests Signed-off-by: Ravi kumar Veeramally Signed-off-by: Rob Bradford (cherry picked from commit ba6bfee4fffa892a4f8e9a31b65a108786a65261) --- .github/workflows/integration-windows.yaml | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/integration-windows.yaml diff --git a/.github/workflows/integration-windows.yaml b/.github/workflows/integration-windows.yaml new file mode 100644 index 0000000000..fcfdbd5532 --- /dev/null +++ b/.github/workflows/integration-windows.yaml @@ -0,0 +1,38 @@ +name: Cloud Hypervisor Tests (Windows Guest) +on: [pull_request, create] + +jobs: + build: + name: Tests (Windows Guest) + runs-on: garm-jammy + steps: + - name: Code checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Install Docker + run: | + sudo apt-get update + sudo apt-get -y install ca-certificates curl gnupg + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + sudo chmod a+r /usr/share/keyrings/docker-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + sudo apt-get update + sudo apt install -y docker-ce docker-ce-cli + - name: Install Azure CLI + run: | + sudo apt install -y ca-certificates curl apt-transport-https lsb-release gnupg + curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null + echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ jammy main" | sudo tee /etc/apt/sources.list.d/azure-cli.list + sudo apt update + sudo apt install -y azure-cli + - name: Download Windows image + run: | + mkdir $HOME/workloads + az storage blob download --container-name private-images --file "$HOME/workloads/windows-server-2022-amd64-2.raw" --name windows-server-2022-amd64-2.raw --connection-string "${{ secrets.CH_PRIVATE_IMAGES }}" + - name: Run Windows guest integration tests + timeout-minutes: 15 + run: scripts/dev_cli.sh tests --integration-windows + - name: Run Windows guest integration tests for musl + timeout-minutes: 15 + run: scripts/dev_cli.sh tests --integration-windows --libc musl From 878c2275a27f440670870749158e91ee5ac8c7ac Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Tue, 27 Feb 2024 15:41:39 -0800 Subject: [PATCH 13/63] ci: Remove Jenkinsfile Most of our CI workers are now running form GitHub actions, so we are ready to disable Jenkins CI workers. See: #6231 Signed-off-by: Bo Chen (cherry picked from commit 1d098949b9f3ed7965d3ff0d4fc1fcb348f33506) --- Jenkinsfile | 530 --------------------------------------- scripts/gitlint/rules.py | 2 +- 2 files changed, 1 insertion(+), 531 deletions(-) delete mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 5f14f52932..0000000000 --- a/Jenkinsfile +++ /dev/null @@ -1,530 +0,0 @@ -def runWorkers = true -pipeline { - agent none - options { - timeout(time: 4, unit: 'HOURS') - } - stages { - stage('Early checks') { - agent { node { label 'built-in' } } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Check if worker build can be skipped') { - when { - expression { - return skipWorkerBuild() - } - } - steps { - script { - runWorkers = false - echo 'No changes requiring a build' - } - } - } - stage('Check for RFC/WIP builds') { - when { - changeRequest comparator: 'REGEXP', title: '.*(rfc|RFC|wip|WIP).*' - beforeAgent true - } - steps { - error('Failing as this is marked as a WIP or RFC PR.') - } - } - stage('Cancel older builds') { - when { not { branch 'main' } } - steps { - cancelPreviousBuilds() - } - } - } - } - stage('Build') { - parallel { - stage('Worker build') { - agent { node { label 'jammy' } } - when { - beforeAgent true - expression { - return runWorkers - } - } - environment { - AUTH_DOWNLOAD_TOKEN = credentials('8a26fd74-d40e-414c-9132-ff3f867806ef') - } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Prepare environment') { - steps { - sh 'scripts/prepare_vdpa.sh' - } - } - stage('Run unit tests') { - steps { - sh 'scripts/dev_cli.sh tests --unit' - } - } - stage('Run integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration' - } - } - stage('Run live-migration integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration-live-migration' - } - } - stage('Run unit tests for musl') { - steps { - sh 'scripts/dev_cli.sh tests --unit --libc musl' - } - } - stage('Run integration tests for musl') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration --libc musl' - } - } - stage('Run live-migration integration tests for musl') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration-live-migration --libc musl' - } - } - } - } - stage('Worker build - AMD') { - agent { node { label 'jammy-amd' } } - when { - beforeAgent true - expression { - return runWorkers - } - } - environment { - AUTH_DOWNLOAD_TOKEN = credentials('8a26fd74-d40e-414c-9132-ff3f867806ef') - } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Prepare environment') { - steps { - sh 'scripts/prepare_vdpa.sh' - } - } - stage('Run integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration -- -- --skip common_parallel::test_vfio' - } - } - stage('Run live-migration integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration-live-migration' - } - } - stage('Run integration tests for musl') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration --libc musl -- -- --skip common_parallel::test_vfio' - } - } - stage('Run live-migration integration tests for musl') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration-live-migration --libc musl' - } - } - } - } - stage('AArch64 worker build') { - agent { node { label 'bionic-arm64' } } - when { - beforeAgent true - expression { - return runWorkers - } - } - environment { - AZURE_CONNECTION_STRING = credentials('46b4e7d6-315f-4cc1-8333-b58780863b9b') - } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Run unit tests') { - steps { - sh 'scripts/dev_cli.sh tests --unit --libc musl' - } - } - stage('Run integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'sudo modprobe openvswitch' - sh 'scripts/dev_cli.sh tests --integration --libc musl' - } - } - stage('Install azure-cli') { - steps { - installAzureCli('focal', 'arm64') - } - } - stage('Download Windows image') { - steps { - sh '''#!/bin/bash -x - IMG_BASENAME=windows-11-iot-enterprise-aarch64.raw - IMG_PATH=$HOME/workloads/$IMG_BASENAME - IMG_GZ_PATH=$HOME/workloads/$IMG_BASENAME.gz - IMG_GZ_BLOB_NAME=windows-11-iot-enterprise-aarch64-9-min.raw.gz - cp "scripts/$IMG_BASENAME.sha1" "$HOME/workloads/" - pushd "$HOME/workloads" - if sha1sum "$IMG_BASENAME.sha1" --check; then - exit - fi - popd - mkdir -p "$HOME/workloads" - az storage blob download \ - --container-name private-images \ - --file "$IMG_GZ_PATH" \ - --name "$IMG_GZ_BLOB_NAME" \ - --connection-string "$AZURE_CONNECTION_STRING" - gzip -d $IMG_GZ_PATH - ''' - } - } - stage('Run Windows guest integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'scripts/dev_cli.sh tests --integration-windows --libc musl' - } - } - } - post { - always { - sh "sudo chown -R jenkins.jenkins ${WORKSPACE}" - deleteDir() - } - } - } - stage('Worker build - Windows guest') { - agent { node { label 'jammy' } } - when { - beforeAgent true - expression { - return runWorkers - } - } - environment { - AZURE_CONNECTION_STRING = credentials('46b4e7d6-315f-4cc1-8333-b58780863b9b') - } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Install azure-cli') { - steps { - installAzureCli('jammy', 'amd64') - } - } - stage('Download assets') { - steps { - sh "mkdir ${env.HOME}/workloads" - sh 'az storage blob download --container-name private-images --file "$HOME/workloads/windows-server-2022-amd64-2.raw" --name windows-server-2022-amd64-2.raw --connection-string "$AZURE_CONNECTION_STRING"' - } - } - stage('Run Windows guest integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'scripts/dev_cli.sh tests --integration-windows' - } - } - stage('Run Windows guest integration tests for musl') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'scripts/dev_cli.sh tests --integration-windows --libc musl' - } - } - } - } - stage('Worker build - Metrics') { - agent { node { label 'jammy-metrics' } } - when { - branch 'main' - beforeAgent true - expression { - return runWorkers - } - } - environment { - METRICS_PUBLISH_KEY = credentials('52e0945f-ce7a-43d1-87af-67d1d87cc40f') - } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Run metrics tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'scripts/dev_cli.sh tests --metrics -- -- --report-file /root/workloads/metrics.json' - } - } - stage('Upload metrics report') { - steps { - sh 'curl -X PUT https://cloud-hypervisor-metrics.azurewebsites.net/api/publishmetrics -H "x-functions-key: $METRICS_PUBLISH_KEY" -T ~/workloads/metrics.json' - } - } - } - } - stage('Worker build - Rate Limiter') { - agent { node { label 'focal-metrics' } } - when { - branch 'main' - beforeAgent true - expression { - return runWorkers - } - } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Run rate-limiter integration tests') { - options { - timeout(time: 10, unit: 'MINUTES') - } - steps { - sh 'scripts/dev_cli.sh tests --integration-rate-limiter' - } - } - } - } - stage('Worker build - SGX') { - agent { node { label 'jammy-sgx' } } - when { - beforeAgent true - allOf { - branch 'main' - expression { - return runWorkers - } - } - } - environment { - AUTH_DOWNLOAD_TOKEN = credentials('8a26fd74-d40e-414c-9132-ff3f867806ef') - } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Run SGX integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'scripts/dev_cli.sh tests --integration-sgx' - } - } - stage('Run SGX integration tests for musl') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'scripts/dev_cli.sh tests --integration-sgx --libc musl' - } - } - } - post { - always { - sh "sudo chown -R jenkins.jenkins ${WORKSPACE}" - deleteDir() - } - } - } - stage('Worker build - VFIO') { - agent { node { label 'jammy-vfio' } } - when { - beforeAgent true - allOf { - branch 'main' - expression { - return runWorkers - } - } - } - environment { - AUTH_DOWNLOAD_TOKEN = credentials('8a26fd74-d40e-414c-9132-ff3f867806ef') - } - stages { - stage('Checkout') { - steps { - checkout scm - } - } - stage('Run VFIO integration tests') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'scripts/dev_cli.sh tests --integration-vfio' - } - } - stage('Run VFIO integration tests for musl') { - options { - timeout(time: 1, unit: 'HOURS') - } - steps { - sh 'scripts/dev_cli.sh tests --integration-vfio --libc musl' - } - } - } - post { - always { - sh "sudo chown -R jenkins.jenkins ${WORKSPACE}" - deleteDir() - } - } - } - } - } - } - post { - regression { - script { - if (env.BRANCH_NAME == 'main') { - slackSend(color: '#ff0000', message: '"main" branch build is now failing', channel: '#jenkins-ci') - } - } - } - fixed { - script { - if (env.BRANCH_NAME == 'main') { - slackSend(color: '#00ff00', message: '"main" branch build is now fixed', channel: '#jenkins-ci') - } - } - } - } -} - -def cancelPreviousBuilds() { - // Check for other instances of this particular build, cancel any that are older than the current one - def jobName = env.JOB_NAME - def currentBuildNumber = env.BUILD_NUMBER.toInteger() - def currentJob = Jenkins.instance.getItemByFullName(jobName) - - // Loop through all instances of this particular job/branch - for (def build : currentJob.builds) { - if (build.isBuilding() && (build.number.toInteger() < currentBuildNumber)) { - echo "Older build still queued. Sending kill signal to build number: ${build.number}" - build.doStop() - } - } -} - -def installAzureCli(distro, arch) { - sh 'sudo apt install -y ca-certificates curl apt-transport-https lsb-release gnupg' - sh 'curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null' - sh "echo \"deb [arch=${arch}] https://packages.microsoft.com/repos/azure-cli/ ${distro} main\" | sudo tee /etc/apt/sources.list.d/azure-cli.list" - sh 'sudo apt update' - sh 'sudo apt install -y azure-cli' -} - -def boolean skipWorkerBuild() { - if (env.CHANGE_TARGET == null) { - return false - } - - if (sh( - returnStatus: true, - script: "git diff --name-only origin/${env.CHANGE_TARGET}... | grep -v '\\.md'" - ) != 0) { - return true - } - - if (sh( - returnStatus: true, - script: "git diff --name-only origin/${env.CHANGE_TARGET}... | grep -v -E 'fuzz/'" - ) != 0) { - return true - } - - if (sh( - returnStatus: true, - script: "git diff --name-only origin/${env.CHANGE_TARGET}... | grep -v -E '.github/'" - ) != 0) { - return true - } - - if (sh( - returnStatus: true, - script: "git diff --name-only origin/${env.CHANGE_TARGET}... | grep -v '^\\.'" - ) != 0) { - return true - } - - if (sh( - returnStatus: true, - script: "git diff --name-only origin/${env.CHANGE_TARGET}... | grep -v 'gitlint'" - ) != 0) { - return true - } - - return false -} diff --git a/scripts/gitlint/rules.py b/scripts/gitlint/rules.py index 98969f6409..c111179709 100644 --- a/scripts/gitlint/rules.py +++ b/scripts/gitlint/rules.py @@ -42,7 +42,7 @@ def validate(self, line, _commit): 'gitignore', 'gitlint', 'hypervisor', - 'Jenkinsfile', + 'main', 'misc', 'net_gen', 'net_util', From 1f6b43db492990edd94a9f2be560e8fcd0801ed5 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 09:49:28 +0000 Subject: [PATCH 14/63] build: Ensure all required checks run on merge_group And clean up some of the whitespace formatting so that the "name" and "on" are grouped away from the "jobs". Signed-off-by: Rob Bradford (cherry picked from commit d9f48505fec88940025e6844cc541e84ffbff6dd) --- .github/workflows/audit.yaml | 1 + .github/workflows/build.yaml | 3 +-- .github/workflows/dco.yaml | 4 ++-- .github/workflows/docker-image.yaml | 1 - .github/workflows/fuzz-build.yaml | 3 +-- .github/workflows/gitlint.yaml | 1 - .github/workflows/hadolint.yaml | 1 - .github/workflows/integration-arm64.yaml | 3 +-- .github/workflows/integration-windows.yaml | 2 +- .github/workflows/integration-x86-64.yaml | 3 +-- .github/workflows/openapi.yaml | 4 +--- .github/workflows/quality.yaml | 3 +-- .github/workflows/release.yaml | 4 ++-- 13 files changed, 12 insertions(+), 21 deletions(-) diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml index 4490bd1336..3aa6724b84 100644 --- a/.github/workflows/audit.yaml +++ b/.github/workflows/audit.yaml @@ -4,6 +4,7 @@ on: paths: - '**/Cargo.toml' - '**/Cargo.lock' + jobs: security_audit: name: Audit diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d964511faa..06848a1638 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,9 +1,8 @@ name: Cloud Hypervisor Build -on: [pull_request, create] +on: [pull_request, merge_group] jobs: build: - if: github.event_name == 'pull_request' name: Build runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml index cd742f978a..11fb11d188 100644 --- a/.github/workflows/dco.yaml +++ b/.github/workflows/dco.yaml @@ -1,6 +1,6 @@ name: DCO -on: - pull_request: +on: [pull_request, merge_group] + jobs: check: runs-on: ubuntu-latest diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml index 5c6bac640f..03f545b860 100644 --- a/.github/workflows/docker-image.yaml +++ b/.github/workflows/docker-image.yaml @@ -1,5 +1,4 @@ name: Cloud Hypervisor's Docker image update - on: push: branches: main diff --git a/.github/workflows/fuzz-build.yaml b/.github/workflows/fuzz-build.yaml index e0412fc227..3da1b9d50e 100644 --- a/.github/workflows/fuzz-build.yaml +++ b/.github/workflows/fuzz-build.yaml @@ -1,9 +1,8 @@ name: Cloud Hypervisor Cargo Fuzz Build -on: [pull_request, create] +on: [pull_request, merge_group] jobs: build: - if: github.event_name == 'pull_request' name: Cargo Fuzz Build runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/gitlint.yaml b/.github/workflows/gitlint.yaml index f7ee7c9098..13fc8a5838 100644 --- a/.github/workflows/gitlint.yaml +++ b/.github/workflows/gitlint.yaml @@ -1,5 +1,4 @@ name: Commit messages check - on: pull_request: diff --git a/.github/workflows/hadolint.yaml b/.github/workflows/hadolint.yaml index 464e42282b..31b8910984 100644 --- a/.github/workflows/hadolint.yaml +++ b/.github/workflows/hadolint.yaml @@ -1,5 +1,4 @@ name: Lint Dockerfile - on: push: paths: diff --git a/.github/workflows/integration-arm64.yaml b/.github/workflows/integration-arm64.yaml index ee13b7816b..f21dfb23be 100644 --- a/.github/workflows/integration-arm64.yaml +++ b/.github/workflows/integration-arm64.yaml @@ -1,10 +1,9 @@ name: Cloud Hypervisor Tests (ARM64) -on: [pull_request, create] +on: [pull_request, merge_group] jobs: build: timeout-minutes: 60 - if: github.event_name == 'pull_request' name: Tests (ARM64) runs-on: focal-arm64 steps: diff --git a/.github/workflows/integration-windows.yaml b/.github/workflows/integration-windows.yaml index fcfdbd5532..5c4540c389 100644 --- a/.github/workflows/integration-windows.yaml +++ b/.github/workflows/integration-windows.yaml @@ -1,5 +1,5 @@ name: Cloud Hypervisor Tests (Windows Guest) -on: [pull_request, create] +on: [merge_group] jobs: build: diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml index 15204c82c0..c571b3512f 100644 --- a/.github/workflows/integration-x86-64.yaml +++ b/.github/workflows/integration-x86-64.yaml @@ -1,5 +1,5 @@ name: Cloud Hypervisor Tests (x86-64) -on: [pull_request, create] +on: [pull_request, merge_group] jobs: build: @@ -9,7 +9,6 @@ jobs: matrix: runner: ["garm-jammy", "garm-jammy-amd"] libc: ["musl", "gnu"] - if: github.event_name == 'pull_request' name: Tests (x86-64) runs-on: ${{ matrix.runner }} steps: diff --git a/.github/workflows/openapi.yaml b/.github/workflows/openapi.yaml index 42928ef58e..0cd5b848cc 100644 --- a/.github/workflows/openapi.yaml +++ b/.github/workflows/openapi.yaml @@ -1,7 +1,5 @@ name: Cloud Hypervisor OpenAPI Validation - -on: - pull_request: +on: [pull_request, merge_group] jobs: Validate: diff --git a/.github/workflows/quality.yaml b/.github/workflows/quality.yaml index 225f7e7471..76bc22464f 100644 --- a/.github/workflows/quality.yaml +++ b/.github/workflows/quality.yaml @@ -1,9 +1,8 @@ name: Cloud Hypervisor Quality Checks -on: [pull_request, create] +on: [pull_request, merge_group] jobs: build: - if: github.event_name == 'pull_request' name: Quality (clippy, rustfmt) runs-on: ubuntu-latest continue-on-error: ${{ matrix.experimental }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c5c38134dc..8c2d36a31b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,9 +1,9 @@ name: Cloud Hypervisor Release -on: [pull_request, create] +on: [pull_request, create, merge_group] jobs: release: - if: (github.event_name == 'create' && github.event.ref_type == 'tag') || github.event_name == 'pull_request' + if: (github.event_name == 'create' && github.event.ref_type == 'tag') || github.event_name == 'pull_request' || github.event_name == 'merge_group' name: Release runs-on: ubuntu-latest steps: From 80724b166224607d1b3dcfeb0d2c79d99407bbe6 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 09:51:12 +0000 Subject: [PATCH 15/63] build: Use a nicer name for DCO check step Signed-off-by: Rob Bradford (cherry picked from commit 80aa91f24c32c532ca1a73e03d04c9b3de872224) --- .github/workflows/dco.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml index 11fb11d188..9220af94e1 100644 --- a/.github/workflows/dco.yaml +++ b/.github/workflows/dco.yaml @@ -3,6 +3,7 @@ on: [pull_request, merge_group] jobs: check: + name: DCO Check ("Signed-Off-By") runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From bd506500d73bf7805589448a2c1c8766ca5f341c Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 09:57:58 +0000 Subject: [PATCH 16/63] build: Remove unnecessary if event checks from vfio/sgx workflows Signed-off-by: Rob Bradford (cherry picked from commit cb8a728dfbeb10b0d50e8a38c0242576cabb3cc0) --- .github/workflows/integration-sgx.yaml | 1 - .github/workflows/integration-vfio.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/integration-sgx.yaml b/.github/workflows/integration-sgx.yaml index fdb865ec86..2f9dd45d29 100644 --- a/.github/workflows/integration-sgx.yaml +++ b/.github/workflows/integration-sgx.yaml @@ -6,7 +6,6 @@ on: jobs: build: - if: github.event_name == 'push' name: Tests (SGX) runs-on: jammy-sgx steps: diff --git a/.github/workflows/integration-vfio.yaml b/.github/workflows/integration-vfio.yaml index 1124affce4..dd808d4ad4 100644 --- a/.github/workflows/integration-vfio.yaml +++ b/.github/workflows/integration-vfio.yaml @@ -6,7 +6,6 @@ on: jobs: build: - if: github.event_name == 'push' name: Tests (VFIO) runs-on: jammy-vfio steps: From 0131a408bf9fa00a2e2ab5ee23d8e46743f943b9 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 11:54:27 +0000 Subject: [PATCH 17/63] build: Make the Windows Guest Test always pass on PR builds When running with the merge queue the tests will be fully executed. Signed-off-by: Rob Bradford (cherry picked from commit f15ca1aec398c8180fc0602b67f6e10e9abeab0f) --- .github/workflows/integration-windows.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration-windows.yaml b/.github/workflows/integration-windows.yaml index 5c4540c389..b0dedc0675 100644 --- a/.github/workflows/integration-windows.yaml +++ b/.github/workflows/integration-windows.yaml @@ -1,16 +1,18 @@ name: Cloud Hypervisor Tests (Windows Guest) -on: [merge_group] +on: [merge_group, pull_request] jobs: build: name: Tests (Windows Guest) - runs-on: garm-jammy + runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'garm-jammy' }} steps: - name: Code checkout + if: ${{ github.event_name != 'pull_request' }} uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Docker + if: ${{ github.event_name != 'pull_request' }} run: | sudo apt-get update sudo apt-get -y install ca-certificates curl gnupg @@ -20,6 +22,7 @@ jobs: sudo apt-get update sudo apt install -y docker-ce docker-ce-cli - name: Install Azure CLI + if: ${{ github.event_name != 'pull_request' }} run: | sudo apt install -y ca-certificates curl apt-transport-https lsb-release gnupg curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null @@ -27,12 +30,18 @@ jobs: sudo apt update sudo apt install -y azure-cli - name: Download Windows image + if: ${{ github.event_name != 'pull_request' }} run: | mkdir $HOME/workloads az storage blob download --container-name private-images --file "$HOME/workloads/windows-server-2022-amd64-2.raw" --name windows-server-2022-amd64-2.raw --connection-string "${{ secrets.CH_PRIVATE_IMAGES }}" - name: Run Windows guest integration tests + if: ${{ github.event_name != 'pull_request' }} timeout-minutes: 15 run: scripts/dev_cli.sh tests --integration-windows - name: Run Windows guest integration tests for musl + if: ${{ github.event_name != 'pull_request' }} timeout-minutes: 15 run: scripts/dev_cli.sh tests --integration-windows --libc musl + - name: Skipping build for PR + if: ${{ github.event_name == 'pull_request' }} + run: echo "Skipping build for PR" \ No newline at end of file From f4c85aef895f8dd269160837df4eb89be280f99e Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 12:08:45 +0000 Subject: [PATCH 18/63] build: Only run Intel + glibc on PR builds for x86-64 tests Run all the tests on the merge queue. Signed-off-by: Rob Bradford (cherry picked from commit 81b95023c47123799413d1220c06fa0c5885cea6) --- .github/workflows/integration-x86-64.yaml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml index c571b3512f..3952819011 100644 --- a/.github/workflows/integration-x86-64.yaml +++ b/.github/workflows/integration-x86-64.yaml @@ -7,16 +7,18 @@ jobs: strategy: fail-fast: false matrix: - runner: ["garm-jammy", "garm-jammy-amd"] - libc: ["musl", "gnu"] + runner: ['garm-jammy', "garm-jammy-amd"] + libc: ["musl", 'gnu'] name: Tests (x86-64) - runs-on: ${{ matrix.runner }} + runs-on: ${{ github.event_name == 'pull_request' && !(matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') && 'ubuntu-latest' || matrix.runner }} steps: - name: Code checkout + if: ${{ github.event_name != 'pull_request' || (matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') }} uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Docker + if: ${{ github.event_name != 'pull_request' || (matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') }} run: | sudo apt-get update sudo apt-get -y install ca-certificates curl gnupg @@ -26,14 +28,22 @@ jobs: sudo apt-get update sudo apt install -y docker-ce docker-ce-cli - name: Prepare for VDPA + if: ${{ github.event_name != 'pull_request' || (matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') }} run: scripts/prepare_vdpa.sh - name: Run unit tests + if: ${{ github.event_name != 'pull_request' || (matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') }} run: scripts/dev_cli.sh tests --unit --libc ${{ matrix.libc }} - name: Load openvswitch module + if: ${{ github.event_name != 'pull_request' || (matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') }} run: sudo modprobe openvswitch - name: Run integration tests + if: ${{ github.event_name != 'pull_request' || (matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') }} timeout-minutes: 40 run: scripts/dev_cli.sh tests --integration --libc ${{ matrix.libc }} - name: Run live-migration integration tests + if: ${{ github.event_name != 'pull_request' || (matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') }} timeout-minutes: 20 run: scripts/dev_cli.sh tests --integration-live-migration --libc ${{ matrix.libc }} + - name: Skipping build for PR + if: ${{ github.event_name == 'pull_request' && matrix.runner != 'garm-jammy' && matrix.libc != 'gnu' }} + run: echo "Skipping build for PR" From 1dff2503a63f1eed4ea53c4b3dca25efda7c2677 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 13:16:18 +0000 Subject: [PATCH 19/63] build: Skip release check on pull requests This takes a long time and duplicates existing checks on the pull requests. Signed-off-by: Rob Bradford (cherry picked from commit 022f375ef86f6b099b68144c9a85dcecc95492ef) --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8c2d36a31b..99ec610362 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,9 +1,9 @@ name: Cloud Hypervisor Release -on: [pull_request, create, merge_group] +on: [create, merge_group] jobs: release: - if: (github.event_name == 'create' && github.event.ref_type == 'tag') || github.event_name == 'pull_request' || github.event_name == 'merge_group' + if: (github.event_name == 'create' && github.event.ref_type == 'tag') || github.event_name == 'merge_group' name: Release runs-on: ubuntu-latest steps: From 355148c3d6e83ad7a51bd668c4437a5f9966b041 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 13:50:42 +0000 Subject: [PATCH 20/63] build: Only check DCO on PRs The DCO tool doesn't understand merge_groups but we still need to have a valid status check to allow the merge group to proceed. Signed-off-by: Rob Bradford (cherry picked from commit 96cc1ba76c620f0648a64c025111309c967a3f79) --- .github/workflows/dco.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml index 9220af94e1..92645e75ad 100644 --- a/.github/workflows/dco.yaml +++ b/.github/workflows/dco.yaml @@ -12,6 +12,7 @@ jobs: with: python-version: '3.x' - name: Check DCO + if: ${{ github.event_name == 'pull_request' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | From 196e653a5011484b527ad1c45e208f8023cc1537 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 15:13:19 +0000 Subject: [PATCH 21/63] build: Only run bisectability check on PRs Signed-off-by: Rob Bradford (cherry picked from commit 3e355298427bfbc13b2c822a1bb68b3d80783e6f) --- .github/workflows/quality.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/quality.yaml b/.github/workflows/quality.yaml index 76bc22464f..6d9982a38f 100644 --- a/.github/workflows/quality.yaml +++ b/.github/workflows/quality.yaml @@ -45,8 +45,8 @@ jobs: override: true components: rustfmt, clippy - - name: Debug Check (default features) - if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' }} + - name: Bisectability Check (default features) + if: ${{ github.event_name == 'pull_request' && matrix.target == 'x86_64-unknown-linux-gnu' }} run: | set -e commits=$(git rev-list origin/${{ github.base_ref }}..${{ github.sha }}) From 67904a90fc3f14a1b971950e77c68fcfba71adf4 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 28 Feb 2024 15:17:57 +0000 Subject: [PATCH 22/63] build: Cancel in progress actions on update If the PR updated cancel outstanding jobs to conserve resources. Signed-off-by: Rob Bradford (cherry picked from commit 1db30405e13995172bd45386a49a54e7c7a5f621) --- .github/workflows/build.yaml | 3 +++ .github/workflows/docker-image.yaml | 3 +++ .github/workflows/fuzz-build.yaml | 3 +++ .github/workflows/integration-windows.yaml | 3 +++ .github/workflows/integration-x86-64.yaml | 3 +++ .github/workflows/quality.yaml | 3 +++ .github/workflows/release.yaml | 3 +++ 7 files changed, 21 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 06848a1638..5b126ea4d1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Build on: [pull_request, merge_group] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml index 03f545b860..366cace2fa 100644 --- a/.github/workflows/docker-image.yaml +++ b/.github/workflows/docker-image.yaml @@ -5,6 +5,9 @@ on: paths: resources/Dockerfile pull_request: paths: resources/Dockerfile +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true env: REGISTRY: ghcr.io diff --git a/.github/workflows/fuzz-build.yaml b/.github/workflows/fuzz-build.yaml index 3da1b9d50e..a2e03aa5ec 100644 --- a/.github/workflows/fuzz-build.yaml +++ b/.github/workflows/fuzz-build.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Cargo Fuzz Build on: [pull_request, merge_group] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: diff --git a/.github/workflows/integration-windows.yaml b/.github/workflows/integration-windows.yaml index b0dedc0675..6313ea4106 100644 --- a/.github/workflows/integration-windows.yaml +++ b/.github/workflows/integration-windows.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Tests (Windows Guest) on: [merge_group, pull_request] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml index 3952819011..6b77228721 100644 --- a/.github/workflows/integration-x86-64.yaml +++ b/.github/workflows/integration-x86-64.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Tests (x86-64) on: [pull_request, merge_group] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: diff --git a/.github/workflows/quality.yaml b/.github/workflows/quality.yaml index 6d9982a38f..b2230e0d43 100644 --- a/.github/workflows/quality.yaml +++ b/.github/workflows/quality.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Quality Checks on: [pull_request, merge_group] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 99ec610362..90c368fa87 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Release on: [create, merge_group] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: release: From a09d8287133ab83069e451347a54395e47e49ddd Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Wed, 28 Feb 2024 11:51:10 +0200 Subject: [PATCH 23/63] scripts: Update Azure storage location to access images Signed-off-by: Ravi kumar Veeramally (cherry picked from commit 05ec6190da2154074da186aca0076e7f0769586a) --- docs/custom-image.md | 4 ++-- scripts/run_integration_tests_aarch64.sh | 8 ++++---- scripts/run_integration_tests_live_migration.sh | 2 +- scripts/run_integration_tests_rate_limiter.sh | 2 +- scripts/run_integration_tests_sgx.sh | 2 +- scripts/run_integration_tests_x86_64.sh | 4 ++-- scripts/run_metrics.sh | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/custom-image.md b/docs/custom-image.md index c84b07a83e..001375a03f 100644 --- a/docs/custom-image.md +++ b/docs/custom-image.md @@ -170,7 +170,7 @@ We usually start from one of the custom cloud image we have previously created but we can use a stock cloud image as well. ```bash -wget https://cloud-hypervisor.azureedge.net/jammy-server-cloudimg-amd64-custom-20230119-0.raw +wget https://ch-images.azureedge.net/jammy-server-cloudimg-amd64-custom-20230119-0.raw mv jammy-server-cloudimg-amd64-custom-20230119-0.raw jammy-server-cloudimg-amd64-nvidia.raw ``` @@ -326,4 +326,4 @@ VM will be booted with this image. ``` sudo cloud-init clean -``` \ No newline at end of file +``` diff --git a/scripts/run_integration_tests_aarch64.sh b/scripts/run_integration_tests_aarch64.sh index e8ecb0e3aa..5e40c6eb08 100755 --- a/scripts/run_integration_tests_aarch64.sh +++ b/scripts/run_integration_tests_aarch64.sh @@ -54,7 +54,7 @@ update_workloads() { cp scripts/sha1sums-aarch64 $WORKLOADS_DIR FOCAL_OS_RAW_IMAGE_NAME="focal-server-cloudimg-arm64-custom-20210929-0.raw" - FOCAL_OS_RAW_IMAGE_DOWNLOAD_URL="https://cloud-hypervisor.azureedge.net/$FOCAL_OS_RAW_IMAGE_NAME" + FOCAL_OS_RAW_IMAGE_DOWNLOAD_URL="https://ch-images.azureedge.net/$FOCAL_OS_RAW_IMAGE_NAME" FOCAL_OS_RAW_IMAGE="$WORKLOADS_DIR/$FOCAL_OS_RAW_IMAGE_NAME" if [ ! -f "$FOCAL_OS_RAW_IMAGE" ]; then pushd $WORKLOADS_DIR @@ -63,7 +63,7 @@ update_workloads() { fi FOCAL_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME="focal-server-cloudimg-arm64-custom-20210929-0.qcow2" - FOCAL_OS_QCOW2_IMAGE_UNCOMPRESSED_DOWNLOAD_URL="https://cloud-hypervisor.azureedge.net/$FOCAL_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME" + FOCAL_OS_QCOW2_IMAGE_UNCOMPRESSED_DOWNLOAD_URL="https://ch-images.azureedge.net/$FOCAL_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME" FOCAL_OS_QCOW2_UNCOMPRESSED_IMAGE="$WORKLOADS_DIR/$FOCAL_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME" if [ ! -f "$FOCAL_OS_QCOW2_UNCOMPRESSED_IMAGE" ]; then pushd $WORKLOADS_DIR @@ -80,7 +80,7 @@ update_workloads() { fi JAMMY_OS_RAW_IMAGE_NAME="jammy-server-cloudimg-arm64-custom-20220329-0.raw" - JAMMY_OS_RAW_IMAGE_DOWNLOAD_URL="https://cloud-hypervisor.azureedge.net/$JAMMY_OS_RAW_IMAGE_NAME" + JAMMY_OS_RAW_IMAGE_DOWNLOAD_URL="https://ch-images.azureedge.net/$JAMMY_OS_RAW_IMAGE_NAME" JAMMY_OS_RAW_IMAGE="$WORKLOADS_DIR/$JAMMY_OS_RAW_IMAGE_NAME" if [ ! -f "$JAMMY_OS_RAW_IMAGE" ]; then pushd $WORKLOADS_DIR @@ -89,7 +89,7 @@ update_workloads() { fi JAMMY_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME="jammy-server-cloudimg-arm64-custom-20220329-0.qcow2" - JAMMY_OS_QCOW2_IMAGE_UNCOMPRESSED_DOWNLOAD_URL="https://cloud-hypervisor.azureedge.net/$JAMMY_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME" + JAMMY_OS_QCOW2_IMAGE_UNCOMPRESSED_DOWNLOAD_URL="https://ch-images.azureedge.net/$JAMMY_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME" JAMMY_OS_QCOW2_UNCOMPRESSED_IMAGE="$WORKLOADS_DIR/$JAMMY_OS_QCOW2_IMAGE_UNCOMPRESSED_NAME" if [ ! -f "$JAMMY_OS_QCOW2_UNCOMPRESSED_IMAGE" ]; then pushd $WORKLOADS_DIR diff --git a/scripts/run_integration_tests_live_migration.sh b/scripts/run_integration_tests_live_migration.sh index b6f004cf1e..649d6daaa4 100755 --- a/scripts/run_integration_tests_live_migration.sh +++ b/scripts/run_integration_tests_live_migration.sh @@ -19,7 +19,7 @@ fi cp scripts/sha1sums-x86_64 $WORKLOADS_DIR FOCAL_OS_IMAGE_NAME="focal-server-cloudimg-amd64-custom-20210609-0.qcow2" -FOCAL_OS_IMAGE_URL="https://cloud-hypervisor.azureedge.net/$FOCAL_OS_IMAGE_NAME" +FOCAL_OS_IMAGE_URL="https://ch-images.azureedge.net/$FOCAL_OS_IMAGE_NAME" FOCAL_OS_IMAGE="$WORKLOADS_DIR/$FOCAL_OS_IMAGE_NAME" if [ ! -f "$FOCAL_OS_IMAGE" ]; then pushd $WORKLOADS_DIR diff --git a/scripts/run_integration_tests_rate_limiter.sh b/scripts/run_integration_tests_rate_limiter.sh index 0e78faca31..f3339a8a4b 100755 --- a/scripts/run_integration_tests_rate_limiter.sh +++ b/scripts/run_integration_tests_rate_limiter.sh @@ -19,7 +19,7 @@ fi cp scripts/sha1sums-x86_64 $WORKLOADS_DIR FOCAL_OS_IMAGE_NAME="focal-server-cloudimg-amd64-custom-20210609-0.qcow2" -FOCAL_OS_IMAGE_URL="https://cloud-hypervisor.azureedge.net/$FOCAL_OS_IMAGE_NAME" +FOCAL_OS_IMAGE_URL="https://ch-images.azureedge.net/$FOCAL_OS_IMAGE_NAME" FOCAL_OS_IMAGE="$WORKLOADS_DIR/$FOCAL_OS_IMAGE_NAME" if [ ! -f "$FOCAL_OS_IMAGE" ]; then pushd $WORKLOADS_DIR diff --git a/scripts/run_integration_tests_sgx.sh b/scripts/run_integration_tests_sgx.sh index d7bded779e..4d1c53626d 100755 --- a/scripts/run_integration_tests_sgx.sh +++ b/scripts/run_integration_tests_sgx.sh @@ -17,7 +17,7 @@ mkdir -p "$WORKLOADS_DIR" download_hypervisor_fw JAMMY_OS_IMAGE_NAME="jammy-server-cloudimg-amd64-custom-20230119-0.qcow2" -JAMMY_OS_IMAGE_URL="https://cloud-hypervisor.azureedge.net/$JAMMY_OS_IMAGE_NAME" +JAMMY_OS_IMAGE_URL="https://ch-images.azureedge.net/$JAMMY_OS_IMAGE_NAME" JAMMY_OS_IMAGE="$WORKLOADS_DIR/$JAMMY_OS_IMAGE_NAME" if [ ! -f "$JAMMY_OS_IMAGE" ]; then pushd $WORKLOADS_DIR diff --git a/scripts/run_integration_tests_x86_64.sh b/scripts/run_integration_tests_x86_64.sh index f389d72276..285a853932 100755 --- a/scripts/run_integration_tests_x86_64.sh +++ b/scripts/run_integration_tests_x86_64.sh @@ -29,7 +29,7 @@ if [ ! -f "$OVMF_FW" ]; then fi FOCAL_OS_IMAGE_NAME="focal-server-cloudimg-amd64-custom-20210609-0.qcow2" -FOCAL_OS_IMAGE_URL="https://cloud-hypervisor.azureedge.net/$FOCAL_OS_IMAGE_NAME" +FOCAL_OS_IMAGE_URL="https://ch-images.azureedge.net/$FOCAL_OS_IMAGE_NAME" FOCAL_OS_IMAGE="$WORKLOADS_DIR/$FOCAL_OS_IMAGE_NAME" if [ ! -f "$FOCAL_OS_IMAGE" ]; then pushd $WORKLOADS_DIR @@ -54,7 +54,7 @@ if [ ! -f "$FOCAL_OS_QCOW_BACKING_FILE_IMAGE" ]; then fi JAMMY_OS_IMAGE_NAME="jammy-server-cloudimg-amd64-custom-20230119-0.qcow2" -JAMMY_OS_IMAGE_URL="https://cloud-hypervisor.azureedge.net/$JAMMY_OS_IMAGE_NAME" +JAMMY_OS_IMAGE_URL="https://ch-images.azureedge.net/$JAMMY_OS_IMAGE_NAME" JAMMY_OS_IMAGE="$WORKLOADS_DIR/$JAMMY_OS_IMAGE_NAME" if [ ! -f "$JAMMY_OS_IMAGE" ]; then pushd $WORKLOADS_DIR diff --git a/scripts/run_metrics.sh b/scripts/run_metrics.sh index 18365848ae..2b665706d5 100755 --- a/scripts/run_metrics.sh +++ b/scripts/run_metrics.sh @@ -34,7 +34,7 @@ else FOCAL_OS_IMAGE_NAME="focal-server-cloudimg-amd64-custom-20210609-0.qcow2" fi -FOCAL_OS_IMAGE_URL="https://cloud-hypervisor.azureedge.net/$FOCAL_OS_IMAGE_NAME" +FOCAL_OS_IMAGE_URL="https://ch-images.azureedge.net/$FOCAL_OS_IMAGE_NAME" FOCAL_OS_IMAGE="$WORKLOADS_DIR/$FOCAL_OS_IMAGE_NAME" if [ ! -f "$FOCAL_OS_IMAGE" ]; then pushd $WORKLOADS_DIR From 37666f842dcf9eccbf0edac89ee7e46cfb4219ed Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Thu, 29 Feb 2024 10:21:54 -0800 Subject: [PATCH 24/63] build: Run integration tests on smaller VMs Signed-off-by: Bo Chen Signed-off-by: Rob Bradford (cherry picked from commit 7d60ab70e6d1d061f20524b85318cd650f88995f) --- .github/workflows/integration-windows.yaml | 2 +- .github/workflows/integration-x86-64.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration-windows.yaml b/.github/workflows/integration-windows.yaml index 6313ea4106..29aa04a78f 100644 --- a/.github/workflows/integration-windows.yaml +++ b/.github/workflows/integration-windows.yaml @@ -7,7 +7,7 @@ concurrency: jobs: build: name: Tests (Windows Guest) - runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'garm-jammy' }} + runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'garm-jammy-16' }} steps: - name: Code checkout if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/integration-x86-64.yaml b/.github/workflows/integration-x86-64.yaml index 6b77228721..80690512f5 100644 --- a/.github/workflows/integration-x86-64.yaml +++ b/.github/workflows/integration-x86-64.yaml @@ -13,7 +13,7 @@ jobs: runner: ['garm-jammy', "garm-jammy-amd"] libc: ["musl", 'gnu'] name: Tests (x86-64) - runs-on: ${{ github.event_name == 'pull_request' && !(matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') && 'ubuntu-latest' || matrix.runner }} + runs-on: ${{ github.event_name == 'pull_request' && !(matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') && 'ubuntu-latest' || format('{0}-16', matrix.runner) }} steps: - name: Code checkout if: ${{ github.event_name != 'pull_request' || (matrix.runner == 'garm-jammy' && matrix.libc == 'gnu') }} From 6a5a2ac83dc83c47a5b2af1056b19fee13ba6ad5 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Thu, 29 Feb 2024 14:00:29 -0800 Subject: [PATCH 25/63] tests: Fix test_snapshot_restore_hotplug_virtiomem on 16 cores VM It takes longer time to restore a VM on a VM with 16 cores comparing with ones with 64 cores. Signed-off-by: Bo Chen (cherry picked from commit 071806785187e28d3567d6f2471de07fdad07c76) --- tests/integration.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration.rs b/tests/integration.rs index 0d4ed78806..bda58aeb19 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -6057,7 +6057,7 @@ mod common_parallel { .unwrap(); // Wait for the VM to be restored - thread::sleep(std::time::Duration::new(10, 0)); + thread::sleep(std::time::Duration::new(20, 0)); let expected_events = [ &MetaEvent { event: "starting".to_string(), From 551d36e50206d4b248f3257c6153f72c7994ecde Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Thu, 29 Feb 2024 14:23:30 -0800 Subject: [PATCH 26/63] build: Add a step to fix workspace permissions on bare-metal workers When a bare-metal worker is canceled, its workspace can be left with files owned by the root user as a result of running tests from our container. This patch add a step to fix workspace permissions for such case before checking out code. Signed-off-by: Bo Chen (cherry picked from commit f48942ce3f12f507ea5530b926aaf631d914dadd) --- .github/workflows/integration-arm64.yaml | 2 ++ .github/workflows/integration-rate-limiter.yaml | 3 +++ .github/workflows/integration-sgx.yaml | 3 +++ .github/workflows/integration-vfio.yaml | 3 +++ 4 files changed, 11 insertions(+) diff --git a/.github/workflows/integration-arm64.yaml b/.github/workflows/integration-arm64.yaml index f21dfb23be..333f1b8fb7 100644 --- a/.github/workflows/integration-arm64.yaml +++ b/.github/workflows/integration-arm64.yaml @@ -7,6 +7,8 @@ jobs: name: Tests (ARM64) runs-on: focal-arm64 steps: + - name: Fix workspace permissions + run: sudo chown -R github-runner:github-runner ${GITHUB_WORKSPACE} - name: Code checkout uses: actions/checkout@v4 with: diff --git a/.github/workflows/integration-rate-limiter.yaml b/.github/workflows/integration-rate-limiter.yaml index 2a30359313..50f7f7dfbd 100644 --- a/.github/workflows/integration-rate-limiter.yaml +++ b/.github/workflows/integration-rate-limiter.yaml @@ -9,6 +9,9 @@ jobs: name: Tests (Rate-Limiter) runs-on: jammy-rate-limiter steps: + - name: Fix workspace permissions + if: ${{ github.event_name != 'pull_request' }} + run: sudo chown -R github-runner:github-runner ${GITHUB_WORKSPACE} - name: Code checkout uses: actions/checkout@v4 with: diff --git a/.github/workflows/integration-sgx.yaml b/.github/workflows/integration-sgx.yaml index 2f9dd45d29..1332ac65e3 100644 --- a/.github/workflows/integration-sgx.yaml +++ b/.github/workflows/integration-sgx.yaml @@ -9,6 +9,9 @@ jobs: name: Tests (SGX) runs-on: jammy-sgx steps: + - name: Fix workspace permissions + if: ${{ github.event_name != 'pull_request' }} + run: sudo chown -R github-runner:github-runner ${GITHUB_WORKSPACE} - name: Code checkout uses: actions/checkout@v4 with: diff --git a/.github/workflows/integration-vfio.yaml b/.github/workflows/integration-vfio.yaml index dd808d4ad4..5973c841fc 100644 --- a/.github/workflows/integration-vfio.yaml +++ b/.github/workflows/integration-vfio.yaml @@ -9,6 +9,9 @@ jobs: name: Tests (VFIO) runs-on: jammy-vfio steps: + - name: Fix workspace permissions + if: ${{ github.event_name != 'pull_request' }} + run: sudo chown -R github-runner:github-runner ${GITHUB_WORKSPACE} - name: Code checkout uses: actions/checkout@v4 with: From 51febbb7fe7eecbf7fa07ad9651ebebb2ad977d1 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 29 Feb 2024 07:36:30 +0000 Subject: [PATCH 27/63] build: Add SGX, VFIO and rate limit testing to MQ Run these workflows as part of the merge queue to help improve testing coverage. Signed-off-by: Rob Bradford (cherry picked from commit cdafe5344d09b5f7fd731dec90657ed0c1a5b5f8) --- .github/workflows/integration-rate-limiter.yaml | 12 +++++++----- .github/workflows/integration-sgx.yaml | 13 ++++++++----- .github/workflows/integration-vfio.yaml | 13 ++++++++----- 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/.github/workflows/integration-rate-limiter.yaml b/.github/workflows/integration-rate-limiter.yaml index 50f7f7dfbd..2911e32db1 100644 --- a/.github/workflows/integration-rate-limiter.yaml +++ b/.github/workflows/integration-rate-limiter.yaml @@ -1,21 +1,23 @@ name: Cloud Hypervisor Tests (Rate-Limiter) -on: - push: - branches: - - main +on: [merge_group, pull_request] jobs: build: name: Tests (Rate-Limiter) - runs-on: jammy-rate-limiter + runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'jammy-rate-limiter' }} steps: - name: Fix workspace permissions if: ${{ github.event_name != 'pull_request' }} run: sudo chown -R github-runner:github-runner ${GITHUB_WORKSPACE} - name: Code checkout + if: ${{ github.event_name != 'pull_request' }} uses: actions/checkout@v4 with: fetch-depth: 0 - name: Run rate-limiter integration tests + if: ${{ github.event_name != 'pull_request' }} timeout-minutes: 10 run: scripts/dev_cli.sh tests --integration-rate-limiter + - name: Skipping build for PR + if: ${{ github.event_name == 'pull_request' }} + run: echo "Skipping build for PR" diff --git a/.github/workflows/integration-sgx.yaml b/.github/workflows/integration-sgx.yaml index 1332ac65e3..012bad1c0f 100644 --- a/.github/workflows/integration-sgx.yaml +++ b/.github/workflows/integration-sgx.yaml @@ -1,24 +1,27 @@ name: Cloud Hypervisor Tests (SGX) -on: - push: - branches: - - main +on: [merge_group, pull_request] jobs: build: name: Tests (SGX) - runs-on: jammy-sgx + runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'jammy-sgx' }} steps: - name: Fix workspace permissions if: ${{ github.event_name != 'pull_request' }} run: sudo chown -R github-runner:github-runner ${GITHUB_WORKSPACE} - name: Code checkout + if: ${{ github.event_name != 'pull_request' }} uses: actions/checkout@v4 with: fetch-depth: 0 - name: Run SGX integration tests + if: ${{ github.event_name != 'pull_request' }} timeout-minutes: 10 run: scripts/dev_cli.sh tests --integration-sgx - name: Run SGX integration tests for musl + if: ${{ github.event_name != 'pull_request' }} timeout-minutes: 10 run: scripts/dev_cli.sh tests --integration-sgx --libc musl + - name: Skipping build for PR + if: ${{ github.event_name == 'pull_request' }} + run: echo "Skipping build for PR" diff --git a/.github/workflows/integration-vfio.yaml b/.github/workflows/integration-vfio.yaml index 5973c841fc..45fda7cc5f 100644 --- a/.github/workflows/integration-vfio.yaml +++ b/.github/workflows/integration-vfio.yaml @@ -1,24 +1,27 @@ name: Cloud Hypervisor Tests (VFIO) -on: - push: - branches: - - main +on: [merge_group, pull_request] jobs: build: name: Tests (VFIO) - runs-on: jammy-vfio + runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'jammy-vfio' }} steps: - name: Fix workspace permissions if: ${{ github.event_name != 'pull_request' }} run: sudo chown -R github-runner:github-runner ${GITHUB_WORKSPACE} - name: Code checkout + if: ${{ github.event_name != 'pull_request' }} uses: actions/checkout@v4 with: fetch-depth: 0 - name: Run VFIO integration tests + if: ${{ github.event_name != 'pull_request' }} timeout-minutes: 15 run: scripts/dev_cli.sh tests --integration-vfio - name: Run VFIO integration tests for musl + if: ${{ github.event_name != 'pull_request' }} timeout-minutes: 15 run: scripts/dev_cli.sh tests --integration-vfio --libc musl + - name: Skipping build for PR + if: ${{ github.event_name == 'pull_request' }} + run: echo "Skipping build for PR" From 4b72e5a886bac6f3b47f30c6ee057dd4d293acdf Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Fri, 1 Mar 2024 10:00:16 -0800 Subject: [PATCH 28/63] build: Allow 'cancel-in-progress' for bare-metal workers Signed-off-by: Bo Chen (cherry picked from commit 46c9b9693c2b28e64af103d1549278c455b97706) --- .github/workflows/integration-arm64.yaml | 3 +++ .github/workflows/integration-rate-limiter.yaml | 3 +++ .github/workflows/integration-sgx.yaml | 3 +++ .github/workflows/integration-vfio.yaml | 3 +++ 4 files changed, 12 insertions(+) diff --git a/.github/workflows/integration-arm64.yaml b/.github/workflows/integration-arm64.yaml index 333f1b8fb7..e940b11e5e 100644 --- a/.github/workflows/integration-arm64.yaml +++ b/.github/workflows/integration-arm64.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Tests (ARM64) on: [pull_request, merge_group] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: diff --git a/.github/workflows/integration-rate-limiter.yaml b/.github/workflows/integration-rate-limiter.yaml index 2911e32db1..dde0c5d176 100644 --- a/.github/workflows/integration-rate-limiter.yaml +++ b/.github/workflows/integration-rate-limiter.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Tests (Rate-Limiter) on: [merge_group, pull_request] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: diff --git a/.github/workflows/integration-sgx.yaml b/.github/workflows/integration-sgx.yaml index 012bad1c0f..bd5a78334a 100644 --- a/.github/workflows/integration-sgx.yaml +++ b/.github/workflows/integration-sgx.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Tests (SGX) on: [merge_group, pull_request] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: diff --git a/.github/workflows/integration-vfio.yaml b/.github/workflows/integration-vfio.yaml index 45fda7cc5f..b41f227e3e 100644 --- a/.github/workflows/integration-vfio.yaml +++ b/.github/workflows/integration-vfio.yaml @@ -1,5 +1,8 @@ name: Cloud Hypervisor Tests (VFIO) on: [merge_group, pull_request] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: build: From c588138187484d3cc10c90d5f879f84ccf2235de Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Sat, 2 Mar 2024 10:31:00 +0000 Subject: [PATCH 29/63] build: Use authentication token to avoid GitHub rate limit The workers share a common public IP address and often GitHub will reject attempts to access the API due to exceeding the anonymous rate limit threshold. Signed-off-by: Rob Bradford (cherry picked from commit 0f71956d6df9c241b205ae3c68e38dfd98f73d68) --- .github/workflows/integration-rate-limiter.yaml | 2 ++ .github/workflows/integration-sgx.yaml | 2 ++ .github/workflows/integration-vfio.yaml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/integration-rate-limiter.yaml b/.github/workflows/integration-rate-limiter.yaml index dde0c5d176..6e066764b3 100644 --- a/.github/workflows/integration-rate-limiter.yaml +++ b/.github/workflows/integration-rate-limiter.yaml @@ -8,6 +8,8 @@ jobs: build: name: Tests (Rate-Limiter) runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'jammy-rate-limiter' }} + env: + AUTH_DOWNLOAD_TOKEN: ${{ secrets.AUTH_DOWNLOAD_TOKEN }} steps: - name: Fix workspace permissions if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/integration-sgx.yaml b/.github/workflows/integration-sgx.yaml index bd5a78334a..b8e4d70544 100644 --- a/.github/workflows/integration-sgx.yaml +++ b/.github/workflows/integration-sgx.yaml @@ -8,6 +8,8 @@ jobs: build: name: Tests (SGX) runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'jammy-sgx' }} + env: + AUTH_DOWNLOAD_TOKEN: ${{ secrets.AUTH_DOWNLOAD_TOKEN }} steps: - name: Fix workspace permissions if: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/integration-vfio.yaml b/.github/workflows/integration-vfio.yaml index b41f227e3e..196b1d430f 100644 --- a/.github/workflows/integration-vfio.yaml +++ b/.github/workflows/integration-vfio.yaml @@ -8,6 +8,8 @@ jobs: build: name: Tests (VFIO) runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-latest' || 'jammy-vfio' }} + env: + AUTH_DOWNLOAD_TOKEN: ${{ secrets.AUTH_DOWNLOAD_TOKEN }} steps: - name: Fix workspace permissions if: ${{ github.event_name != 'pull_request' }} From 26cab16830e8a832f196ee85cf1a61d82bef7139 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Fri, 1 Mar 2024 14:38:17 +0000 Subject: [PATCH 30/63] build: Avoid cancellation of release build workflow on MQ When running on the merge group this workflow is run twice - once for the create event (merge queue creates a new branch) and once for the merge_group event. Unfortunately the second event would cause the first to be cancelled - unfortunately sometimes that second event is the create event where the job in the workflow only runs if it is also a tag. By creating distinct concurrency groups for each event type then the cross cancellation can be avoided. Signed-off-by: Rob Bradford (cherry picked from commit 6f49d7f192beb7224ec7187debe250e97909ad23) --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 90c368fa87..0e26f07672 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,7 +1,7 @@ name: Cloud Hypervisor Release on: [create, merge_group] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} cancel-in-progress: true jobs: From 8c1b112a6060cfa08b15dfe063d89fa262f6f7a8 Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Wed, 28 Feb 2024 11:33:31 +0200 Subject: [PATCH 31/63] build: Add GitHub action for metrics tests Signed-off-by: Ravi kumar Veeramally Signed-off-by: Rob Bradford (cherry picked from commit d245e624275ea7d93b31e056666103fe16827040) --- .github/workflows/integration-metrics.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/integration-metrics.yaml diff --git a/.github/workflows/integration-metrics.yaml b/.github/workflows/integration-metrics.yaml new file mode 100644 index 0000000000..8a847ddfda --- /dev/null +++ b/.github/workflows/integration-metrics.yaml @@ -0,0 +1,22 @@ +name: Cloud Hypervisor Tests (Metrics) +on: + push: + branches: + - main + +jobs: + build: + name: Tests (Metrics) + runs-on: jammy-metrics + env: + METRICS_PUBLISH_KEY: ${{ secrets.METRICS_PUBLISH_KEY }} + steps: + - name: Code checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Run metrics tests + timeout-minutes: 60 + run: scripts/dev_cli.sh tests --metrics -- -- --report-file /root/workloads/metrics.json + - name: Upload metrics report + run: 'curl -X PUT https://ch-metrics.azurewebsites.net/api/publishmetrics -H "x-functions-key: $METRICS_PUBLISH_KEY" -T ~/workloads/metrics.json' From 693e456793c31d19644b8ede5032a7e5a44e1f09 Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Mon, 4 Mar 2024 18:50:30 +0200 Subject: [PATCH 32/63] build: Update ARM64 GitHub action for windows integration tests Signed-off-by: Ravi kumar Veeramally (cherry picked from commit fbcf5fb37dcb27ef84bce893a8658c54685e2e34) --- .github/workflows/integration-arm64.yaml | 31 +++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration-arm64.yaml b/.github/workflows/integration-arm64.yaml index e940b11e5e..98689470c5 100644 --- a/.github/workflows/integration-arm64.yaml +++ b/.github/workflows/integration-arm64.yaml @@ -22,4 +22,33 @@ jobs: run: sudo modprobe openvswitch - name: Run integration tests (musl) timeout-minutes: 30 - run: scripts/dev_cli.sh tests --integration --libc musl \ No newline at end of file + run: scripts/dev_cli.sh tests --integration --libc musl + - name: Install Azure CLI + if: ${{ github.event_name != 'pull_request' }} + run: | + sudo apt install -y ca-certificates curl apt-transport-https lsb-release gnupg + curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null + echo "deb [arch=arm64] https://packages.microsoft.com/repos/azure-cli/ focal main" | sudo tee /etc/apt/sources.list.d/azure-cli.list + sudo apt update + sudo apt install -y azure-cli + - name: Download Windows image + if: ${{ github.event_name != 'pull_request' }} + shell: bash + run: | + IMG_BASENAME=windows-11-iot-enterprise-aarch64.raw + IMG_PATH=$HOME/workloads/$IMG_BASENAME + IMG_GZ_PATH=$HOME/workloads/$IMG_BASENAME.gz + IMG_GZ_BLOB_NAME=windows-11-iot-enterprise-aarch64-9-min.raw.gz + cp "scripts/$IMG_BASENAME.sha1" "$HOME/workloads/" + pushd "$HOME/workloads" + if sha1sum "$IMG_BASENAME.sha1" --check; then + exit + fi + popd + mkdir -p "$HOME/workloads" + az storage blob download --container-name private-images --file "$IMG_GZ_PATH" --name "$IMG_GZ_BLOB_NAME" --connection-string "${{ secrets.CH_PRIVATE_IMAGES }}" + gzip -d $IMG_GZ_PATH + - name: Run Windows guest integration tests + if: ${{ github.event_name != 'pull_request' }} + timeout-minutes: 30 + run: scripts/dev_cli.sh tests --integration-windows --libc musl From 4f1fb3632b6bad9792fabe432ff97afc1dbdeb48 Mon Sep 17 00:00:00 2001 From: Thomas Barrett Date: Sun, 14 Jan 2024 23:40:00 +0000 Subject: [PATCH 33/63] arch: x86_64: enable nested virtualization on amd if supported When using amd topology, the svm feature flag on cpuid leaf 0x8000_0001.ecx is overwritten. We update the amd cpu topology logic to use the flag values that originated in KVM_GET_SUPPORTED_CPUID ioctl and override as necessary. Signed-off-by: Thomas Barrett (cherry picked from commit 7bc764d4e0da03bdbeb0d0f734b368d618944ac3) --- arch/src/x86_64/mod.rs | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/arch/src/x86_64/mod.rs b/arch/src/x86_64/mod.rs index 0a0d533ea7..090fe51074 100644 --- a/arch/src/x86_64/mod.rs +++ b/arch/src/x86_64/mod.rs @@ -240,6 +240,26 @@ pub struct CpuidPatch { } impl CpuidPatch { + pub fn get_cpuid_reg( + cpuid: &[CpuIdEntry], + function: u32, + index: Option, + reg: CpuidReg, + ) -> Option { + for entry in cpuid.iter() { + if entry.function == function && (index.is_none() || index.unwrap() == entry.index) { + return match reg { + CpuidReg::EAX => Some(entry.eax), + CpuidReg::EBX => Some(entry.ebx), + CpuidReg::ECX => Some(entry.ecx), + CpuidReg::EDX => Some(entry.edx), + }; + } + } + + None + } + pub fn set_cpuid_reg( cpuid: &mut Vec, function: u32, @@ -1301,12 +1321,14 @@ fn update_cpuid_topology( ); CpuidPatch::set_cpuid_reg(cpuid, 0x8000_001e, Some(0), CpuidReg::EDX, 0); if cores_per_die * threads_per_core > 1 { + let ecx = + CpuidPatch::get_cpuid_reg(cpuid, 0x8000_0001, Some(0), CpuidReg::ECX).unwrap_or(0); CpuidPatch::set_cpuid_reg( cpuid, 0x8000_0001, Some(0), CpuidReg::ECX, - (1u32 << 1) | (1u32 << 22), + ecx | (1u32 << 1) | (1u32 << 22), ); CpuidPatch::set_cpuid_reg( cpuid, From a489a11ccf27fe5631b2e893392e127ab34a4a06 Mon Sep 17 00:00:00 2001 From: Thomas Barrett Date: Fri, 26 Jan 2024 18:43:45 +0000 Subject: [PATCH 34/63] arch: x86_64: enable HTT flag When the HTT flag CPUID.1.EDX[HTT] is 0, it indicates that there is only a single logical processor in the package. When HTT is 1, it indicates that CPUID.1.EBX[23:16] contains the number of logical processors in the package. When this information is not included in CPUID leaf 0x1, some cpu topology enumeration software such as hwloc are known to crash. Signed-off-by: Thomas Barrett (cherry picked from commit 5ec47d4883666387ea58d2d9124838c2639d1e37) --- arch/src/x86_64/mod.rs | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/arch/src/x86_64/mod.rs b/arch/src/x86_64/mod.rs index 090fe51074..758a20a0c3 100644 --- a/arch/src/x86_64/mod.rs +++ b/arch/src/x86_64/mod.rs @@ -811,10 +811,6 @@ pub fn configure_vcpu( ); } - if let Some(t) = topology { - update_cpuid_topology(&mut cpuid, t.0, t.1, t.2, cpu_vendor, id); - } - // Set ApicId in cpuid for each vcpu // SAFETY: get host cpuid when eax=1 let mut cpu_ebx = unsafe { core::arch::x86_64::__cpuid(1) }.ebx; @@ -822,6 +818,10 @@ pub fn configure_vcpu( cpu_ebx |= (id as u32) << 24; CpuidPatch::set_cpuid_reg(&mut cpuid, 0x1, None, CpuidReg::EBX, cpu_ebx); + if let Some(t) = topology { + update_cpuid_topology(&mut cpuid, t.0, t.1, t.2, cpu_vendor, id); + } + // The TSC frequency CPUID leaf should not be included when running with HyperV emulation if !kvm_hyperv { if let Some(tsc_khz) = vcpu.tsc_khz().map_err(Error::GetTscFrequency)? { @@ -1252,6 +1252,15 @@ fn update_cpuid_topology( let core_width = (8 - (cores_per_die - 1).leading_zeros()) + thread_width; let die_width = (8 - (dies_per_package - 1).leading_zeros()) + core_width; + let mut cpu_ebx = CpuidPatch::get_cpuid_reg(cpuid, 0x1, None, CpuidReg::EBX).unwrap_or(0); + cpu_ebx |= ((dies_per_package as u32) * (cores_per_die as u32) * (threads_per_core as u32)) + & 0xff << 16; + CpuidPatch::set_cpuid_reg(cpuid, 0x1, None, CpuidReg::EBX, cpu_ebx); + + let mut cpu_edx = CpuidPatch::get_cpuid_reg(cpuid, 0x1, None, CpuidReg::EDX).unwrap_or(0); + cpu_edx |= 1 << 28; + CpuidPatch::set_cpuid_reg(cpuid, 0x1, None, CpuidReg::EDX, cpu_edx); + // CPU Topology leaf 0xb CpuidPatch::set_cpuid_reg(cpuid, 0xb, Some(0), CpuidReg::EAX, thread_width); CpuidPatch::set_cpuid_reg( From f35d5734310a04e814b0f00edba6977ac233c150 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Tue, 23 Jan 2024 09:29:40 -0800 Subject: [PATCH 35/63] build: Bump vmm-sys-util crate and its consumers This patch bumps the following crates, including `kvm-bindings@0.7.0`*, `kvm-ioctls@0.16.0`**, `linux-loader@0.11.0`, `versionize@0.2.0`, `versionize_derive@0.1.6`***, `vhost@0.10.0`, `vhost-user-backend@0.13.1`, `virtio-queue@0.11.0`, `vm-memory@0.14.0`, `vmm-sys-util@0.12.1`, and the latest of `vfio-bindings`, `vfio-ioctls`, `mshv-bindings`,`mshv-ioctls`, and `vfio-user`. * A fork of the `kvm-bindings` crate is being used to support serialization of various structs for migration [1]. Also, code changes are made to accommodate the updated `struct xsave` from the Linux kernel. Note: these changes related to `struct xsave` break live-upgrade. ** The new `kvm-ioctls` crate introduced breaking changes for the `get/set_one_reg` API on `aarch64` [2], so code changes are made to the new APIs. *** A fork of the `versionize_derive` crate is being used to support versionize on packed structs [3]. [1] https://github.com/cloud-hypervisor/kvm-bindings/tree/ch-v0.7.0 [2] https://github.com/rust-vmm/kvm-ioctls/pull/223 [3] https://github.com/cloud-hypervisor/versionize_derive/tree/ch-0.1.6 Fixes: #6072 Signed-off-by: Bo Chen (cherry picked from commit 3ce0fef7fd546467398c914dbc74d8542e45cf6f) --- Cargo.lock | 238 +++++++++++++++++++++---------- Cargo.toml | 9 +- api_client/Cargo.toml | 2 +- arch/Cargo.toml | 10 +- block/Cargo.toml | 10 +- devices/Cargo.toml | 8 +- fuzz/Cargo.lock | 159 +++++++++++---------- fuzz/Cargo.toml | 15 +- hypervisor/Cargo.toml | 10 +- hypervisor/src/arch/x86/mod.rs | 14 ++ hypervisor/src/kvm/mod.rs | 178 +++++++++++------------ hypervisor/src/kvm/x86_64/mod.rs | 21 ++- net_gen/Cargo.toml | 2 +- net_util/Cargo.toml | 12 +- pci/Cargo.toml | 10 +- rate_limiter/Cargo.toml | 3 +- test_infra/Cargo.toml | 2 +- tests/integration.rs | 9 ++ tpm/Cargo.toml | 2 +- vhost_user_block/Cargo.toml | 10 +- vhost_user_net/Cargo.toml | 9 +- virtio-devices/Cargo.toml | 14 +- vm-allocator/Cargo.toml | 2 +- vm-device/Cargo.toml | 4 +- vm-migration/Cargo.toml | 8 +- vm-virtio/Cargo.toml | 4 +- vmm/Cargo.toml | 12 +- 27 files changed, 449 insertions(+), 328 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 52afc0d15f..39cef431bf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5,7 +5,7 @@ version = 3 [[package]] name = "acpi_tables" version = "0.1.0" -source = "git+https://github.com/rust-vmm/acpi_tables?branch=main#1a733bf690ccc10bdfeacad33e3c9f6cce0008fd" +source = "git+https://github.com/rust-vmm/acpi_tables?branch=main#76e8552f57f76ca918e19c0a7b7480d2fa2c7241" dependencies = [ "zerocopy", ] @@ -65,28 +65,28 @@ dependencies = [ [[package]] name = "anstyle-query" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] name = "anstyle-wincon" -version = "3.0.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628" +checksum = "1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7" dependencies = [ "anstyle", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] name = "anyhow" -version = "1.0.75" +version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" [[package]] name = "api_client" @@ -135,13 +135,15 @@ dependencies = [ [[package]] name = "async-channel" -version = "1.9.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35" +checksum = "1ca33f4bc4ed1babef42cad36cc1f51fa88be00420404e5b1e80ab1b18f7678c" dependencies = [ "concurrent-queue", - "event-listener 2.5.3", + "event-listener 4.0.0", + "event-listener-strategy", "futures-core", + "pin-project-lite", ] [[package]] @@ -312,9 +314,9 @@ dependencies = [ [[package]] name = "bitfield-struct" -version = "0.5.4" +version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eac32db62a43cf33353ce30b4a208b08193ea2086a1c6c004acb0073c706a29d" +checksum = "a26b8cea8bb6a81b75a84603b9e096f05fa86db057904ef29be1deee900532bd" dependencies = [ "proc-macro2", "quote", @@ -366,17 +368,18 @@ dependencies = [ [[package]] name = "blocking" -version = "1.3.1" +version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77231a1c8f801696fc0123ec6150ce92cffb8e164a02afb9c8ddee0e9b65ad65" +checksum = "6a37913e8dc4ddcc604f0c6d3bf2887c995153af3611de9e23c352b44c1b9118" dependencies = [ "async-channel", - "async-lock 2.7.0", + "async-lock 3.2.0", "async-task", - "atomic-waker", - "fastrand 1.9.0", - "futures-lite 1.13.0", - "log", + "fastrand 2.0.0", + "futures-io", + "futures-lite 2.1.0", + "piper", + "tracing", ] [[package]] @@ -509,9 +512,9 @@ dependencies = [ [[package]] name = "crc64" -version = "1.0.0" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55626594feae15d266d52440b26ff77de0e22230cf0c113abe619084c1ddc910" +checksum = "2707e3afba5e19b75d582d88bc79237418f2a2a2d673d01cf9b03633b46e98f3" [[package]] name = "crossbeam-utils" @@ -673,9 +676,9 @@ dependencies = [ [[package]] name = "env_logger" -version = "0.10.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85cdab6a89accf66733ad5a1693a4dcced6aeff64602b634530dd73c1f3ee9f0" +checksum = "95b3f3e67048839cb0d0781f445682a35113da7121f7c949db0e2be96a4fbece" dependencies = [ "humantime", "is-terminal", @@ -826,9 +829,9 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-executor" @@ -952,9 +955,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.10" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" +checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" dependencies = [ "cfg-if", "js-sys", @@ -1142,8 +1145,8 @@ dependencies = [ [[package]] name = "kvm-bindings" -version = "0.6.0" -source = "git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-v0.6.0-tdx#7d9ffb47e5b9b1989577258800a0f57c93f1445f" +version = "0.7.0" +source = "git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-v0.7.0#2dcf85d4f8aa55befcaa996b699ddb18ec9ed059" dependencies = [ "serde", "serde_derive", @@ -1152,9 +1155,11 @@ dependencies = [ [[package]] name = "kvm-ioctls" -version = "0.13.0" -source = "git+https://github.com/rust-vmm/kvm-ioctls?branch=main#23a3bb045a467e60bb00328a0b13cea13b5815d0" +version = "0.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9002dff009755414f22b962ec6ae6980b07d6d8b06e5297b1062019d72bd6a8c" dependencies = [ + "bitflags 2.4.1", "kvm-bindings", "libc", "vmm-sys-util", @@ -1168,9 +1173,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.147" +version = "0.2.151" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" +checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" [[package]] name = "libssh2-sys" @@ -1200,9 +1205,9 @@ dependencies = [ [[package]] name = "linux-loader" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "132a531b85b3a164012ab682c72f8f2cce7757f187be5f60782fd2b4cda9cb34" +checksum = "eb68dd3452f25a8defaf0ae593509cff0c777683e4d8924f59ac7c5f89267a83" dependencies = [ "vm-memory", ] @@ -1259,7 +1264,7 @@ dependencies = [ [[package]] name = "micro_http" version = "0.1.0" -source = "git+https://github.com/firecracker-microvm/micro-http?branch=main#a4d632f2c5ea45712c0d2002dc909a63879e85c3" +source = "git+https://github.com/firecracker-microvm/micro-http?branch=main#e75dfa1eeea23b69caa7407bc2c3a76d7b7262fb" dependencies = [ "libc", "vmm-sys-util", @@ -1287,7 +1292,7 @@ dependencies = [ [[package]] name = "mshv-bindings" version = "0.1.1" -source = "git+https://github.com/rust-vmm/mshv?branch=main#0dd4d3452a7f2e95199f4b58380acc41458474de" +source = "git+https://github.com/rust-vmm/mshv?branch=main#9d0c11fe9fedfbcf56a5d62fbf4bad80cdf91340" dependencies = [ "libc", "serde", @@ -1299,7 +1304,7 @@ dependencies = [ [[package]] name = "mshv-ioctls" version = "0.1.1" -source = "git+https://github.com/rust-vmm/mshv?branch=main#0dd4d3452a7f2e95199f4b58380acc41458474de" +source = "git+https://github.com/rust-vmm/mshv?branch=main#9d0c11fe9fedfbcf56a5d62fbf4bad80cdf91340" dependencies = [ "libc", "mshv-bindings", @@ -1385,9 +1390,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "open-enum" @@ -1579,6 +1584,17 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "piper" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4" +dependencies = [ + "atomic-waker", + "fastrand 2.0.0", + "futures-io", +] + [[package]] name = "pkg-config" version = "0.3.27" @@ -1710,9 +1726,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.78" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" dependencies = [ "unicode-ident", ] @@ -1768,6 +1784,7 @@ version = "0.1.0" dependencies = [ "libc", "log", + "thiserror", "vmm-sys-util", ] @@ -1937,9 +1954,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.107" +version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b420ce6e3d8bd882e9b243c6eed35dbc9a6110c9769e74b584e0d68d1f20c65" +checksum = "cb0652c533506ad7a2e353cce269330d6afd8bdfb6d75e0ace5b35aacbd7b9e9" dependencies = [ "itoa", "ryu", @@ -2152,18 +2169,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.40" +version = "1.0.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac" +checksum = "83a48fd946b02c0a526b2e9481c8e2a17755e47039164a86c4070446e3a4614d" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.40" +version = "1.0.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f" +checksum = "e7fbe9b594d6568a6a1443250a7e67d80b74e1e96f6d1715e1e21cc1888291d3" dependencies = [ "proc-macro2", "quote", @@ -2219,11 +2236,10 @@ dependencies = [ [[package]] name = "tracing" -version = "0.1.37" +version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ - "cfg-if", "pin-project-lite", "tracing-attributes", "tracing-core", @@ -2231,9 +2247,9 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.26" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" +checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", @@ -2242,9 +2258,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.31" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a" +checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" dependencies = [ "once_cell", ] @@ -2300,9 +2316,9 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "versionize" -version = "0.1.10" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dca4b7062e7e6d685901e815c35f9671e059de97c1c0905eeff8592f3fff442f" +checksum = "62929d59c7f6730b7298fcb363760550f4db6e353fbac4076d447d0e82799d6d" dependencies = [ "bincode", "crc64", @@ -2317,8 +2333,8 @@ dependencies = [ [[package]] name = "versionize_derive" -version = "0.1.4" -source = "git+https://github.com/cloud-hypervisor/versionize_derive?branch=ch#e502b1d4aabab342386f0c53780d49f21a6a1df6" +version = "0.1.6" +source = "git+https://github.com/cloud-hypervisor/versionize_derive?branch=ch-0.1.6#7906da996152e2d0ab08f5526440683bf3ca7834" dependencies = [ "proc-macro2", "quote", @@ -2328,7 +2344,7 @@ dependencies = [ [[package]] name = "vfio-bindings" version = "0.4.0" -source = "git+https://github.com/rust-vmm/vfio?branch=main#59c604fa6e42080f0a47c124ba29454fe4cb7475" +source = "git+https://github.com/rust-vmm/vfio?branch=main#0daff4d4c159e842cf18b8b90457a45032b2df5a" dependencies = [ "vmm-sys-util", ] @@ -2336,7 +2352,7 @@ dependencies = [ [[package]] name = "vfio-ioctls" version = "0.2.0" -source = "git+https://github.com/rust-vmm/vfio?branch=main#59c604fa6e42080f0a47c124ba29454fe4cb7475" +source = "git+https://github.com/rust-vmm/vfio?branch=main#0daff4d4c159e842cf18b8b90457a45032b2df5a" dependencies = [ "byteorder", "kvm-bindings", @@ -2354,7 +2370,7 @@ dependencies = [ [[package]] name = "vfio_user" version = "0.1.0" -source = "git+https://github.com/rust-vmm/vfio-user?branch=main#6c72e997e61d9e84b8ee691ad63ece6c717cf5aa" +source = "git+https://github.com/rust-vmm/vfio-user?branch=main#a1f6e52829e069b6d698b2cfeecac742e4653186" dependencies = [ "bitflags 1.3.2", "libc", @@ -2370,9 +2386,9 @@ dependencies = [ [[package]] name = "vhost" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "289adfce099c71f8310f895932ccd978f352ca494ea47496dbe20d4241888b82" +checksum = "2b64e816d0d49769fbfaa1494eb77cc2a3ddc526ead05c7f922cb7d64106286f" dependencies = [ "bitflags 2.4.1", "libc", @@ -2382,9 +2398,9 @@ dependencies = [ [[package]] name = "vhost-user-backend" -version = "0.11.0" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61255322e3ebe93fb77d9f6d99577eca7089bbea4174076c5353a8024a463061" +checksum = "72c8c447d076ac508d78cb45664d203df7989e891656dce260a7e93d72352c9a" dependencies = [ "libc", "log", @@ -2474,9 +2490,9 @@ dependencies = [ [[package]] name = "virtio-queue" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73a01db2cfb6c4b9bc20608b1336263d16714ea8db05de9fec2a254e076f9385" +checksum = "e3f69a13d6610db9312acbb438b0390362af905d37634a2106be70c0f734986d" dependencies = [ "log", "virtio-bindings", @@ -2513,9 +2529,9 @@ source = "git+https://github.com/rust-vmm/vm-fdt?branch=main#77212bd0d62913e445c [[package]] name = "vm-memory" -version = "0.13.1" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5376c9ee5ebe2103a310d8241936cfb93c946734b0479a4fa5bdf7a64abbacd8" +checksum = "74ffc42216c32c35f858fa4bfdcd9b61017dfd691e0240268fdc85dbf59e5459" dependencies = [ "arc-swap", "libc", @@ -2605,9 +2621,9 @@ dependencies = [ [[package]] name = "vmm-sys-util" -version = "0.11.1" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd64fe09d8e880e600c324e7d664760a17f56e9672b7495a86381b49e4f72f46" +checksum = "1d1435039746e20da4f8d507a72ee1b916f7b4b05af7a91c093d2c6561934ede" dependencies = [ "bitflags 1.3.2", "libc", @@ -2739,6 +2755,15 @@ dependencies = [ "windows-targets 0.48.0", ] +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.0", +] + [[package]] name = "windows-targets" version = "0.42.2" @@ -2769,6 +2794,21 @@ dependencies = [ "windows_x86_64_msvc 0.48.0", ] +[[package]] +name = "windows-targets" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +dependencies = [ + "windows_aarch64_gnullvm 0.52.0", + "windows_aarch64_msvc 0.52.0", + "windows_i686_gnu 0.52.0", + "windows_i686_msvc 0.52.0", + "windows_x86_64_gnu 0.52.0", + "windows_x86_64_gnullvm 0.52.0", + "windows_x86_64_msvc 0.52.0", +] + [[package]] name = "windows_aarch64_gnullvm" version = "0.42.2" @@ -2781,6 +2821,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" + [[package]] name = "windows_aarch64_msvc" version = "0.42.2" @@ -2793,6 +2839,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" + [[package]] name = "windows_i686_gnu" version = "0.42.2" @@ -2805,6 +2857,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" +[[package]] +name = "windows_i686_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" + [[package]] name = "windows_i686_msvc" version = "0.42.2" @@ -2817,6 +2875,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" +[[package]] +name = "windows_i686_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" + [[package]] name = "windows_x86_64_gnu" version = "0.42.2" @@ -2829,6 +2893,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" + [[package]] name = "windows_x86_64_gnullvm" version = "0.42.2" @@ -2841,6 +2911,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" + [[package]] name = "windows_x86_64_msvc" version = "0.42.2" @@ -2853,6 +2929,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" + [[package]] name = "winnow" version = "0.5.18" @@ -2940,9 +3022,9 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.21" +version = "0.7.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "686b7e407015242119c33dab17b8f61ba6843534de936d94368856528eae4dcc" +checksum = "1c4061bedbb353041c12f413700357bec76df2c7e2ca8e4df8bac24c6bf68e3d" dependencies = [ "byteorder", "zerocopy-derive", @@ -2950,9 +3032,9 @@ dependencies = [ [[package]] name = "zerocopy-derive" -version = "0.7.21" +version = "0.7.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "020f3dfe25dfc38dfea49ce62d5d45ecdd7f0d8a724fa63eb36b6eba4ec76806" +checksum = "b3c129550b3e6de3fd0ba67ba5c81818f9805e58b8d7fee80a3a59d2c9fc601a" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index ceb1fc6793..2bce87916d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -46,15 +46,14 @@ thiserror = "1.0.40" tpm = { path = "tpm"} tracer = { path = "tracer" } vmm = { path = "vmm" } -vmm-sys-util = "0.11.0" -vm-memory = "0.13.1" +vmm-sys-util = "0.12.1" +vm-memory = "0.14.0" zbus = { version = "3.11.1", optional = true } # List of patched crates [patch.crates-io] -kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.6.0-tdx" } -kvm-ioctls = { git = "https://github.com/rust-vmm/kvm-ioctls", branch = "main" } -versionize_derive = { git = "https://github.com/cloud-hypervisor/versionize_derive", branch = "ch" } +kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.7.0" } +versionize_derive = { git = "https://github.com/cloud-hypervisor/versionize_derive", branch = "ch-0.1.6" } [dev-dependencies] dirs = "5.0.0" diff --git a/api_client/Cargo.toml b/api_client/Cargo.toml index 5be434702b..e2fba52623 100644 --- a/api_client/Cargo.toml +++ b/api_client/Cargo.toml @@ -5,4 +5,4 @@ authors = ["The Cloud Hypervisor Authors"] edition = "2021" [dependencies] -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" diff --git a/arch/Cargo.toml b/arch/Cargo.toml index 001050beda..68484d9b25 100644 --- a/arch/Cargo.toml +++ b/arch/Cargo.toml @@ -14,16 +14,16 @@ anyhow = "1.0.75" byteorder = "1.4.3" hypervisor = { path = "../hypervisor" } libc = "0.2.147" -linux-loader = { version = "0.10.0", features = ["elf", "bzimage", "pe"] } +linux-loader = { version = "0.11.0", features = ["elf", "bzimage", "pe"] } log = "0.4.20" serde = { version = "1.0.168", features = ["rc", "derive"] } thiserror = "1.0.40" uuid = "1.3.4" -versionize = "0.1.10" -versionize_derive = "0.1.4" -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-bitmap"] } +versionize = "0.2.0" +versionize_derive = "0.1.6" +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-bitmap"] } vm-migration = { path = "../vm-migration" } -vmm-sys-util = { version = "0.11.0", features = ["with-serde"] } +vmm-sys-util = { version = "0.12.1", features = ["with-serde"] } [target.'cfg(target_arch = "aarch64")'.dependencies] fdt_parser = { version = "0.1.4", package = "fdt" } diff --git a/block/Cargo.toml b/block/Cargo.toml index faf2dc8bb0..9a0e467969 100644 --- a/block/Cargo.toml +++ b/block/Cargo.toml @@ -18,10 +18,10 @@ remain = "0.2.11" smallvec = "1.11.0" thiserror = "1.0.40" uuid = { version = "1.3.4", features = ["v4"] } -versionize = "0.1.10" -versionize_derive = "0.1.4" +versionize = "0.2.0" +versionize_derive = "0.1.6" virtio-bindings = { version = "0.2.0", features = ["virtio-v5_0_0"] } -virtio-queue = "0.10.0" -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } +virtio-queue = "0.11.0" +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } vm-virtio = { path = "../vm-virtio" } -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" diff --git a/devices/Cargo.toml b/devices/Cargo.toml index bdc86951ff..e4506bc4a2 100644 --- a/devices/Cargo.toml +++ b/devices/Cargo.toml @@ -17,13 +17,13 @@ log = "0.4.20" pci = { path = "../pci" } thiserror = "1.0.40" tpm = { path = "../tpm" } -versionize = "0.1.10" -versionize_derive = "0.1.4" +versionize = "0.2.0" +versionize_derive = "0.1.6" vm-allocator = { path = "../vm-allocator" } vm-device = { path = "../vm-device" } -vm-memory = "0.13.1" +vm-memory = "0.14.0" vm-migration = { path = "../vm-migration" } -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" [target.'cfg(target_arch = "aarch64")'.dependencies] arch = { path = "../arch" } diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 346e96526d..cc9fcd71a9 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -12,9 +12,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.5" +version = "0.6.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d664a92ecae85fd0a7392615844904654d1d5f5514837f471ddef4a057aba1b6" +checksum = "6e2e1ebcb11de5c03c67de28a7df593d32191b44939c482e97702baaaa6ab6a5" dependencies = [ "anstyle", "anstyle-parse", @@ -60,9 +60,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.75" +version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" [[package]] name = "api_client" @@ -184,18 +184,18 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "clap" -version = "4.4.11" +version = "4.4.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfaff671f6b22ca62406885ece523383b9b64022e341e53e009a62ebc47a45f2" +checksum = "1e578d6ec4194633722ccf9544794b71b1385c3c027efe0c55db226fc880865c" dependencies = [ "clap_builder", ] [[package]] name = "clap_builder" -version = "4.4.11" +version = "4.4.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a216b506622bb1d316cd51328dce24e07bdff4a6128a47c7e7fad11878d5adbb" +checksum = "4df4df40ec50c46000231c914968278b1eb05098cf8f1b3a518a95030e71d1c7" dependencies = [ "anstream", "anstyle", @@ -211,7 +211,7 @@ checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" [[package]] name = "cloud-hypervisor" -version = "36.0.0" +version = "37.0.0" dependencies = [ "anyhow", "api_client", @@ -252,6 +252,7 @@ dependencies = [ "virtio-queue", "vm-device", "vm-memory", + "vm-migration", "vm-virtio", "vmm", "vmm-sys-util", @@ -274,9 +275,9 @@ dependencies = [ [[package]] name = "crc64" -version = "1.0.0" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55626594feae15d266d52440b26ff77de0e22230cf0c113abe619084c1ddc910" +checksum = "2707e3afba5e19b75d582d88bc79237418f2a2a2d673d01cf9b03633b46e98f3" [[package]] name = "darling" @@ -299,7 +300,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.32", + "syn 2.0.47", ] [[package]] @@ -310,7 +311,7 @@ checksum = "836a9bbc7ad63342d6d6e7b815ccab164bc77a2d95d84bc3117a8c0d5c98e2d5" dependencies = [ "darling_core", "quote", - "syn 2.0.32", + "syn 2.0.47", ] [[package]] @@ -386,15 +387,15 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] name = "futures-core" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-sink" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e36d3378ee38c2a36ad710c5d30c2911d752cb941c00c72dbabfb786a7970817" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" [[package]] name = "getrandom" @@ -445,9 +446,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "jobserver" @@ -469,8 +470,8 @@ dependencies = [ [[package]] name = "kvm-bindings" -version = "0.6.0" -source = "git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-v0.6.0-tdx#7d9ffb47e5b9b1989577258800a0f57c93f1445f" +version = "0.7.0" +source = "git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-v0.7.0#2dcf85d4f8aa55befcaa996b699ddb18ec9ed059" dependencies = [ "serde", "serde_derive", @@ -479,10 +480,11 @@ dependencies = [ [[package]] name = "kvm-ioctls" -version = "0.13.0" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8f8dc9c1896e5f144ec5d07169bc29f39a047686d29585a91f30489abfaeb6b" +checksum = "9002dff009755414f22b962ec6ae6980b07d6d8b06e5297b1062019d72bd6a8c" dependencies = [ + "bitflags 2.4.1", "kvm-bindings", "libc", "vmm-sys-util", @@ -490,9 +492,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.150" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "libfuzzer-sys" @@ -507,9 +509,9 @@ dependencies = [ [[package]] name = "linux-loader" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "132a531b85b3a164012ab682c72f8f2cce7757f187be5f60782fd2b4cda9cb34" +checksum = "eb68dd3452f25a8defaf0ae593509cff0c777683e4d8924f59ac7c5f89267a83" dependencies = [ "vm-memory", ] @@ -533,7 +535,7 @@ checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] name = "micro_http" version = "0.1.0" -source = "git+https://github.com/firecracker-microvm/micro-http?branch=main#a4d632f2c5ea45712c0d2002dc909a63879e85c3" +source = "git+https://github.com/firecracker-microvm/micro-http?branch=main#e75dfa1eeea23b69caa7407bc2c3a76d7b7262fb" dependencies = [ "libc", "vmm-sys-util", @@ -626,23 +628,23 @@ checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.47", ] [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "95fc56cda0b5c3325f5fbbd7ff9fda9e02bb00bb3dac51252d2f1bfa1cb8cc8c" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.33" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] @@ -651,20 +653,22 @@ dependencies = [ name = "rate_limiter" version = "0.1.0" dependencies = [ + "epoll", "libc", "log", + "thiserror", "vmm-sys-util", ] [[package]] name = "remain" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bce3a7139d2ee67d07538ee5dba997364fbc243e7e7143e96eb830c74bfaa082" +checksum = "1ad5e011230cad274d0532460c5ab69828ea47ae75681b42a841663efffaf794" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.47", ] [[package]] @@ -705,29 +709,29 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.193" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" +checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.193" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" +checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.47", ] [[package]] name = "serde_json" -version = "1.0.108" +version = "1.0.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +checksum = "176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4" dependencies = [ "itoa", "ryu", @@ -753,7 +757,7 @@ dependencies = [ "darling", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.47", ] [[package]] @@ -781,9 +785,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.2" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +checksum = "2593d31f82ead8df961d8bd23a64c2ccf2eb5dd34b0a34bfb4dd54011c72009e" [[package]] name = "spin" @@ -813,9 +817,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.32" +version = "2.0.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "239814284fd6f1a4ffe4ca893952cdd93c224b6a1571c9a9eadd670295c0c9e2" +checksum = "1726efe18f42ae774cc644f330953a5e7b3c3003d3edcecf18850fe9d4dd9afb" dependencies = [ "proc-macro2", "quote", @@ -824,22 +828,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.50" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" +checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.50" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" +checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.47", ] [[package]] @@ -880,18 +884,18 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" [[package]] name = "uuid" -version = "1.6.1" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e395fcf16a7a3d8127ec99782007af141946b4795001f876d54fb0d55978560" +checksum = "f00cc9702ca12d3c81455259621e676d0f7251cec66a21e98fe2e9a37db93b2a" dependencies = [ "getrandom", ] [[package]] name = "versionize" -version = "0.1.10" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dca4b7062e7e6d685901e815c35f9671e059de97c1c0905eeff8592f3fff442f" +checksum = "62929d59c7f6730b7298fcb363760550f4db6e353fbac4076d447d0e82799d6d" dependencies = [ "bincode", "crc64", @@ -906,8 +910,8 @@ dependencies = [ [[package]] name = "versionize_derive" -version = "0.1.4" -source = "git+https://github.com/cloud-hypervisor/versionize_derive?branch=ch#e502b1d4aabab342386f0c53780d49f21a6a1df6" +version = "0.1.6" +source = "git+https://github.com/cloud-hypervisor/versionize_derive?branch=ch-0.1.6#7906da996152e2d0ab08f5526440683bf3ca7834" dependencies = [ "proc-macro2", "quote", @@ -917,7 +921,7 @@ dependencies = [ [[package]] name = "vfio-bindings" version = "0.4.0" -source = "git+https://github.com/rust-vmm/vfio?branch=main#59c604fa6e42080f0a47c124ba29454fe4cb7475" +source = "git+https://github.com/rust-vmm/vfio?branch=main#0daff4d4c159e842cf18b8b90457a45032b2df5a" dependencies = [ "vmm-sys-util", ] @@ -925,7 +929,7 @@ dependencies = [ [[package]] name = "vfio-ioctls" version = "0.2.0" -source = "git+https://github.com/rust-vmm/vfio?branch=main#59c604fa6e42080f0a47c124ba29454fe4cb7475" +source = "git+https://github.com/rust-vmm/vfio?branch=main#0daff4d4c159e842cf18b8b90457a45032b2df5a" dependencies = [ "byteorder", "kvm-bindings", @@ -941,7 +945,7 @@ dependencies = [ [[package]] name = "vfio_user" version = "0.1.0" -source = "git+https://github.com/rust-vmm/vfio-user?branch=main#6c72e997e61d9e84b8ee691ad63ece6c717cf5aa" +source = "git+https://github.com/rust-vmm/vfio-user?branch=main#a1f6e52829e069b6d698b2cfeecac742e4653186" dependencies = [ "bitflags 1.3.2", "libc", @@ -957,9 +961,9 @@ dependencies = [ [[package]] name = "vhost" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "289adfce099c71f8310f895932ccd978f352ca494ea47496dbe20d4241888b82" +checksum = "2b64e816d0d49769fbfaa1494eb77cc2a3ddc526ead05c7f922cb7d64106286f" dependencies = [ "bitflags 2.4.1", "libc", @@ -1009,9 +1013,9 @@ dependencies = [ [[package]] name = "virtio-queue" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73a01db2cfb6c4b9bc20608b1336263d16714ea8db05de9fec2a254e076f9385" +checksum = "e3f69a13d6610db9312acbb438b0390362af905d37634a2106be70c0f734986d" dependencies = [ "log", "virtio-bindings", @@ -1048,9 +1052,9 @@ source = "git+https://github.com/rust-vmm/vm-fdt?branch=main#c5a99ab71b130435927 [[package]] name = "vm-memory" -version = "0.13.1" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5376c9ee5ebe2103a310d8241936cfb93c946734b0479a4fa5bdf7a64abbacd8" +checksum = "74ffc42216c32c35f858fa4bfdcd9b61017dfd691e0240268fdc85dbf59e5459" dependencies = [ "arc-swap", "libc", @@ -1105,6 +1109,7 @@ dependencies = [ "once_cell", "option_parser", "pci", + "rate_limiter", "seccompiler", "serde", "serde_json", @@ -1130,9 +1135,9 @@ dependencies = [ [[package]] name = "vmm-sys-util" -version = "0.11.2" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48b7b084231214f7427041e4220d77dfe726897a6d41fddee450696e66ff2a29" +checksum = "1d1435039746e20da4f8d507a72ee1b916f7b4b05af7a91c093d2c6561934ede" dependencies = [ "bitflags 1.3.2", "libc", @@ -1167,7 +1172,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.47", "wasm-bindgen-shared", ] @@ -1189,7 +1194,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.47", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1290,9 +1295,9 @@ checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" [[package]] name = "zerocopy" -version = "0.7.29" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d075cf85bbb114e933343e087b92f2146bac0d55b534cbb8188becf0039948e" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" dependencies = [ "byteorder", "zerocopy-derive", @@ -1300,11 +1305,11 @@ dependencies = [ [[package]] name = "zerocopy-derive" -version = "0.7.29" +version = "0.7.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86cd5ca076997b97ef09d3ad65efe811fa68c9e874cb636ccb211223a813b0c2" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.47", ] diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index ef73e10cb8..5bec783840 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -15,18 +15,19 @@ igvm = [] block = { path = "../block" } devices = { path = "../devices" } epoll = "4.3.1" -libc = "0.2.150" +libc = "0.2.152" libfuzzer-sys = "0.4.7" -linux-loader = { version = "0.10.0", features = ["elf", "bzimage", "pe"] } +linux-loader = { version = "0.11.0", features = ["elf", "bzimage", "pe"] } micro_http = { git = "https://github.com/firecracker-microvm/micro-http", branch = "main" } net_util = { path = "../net_util" } once_cell = "1.19.0" seccompiler = "0.4.0" virtio-devices = { path = "../virtio-devices" } -virtio-queue = "0.10.0" +virtio-queue = "0.11.0" vmm = { path = "../vmm" } -vmm-sys-util = "0.11.2" -vm-memory = "0.13.1" +vmm-sys-util = "0.12.1" +vm-memory = "0.14.0" +vm-migration = { path = "../vm-migration" } vm-device = { path = "../vm-device" } vm-virtio = { path = "../vm-virtio" } @@ -34,8 +35,8 @@ vm-virtio = { path = "../vm-virtio" } path = ".." [patch.crates-io] -kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.6.0-tdx" } -versionize_derive = { git = "https://github.com/cloud-hypervisor/versionize_derive", branch = "ch" } +kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.7.0" } +versionize_derive = { git = "https://github.com/cloud-hypervisor/versionize_derive", branch = "ch-0.1.6" } # Prevent this from interfering with workspaces [workspace] diff --git a/hypervisor/Cargo.toml b/hypervisor/Cargo.toml index 11cffefc3c..ce49f50d47 100644 --- a/hypervisor/Cargo.toml +++ b/hypervisor/Cargo.toml @@ -18,16 +18,16 @@ igvm_defs = { git = "https://github.com/microsoft/igvm", branch = "main", packag igvm_parser = { git = "https://github.com/microsoft/igvm", branch = "main", package = "igvm", optional = true } libc = "0.2.147" log = "0.4.20" -kvm-ioctls = { version = "0.13.0", optional = true } -kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.6.0-tdx", features = ["with-serde", "fam-wrappers"], optional = true } +kvm-ioctls = { version = "0.16.0", optional = true } +kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.7.0", features = ["with-serde", "fam-wrappers"], optional = true } mshv-bindings = { git = "https://github.com/rust-vmm/mshv", branch = "main", features = ["with-serde", "fam-wrappers"], optional = true } mshv-ioctls = { git = "https://github.com/rust-vmm/mshv", branch = "main", optional = true} serde = { version = "1.0.168", features = ["rc", "derive"] } serde_with = { version = "3.4.0", default-features = false, features = ["macros"] } vfio-ioctls = { git = "https://github.com/rust-vmm/vfio", branch = "main", default-features = false } -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-atomic"] } -vmm-sys-util = { version = "0.11.0", features = ["with-serde"] } -thiserror = "1.0.40" +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-atomic"] } +vmm-sys-util = { version = "0.12.1", features = ["with-serde"] } +thiserror = "1.0.52" [target.'cfg(target_arch = "x86_64")'.dependencies.iced-x86] optional = true diff --git a/hypervisor/src/arch/x86/mod.rs b/hypervisor/src/arch/x86/mod.rs index 9fedbea7cf..72b57072ff 100644 --- a/hypervisor/src/arch/x86/mod.rs +++ b/hypervisor/src/arch/x86/mod.rs @@ -311,3 +311,17 @@ pub struct MsrEntry { pub index: u32, pub data: u64, } + +#[serde_with::serde_as] +#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)] +pub struct XsaveState { + #[serde_as(as = "[_; 1024usize]")] + pub region: [u32; 1024usize], +} + +impl Default for XsaveState { + fn default() -> Self { + // SAFETY: this is plain old data structure + unsafe { ::std::mem::zeroed() } + } +} diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs index ef885ae3bc..283e7406cd 100644 --- a/hypervisor/src/kvm/mod.rs +++ b/hypervisor/src/kvm/mod.rs @@ -47,7 +47,7 @@ use vmm_sys_util::eventfd::EventFd; pub mod x86_64; #[cfg(target_arch = "x86_64")] use crate::arch::x86::{ - CpuIdEntry, FpuState, LapicState, MsrEntry, SpecialRegisters, StandardRegisters, + CpuIdEntry, FpuState, LapicState, MsrEntry, SpecialRegisters, StandardRegisters, XsaveState, NUM_IOAPIC_PINS, }; #[cfg(target_arch = "x86_64")] @@ -66,7 +66,7 @@ use kvm_bindings::{ #[cfg(target_arch = "x86_64")] use x86_64::check_required_kvm_extensions; #[cfg(target_arch = "x86_64")] -pub use x86_64::{CpuId, ExtendedControlRegisters, MsrEntries, VcpuKvmState, Xsave}; +pub use x86_64::{CpuId, ExtendedControlRegisters, MsrEntries, VcpuKvmState}; // aarch64 dependencies #[cfg(target_arch = "aarch64")] pub mod aarch64; @@ -1164,71 +1164,64 @@ impl cpu::Vcpu for KvmVcpu { // These actually are the general-purpose registers of the Armv8-a // architecture (i.e x0-x30 if used as a 64bit register or w0-30 when used as a 32bit register). for i in 0..31 { - state.regs.regs[i] = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.regs.regs[i] = u64::from_le_bytes(bytes); off += std::mem::size_of::(); } // We are now entering the "Other register" section of the ARMv8-a architecture. // First one, stack pointer. let off = offset_of!(user_pt_regs, sp); - state.regs.sp = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.regs.sp = u64::from_le_bytes(bytes); // Second one, the program counter. let off = offset_of!(user_pt_regs, pc); - state.regs.pc = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.regs.pc = u64::from_le_bytes(bytes); // Next is the processor state. let off = offset_of!(user_pt_regs, pstate); - state.regs.pstate = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.regs.pstate = u64::from_le_bytes(bytes); // The stack pointer associated with EL1 let off = offset_of!(kvm_regs, sp_el1); - state.sp_el1 = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.sp_el1 = u64::from_le_bytes(bytes); // Exception Link Register for EL1, when taking an exception to EL1, this register // holds the address to which to return afterwards. let off = offset_of!(kvm_regs, elr_el1); - state.elr_el1 = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.elr_el1 = u64::from_le_bytes(bytes); // Saved Program Status Registers, there are 5 of them used in the kernel. let mut off = offset_of!(kvm_regs, spsr); for i in 0..KVM_NR_SPSR as usize { - state.spsr[i] = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.spsr[i] = u64::from_le_bytes(bytes); off += std::mem::size_of::(); } @@ -1236,30 +1229,29 @@ impl cpu::Vcpu for KvmVcpu { // https://elixir.free-electrons.com/linux/v4.9.62/source/arch/arm64/include/uapi/asm/kvm.h#L53 let mut off = offset_of!(kvm_regs, fp_regs) + offset_of!(user_fpsimd_state, vregs); for i in 0..32 { - state.fp_regs.vregs[i] = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U128, off)) + let mut bytes = [0_u8; 16]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U128, off), &mut bytes) .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.fp_regs.vregs[i] = u128::from_le_bytes(bytes); off += mem::size_of::(); } // Floating-point Status Register let off = offset_of!(kvm_regs, fp_regs) + offset_of!(user_fpsimd_state, fpsr); - state.fp_regs.fpsr = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U32, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 4]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U32, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.fp_regs.fpsr = u32::from_le_bytes(bytes); // Floating-point Control Register let off = offset_of!(kvm_regs, fp_regs) + offset_of!(user_fpsimd_state, fpcr); - state.fp_regs.fpcr = self - .fd - .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U32, off)) - .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))? - .try_into() - .unwrap(); + let mut bytes = [0_u8; 4]; + self.fd + .get_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U32, off), &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetCoreRegister(e.into()))?; + state.fp_regs.fpcr = u32::from_le_bytes(bytes); Ok(state) } @@ -1288,7 +1280,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, off), - state.regs.regs[i].into(), + &state.regs.regs[i].to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; off += std::mem::size_of::(); @@ -1298,7 +1290,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, off), - state.regs.sp.into(), + &state.regs.sp.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; @@ -1306,7 +1298,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, off), - state.regs.pc.into(), + &state.regs.pc.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; @@ -1314,7 +1306,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, off), - state.regs.pstate.into(), + &state.regs.pstate.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; @@ -1322,7 +1314,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, off), - state.sp_el1.into(), + &state.sp_el1.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; @@ -1330,7 +1322,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, off), - state.elr_el1.into(), + &state.elr_el1.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; @@ -1339,7 +1331,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, off), - state.spsr[i].into(), + &state.spsr[i].to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; off += std::mem::size_of::(); @@ -1350,7 +1342,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U128, off), - state.fp_regs.vregs[i], + &state.fp_regs.vregs[i].to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; off += mem::size_of::(); @@ -1360,7 +1352,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U32, off), - state.fp_regs.fpsr.into(), + &state.fp_regs.fpsr.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; @@ -1368,7 +1360,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U32, off), - state.fp_regs.fpcr.into(), + &state.fp_regs.fpcr.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; Ok(()) @@ -1609,7 +1601,7 @@ impl cpu::Vcpu for KvmVcpu { Ok(cpu::VmExit::Shutdown) } else { Err(cpu::HypervisorCpuError::RunVcpu(anyhow!( - "Unexpected system event with type 0x{:x}, flags 0x{:x}", + "Unexpected system event with type 0x{:x}, flags 0x{:x?}", event_type, flags ))) @@ -1773,12 +1765,11 @@ impl cpu::Vcpu for KvmVcpu { | KVM_REG_ARM64_SYSREG_CRN_MASK | KVM_REG_ARM64_SYSREG_CRM_MASK | KVM_REG_ARM64_SYSREG_OP2_MASK)) as u64); - Ok(self - .fd - .get_one_reg(id) - .map_err(|e| cpu::HypervisorCpuError::GetSysRegister(e.into()))? - .try_into() - .unwrap()) + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(id, &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetSysRegister(e.into()))?; + Ok(u64::from_le_bytes(bytes)) } /// @@ -1805,7 +1796,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, pstate), - PSTATE_FAULT_BITS_64.into(), + &PSTATE_FAULT_BITS_64.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; @@ -1814,7 +1805,10 @@ impl cpu::Vcpu for KvmVcpu { // Setting the PC (Processor Counter) to the current program address (kernel address). let pc = offset_of!(user_pt_regs, pc) + kreg_off; self.fd - .set_one_reg(arm64_core_reg_id!(KVM_REG_SIZE_U64, pc), boot_ip.into()) + .set_one_reg( + arm64_core_reg_id!(KVM_REG_SIZE_U64, pc), + &boot_ip.to_le_bytes(), + ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; // Last mandatory thing to set -> the address pointing to the FDT (also called DTB). @@ -1825,7 +1819,7 @@ impl cpu::Vcpu for KvmVcpu { self.fd .set_one_reg( arm64_core_reg_id!(KVM_REG_SIZE_U64, regs0), - fdt_start.into(), + &fdt_start.to_le_bytes(), ) .map_err(|e| cpu::HypervisorCpuError::SetCoreRegister(e.into()))?; } @@ -1990,14 +1984,13 @@ impl cpu::Vcpu for KvmVcpu { // register list, we are simply calling KVM_GET_ONE_REG. let indices = reg_list.as_slice(); for index in indices.iter() { + let mut bytes = [0_u8; 8]; + self.fd + .get_one_reg(*index, &mut bytes) + .map_err(|e| cpu::HypervisorCpuError::GetSysRegister(e.into()))?; sys_regs.push(kvm_bindings::kvm_one_reg { id: *index, - addr: self - .fd - .get_one_reg(*index) - .map_err(|e| cpu::HypervisorCpuError::GetSysRegister(e.into()))? - .try_into() - .unwrap(), + addr: u64::from_le_bytes(bytes), }); } @@ -2107,7 +2100,7 @@ impl cpu::Vcpu for KvmVcpu { // Set system registers for reg in &state.sys_regs { self.fd - .set_one_reg(reg.id, reg.addr.into()) + .set_one_reg(reg.id, ®.addr.to_le_bytes()) .map_err(|e| cpu::HypervisorCpuError::SetSysRegister(e.into()))?; } @@ -2270,19 +2263,22 @@ impl KvmVcpu { /// /// X86 specific call that returns the vcpu's current "xsave struct". /// - fn get_xsave(&self) -> cpu::Result { - self.fd + fn get_xsave(&self) -> cpu::Result { + Ok(self + .fd .get_xsave() - .map_err(|e| cpu::HypervisorCpuError::GetXsaveState(e.into())) + .map_err(|e| cpu::HypervisorCpuError::GetXsaveState(e.into()))? + .into()) } #[cfg(target_arch = "x86_64")] /// /// X86 specific call that sets the vcpu's current "xsave struct". /// - fn set_xsave(&self, xsave: &Xsave) -> cpu::Result<()> { + fn set_xsave(&self, xsave: &XsaveState) -> cpu::Result<()> { + let xsave: kvm_bindings::kvm_xsave = (*xsave).clone().into(); self.fd - .set_xsave(xsave) + .set_xsave(&xsave) .map_err(|e| cpu::HypervisorCpuError::SetXsaveState(e.into())) } diff --git a/hypervisor/src/kvm/x86_64/mod.rs b/hypervisor/src/kvm/x86_64/mod.rs index 78da26d608..cb4d069e32 100644 --- a/hypervisor/src/kvm/x86_64/mod.rs +++ b/hypervisor/src/kvm/x86_64/mod.rs @@ -10,7 +10,7 @@ use crate::arch::x86::{ CpuIdEntry, DescriptorTable, FpuState, LapicState, MsrEntry, SegmentRegister, SpecialRegisters, - StandardRegisters, CPUID_FLAG_VALID_INDEX, + StandardRegisters, XsaveState, CPUID_FLAG_VALID_INDEX, }; use crate::kvm::{Cap, Kvm, KvmError, KvmResult}; use serde::{Deserialize, Serialize}; @@ -23,7 +23,7 @@ pub use { kvm_bindings::kvm_lapic_state, kvm_bindings::kvm_mp_state as MpState, kvm_bindings::kvm_msr_entry, kvm_bindings::kvm_regs, kvm_bindings::kvm_segment, kvm_bindings::kvm_sregs, kvm_bindings::kvm_vcpu_events as VcpuEvents, - kvm_bindings::kvm_xcrs as ExtendedControlRegisters, kvm_bindings::kvm_xsave as Xsave, + kvm_bindings::kvm_xcrs as ExtendedControlRegisters, kvm_bindings::kvm_xsave, kvm_bindings::CpuId, kvm_bindings::MsrList, kvm_bindings::Msrs as MsrEntries, kvm_bindings::KVM_CPUID_FLAG_SIGNIFCANT_INDEX, }; @@ -64,7 +64,7 @@ pub struct VcpuKvmState { pub sregs: kvm_sregs, pub fpu: FpuState, pub lapic_state: LapicState, - pub xsave: Xsave, + pub xsave: XsaveState, pub xcrs: ExtendedControlRegisters, pub mp_state: MpState, pub tsc_khz: Option, @@ -330,3 +330,18 @@ impl From for kvm_msr_entry { } } } + +impl From for XsaveState { + fn from(s: kvm_xsave) -> Self { + Self { region: s.region } + } +} + +impl From for kvm_xsave { + fn from(s: XsaveState) -> Self { + Self { + region: s.region, + extra: Default::default(), + } + } +} diff --git a/net_gen/Cargo.toml b/net_gen/Cargo.toml index 263135807a..cb7baa8638 100644 --- a/net_gen/Cargo.toml +++ b/net_gen/Cargo.toml @@ -5,4 +5,4 @@ authors = ["The Chromium OS Authors"] edition = "2021" [dependencies] -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" diff --git a/net_util/Cargo.toml b/net_util/Cargo.toml index 675d05fee2..dcdf40d03c 100644 --- a/net_util/Cargo.toml +++ b/net_util/Cargo.toml @@ -12,14 +12,14 @@ log = "0.4.20" net_gen = { path = "../net_gen" } rate_limiter = { path = "../rate_limiter" } serde = "1.0.168" -thiserror = "1.0.40" -versionize = "0.1.10" -versionize_derive = "0.1.4" +thiserror = "1.0.52" +versionize = "0.2.0" +versionize_derive = "0.1.6" virtio-bindings = "0.2.0" -virtio-queue = "0.10.0" -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } +virtio-queue = "0.11.0" +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } vm-virtio = { path = "../vm-virtio" } -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" [dev-dependencies] once_cell = "1.18.0" diff --git a/pci/Cargo.toml b/pci/Cargo.toml index 122d54c6ad..2fdc46e6a9 100644 --- a/pci/Cargo.toml +++ b/pci/Cargo.toml @@ -17,14 +17,14 @@ vfio-bindings = { git = "https://github.com/rust-vmm/vfio", branch = "main", fea vfio-ioctls = { git = "https://github.com/rust-vmm/vfio", branch = "main", default-features = false } vfio_user = { git = "https://github.com/rust-vmm/vfio-user", branch = "main" } -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" libc = "0.2.147" log = "0.4.20" serde = { version = "1.0.168", features = ["derive"] } -thiserror = "1.0.40" -versionize = "0.1.10" -versionize_derive = "0.1.4" +thiserror = "1.0.52" +versionize = "0.2.0" +versionize_derive = "0.1.6" vm-allocator = { path = "../vm-allocator" } vm-device = { path = "../vm-device" } -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } vm-migration = { path = "../vm-migration" } diff --git a/rate_limiter/Cargo.toml b/rate_limiter/Cargo.toml index 6d9bfc9bc2..91aeaf2571 100644 --- a/rate_limiter/Cargo.toml +++ b/rate_limiter/Cargo.toml @@ -6,4 +6,5 @@ edition = "2021" [dependencies] libc = "0.2.147" log = "0.4.20" -vmm-sys-util = "0.11.0" +thiserror = "1.0.40" +vmm-sys-util = "0.12.1" diff --git a/test_infra/Cargo.toml b/test_infra/Cargo.toml index e0bb017eec..d8f5bfc833 100644 --- a/test_infra/Cargo.toml +++ b/test_infra/Cargo.toml @@ -12,5 +12,5 @@ once_cell = "1.18.0" serde = { version = "1.0.168", features = ["rc", "derive"] } serde_json = "1.0.107" ssh2 = { version = "0.9.4", features = ["vendored-openssl"] } -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" wait-timeout = "0.2.0" diff --git a/tests/integration.rs b/tests/integration.rs index bda58aeb19..24ab205216 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -9560,43 +9560,51 @@ mod live_migration { } #[test] + #[ignore = "See #6134"] fn test_live_upgrade_basic() { _test_live_migration(true, false) } #[test] + #[ignore = "See #6134"] fn test_live_upgrade_local() { _test_live_migration(true, true) } #[test] + #[ignore = "See #6134"] #[cfg(not(feature = "mshv"))] fn test_live_upgrade_numa() { _test_live_migration_numa(true, false) } #[test] + #[ignore = "See #6134"] #[cfg(not(feature = "mshv"))] fn test_live_upgrade_numa_local() { _test_live_migration_numa(true, true) } #[test] + #[ignore = "See #6134"] fn test_live_upgrade_watchdog() { _test_live_migration_watchdog(true, false) } #[test] + #[ignore = "See #6134"] fn test_live_upgrade_watchdog_local() { _test_live_migration_watchdog(true, true) } #[test] + #[ignore = "See #6134"] fn test_live_upgrade_balloon() { _test_live_migration_balloon(true, false) } #[test] + #[ignore = "See #6134"] fn test_live_upgrade_balloon_local() { _test_live_migration_balloon(true, true) } @@ -9630,6 +9638,7 @@ mod live_migration { } #[test] + #[ignore = "See #5532"] #[cfg(target_arch = "x86_64")] #[cfg(not(feature = "mshv"))] fn test_live_upgrade_ovs_dpdk_local() { diff --git a/tpm/Cargo.toml b/tpm/Cargo.toml index 2bee810b7f..0e624e8104 100644 --- a/tpm/Cargo.toml +++ b/tpm/Cargo.toml @@ -12,4 +12,4 @@ libc = "0.2.138" log = "0.4.17" net_gen = { path = "../net_gen" } thiserror = "1.0.37" -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" diff --git a/vhost_user_block/Cargo.toml b/vhost_user_block/Cargo.toml index 0eef71ad38..89fdb506ed 100644 --- a/vhost_user_block/Cargo.toml +++ b/vhost_user_block/Cargo.toml @@ -13,9 +13,9 @@ epoll = "4.3.3" libc = "0.2.147" log = "0.4.20" option_parser = { path = "../option_parser" } -vhost = { version = "0.9.0", features = ["vhost-user-backend"] } -vhost-user-backend = "0.11.0" +vhost = { version = "0.10.0", features = ["vhost-user-backend"] } +vhost-user-backend = "0.13.1" virtio-bindings = "0.2.0" -virtio-queue = "0.10.0" -vm-memory = "0.13.1" -vmm-sys-util = "0.11.0" +virtio-queue = "0.11.0" +vm-memory = "0.14.0" +vmm-sys-util = "0.12.1" diff --git a/vhost_user_net/Cargo.toml b/vhost_user_net/Cargo.toml index e645ea0ba3..9e216d08fb 100644 --- a/vhost_user_net/Cargo.toml +++ b/vhost_user_net/Cargo.toml @@ -13,9 +13,8 @@ libc = "0.2.147" log = "0.4.20" net_util = { path = "../net_util" } option_parser = { path = "../option_parser" } -vhost = { version = "0.9.0", features = ["vhost-user-backend"] } -vhost-user-backend = "0.11.0" +vhost = { version = "0.10.0", features = ["vhost-user-backend"] } +vhost-user-backend = "0.13.1" virtio-bindings = "0.2.0" -vm-memory = "0.13.1" -vmm-sys-util = "0.11.0" - +vm-memory = "0.14.0" +vmm-sys-util = "0.12.1" diff --git a/virtio-devices/Cargo.toml b/virtio-devices/Cargo.toml index 6ce0a48195..8e1f325835 100644 --- a/virtio-devices/Cargo.toml +++ b/virtio-devices/Cargo.toml @@ -24,15 +24,15 @@ seccompiler = "0.4.0" serde = { version = "1.0.168", features = ["derive"] } serde_json = "1.0.107" serial_buffer = { path = "../serial_buffer" } -thiserror = "1.0.40" -versionize = "0.1.10" -versionize_derive = "0.1.4" -vhost = { version = "0.9.0", features = ["vhost-user-frontend", "vhost-user-backend", "vhost-kern", "vhost-vdpa"] } +thiserror = "1.0.52" +versionize = "0.2.0" +versionize_derive = "0.1.6" +vhost = { version = "0.10.0", features = ["vhost-user-frontend", "vhost-user-backend", "vhost-kern", "vhost-vdpa"] } virtio-bindings = { version = "0.2.0", features = ["virtio-v5_0_0"] } -virtio-queue = "0.10.0" +virtio-queue = "0.11.0" vm-allocator = { path = "../vm-allocator" } vm-device = { path = "../vm-device" } -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } vm-migration = { path = "../vm-migration" } vm-virtio = { path = "../vm-virtio" } -vmm-sys-util = "0.11.0" +vmm-sys-util = "0.12.1" diff --git a/vm-allocator/Cargo.toml b/vm-allocator/Cargo.toml index affbdb143a..27f18d7c29 100644 --- a/vm-allocator/Cargo.toml +++ b/vm-allocator/Cargo.toml @@ -6,7 +6,7 @@ edition = "2021" [dependencies] libc = "0.2.147" -vm-memory = "0.13.1" +vm-memory = "0.14.0" [target.'cfg(target_arch = "aarch64")'.dependencies] arch = { path = "../arch" } diff --git a/vm-device/Cargo.toml b/vm-device/Cargo.toml index da58832f50..1d2e93e3b8 100644 --- a/vm-device/Cargo.toml +++ b/vm-device/Cargo.toml @@ -15,5 +15,5 @@ hypervisor = { path = "../hypervisor" } thiserror = "1.0.40" serde = { version = "1.0.168", features = ["rc", "derive"] } vfio-ioctls = { git = "https://github.com/rust-vmm/vfio", branch = "main", default-features = false } -vm-memory = { version = "0.13.1", features = ["backend-mmap"] } -vmm-sys-util = "0.11.0" +vm-memory = { version = "0.14.0", features = ["backend-mmap"] } +vmm-sys-util = "0.12.1" diff --git a/vm-migration/Cargo.toml b/vm-migration/Cargo.toml index 7099b917dd..e21ff4c582 100644 --- a/vm-migration/Cargo.toml +++ b/vm-migration/Cargo.toml @@ -8,7 +8,7 @@ edition = "2021" anyhow = "1.0.75" thiserror = "1.0.40" serde = { version = "1.0.168", features = ["rc", "derive"] } -serde_json = "1.0.107" -versionize = "0.1.10" -versionize_derive = "0.1.4" -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-atomic"] } +serde_json = "1.0.109" +versionize = "0.2.0" +versionize_derive = "0.1.6" +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-atomic"] } diff --git a/vm-virtio/Cargo.toml b/vm-virtio/Cargo.toml index 5e229cdad0..1b279d34b1 100644 --- a/vm-virtio/Cargo.toml +++ b/vm-virtio/Cargo.toml @@ -9,5 +9,5 @@ default = [] [dependencies] log = "0.4.20" -virtio-queue = "0.10.0" -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } +virtio-queue = "0.11.0" +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } diff --git a/vmm/Cargo.toml b/vmm/Cargo.toml index b5c9b4c774..42e9737a6e 100644 --- a/vmm/Cargo.toml +++ b/vmm/Cargo.toml @@ -38,7 +38,7 @@ hypervisor = { path = "../hypervisor" } igvm_defs = { git = "https://github.com/microsoft/igvm", branch = "main", package = "igvm_defs", optional = true } igvm_parser = { git = "https://github.com/microsoft/igvm", branch = "main", package = "igvm", optional = true } libc = "0.2.147" -linux-loader = { version = "0.10.0", features = ["elf", "bzimage", "pe"] } +linux-loader = { version = "0.11.0", features = ["elf", "bzimage", "pe"] } log = "0.4.20" micro_http = { git = "https://github.com/firecracker-microvm/micro-http", branch = "main" } mshv-bindings = { git = "https://github.com/rust-vmm/mshv", branch = "main", features = ["with-serde", "fam-wrappers"], optional = true } @@ -55,17 +55,17 @@ signal-hook = "0.3.17" thiserror = "1.0.40" tracer = { path = "../tracer" } uuid = "1.3.4" -versionize = "0.1.10" -versionize_derive = "0.1.4" +versionize = "0.2.0" +versionize_derive = "0.1.6" vfio-ioctls = { git = "https://github.com/rust-vmm/vfio", branch = "main", default-features = false } vfio_user = { git = "https://github.com/rust-vmm/vfio-user", branch = "main" } virtio-devices = { path = "../virtio-devices" } -virtio-queue = "0.10.0" +virtio-queue = "0.11.0" vm-allocator = { path = "../vm-allocator" } vm-device = { path = "../vm-device" } -vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } +vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-atomic", "backend-bitmap"] } vm-migration = { path = "../vm-migration" } vm-virtio = { path = "../vm-virtio" } -vmm-sys-util = { version = "0.11.0", features = ["with-serde"] } +vmm-sys-util = { version = "0.12.1", features = ["with-serde"] } zbus = { version = "3.11.1", optional = true } zerocopy = { version = "0.7.21", features = ["alloc","derive"] } From ea87988f93d4d5d33a835c0b9d65b7f14b8ce88e Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Tue, 6 Feb 2024 20:48:47 +0000 Subject: [PATCH 36/63] block: Replace use of crc32c crate with crc-any According to crates.io the crc-any crate is actively maintained which avoids issues with the crc32c crate and the nightly compiler. Fixes: #6168 Signed-off-by: Rob Bradford (cherry picked from commit d516374c39d99dffd69ef856c41b73e939c7096c) --- Cargo.lock | 31 +++++++++++-------------------- block/Cargo.toml | 2 +- block/src/vhdx/vhdx_header.rs | 9 +++++++-- 3 files changed, 19 insertions(+), 23 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39cef431bf..83631b7b8a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -340,7 +340,7 @@ name = "block" version = "0.1.0" dependencies = [ "byteorder", - "crc32c", + "crc-any", "io-uring", "libc", "log", @@ -493,12 +493,12 @@ dependencies = [ ] [[package]] -name = "crc32c" -version = "0.6.4" +name = "crc-any" +version = "2.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8f48d60e5b4d2c53d5c2b1d8a58c849a70ae5e5509b08a48d047e3b65714a74" +checksum = "c01a5e1f881f6fb6099a7bdf949e946719fd4f1fefa56264890574febf0eb6d0" dependencies = [ - "rustc_version", + "debug-helper", ] [[package]] @@ -570,6 +570,12 @@ dependencies = [ "syn 2.0.31", ] +[[package]] +name = "debug-helper" +version = "0.3.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f578e8e2c440e7297e008bb5486a3a8a194775224bbc23729b0dbdfaeebf162e" + [[package]] name = "derivative" version = "2.2.0" @@ -1869,15 +1875,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" -[[package]] -name = "rustc_version" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" -dependencies = [ - "semver", -] - [[package]] name = "rustix" version = "0.37.27" @@ -1926,12 +1923,6 @@ dependencies = [ "libc", ] -[[package]] -name = "semver" -version = "1.0.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" - [[package]] name = "serde" version = "1.0.168" diff --git a/block/Cargo.toml b/block/Cargo.toml index 9a0e467969..ee330fe57a 100644 --- a/block/Cargo.toml +++ b/block/Cargo.toml @@ -10,7 +10,7 @@ io_uring = ["dep:io-uring"] [dependencies] byteorder = "1.4.3" -crc32c = "0.6.4" +crc-any = "2.4.4" io-uring = { version = "0.6.2", optional = true } libc = "0.2.147" log = "0.4.20" diff --git a/block/src/vhdx/vhdx_header.rs b/block/src/vhdx/vhdx_header.rs index 752a456bea..4e1e1cf551 100644 --- a/block/src/vhdx/vhdx_header.rs +++ b/block/src/vhdx/vhdx_header.rs @@ -192,7 +192,9 @@ impl Header { }; new_header.get_header_as_buffer(&mut buffer); - new_header.checksum = crc32c::crc32c(&buffer); + let mut crc = crc_any::CRC::crc32c(); + crc.digest(&buffer); + new_header.checksum = crc.get_crc() as u32; new_header.get_header_as_buffer(&mut buffer); f.seek(SeekFrom::Start(start)) @@ -480,7 +482,10 @@ pub fn calculate_checksum(buffer: &mut [u8], csum_offset: usize) -> Result // Zero the checksum in the buffer LittleEndian::write_u32(csum_buf, 0); // Calculate the checksum on the resulting buffer - let new_csum = crc32c::crc32c(buffer); + let mut crc = crc_any::CRC::crc32c(); + crc.digest(&buffer); + let new_csum = crc.get_crc() as u32; + // Put back the original checksum in the buffer LittleEndian::write_u32(&mut buffer[csum_offset..csum_offset + 4], orig_csum); From fbb648166aee0bcb21e8559291c6d15e0337e167 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Tue, 6 Feb 2024 15:09:46 -0800 Subject: [PATCH 37/63] fuzz: Fix cargo fuzz build issue with crc32c Signed-off-by: Bo Chen (cherry picked from commit 08120b79fc779d16ae279201d2b29b8b6d8f8276) --- fuzz/Cargo.lock | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index cc9fcd71a9..7c0efcd521 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -137,7 +137,7 @@ name = "block" version = "0.1.0" dependencies = [ "byteorder", - "crc32c", + "crc-any", "io-uring", "libc", "log", @@ -265,12 +265,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" [[package]] -name = "crc32c" -version = "0.6.4" +name = "crc-any" +version = "2.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8f48d60e5b4d2c53d5c2b1d8a58c849a70ae5e5509b08a48d047e3b65714a74" +checksum = "c01a5e1f881f6fb6099a7bdf949e946719fd4f1fefa56264890574febf0eb6d0" dependencies = [ - "rustc_version", + "debug-helper", ] [[package]] @@ -314,6 +314,12 @@ dependencies = [ "syn 2.0.47", ] +[[package]] +name = "debug-helper" +version = "0.3.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f578e8e2c440e7297e008bb5486a3a8a194775224bbc23729b0dbdfaeebf162e" + [[package]] name = "devices" version = "0.1.0" @@ -653,7 +659,6 @@ dependencies = [ name = "rate_limiter" version = "0.1.0" dependencies = [ - "epoll", "libc", "log", "thiserror", @@ -671,15 +676,6 @@ dependencies = [ "syn 2.0.47", ] -[[package]] -name = "rustc_version" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" -dependencies = [ - "semver", -] - [[package]] name = "ryu" version = "1.0.16" @@ -701,12 +697,6 @@ dependencies = [ "libc", ] -[[package]] -name = "semver" -version = "1.0.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" - [[package]] name = "serde" version = "1.0.195" @@ -1109,7 +1099,6 @@ dependencies = [ "once_cell", "option_parser", "pci", - "rate_limiter", "seccompiler", "serde", "serde_json", From 0e29fe151736cd20cd1b5c0adf0d0bba1cb47cb7 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Thu, 25 Jan 2024 15:11:18 -0800 Subject: [PATCH 38/63] build: Bump rustix from 0.38.8 to 0.38.25 Signed-off-by: Bo Chen (cherry picked from commit 026d8908fdbbca7a54a527c3cb91d48faeb48306) --- Cargo.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 83631b7b8a..b05b2ad3f6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -225,7 +225,7 @@ dependencies = [ "cfg-if", "event-listener 3.0.0", "futures-lite 1.13.0", - "rustix 0.38.8", + "rustix 0.38.25", "windows-sys 0.48.0", ] @@ -1130,7 +1130,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix 0.38.8", + "rustix 0.38.25", "windows-sys 0.48.0", ] @@ -1226,9 +1226,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.5" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" [[package]] name = "lock_api" @@ -1891,14 +1891,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.8" +version = "0.38.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19ed4fa021d81c8392ce04db050a3da9a60299050b7ae1cf482d862b54a7218f" +checksum = "dc99bc2d4f1fed22595588a013687477aedf3cdcfb26558c559edb67b4d9b22e" dependencies = [ "bitflags 2.4.1", "errno", "libc", - "linux-raw-sys 0.4.5", + "linux-raw-sys 0.4.13", "windows-sys 0.48.0", ] @@ -2120,7 +2120,7 @@ dependencies = [ "cfg-if", "fastrand 2.0.0", "redox_syscall 0.3.5", - "rustix 0.38.8", + "rustix 0.38.25", "windows-sys 0.48.0", ] @@ -2139,7 +2139,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "21bebf2b7c9e0a515f6e0f8c51dc0f8e4696391e6f1ff30379559f8365fb0df7" dependencies = [ - "rustix 0.38.8", + "rustix 0.38.25", "windows-sys 0.48.0", ] From a7d967215f8b3f6f3c0ea2c7eabd4112d78da1e6 Mon Sep 17 00:00:00 2001 From: Thomas Barrett Date: Fri, 22 Dec 2023 03:38:13 +0000 Subject: [PATCH 39/63] arch: x86_64: handle npot CPU topology This PR addresses a bug in which the cpu topology of a guest with non power-of-two number of cores is incorrect. For example, in some contexts, a virtual machine with 2-sockets and 12-cores will incorrectly believe that 16 cores are on socket 1 and 8 cores are on socket 2. In other cases, common topology enumeration software such as hwloc will crash. The root of the problem was the way that cloud-hypervisor generates apic_id. On x86_64, the (x2) apic_id embeds information about cpu topology. The cpuid instruction is primarily used to discover the number of sockets, dies, cores, threads, etc. Using this information, the (x2) apic_id is masked to determine which {core, die, socket} the cpu is on. When the cpu topology is not a power of two (e.g. a 12-core machine), this requires non-contiguous (x2) apic_id. Signed-off-by: Thomas Barrett (cherry picked from commit 5c0b66529a5ea053ce50f6a67b4de3bfb9071696) --- arch/src/x86_64/mod.rs | 75 ++++++++++++++++++++++++++++++-------- arch/src/x86_64/mptable.rs | 33 +++++++++++------ tests/integration.rs | 34 +++++++++++++++++ vmm/src/acpi.rs | 25 +++++++++++-- vmm/src/cpu.rs | 28 ++++++++++++-- vmm/src/vm.rs | 3 ++ 6 files changed, 164 insertions(+), 34 deletions(-) diff --git a/arch/src/x86_64/mod.rs b/arch/src/x86_64/mod.rs index 758a20a0c3..ac171c3731 100644 --- a/arch/src/x86_64/mod.rs +++ b/arch/src/x86_64/mod.rs @@ -221,6 +221,26 @@ impl From for super::Error { } } +pub fn get_x2apic_id(cpu_id: u32, topology: Option<(u8, u8, u8)>) -> u32 { + if let Some(t) = topology { + let thread_mask_width = u8::BITS - (t.0 - 1).leading_zeros(); + let core_mask_width = u8::BITS - (t.1 - 1).leading_zeros(); + let die_mask_width = u8::BITS - (t.2 - 1).leading_zeros(); + + let thread_id = cpu_id % (t.0 as u32); + let core_id = cpu_id / (t.0 as u32) % (t.1 as u32); + let die_id = cpu_id / ((t.0 * t.1) as u32) % (t.2 as u32); + let socket_id = cpu_id / ((t.0 * t.1 * t.2) as u32); + + return thread_id + | (core_id << thread_mask_width) + | (die_id << (thread_mask_width + core_mask_width)) + | (socket_id << (thread_mask_width + core_mask_width + die_mask_width)); + } + + cpu_id +} + #[derive(Copy, Clone, Debug)] pub enum CpuidReg { EAX, @@ -797,25 +817,21 @@ pub fn configure_vcpu( cpu_vendor: CpuVendor, topology: Option<(u8, u8, u8)>, ) -> super::Result<()> { + let x2apic_id = get_x2apic_id(id as u32, topology); + // Per vCPU CPUID changes; common are handled via generate_common_cpuid() let mut cpuid = cpuid; - CpuidPatch::set_cpuid_reg(&mut cpuid, 0xb, None, CpuidReg::EDX, u32::from(id)); - CpuidPatch::set_cpuid_reg(&mut cpuid, 0x1f, None, CpuidReg::EDX, u32::from(id)); + CpuidPatch::set_cpuid_reg(&mut cpuid, 0xb, None, CpuidReg::EDX, x2apic_id); + CpuidPatch::set_cpuid_reg(&mut cpuid, 0x1f, None, CpuidReg::EDX, x2apic_id); if matches!(cpu_vendor, CpuVendor::AMD) { - CpuidPatch::set_cpuid_reg( - &mut cpuid, - 0x8000_001e, - Some(0), - CpuidReg::EAX, - u32::from(id), - ); + CpuidPatch::set_cpuid_reg(&mut cpuid, 0x8000_001e, Some(0), CpuidReg::EAX, x2apic_id); } // Set ApicId in cpuid for each vcpu // SAFETY: get host cpuid when eax=1 let mut cpu_ebx = unsafe { core::arch::x86_64::__cpuid(1) }.ebx; cpu_ebx &= 0xffffff; - cpu_ebx |= (id as u32) << 24; + cpu_ebx |= x2apic_id << 24; CpuidPatch::set_cpuid_reg(&mut cpuid, 0x1, None, CpuidReg::EBX, cpu_ebx); if let Some(t) = topology { @@ -916,6 +932,7 @@ pub fn configure_system( serial_number: Option<&str>, uuid: Option<&str>, oem_strings: Option<&[&str]>, + topology: Option<(u8, u8, u8)>, ) -> super::Result<()> { // Write EBDA address to location where ACPICA expects to find it guest_mem @@ -928,7 +945,7 @@ pub fn configure_system( // Place the MP table after the SMIOS table aligned to 16 bytes let offset = GuestAddress(layout::SMBIOS_START).unchecked_add(size); let offset = GuestAddress((offset.0 + 16) & !0xf); - mptable::setup_mptable(offset, guest_mem, _num_cpus).map_err(Error::MpTableSetup)?; + mptable::setup_mptable(offset, guest_mem, _num_cpus, topology).map_err(Error::MpTableSetup)?; // Check that the RAM is not smaller than the RSDP start address if let Some(rsdp_addr) = rsdp_addr { @@ -1248,6 +1265,11 @@ fn update_cpuid_topology( cpu_vendor: CpuVendor, id: u8, ) { + let x2apic_id = get_x2apic_id( + id as u32, + Some((threads_per_core, cores_per_die, dies_per_package)), + ); + let thread_width = 8 - (threads_per_core - 1).leading_zeros(); let core_width = (8 - (cores_per_die - 1).leading_zeros()) + thread_width; let die_width = (8 - (dies_per_package - 1).leading_zeros()) + core_width; @@ -1319,7 +1341,7 @@ fn update_cpuid_topology( 0x8000_001e, Some(0), CpuidReg::EBX, - ((threads_per_core as u32 - 1) << 8) | (id as u32 & 0xff), + ((threads_per_core as u32 - 1) << 8) | (x2apic_id & 0xff), ); CpuidPatch::set_cpuid_reg( cpuid, @@ -1344,9 +1366,7 @@ fn update_cpuid_topology( 0x0000_0001, Some(0), CpuidReg::EBX, - ((id as u32) << 24) - | (8 << 8) - | (((cores_per_die * threads_per_core) as u32) << 16), + (x2apic_id << 24) | (8 << 8) | (((cores_per_die * threads_per_core) as u32) << 16), ); let cpuid_patches = vec![ // Patch tsc deadline timer bit @@ -1451,6 +1471,7 @@ mod tests { None, None, None, + None, ); assert!(config_err.is_err()); @@ -1473,6 +1494,7 @@ mod tests { None, None, None, + None, ) .unwrap(); @@ -1500,6 +1522,7 @@ mod tests { None, None, None, + None, ) .unwrap(); @@ -1513,6 +1536,7 @@ mod tests { None, None, None, + None, ) .unwrap(); } @@ -1541,4 +1565,25 @@ mod tests { assert_eq!(format!("{memmap:?}"), format!("{expected_memmap:?}")); } + + #[test] + fn test_get_x2apic_id() { + let x2apic_id = get_x2apic_id(0, Some((2, 3, 1))); + assert_eq!(x2apic_id, 0); + + let x2apic_id = get_x2apic_id(1, Some((2, 3, 1))); + assert_eq!(x2apic_id, 1); + + let x2apic_id = get_x2apic_id(2, Some((2, 3, 1))); + assert_eq!(x2apic_id, 2); + + let x2apic_id = get_x2apic_id(6, Some((2, 3, 1))); + assert_eq!(x2apic_id, 8); + + let x2apic_id = get_x2apic_id(7, Some((2, 3, 1))); + assert_eq!(x2apic_id, 9); + + let x2apic_id = get_x2apic_id(8, Some((2, 3, 1))); + assert_eq!(x2apic_id, 10); + } } diff --git a/arch/src/x86_64/mptable.rs b/arch/src/x86_64/mptable.rs index 414e21406d..38c425b2ff 100644 --- a/arch/src/x86_64/mptable.rs +++ b/arch/src/x86_64/mptable.rs @@ -6,7 +6,7 @@ // found in the LICENSE-BSD-3-Clause file. use crate::layout::{APIC_START, HIGH_RAM_START, IOAPIC_START}; -use crate::x86_64::mpspec; +use crate::x86_64::{get_x2apic_id, mpspec}; use crate::GuestMemoryMmap; use libc::c_char; use std::mem; @@ -125,9 +125,18 @@ fn compute_mp_size(num_cpus: u8) -> usize { } /// Performs setup of the MP table for the given `num_cpus`. -pub fn setup_mptable(offset: GuestAddress, mem: &GuestMemoryMmap, num_cpus: u8) -> Result<()> { - if num_cpus as u32 > MAX_SUPPORTED_CPUS { - return Err(Error::TooManyCpus); +pub fn setup_mptable( + offset: GuestAddress, + mem: &GuestMemoryMmap, + num_cpus: u8, + topology: Option<(u8, u8, u8)>, +) -> Result<()> { + if num_cpus > 0 { + let cpu_id_max = num_cpus - 1; + let x2apic_id_max = get_x2apic_id(cpu_id_max.into(), topology); + if x2apic_id_max >= MAX_SUPPORTED_CPUS { + return Err(Error::TooManyCpus); + } } // Used to keep track of the next base pointer into the MP table. @@ -141,7 +150,7 @@ pub fn setup_mptable(offset: GuestAddress, mem: &GuestMemoryMmap, num_cpus: u8) } let mut checksum: u8 = 0; - let ioapicid: u8 = num_cpus + 1; + let ioapicid: u8 = MAX_SUPPORTED_CPUS as u8 + 1; // The checked_add here ensures the all of the following base_mp.unchecked_add's will be without // overflow. @@ -179,7 +188,7 @@ pub fn setup_mptable(offset: GuestAddress, mem: &GuestMemoryMmap, num_cpus: u8) for cpu_id in 0..num_cpus { let mut mpc_cpu = MpcCpuWrapper(mpspec::mpc_cpu::default()); mpc_cpu.0.type_ = mpspec::MP_PROCESSOR as u8; - mpc_cpu.0.apicid = cpu_id; + mpc_cpu.0.apicid = get_x2apic_id(cpu_id as u32, topology) as u8; mpc_cpu.0.apicver = APIC_VERSION; mpc_cpu.0.cpuflag = mpspec::CPU_ENABLED as u8 | if cpu_id == 0 { @@ -312,7 +321,7 @@ mod tests { let mem = GuestMemoryMmap::from_ranges(&[(MPTABLE_START, compute_mp_size(num_cpus))]).unwrap(); - setup_mptable(MPTABLE_START, &mem, num_cpus).unwrap(); + setup_mptable(MPTABLE_START, &mem, num_cpus, None).unwrap(); } #[test] @@ -321,7 +330,7 @@ mod tests { let mem = GuestMemoryMmap::from_ranges(&[(MPTABLE_START, compute_mp_size(num_cpus) - 1)]) .unwrap(); - assert!(setup_mptable(MPTABLE_START, &mem, num_cpus).is_err()); + assert!(setup_mptable(MPTABLE_START, &mem, num_cpus, None).is_err()); } #[test] @@ -330,7 +339,7 @@ mod tests { let mem = GuestMemoryMmap::from_ranges(&[(MPTABLE_START, compute_mp_size(num_cpus))]).unwrap(); - setup_mptable(MPTABLE_START, &mem, num_cpus).unwrap(); + setup_mptable(MPTABLE_START, &mem, num_cpus, None).unwrap(); let mpf_intel: MpfIntelWrapper = mem.read_obj(MPTABLE_START).unwrap(); @@ -346,7 +355,7 @@ mod tests { let mem = GuestMemoryMmap::from_ranges(&[(MPTABLE_START, compute_mp_size(num_cpus))]).unwrap(); - setup_mptable(MPTABLE_START, &mem, num_cpus).unwrap(); + setup_mptable(MPTABLE_START, &mem, num_cpus, None).unwrap(); let mpf_intel: MpfIntelWrapper = mem.read_obj(MPTABLE_START).unwrap(); let mpc_offset = GuestAddress(mpf_intel.0.physptr as GuestUsize); @@ -384,7 +393,7 @@ mod tests { .unwrap(); for i in 0..MAX_SUPPORTED_CPUS as u8 { - setup_mptable(MPTABLE_START, &mem, i).unwrap(); + setup_mptable(MPTABLE_START, &mem, i, None).unwrap(); let mpf_intel: MpfIntelWrapper = mem.read_obj(MPTABLE_START).unwrap(); let mpc_offset = GuestAddress(mpf_intel.0.physptr as GuestUsize); @@ -417,7 +426,7 @@ mod tests { let mem = GuestMemoryMmap::from_ranges(&[(MPTABLE_START, compute_mp_size(cpus as u8))]).unwrap(); - let result = setup_mptable(MPTABLE_START, &mem, cpus as u8); + let result = setup_mptable(MPTABLE_START, &mem, cpus as u8, None); assert!(result.is_err()); } } diff --git a/tests/integration.rs b/tests/integration.rs index 24ab205216..425d8a7f1a 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -1034,6 +1034,40 @@ fn test_cpu_topology(threads_per_core: u8, cores_per_package: u8, packages: u8, .unwrap_or(0), packages ); + + #[cfg(target_arch = "x86_64")] + { + let mut cpu_id = 0; + for package_id in 0..packages { + for core_id in 0..cores_per_package { + for _ in 0..threads_per_core { + assert_eq!( + guest + .ssh_command(&format!("cat /sys/devices/system/cpu/cpu{cpu_id}/topology/physical_package_id")) + .unwrap() + .trim() + .parse::() + .unwrap_or(0), + package_id + ); + + assert_eq!( + guest + .ssh_command(&format!( + "cat /sys/devices/system/cpu/cpu{cpu_id}/topology/core_id" + )) + .unwrap() + .trim() + .parse::() + .unwrap_or(0), + core_id + ); + + cpu_id += 1; + } + } + } + } }); let _ = child.kill(); diff --git a/vmm/src/acpi.rs b/vmm/src/acpi.rs index 3ec748bf2f..e89ffa3f2e 100644 --- a/vmm/src/acpi.rs +++ b/vmm/src/acpi.rs @@ -277,7 +277,10 @@ fn create_tpm2_table() -> Sdt { tpm } -fn create_srat_table(numa_nodes: &NumaNodes) -> Sdt { +fn create_srat_table( + numa_nodes: &NumaNodes, + #[cfg(target_arch = "x86_64")] topology: Option<(u8, u8, u8)>, +) -> Sdt { let mut srat = Sdt::new(*b"SRAT", 36, 3, *b"CLOUDH", *b"CHSRAT ", 1); // SRAT reserved 12 bytes srat.append_slice(&[0u8; 12]); @@ -316,6 +319,9 @@ fn create_srat_table(numa_nodes: &NumaNodes) -> Sdt { } for cpu in &node.cpus { + #[cfg(target_arch = "x86_64")] + let x2apic_id = arch::x86_64::get_x2apic_id(*cpu as u32, topology); + #[cfg(target_arch = "aarch64")] let x2apic_id = *cpu as u32; // Flags @@ -752,8 +758,14 @@ pub fn create_acpi_tables( // SRAT and SLIT // Only created if the NUMA nodes list is not empty. if !numa_nodes.is_empty() { + #[cfg(target_arch = "x86_64")] + let topology = cpu_manager.lock().unwrap().get_vcpu_topology(); // SRAT - let srat = create_srat_table(numa_nodes); + let srat = create_srat_table( + numa_nodes, + #[cfg(target_arch = "x86_64")] + topology, + ); let srat_offset = prev_tbl_off.checked_add(prev_tbl_len).unwrap(); guest_mem .write_slice(srat.as_slice(), srat_offset) @@ -851,8 +863,15 @@ pub fn create_acpi_tables_tdx( // SRAT and SLIT // Only created if the NUMA nodes list is not empty. if !numa_nodes.is_empty() { + #[cfg(target_arch = "x86_64")] + let topology = cpu_manager.lock().unwrap().get_vcpu_topology(); + // SRAT - tables.push(create_srat_table(numa_nodes)); + tables.push(create_srat_table( + numa_nodes, + #[cfg(target_arch = "x86_64")] + topology, + )); // SLIT tables.push(create_slit_table(numa_nodes)); diff --git a/vmm/src/cpu.rs b/vmm/src/cpu.rs index ff7eecaee4..226b495b34 100644 --- a/vmm/src/cpu.rs +++ b/vmm/src/cpu.rs @@ -31,6 +31,8 @@ use acpi_tables::{aml, sdt::Sdt, Aml}; use anyhow::anyhow; #[cfg(all(target_arch = "aarch64", feature = "guest_debug"))] use arch::aarch64::regs; +#[cfg(target_arch = "x86_64")] +use arch::x86_64::get_x2apic_id; use arch::EntryPoint; use arch::NumaNodes; #[cfg(target_arch = "aarch64")] @@ -331,12 +333,13 @@ impl Vcpu { /// * `cpu_vendor` - CPU vendor as reported by __cpuid(0x0) pub fn new( id: u8, + apic_id: u8, vm: &Arc, vm_ops: Option>, #[cfg(target_arch = "x86_64")] cpu_vendor: CpuVendor, ) -> Result { let vcpu = vm - .create_vcpu(id, vm_ops) + .create_vcpu(apic_id, vm_ops) .map_err(|e| Error::VcpuCreate(e.into()))?; // Initially the cpuid per vCPU is the one supported by this VM. Ok(Vcpu { @@ -757,8 +760,16 @@ impl CpuManager { fn create_vcpu(&mut self, cpu_id: u8, snapshot: Option) -> Result>> { info!("Creating vCPU: cpu_id = {}", cpu_id); + #[cfg(target_arch = "x86_64")] + let topology = self.get_vcpu_topology(); + #[cfg(target_arch = "x86_64")] + let x2apic_id = arch::x86_64::get_x2apic_id(cpu_id as u32, topology); + #[cfg(target_arch = "aarch64")] + let x2apic_id = cpu_id as u32; + let mut vcpu = Vcpu::new( cpu_id, + x2apic_id as u8, &self.vm, Some(self.vm_ops.clone()), #[cfg(target_arch = "x86_64")] @@ -1334,7 +1345,6 @@ impl CpuManager { .collect() } - #[cfg(target_arch = "aarch64")] pub fn get_vcpu_topology(&self) -> Option<(u8, u8, u8)> { self.config .topology @@ -1353,11 +1363,13 @@ impl CpuManager { madt.write(36, arch::layout::APIC_START.0); for cpu in 0..self.config.max_vcpus { + let x2apic_id = get_x2apic_id(cpu.into(), self.get_vcpu_topology()); + let lapic = LocalX2Apic { r#type: acpi::ACPI_X2APIC_PROCESSOR, length: 16, processor_id: cpu.into(), - apic_id: cpu.into(), + apic_id: x2apic_id, flags: if cpu < self.config.boot_vcpus { 1 << MADT_CPU_ENABLE_FLAG } else { @@ -1808,6 +1820,8 @@ struct Cpu { cpu_id: u8, proximity_domain: u32, dynamic: bool, + #[cfg(target_arch = "x86_64")] + topology: Option<(u8, u8, u8)>, } #[cfg(target_arch = "x86_64")] @@ -1819,11 +1833,13 @@ const MADT_CPU_ONLINE_CAPABLE_FLAG: usize = 1; impl Cpu { #[cfg(target_arch = "x86_64")] fn generate_mat(&self) -> Vec { + let x2apic_id = arch::x86_64::get_x2apic_id(self.cpu_id.into(), self.topology); + let lapic = LocalX2Apic { r#type: crate::acpi::ACPI_X2APIC_PROCESSOR, length: 16, processor_id: self.cpu_id.into(), - apic_id: self.cpu_id.into(), + apic_id: x2apic_id, flags: 1 << MADT_CPU_ENABLE_FLAG, _reserved: 0, }; @@ -2126,6 +2142,8 @@ impl Aml for CpuManager { }; let mut cpu_data_inner: Vec<&dyn Aml> = vec![&hid, &uid, &methods]; + #[cfg(target_arch = "x86_64")] + let topology = self.get_vcpu_topology(); let mut cpu_devices = Vec::new(); for cpu_id in 0..self.config.max_vcpus { let proximity_domain = *self.proximity_domain_per_cpu.get(&cpu_id).unwrap_or(&0); @@ -2133,6 +2151,8 @@ impl Aml for CpuManager { cpu_id, proximity_domain, dynamic: self.dynamic, + #[cfg(target_arch = "x86_64")] + topology, }; cpu_devices.push(cpu_device); diff --git a/vmm/src/vm.rs b/vmm/src/vm.rs index fc42202eca..d7c32b9e3d 100644 --- a/vmm/src/vm.rs +++ b/vmm/src/vm.rs @@ -1177,6 +1177,8 @@ impl Vm { .as_deref() .map(|strings| strings.iter().map(|s| s.as_ref()).collect::>()); + let topology = self.cpu_manager.lock().unwrap().get_vcpu_topology(); + arch::configure_system( &mem, arch::layout::CMDLINE_START, @@ -1187,6 +1189,7 @@ impl Vm { serial_number.as_deref(), uuid.as_deref(), oem_strings.as_deref(), + topology, ) .map_err(Error::ConfigureSystem)?; Ok(()) From f58f9cf16a0f2fd7fe51bb81b5f2abae653cfbac Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 5 Jan 2024 12:21:50 +0100 Subject: [PATCH 40/63] vmm: forbid using special VSOCK CIDs for guests I accidentally ran a VM with CID 2 (VMADDR_CID_HOST), and very strange and difficult to debug behavior ensued. I don't think a virtio-vsock device should be allowed to have any of the special CIDs (VMADDR_CID_ANY, VMADDR_CID_HYPERVISOR, VMADDR_CID_LOCAL, VMADDR_CID_HOST). Signed-off-by: Alyssa Ross (cherry picked from commit 7d0b85d72784c5cddf38a40b6f65d139fce6ef72) --- vmm/src/config.rs | 27 +++++++++++++++++++++------ vmm/src/lib.rs | 2 +- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/vmm/src/config.rs b/vmm/src/config.rs index 7ed48e0dd8..3342c2cb9a 100644 --- a/vmm/src/config.rs +++ b/vmm/src/config.rs @@ -153,6 +153,8 @@ pub enum ValidationError { TooManyQueues, /// Need shared memory for vfio-user UserDevicesRequireSharedMemory, + /// VSOCK Context Identifier has a special meaning, unsuitable for a VM. + VsockSpecialCid(u64), /// Memory zone is reused across NUMA nodes MemoryZoneReused(String, u32, u32), /// Invalid number of PCI segments @@ -241,6 +243,9 @@ impl fmt::Display for ValidationError { "Using user devices requires using shared memory or huge pages" ) } + VsockSpecialCid(cid) => { + write!(f, "{cid} is a special VSOCK CID") + } MemoryZoneReused(s, u1, u2) => { write!( f, @@ -2065,6 +2070,12 @@ impl VmConfig { } } + if let Some(vsock) = &self.vsock { + if [u32::MAX as u64, 0, 1, 2].contains(&vsock.cid) { + return Err(ValidationError::VsockSpecialCid(vsock.cid)); + } + } + if let Some(balloon) = &self.balloon { let mut ram_size = self.memory.size; @@ -3041,9 +3052,9 @@ mod tests { // socket and cid is required assert!(VsockConfig::parse("").is_err()); assert_eq!( - VsockConfig::parse("socket=/tmp/sock,cid=1")?, + VsockConfig::parse("socket=/tmp/sock,cid=3")?, VsockConfig { - cid: 1, + cid: 3, socket: PathBuf::from("/tmp/sock"), iommu: false, id: None, @@ -3051,9 +3062,9 @@ mod tests { } ); assert_eq!( - VsockConfig::parse("socket=/tmp/sock,cid=1,iommu=on")?, + VsockConfig::parse("socket=/tmp/sock,cid=3,iommu=on")?, VsockConfig { - cid: 1, + cid: 3, socket: PathBuf::from("/tmp/sock"), iommu: true, id: None, @@ -3386,9 +3397,11 @@ mod tests { ..Default::default() }); still_valid_config.vsock = Some(VsockConfig { + cid: 3, + socket: PathBuf::new(), + id: None, iommu: true, pci_segment: 1, - ..Default::default() }); assert!(still_valid_config.validate().is_ok()); @@ -3463,9 +3476,11 @@ mod tests { ..Default::default() }); invalid_config.vsock = Some(VsockConfig { + cid: 3, + socket: PathBuf::new(), + id: None, iommu: false, pci_segment: 1, - ..Default::default() }); assert_eq!( invalid_config.validate(), diff --git a/vmm/src/lib.rs b/vmm/src/lib.rs index 23cd36d067..928c36f7b4 100644 --- a/vmm/src/lib.rs +++ b/vmm/src/lib.rs @@ -2672,7 +2672,7 @@ mod unit_tests { #[test] fn test_vmm_vm_cold_add_vsock() { let mut vmm = create_dummy_vmm(); - let vsock_config = VsockConfig::parse("socket=/tmp/sock,cid=1,iommu=on").unwrap(); + let vsock_config = VsockConfig::parse("socket=/tmp/sock,cid=3,iommu=on").unwrap(); assert!(matches!( vmm.vm_add_vsock(vsock_config.clone()), From 71708c9794a956806f7a72f907a715a24e04d2e1 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 10 Jan 2024 16:00:54 +0100 Subject: [PATCH 41/63] vmm: limit VSOCK CIDs to 32 bits The VIRTIO specification[1] says: > The upper 32 bits of the CID are reserved and zeroed. We should therefore not allow the user to supply a VSOCK CID with those bits set. To accomplish this, limit the public API of the virtio-vsock device to only accept 32-bit CIDs, while still using 64-bit CIDs internally since that's how virtio-vsock works. [1]: https://docs.oasis-open.org/virtio/virtio/v1.2/csd01/virtio-v1.2-csd01.html#x1-4400004 Signed-off-by: Alyssa Ross (cherry picked from commit 451d3fb2f01b81c99580ee78ff35b376aba88138) --- virtio-devices/src/vsock/device.rs | 4 ++-- virtio-devices/src/vsock/mod.rs | 6 +++--- virtio-devices/src/vsock/unix/muxer.rs | 14 +++++++------- vmm/src/config.rs | 4 ++-- vmm/src/vm_config.rs | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/virtio-devices/src/vsock/device.rs b/virtio-devices/src/vsock/device.rs index fa793295c4..8411cb71cc 100644 --- a/virtio-devices/src/vsock/device.rs +++ b/virtio-devices/src/vsock/device.rs @@ -340,7 +340,7 @@ where #[allow(clippy::too_many_arguments)] pub fn new( id: String, - cid: u64, + cid: u32, path: PathBuf, backend: B, iommu: bool, @@ -372,7 +372,7 @@ where ..Default::default() }, id, - cid, + cid: cid.into(), backend: Arc::new(RwLock::new(backend)), path, seccomp_action, diff --git a/virtio-devices/src/vsock/mod.rs b/virtio-devices/src/vsock/mod.rs index b5c63a15bd..cc77a2fd34 100644 --- a/virtio-devices/src/vsock/mod.rs +++ b/virtio-devices/src/vsock/mod.rs @@ -17,7 +17,7 @@ pub use self::device::Vsock; pub use self::unix::VsockUnixBackend; pub use self::unix::VsockUnixError; -pub use packet::VsockPacket; +use packet::VsockPacket; use std::os::unix::io::RawFd; mod defs { @@ -262,10 +262,10 @@ mod tests { impl TestContext { pub fn new() -> Self { - const CID: u64 = 52; + const CID: u32 = 52; const MEM_SIZE: usize = 1024 * 1024 * 128; Self { - cid: CID, + cid: CID as u64, mem: GuestMemoryMmap::from_ranges(&[(GuestAddress(0), MEM_SIZE)]).unwrap(), mem_size: MEM_SIZE, device: Vsock::new( diff --git a/virtio-devices/src/vsock/unix/muxer.rs b/virtio-devices/src/vsock/unix/muxer.rs index 2eca46fc23..4266c11a83 100644 --- a/virtio-devices/src/vsock/unix/muxer.rs +++ b/virtio-devices/src/vsock/unix/muxer.rs @@ -336,7 +336,7 @@ impl VsockBackend for VsockMuxer {} impl VsockMuxer { /// Muxer constructor. /// - pub fn new(cid: u64, host_sock_path: String) -> Result { + pub fn new(cid: u32, host_sock_path: String) -> Result { // Create the nested epoll FD. This FD will be added to the VMM `EpollContext`, at // device activation time. let epoll_fd = epoll::create(true).map_err(Error::EpollFdCreate)?; @@ -351,7 +351,7 @@ impl VsockMuxer { .map_err(Error::UnixBind)?; let mut muxer = Self { - cid, + cid: cid.into(), host_sock, host_sock_path, epoll_file, @@ -831,7 +831,7 @@ mod tests { use super::super::super::tests::TestContext as VsockTestContext; use super::*; - const PEER_CID: u64 = 3; + const PEER_CID: u32 = 3; const PEER_BUF_ALLOC: u32 = 64 * 1024; struct MuxerTestContext { @@ -875,7 +875,7 @@ mod tests { } self.pkt .set_type(uapi::VSOCK_TYPE_STREAM) - .set_src_cid(PEER_CID) + .set_src_cid(PEER_CID.into()) .set_dst_cid(uapi::VSOCK_HOST_CID) .set_src_port(peer_port) .set_dst_port(local_port) @@ -1029,7 +1029,7 @@ mod tests { ctx.recv(); assert_eq!(ctx.pkt.op(), uapi::VSOCK_OP_RST); assert_eq!(ctx.pkt.src_cid(), uapi::VSOCK_HOST_CID); - assert_eq!(ctx.pkt.dst_cid(), PEER_CID); + assert_eq!(ctx.pkt.dst_cid(), PEER_CID as u64); assert_eq!(ctx.pkt.src_port(), LOCAL_PORT); assert_eq!(ctx.pkt.dst_port(), PEER_PORT); @@ -1074,7 +1074,7 @@ mod tests { assert_eq!(ctx.pkt.op(), uapi::VSOCK_OP_RST); assert_eq!(ctx.pkt.len(), 0); assert_eq!(ctx.pkt.src_cid(), uapi::VSOCK_HOST_CID); - assert_eq!(ctx.pkt.dst_cid(), PEER_CID); + assert_eq!(ctx.pkt.dst_cid(), PEER_CID as u64); assert_eq!(ctx.pkt.src_port(), LOCAL_PORT); assert_eq!(ctx.pkt.dst_port(), PEER_PORT); @@ -1088,7 +1088,7 @@ mod tests { assert_eq!(ctx.pkt.op(), uapi::VSOCK_OP_RESPONSE); assert_eq!(ctx.pkt.len(), 0); assert_eq!(ctx.pkt.src_cid(), uapi::VSOCK_HOST_CID); - assert_eq!(ctx.pkt.dst_cid(), PEER_CID); + assert_eq!(ctx.pkt.dst_cid(), PEER_CID as u64); assert_eq!(ctx.pkt.src_port(), LOCAL_PORT); assert_eq!(ctx.pkt.dst_port(), PEER_PORT); let key = ConnMapKey { diff --git a/vmm/src/config.rs b/vmm/src/config.rs index 3342c2cb9a..19a4a630c3 100644 --- a/vmm/src/config.rs +++ b/vmm/src/config.rs @@ -154,7 +154,7 @@ pub enum ValidationError { /// Need shared memory for vfio-user UserDevicesRequireSharedMemory, /// VSOCK Context Identifier has a special meaning, unsuitable for a VM. - VsockSpecialCid(u64), + VsockSpecialCid(u32), /// Memory zone is reused across NUMA nodes MemoryZoneReused(String, u32, u32), /// Invalid number of PCI segments @@ -2071,7 +2071,7 @@ impl VmConfig { } if let Some(vsock) = &self.vsock { - if [u32::MAX as u64, 0, 1, 2].contains(&vsock.cid) { + if [!0, 0, 1, 2].contains(&vsock.cid) { return Err(ValidationError::VsockSpecialCid(vsock.cid)); } } diff --git a/vmm/src/vm_config.rs b/vmm/src/vm_config.rs index 100a4898c9..330858c88e 100644 --- a/vmm/src/vm_config.rs +++ b/vmm/src/vm_config.rs @@ -501,7 +501,7 @@ pub fn default_vdpaconfig_num_queues() -> usize { #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize, Default)] pub struct VsockConfig { - pub cid: u64, + pub cid: u32, pub socket: PathBuf, #[serde(default)] pub iommu: bool, From ed1b415bad308deed84fa4c1adc9235b9cdcd27e Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 9 Jan 2024 14:46:46 +0100 Subject: [PATCH 42/63] virtio-devices: fix reading vsock connect command The socket is nonblocking, so it's not guaranteed that it will be possible to read the whole connect command in a single iteration of the event loop. To reproduce: (echo -n 'CONNECT '; sleep 1; echo 1234; cat) | socat STDIO UNIX-CONNECT:vsock.sock This would produce the error: cloud-hypervisor: 5.509209s: <_vsock4> INFO:virtio-devices/src/vsock/unix/muxer.rs:446 -- vsock: error adding local-init connection: UnixRead(Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }) To fix this, if we only get a partial command, we need to save it for future iterations of the event loop, and only proceed once we've read a complete command. Signed-off-by: Alyssa Ross (cherry picked from commit 48de8007560f0dae438db53db60b83f6b4fa5c91) --- virtio-devices/src/vsock/unix/muxer.rs | 99 +++++++++++++++++--------- 1 file changed, 65 insertions(+), 34 deletions(-) diff --git a/virtio-devices/src/vsock/unix/muxer.rs b/virtio-devices/src/vsock/unix/muxer.rs index 4266c11a83..591944fe3f 100644 --- a/virtio-devices/src/vsock/unix/muxer.rs +++ b/virtio-devices/src/vsock/unix/muxer.rs @@ -40,7 +40,7 @@ use std::collections::{HashMap, HashSet}; use std::fs::File; -use std::io::{self, Read}; +use std::io::{self, ErrorKind, Read}; use std::os::unix::io::{AsRawFd, FromRawFd, RawFd}; use std::os::unix::net::{UnixListener, UnixStream}; @@ -92,6 +92,15 @@ enum EpollListener { LocalStream(UnixStream), } +/// A partially read "CONNECT" command. +#[derive(Default)] +struct PartiallyReadCommand { + /// The bytes of the command that have been read so far. + buf: [u8; 32], + /// How much of `buf` has been used. + len: usize, +} + /// The vsock connection multiplexer. /// pub struct VsockMuxer { @@ -101,6 +110,8 @@ pub struct VsockMuxer { conn_map: HashMap, /// A hash map used to store epoll event listeners / handlers. listener_map: HashMap, + /// A hash map used to store partially read "connect" commands. + partial_command_map: HashMap, /// The RX queue. Items in this queue are consumed by `VsockMuxer::recv_pkt()`, and /// produced /// - by `VsockMuxer::send_pkt()` (e.g. RST in response to a connection request packet); @@ -358,6 +369,7 @@ impl VsockMuxer { rxq: MuxerRxQ::new(), conn_map: HashMap::with_capacity(defs::MAX_CONNECTIONS), listener_map: HashMap::with_capacity(defs::MAX_CONNECTIONS + 1), + partial_command_map: Default::default(), killq: MuxerKillQ::new(), local_port_last: (1u32 << 30) - 1, local_port_set: HashSet::with_capacity(defs::MAX_CONNECTIONS), @@ -424,27 +436,40 @@ impl VsockMuxer { // Data is ready to be read from a host-initiated connection. That would be the // "connect" command that we're expecting. Some(EpollListener::LocalStream(_)) => { - if let Some(EpollListener::LocalStream(mut stream)) = self.remove_listener(fd) { - Self::read_local_stream_port(&mut stream) - .map(|peer_port| (self.allocate_local_port(), peer_port)) - .and_then(|(local_port, peer_port)| { - self.add_connection( - ConnMapKey { - local_port, - peer_port, - }, - MuxerConnection::new_local_init( - stream, - uapi::VSOCK_HOST_CID, - self.cid, - local_port, - peer_port, - ), - ) - }) - .unwrap_or_else(|err| { - info!("vsock: error adding local-init connection: {:?}", err); - }) + if let Some(EpollListener::LocalStream(stream)) = self.listener_map.get_mut(&fd) { + let port = Self::read_local_stream_port(&mut self.partial_command_map, stream); + + if let Err(Error::UnixRead(ref e)) = port { + if e.kind() == ErrorKind::WouldBlock { + return; + } + } + + let stream = match self.remove_listener(fd) { + Some(EpollListener::LocalStream(s)) => s, + _ => unreachable!(), + }; + + port.and_then(|peer_port| { + let local_port = self.allocate_local_port(); + + self.add_connection( + ConnMapKey { + local_port, + peer_port, + }, + MuxerConnection::new_local_init( + stream, + uapi::VSOCK_HOST_CID, + self.cid, + local_port, + peer_port, + ), + ) + }) + .unwrap_or_else(|err| { + info!("vsock: error adding local-init connection: {:?}", err); + }) } } @@ -459,30 +484,36 @@ impl VsockMuxer { /// Parse a host "connect" command, and extract the destination vsock port. /// - fn read_local_stream_port(stream: &mut UnixStream) -> Result { - let mut buf = [0u8; 32]; + fn read_local_stream_port( + partial_command_map: &mut HashMap, + stream: &mut UnixStream, + ) -> Result { + let command = partial_command_map.entry(stream.as_raw_fd()).or_default(); // This is the minimum number of bytes that we should be able to read, when parsing a // valid connection request. I.e. `b"connect 0\n".len()`. - const MIN_READ_LEN: usize = 10; + const MIN_COMMAND_LEN: usize = 10; // Bring in the minimum number of bytes that we should be able to read. - stream - .read_exact(&mut buf[..MIN_READ_LEN]) - .map_err(Error::UnixRead)?; + if command.len < MIN_COMMAND_LEN { + command.len += stream + .read(&mut command.buf[command.len..MIN_COMMAND_LEN]) + .map_err(Error::UnixRead)?; + } // Now, finish reading the destination port number, by bringing in one byte at a time, // until we reach an EOL terminator (or our buffer space runs out). Yeah, not // particularly proud of this approach, but it will have to do for now. - let mut blen = MIN_READ_LEN; - while buf[blen - 1] != b'\n' && blen < buf.len() { - stream - .read_exact(&mut buf[blen..=blen]) + while command.buf[command.len - 1] != b'\n' && command.len < command.buf.len() { + command.len += stream + .read(&mut command.buf[command.len..=command.len]) .map_err(Error::UnixRead)?; - blen += 1; } - let mut word_iter = std::str::from_utf8(&buf[..blen]) + let _ = command; + let command = partial_command_map.remove(&stream.as_raw_fd()).unwrap(); + + let mut word_iter = std::str::from_utf8(&command.buf[..command.len]) .map_err(Error::ConvertFromUtf8)? .split_whitespace(); From b0dd4e72c55769e2b06e5632068709aaaf966bd3 Mon Sep 17 00:00:00 2001 From: Thomas Barrett Date: Wed, 14 Feb 2024 20:26:07 +0000 Subject: [PATCH 43/63] pci: vfio: naturally align bar According to PCIe specification, a 64-bit MMIO BAR should be naturally aligned. In addition to being more compliant with the specification, natural aligned BARs are mapped with the largest possible page size by the host iommu driver, which should speed up boot time and reduce IOTLB thrashing for virtual machines with VFIO devices. Signed-off-by: Thomas Barrett (cherry picked from commit c9f94be7ab996e63400c649f47a7809655be7309) --- pci/src/vfio.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pci/src/vfio.rs b/pci/src/vfio.rs index a685ceedf8..cf66f06b17 100644 --- a/pci/src/vfio.rs +++ b/pci/src/vfio.rs @@ -696,8 +696,11 @@ impl VfioCommon { .allocate( restored_bar_addr, region_size, - // SAFETY: FFI call. Trivially safe. - Some(unsafe { sysconf(_SC_PAGESIZE) as GuestUsize }), + Some(std::cmp::max( + // SAFETY: FFI call. Trivially safe. + unsafe { sysconf(_SC_PAGESIZE) as GuestUsize }, + region_size, + )), ) .ok_or(PciDeviceError::IoAllocationFailed(region_size))? } From a3bd7eb9a03a844559de6fe7a38b584b4076cb6f Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Wed, 24 Jan 2024 11:07:58 +0000 Subject: [PATCH 44/63] hypervisor: kvm: Import TDX vmcall structure Consistent with the other data structures and constants used in TDX support code import the necessary structures from the kernel for accessing the vmcall structure. Signed-off-by: Rob Bradford (cherry picked from commit 3993663e5cd1663eb02195b8d2c84055cf21b1f0) --- hypervisor/src/kvm/mod.rs | 64 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 4 deletions(-) diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs index 283e7406cd..6d91452f76 100644 --- a/hypervisor/src/kvm/mod.rs +++ b/hypervisor/src/kvm/mod.rs @@ -71,8 +71,6 @@ pub use x86_64::{CpuId, ExtendedControlRegisters, MsrEntries, VcpuKvmState}; #[cfg(target_arch = "aarch64")] pub mod aarch64; pub use kvm_bindings; -#[cfg(feature = "tdx")] -use kvm_bindings::KVMIO; pub use kvm_bindings::{ kvm_clock_data, kvm_create_device, kvm_device_type_KVM_DEV_TYPE_VFIO, kvm_guest_debug, kvm_irq_routing, kvm_irq_routing_entry, kvm_mp_state, kvm_userspace_memory_region, @@ -86,6 +84,8 @@ use kvm_bindings::{ KVM_REG_ARM64_SYSREG_OP0_MASK, KVM_REG_ARM64_SYSREG_OP1_MASK, KVM_REG_ARM64_SYSREG_OP2_MASK, KVM_REG_ARM_CORE, KVM_REG_SIZE_U128, KVM_REG_SIZE_U32, KVM_REG_SIZE_U64, }; +#[cfg(feature = "tdx")] +use kvm_bindings::{kvm_run__bindgen_ty_1, KVMIO}; pub use kvm_ioctls; pub use kvm_ioctls::{Cap, Kvm}; #[cfg(target_arch = "aarch64")] @@ -169,6 +169,52 @@ pub struct TdxCapabilities { pub cpuid_configs: [TdxCpuidConfig; TDX_MAX_NR_CPUID_CONFIGS], } +#[cfg(feature = "tdx")] +#[derive(Copy, Clone)] +pub struct KvmTdxExit { + pub type_: u32, + pub pad: u32, + pub u: KvmTdxExitU, +} + +#[cfg(feature = "tdx")] +#[repr(C)] +#[derive(Copy, Clone)] +pub union KvmTdxExitU { + pub vmcall: KvmTdxExitVmcall, +} + +#[cfg(feature = "tdx")] +#[repr(C)] +#[derive(Debug, Default, Copy, Clone, PartialEq)] +pub struct KvmTdxExitVmcall { + pub type_: u64, + pub subfunction: u64, + pub reg_mask: u64, + pub in_r12: u64, + pub in_r13: u64, + pub in_r14: u64, + pub in_r15: u64, + pub in_rbx: u64, + pub in_rdi: u64, + pub in_rsi: u64, + pub in_r8: u64, + pub in_r9: u64, + pub in_rdx: u64, + pub status_code: u64, + pub out_r11: u64, + pub out_r12: u64, + pub out_r13: u64, + pub out_r14: u64, + pub out_r15: u64, + pub out_rbx: u64, + pub out_rdi: u64, + pub out_rsi: u64, + pub out_r8: u64, + pub out_r9: u64, + pub out_rdx: u64, +} + impl From for UserMemoryRegion { fn from(region: kvm_userspace_memory_region) -> Self { let mut flags = USER_MEMORY_REGION_READ; @@ -2132,7 +2178,12 @@ impl cpu::Vcpu for KvmVcpu { fn get_tdx_exit_details(&mut self) -> cpu::Result { let kvm_run = self.fd.get_kvm_run(); // SAFETY: accessing a union field in a valid structure - let tdx_vmcall = unsafe { &mut kvm_run.__bindgen_anon_1.tdx.u.vmcall }; + let tdx_vmcall = unsafe { + &mut (*((&mut kvm_run.__bindgen_anon_1) as *mut kvm_run__bindgen_ty_1 + as *mut KvmTdxExit)) + .u + .vmcall + }; tdx_vmcall.status_code = TDG_VP_VMCALL_INVALID_OPERAND; @@ -2156,7 +2207,12 @@ impl cpu::Vcpu for KvmVcpu { fn set_tdx_status(&mut self, status: TdxExitStatus) { let kvm_run = self.fd.get_kvm_run(); // SAFETY: accessing a union field in a valid structure - let tdx_vmcall = unsafe { &mut kvm_run.__bindgen_anon_1.tdx.u.vmcall }; + let tdx_vmcall = unsafe { + &mut (*((&mut kvm_run.__bindgen_anon_1) as *mut kvm_run__bindgen_ty_1 + as *mut KvmTdxExit)) + .u + .vmcall + }; tdx_vmcall.status_code = match status { TdxExitStatus::Success => TDG_VP_VMCALL_SUCCESS, From ade953e582a5a7096b4775821070c5b00d94ddfe Mon Sep 17 00:00:00 2001 From: Yi Wang Date: Tue, 26 Dec 2023 15:03:36 +0800 Subject: [PATCH 45/63] build: fix clippy complex closures issue CI reports clippy errors: error: in a `match` scrutinee, avoid complex blocks or closures with blocks; instead, move the block or closure higher and bind it with a `let` --> test_infra/src/lib.rs:93:51 | 93 | match (|| -> Result<(), WaitForBootError> { | ___________________________________________________^ 94 | | let listener = 95 | | TcpListener::bind(listen_addr.as_str()).map_err(WaitForBootError::Listen)?; 96 | | listener ... | 145 | | } 146 | | })() { | |_________^ | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#blocks_in_conditions = note: `-D clippy::blocks-in-conditions` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(clippy::blocks_in_conditions)]` Signed-off-by: Yi Wang (cherry picked from commit 9c2d650cb8d3aa5940e4c0143257fd3ee9dae698) --- test_infra/src/lib.rs | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/test_infra/src/lib.rs b/test_infra/src/lib.rs index 37d1a067c9..ddf29eb294 100644 --- a/test_infra/src/lib.rs +++ b/test_infra/src/lib.rs @@ -90,7 +90,7 @@ impl GuestNetworkConfig { None => DEFAULT_TCP_LISTENER_TIMEOUT, }; - match (|| -> Result<(), WaitForBootError> { + let mut closure = || -> Result<(), WaitForBootError> { let listener = TcpListener::bind(listen_addr.as_str()).map_err(WaitForBootError::Listen)?; listener @@ -143,7 +143,9 @@ impl GuestNetworkConfig { Err(WaitForBootError::Accept(e)) } } - })() { + }; + + match closure() { Err(e) => { let duration = start.elapsed(); eprintln!( @@ -559,7 +561,7 @@ fn scp_to_guest_with_auth( ) -> Result<(), SshCommandError> { let mut counter = 0; loop { - match (|| -> Result<(), SshCommandError> { + let closure = || -> Result<(), SshCommandError> { let tcp = TcpStream::connect(format!("{ip}:22")).map_err(SshCommandError::Connection)?; let mut sess = Session::new().unwrap(); @@ -592,7 +594,9 @@ fn scp_to_guest_with_auth( let _ = channel.wait_close(); Ok(()) - })() { + }; + + match closure() { Ok(_) => break, Err(e) => { counter += 1; @@ -647,7 +651,7 @@ pub fn ssh_command_ip_with_auth( let mut counter = 0; loop { - match (|| -> Result<(), SshCommandError> { + let mut closure = || -> Result<(), SshCommandError> { let tcp = TcpStream::connect(format!("{ip}:22")).map_err(SshCommandError::Connection)?; let mut sess = Session::new().unwrap(); @@ -676,7 +680,9 @@ pub fn ssh_command_ip_with_auth( } else { Ok(()) } - })() { + }; + + match closure() { Ok(_) => break, Err(e) => { counter += 1; From 93631b5e232c516fe7b2f95e37026db229028fef Mon Sep 17 00:00:00 2001 From: Yi Wang Date: Tue, 26 Dec 2023 15:27:45 +0800 Subject: [PATCH 46/63] build: fix clippy Path::join issue CI reports clippy errors: error: argument to `Path::join` starts with a path separator --> tests/integration.rs:4076:58 | 4076 | let serial_socket = guest.tmp_dir.as_path().join("/tmp/serial.socket"); | ^^^^^^^^^^^^^^^^^^^^ | = note: joining a path starting with separator will replace the path instead = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#join_absolute_paths Signed-off-by: Yi Wang (cherry picked from commit ee2f0c3cb4fc3d014af3b85f3da8bfe1d41c6e48) --- tests/integration.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration.rs b/tests/integration.rs index 425d8a7f1a..2b9c3a8635 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -3993,7 +3993,7 @@ mod common_parallel { let focal = UbuntuDiskConfig::new(FOCAL_IMAGE_NAME.to_string()); let guest = Guest::new(Box::new(focal)); - let serial_path = guest.tmp_dir.as_path().join("/tmp/serial-output"); + let serial_path = guest.tmp_dir.as_path().join("serial-output"); #[cfg(target_arch = "x86_64")] let console_str: &str = "console=ttyS0"; #[cfg(target_arch = "aarch64")] @@ -4106,8 +4106,8 @@ mod common_parallel { fn test_serial_socket_interaction() { let focal = UbuntuDiskConfig::new(FOCAL_IMAGE_NAME.to_string()); let guest = Guest::new(Box::new(focal)); - let serial_socket = guest.tmp_dir.as_path().join("/tmp/serial.socket"); - let serial_socket_pty = guest.tmp_dir.as_path().join("/tmp/serial.pty"); + let serial_socket = guest.tmp_dir.as_path().join("serial.socket"); + let serial_socket_pty = guest.tmp_dir.as_path().join("serial.pty"); let serial_option = if cfg!(target_arch = "x86_64") { " console=ttyS0" } else { @@ -4220,7 +4220,7 @@ mod common_parallel { let focal = UbuntuDiskConfig::new(FOCAL_IMAGE_NAME.to_string()); let guest = Guest::new(Box::new(focal)); - let console_path = guest.tmp_dir.as_path().join("/tmp/console-output"); + let console_path = guest.tmp_dir.as_path().join("console-output"); let mut child = GuestCommand::new(&guest) .args(["--cpus", "boot=1"]) .args(["--memory", "size=512M"]) From 8e6bdcbf113da1be8b115b5f465851146105201f Mon Sep 17 00:00:00 2001 From: Yi Wang Date: Tue, 26 Dec 2023 16:07:38 +0800 Subject: [PATCH 47/63] build: fix clippy ptr arg issue CI reports errors: error: writing `&Vec` instead of `&[_]` involves a new object where a slice will do --> arch/src/x86_64/mod.rs:1351:19 | 1351 | epc_sections: &Vec, | ^^^^^^^^^^^^^^^^^^^ help: change this to: `&[SgxEpcSection]` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#ptr_arg = note: `-D clippy::ptr-arg` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(clippy::ptr_arg)]` Signed-off-by: Yi Wang (cherry picked from commit 3d6594a594f734f50f82191eb06ed3d5a91b9856) --- arch/src/x86_64/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/src/x86_64/mod.rs b/arch/src/x86_64/mod.rs index ac171c3731..8fa101e338 100644 --- a/arch/src/x86_64/mod.rs +++ b/arch/src/x86_64/mod.rs @@ -1399,7 +1399,7 @@ fn update_cpuid_topology( // sections exposed to the guest. fn update_cpuid_sgx( cpuid: &mut Vec, - epc_sections: &Vec, + epc_sections: &[SgxEpcSection], ) -> Result<(), Error> { // Something's wrong if there's no EPC section. if epc_sections.is_empty() { From f8a5c149ebc3d22c0a4225427f0671e4050bd869 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Tue, 6 Feb 2024 21:15:09 +0000 Subject: [PATCH 48/63] block: qcow: Fix beta clippy issue warning: field `0` is never read --> block/src/qcow/vec_cache.rs:139:21 | 139 | struct NumCache(pub u64); | -------- ^^^^^^^ | | | field in this struct | = note: `#[warn(dead_code)]` on by default help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field | 139 | struct NumCache(()); | ~~ Signed-off-by: Rob Bradford (cherry picked from commit c19c73cb99904499daa0a47ca91ad70a3d4d78cb) --- block/src/qcow/vec_cache.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/block/src/qcow/vec_cache.rs b/block/src/qcow/vec_cache.rs index 6b88e409d0..478f5191f2 100644 --- a/block/src/qcow/vec_cache.rs +++ b/block/src/qcow/vec_cache.rs @@ -136,7 +136,7 @@ impl CacheMap { mod tests { use super::*; - struct NumCache(pub u64); + struct NumCache(()); impl Cacheable for NumCache { fn dirty(&self) -> bool { true @@ -148,28 +148,28 @@ mod tests { let mut cache = CacheMap::::new(3); let mut evicted = None; cache - .insert(0, NumCache(5), |index, _| { + .insert(0, NumCache(()), |index, _| { evicted = Some(index); Ok(()) }) .unwrap(); assert_eq!(evicted, None); cache - .insert(1, NumCache(6), |index, _| { + .insert(1, NumCache(()), |index, _| { evicted = Some(index); Ok(()) }) .unwrap(); assert_eq!(evicted, None); cache - .insert(2, NumCache(7), |index, _| { + .insert(2, NumCache(()), |index, _| { evicted = Some(index); Ok(()) }) .unwrap(); assert_eq!(evicted, None); cache - .insert(3, NumCache(8), |index, _| { + .insert(3, NumCache(()), |index, _| { evicted = Some(index); Ok(()) }) From a09d536dc1e21531d8898f14fe9d79d6cc8f7445 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Tue, 6 Feb 2024 21:18:50 +0000 Subject: [PATCH 49/63] performance-metrics: Allow dead_code for embedded error The embedded error in the enum will be read on debug output of the error. Fixes beta clippy issue: warning: field `0` is never read --> performance-metrics/src/performance_tests.rs:25:11 | 25 | Infra(InfraError), | ----- ^^^^^^^^^^ | | | field in this variant | = note: `#[warn(dead_code)]` on by default help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field | 25 | Infra(()), | ~~ Signed-off-by: Rob Bradford (cherry picked from commit 8899ebd63cb82b0eb21f4efa5e3f9fd6fe3d6db4) --- performance-metrics/src/performance_tests.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/performance-metrics/src/performance_tests.rs b/performance-metrics/src/performance_tests.rs index 91507a3889..92db54907d 100644 --- a/performance-metrics/src/performance_tests.rs +++ b/performance-metrics/src/performance_tests.rs @@ -19,6 +19,7 @@ pub const FOCAL_IMAGE_NAME: &str = "focal-server-cloudimg-amd64-custom-20210609- #[cfg(target_arch = "aarch64")] pub const FOCAL_IMAGE_NAME: &str = "focal-server-cloudimg-arm64-custom-20210929-0-update-tool.raw"; +#[allow(dead_code)] #[derive(Debug)] enum Error { BootTimeParse, From 21ea5afa0a172b7597b317dd257f8fb3bf3a6e99 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Tue, 6 Feb 2024 21:18:50 +0000 Subject: [PATCH 50/63] vhost_user_block: Allow dead_code for embedded error The embedded error in the enum will be read on debug output of the error. Fixes beta clippy issue: warning: field `0` is never read --> vhost_user_block/src/lib.rs:64:23 | 64 | CreateKillEventFd(io::Error), | ----------------- ^^^^^^^^^ | | | field in this variant | = note: `#[warn(dead_code)]` on by default help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field | 64 | CreateKillEventFd(()), | ~~ Signed-off-by: Rob Bradford (cherry picked from commit 107f4bdc12044b11b0623f045485c54a007227c9) --- vhost_user_block/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/vhost_user_block/src/lib.rs b/vhost_user_block/src/lib.rs index 93c0200976..2adef9405e 100644 --- a/vhost_user_block/src/lib.rs +++ b/vhost_user_block/src/lib.rs @@ -58,6 +58,7 @@ impl DiskFile for D {} type Result = std::result::Result; type VhostUserBackendResult = std::result::Result; +#[allow(dead_code)] #[derive(Debug)] enum Error { /// Failed to create kill eventfd From 5580dd6e6acf9626f86cdec5fa575e48db9c7209 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Tue, 6 Feb 2024 14:46:10 -0800 Subject: [PATCH 51/63] tests: Avoid clippy warning of unhandled I/O bytes Fixes beta clippy issue: error: read amount is not handled --> tests/integration.rs:2121:15 | 2121 | match pty.read(&mut buf) { | ^^^^^^^^^^^^^^^^^^ | = help: use `Read::read_exact` instead, or handle partial reads note: the result is consumed here, but the amount of I/O bytes remains unhandled --> tests/integration.rs:2122:13 | 2122 | / Ok(_) => { 2123 | | let output = std::str::from_utf8(&buf).unwrap().to_string(); 2124 | | match tx.send(output) { 2125 | | Ok(_) => (), 2126 | | Err(_) => break, 2127 | | } 2128 | | } | |_____________^ = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unused_io_amount = note: `#[deny(clippy::unused_io_amount)]` on by default Signed-off-by: Bo Chen (cherry picked from commit 36890373cd814c074f26a5b2db000c171104e5bd) --- tests/integration.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration.rs b/tests/integration.rs index 2b9c3a8635..77500e1573 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -2118,7 +2118,7 @@ fn pty_read(mut pty: std::fs::File) -> Receiver { thread::sleep(std::time::Duration::new(1, 0)); let mut buf = [0; 512]; match pty.read(&mut buf) { - Ok(_) => { + Ok(_bytes) => { let output = std::str::from_utf8(&buf).unwrap().to_string(); match tx.send(output) { Ok(_) => (), From 7729024451cbac75eb55ca9bca1793c6ad2a5e87 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Tue, 6 Feb 2024 14:48:41 -0800 Subject: [PATCH 52/63] main: Clarify `truncate` behavior for event monitor file Fix beta clippy issue: error: file opened with `create`, but `truncate` behavior not defined --> src/main.rs:624:26 | 624 | .create(true) | ^^^^^^^^^^^^- help: add: `.truncate(true)` | = help: if you intend to overwrite an existing file entirely, call `.truncate(true)` = help: if you instead know that you may want to keep some parts of the old file, call `.truncate(false)` = help: alternatively, use `.append(true)` to append to the file instead of overwriting it = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#suspicious_open_options = note: `-D clippy::suspicious-open-options` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(clippy::suspicious_open_options)]` Signed-off-by: Bo Chen (cherry picked from commit c1f4a7b295b577107d3107b47a190379aa7dcf08) --- src/main.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main.rs b/src/main.rs index 2edd116a4a..af91b3cba3 100644 --- a/src/main.rs +++ b/src/main.rs @@ -605,6 +605,7 @@ fn start_vmm(cmd_arguments: ArgMatches) -> Result, Error> { std::fs::OpenOptions::new() .write(true) .create(true) + .truncate(true) .open(parser.get("path").unwrap()) .map_err(Error::EventMonitorIo)?, )) From c5904a413e50372fa48594e309851eaf07353072 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Tue, 6 Feb 2024 15:04:59 -0800 Subject: [PATCH 53/63] arch: Remove unused wrapper data structure for linux_loader The `ByteValued` trait implementations for the data structures from the 'linux_loader' crate are no longer needed, and hence their wrappers can be removed. Signed-off-by: Bo Chen (cherry picked from commit 9b0b88135180c1d4f04ea6a722009649fa7c82f9) --- arch/src/x86_64/mod.rs | 71 +++++++++++------------------------------- 1 file changed, 18 insertions(+), 53 deletions(-) diff --git a/arch/src/x86_64/mod.rs b/arch/src/x86_64/mod.rs index 8fa101e338..18781da0c5 100644 --- a/arch/src/x86_64/mod.rs +++ b/arch/src/x86_64/mod.rs @@ -17,14 +17,13 @@ use crate::InitramfsConfig; use crate::RegionType; use hypervisor::arch::x86::{CpuIdEntry, CPUID_FLAG_VALID_INDEX}; use hypervisor::{CpuVendor, HypervisorCpuError, HypervisorError}; -use linux_loader::loader::bootparam::boot_params; use linux_loader::loader::elf::start_info::{ hvm_memmap_table_entry, hvm_modlist_entry, hvm_start_info, }; use std::collections::BTreeMap; use std::mem; use vm_memory::{ - Address, ByteValued, Bytes, GuestAddress, GuestAddressSpace, GuestMemory, GuestMemoryAtomic, + Address, Bytes, GuestAddress, GuestAddressSpace, GuestMemory, GuestMemoryAtomic, GuestMemoryRegion, GuestUsize, }; mod smbios; @@ -116,38 +115,6 @@ impl SgxEpcRegion { } } -// This is a workaround to the Rust enforcement specifying that any implementation of a foreign -// trait (in this case `DataInit`) where: -// * the type that is implementing the trait is foreign or -// * all of the parameters being passed to the trait (if there are any) are also foreign -// is prohibited. -#[derive(Copy, Clone, Default)] -struct StartInfoWrapper(hvm_start_info); - -#[derive(Copy, Clone, Default)] -struct MemmapTableEntryWrapper(hvm_memmap_table_entry); - -#[derive(Copy, Clone, Default)] -struct ModlistEntryWrapper(hvm_modlist_entry); - -// SAFETY: data structure only contain a series of integers -unsafe impl ByteValued for StartInfoWrapper {} -// SAFETY: data structure only contain a series of integers -unsafe impl ByteValued for MemmapTableEntryWrapper {} -// SAFETY: data structure only contain a series of integers -unsafe impl ByteValued for ModlistEntryWrapper {} - -// This is a workaround to the Rust enforcement specifying that any implementation of a foreign -// trait (in this case `DataInit`) where: -// * the type that is implementing the trait is foreign or -// * all of the parameters being passed to the trait (if there are any) are also foreign -// is prohibited. -#[derive(Copy, Clone, Default)] -struct BootParamsWrapper(boot_params); - -// SAFETY: BootParamsWrap is a wrapper over `boot_params` (a series of ints). -unsafe impl ByteValued for BootParamsWrapper {} - pub struct CpuidConfig { pub sgx_epc_sections: Option>, pub phys_bits: u8, @@ -1078,29 +1045,30 @@ fn configure_pvh( ) -> super::Result<()> { const XEN_HVM_START_MAGIC_VALUE: u32 = 0x336ec578; - let mut start_info: StartInfoWrapper = StartInfoWrapper(hvm_start_info::default()); - - start_info.0.magic = XEN_HVM_START_MAGIC_VALUE; - start_info.0.version = 1; // pvh has version 1 - start_info.0.nr_modules = 0; - start_info.0.cmdline_paddr = cmdline_addr.raw_value(); - start_info.0.memmap_paddr = layout::MEMMAP_START.raw_value(); + let mut start_info = hvm_start_info { + magic: XEN_HVM_START_MAGIC_VALUE, + version: 1, // pvh has version 1 + nr_modules: 0, + cmdline_paddr: cmdline_addr.raw_value(), + memmap_paddr: layout::MEMMAP_START.raw_value(), + ..Default::default() + }; if let Some(rsdp_addr) = rsdp_addr { - start_info.0.rsdp_paddr = rsdp_addr.0; + start_info.rsdp_paddr = rsdp_addr.0; } if let Some(initramfs_config) = initramfs { // The initramfs has been written to guest memory already, here we just need to // create the module structure that describes it. - let ramdisk_mod: ModlistEntryWrapper = ModlistEntryWrapper(hvm_modlist_entry { + let ramdisk_mod = hvm_modlist_entry { paddr: initramfs_config.address.raw_value(), size: initramfs_config.size as u64, ..Default::default() - }); + }; - start_info.0.nr_modules += 1; - start_info.0.modlist_paddr = layout::MODLIST_START.raw_value(); + start_info.nr_modules += 1; + start_info.modlist_paddr = layout::MODLIST_START.raw_value(); // Write the modlist struct to guest memory. guest_mem @@ -1160,7 +1128,7 @@ fn configure_pvh( ); } - start_info.0.memmap_entries = memmap.len() as u32; + start_info.memmap_entries = memmap.len() as u32; // Copy the vector with the memmap table to the MEMMAP_START address // which is already saved in the memmap_paddr field of hvm_start_info struct. @@ -1169,17 +1137,14 @@ fn configure_pvh( guest_mem .checked_offset( memmap_start_addr, - mem::size_of::() * start_info.0.memmap_entries as usize, + mem::size_of::() * start_info.memmap_entries as usize, ) .ok_or(super::Error::MemmapTablePastRamEnd)?; - // For every entry in the memmap vector, create a MemmapTableEntryWrapper - // and write it to guest memory. + // For every entry in the memmap vector, write it to guest memory. for memmap_entry in memmap { - let map_entry_wrapper: MemmapTableEntryWrapper = MemmapTableEntryWrapper(memmap_entry); - guest_mem - .write_obj(map_entry_wrapper, memmap_start_addr) + .write_obj(memmap_entry, memmap_start_addr) .map_err(|_| super::Error::MemmapTableSetup)?; memmap_start_addr = memmap_start_addr.unchecked_add(mem::size_of::() as u64); From 35d199896583ae63ec6eefa4d21ba9c208d93d54 Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Mon, 22 Jan 2024 23:09:40 +0200 Subject: [PATCH 54/63] vmm: Replace Debug with Display rendering in HTTP error message Bumping anyhow crate from 1.0.75 to 1.0.79 will cause seccomp failures through integration tests. Newly added backtrace support relies on readlink and many other syscalls. Issue noticed with test_api_http_pause_resume test, where second time of VM PAUSE or VM RESUME prints error and causes panic. Noticed that panic message in a thread which is not allowed to write output triggered the issue. So implementing Display trait for HttpError and ApiError enums to avoid adding many syscalls to seccomp filter section. Signed-off-by: Ravi kumar Veeramally (cherry picked from commit 895dc12a74c52265b763865bf9ecbbc39ad73c87) --- vmm/src/api/dbus/mod.rs | 4 ++-- vmm/src/api/http/mod.rs | 17 +++++++++++++++- vmm/src/api/mod.rs | 44 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 3 deletions(-) diff --git a/vmm/src/api/dbus/mod.rs b/vmm/src/api/dbus/mod.rs index c063e10083..826689129d 100644 --- a/vmm/src/api/dbus/mod.rs +++ b/vmm/src/api/dbus/mod.rs @@ -33,8 +33,8 @@ pub struct DBusApi { api_sender: futures::lock::Mutex>, } -fn api_error(error: impl std::fmt::Debug) -> fdo::Error { - fdo::Error::Failed(format!("{error:?}")) +fn api_error(error: impl std::fmt::Debug + std::fmt::Display) -> fdo::Error { + fdo::Error::Failed(format!("{error}")) } // This method is intended to ensure that the DBusApi thread has enough time to diff --git a/vmm/src/api/http/mod.rs b/vmm/src/api/http/mod.rs index 2f4b0283ce..66cf26dd1b 100644 --- a/vmm/src/api/http/mod.rs +++ b/vmm/src/api/http/mod.rs @@ -7,12 +7,14 @@ use self::http_endpoint::{VmActionHandler, VmCreate, VmInfo, VmmPing, VmmShutdow use crate::api::{ApiError, ApiRequest, VmAction}; use crate::seccomp_filters::{get_seccomp_filter, Thread}; use crate::{Error as VmmError, Result}; +use core::fmt; use hypervisor::HypervisorType; use micro_http::{Body, HttpServer, MediaType, Method, Request, Response, StatusCode, Version}; use once_cell::sync::Lazy; use seccompiler::{apply_filter, SeccompAction}; use serde_json::Error as SerdeError; use std::collections::BTreeMap; +use std::fmt::Display; use std::fs::File; use std::os::unix::io::{IntoRawFd, RawFd}; use std::os::unix::net::UnixListener; @@ -44,6 +46,19 @@ pub enum HttpError { ApiError(ApiError), } +impl Display for HttpError { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + use self::HttpError::*; + match self { + BadRequest => write!(f, "Bad Request"), + NotFound => write!(f, "Not Found"), + InternalServerError => write!(f, "Internal Server Error"), + SerdeJsonDeserialize(serde_error) => write!(f, "{}", serde_error), + ApiError(api_error) => write!(f, "{}", api_error), + } + } +} + impl From for HttpError { fn from(e: serde_json::Error) -> Self { HttpError::SerdeJsonDeserialize(e) @@ -54,7 +69,7 @@ const HTTP_ROOT: &str = "/api/v1"; pub fn error_response(error: HttpError, status: StatusCode) -> Response { let mut response = Response::new(Version::Http11, status); - response.set_body(Body::new(format!("{error:?}"))); + response.set_body(Body::new(format!("{error}"))); response } diff --git a/vmm/src/api/mod.rs b/vmm/src/api/mod.rs index aaae8ee34c..a0ad2f3207 100644 --- a/vmm/src/api/mod.rs +++ b/vmm/src/api/mod.rs @@ -43,8 +43,10 @@ use crate::config::{ }; use crate::device_tree::DeviceTree; use crate::vm::{Error as VmError, VmState}; +use core::fmt; use micro_http::Body; use serde::{Deserialize, Serialize}; +use std::fmt::Display; use std::io; use std::sync::mpsc::{channel, RecvError, SendError, Sender}; use std::sync::{Arc, Mutex}; @@ -158,6 +160,48 @@ pub enum ApiError { } pub type ApiResult = std::result::Result; +impl Display for ApiError { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + use self::ApiError::*; + match self { + EventFdWrite(serde_error) => write!(f, "{}", serde_error), + RequestSend(send_error) => write!(f, "{}", send_error), + ResponsePayloadType => write!(f, "Wrong response payload type"), + ResponseRecv(recv_error) => write!(f, "{}", recv_error), + VmBoot(vm_error) => write!(f, "{}", vm_error), + VmCreate(vm_error) => write!(f, "{}", vm_error), + VmDelete(vm_error) => write!(f, "{}", vm_error), + VmInfo(vm_error) => write!(f, "{}", vm_error), + VmPause(vm_error) => write!(f, "{}", vm_error), + VmResume(vm_error) => write!(f, "{}", vm_error), + VmNotBooted => write!(f, "VM is not booted"), + VmNotCreated => write!(f, "VM is not created"), + VmShutdown(vm_error) => write!(f, "{}", vm_error), + VmReboot(vm_error) => write!(f, "{}", vm_error), + VmSnapshot(vm_error) => write!(f, "{}", vm_error), + VmRestore(vm_error) => write!(f, "{}", vm_error), + VmCoredump(vm_error) => write!(f, "{}", vm_error), + VmmShutdown(vm_error) => write!(f, "{}", vm_error), + VmResize(vm_error) => write!(f, "{}", vm_error), + VmResizeZone(vm_error) => write!(f, "{}", vm_error), + VmAddDevice(vm_error) => write!(f, "{}", vm_error), + VmAddUserDevice(vm_error) => write!(f, "{}", vm_error), + VmRemoveDevice(vm_error) => write!(f, "{}", vm_error), + CreateSeccompFilter(seccomp_error) => write!(f, "{}", seccomp_error), + ApplySeccompFilter(seccomp_error) => write!(f, "{}", seccomp_error), + VmAddDisk(vm_error) => write!(f, "{}", vm_error), + VmAddFs(vm_error) => write!(f, "{}", vm_error), + VmAddPmem(vm_error) => write!(f, "{}", vm_error), + VmAddNet(vm_error) => write!(f, "{}", vm_error), + VmAddVdpa(vm_error) => write!(f, "{}", vm_error), + VmAddVsock(vm_error) => write!(f, "{}", vm_error), + VmReceiveMigration(migratable_error) => write!(f, "{}", migratable_error), + VmSendMigration(migratable_error) => write!(f, "{}", migratable_error), + VmPowerButton(vm_error) => write!(f, "{}", vm_error), + } + } +} + #[derive(Clone, Deserialize, Serialize)] pub struct VmInfo { pub config: Arc>, From 196a59f2091fdbf019efcc8c848b23b3ecf88f28 Mon Sep 17 00:00:00 2001 From: Ravi kumar Veeramally Date: Mon, 23 Oct 2023 15:54:13 +0300 Subject: [PATCH 55/63] tests: Migrate docker container from ubuntu 20.04 to 22.04 The following tests have been temporarily disabled: 1. Live upgrade/migration test with ovs-dpdk (#5532); 2. Disk hotplug tests on windows guests (#6037); This patch has been tested with PR #6048. Signed-off-by: Ravi kumar Veeramally Signed-off-by: Michael Zhao Tested-by: Bo Chen (cherry picked from commit 24f384d2397a93ca32b7efcda2105e67bdac7b3c) --- resources/Dockerfile | 3 +-- scripts/dev_cli.sh | 8 +++----- scripts/run_integration_tests_aarch64.sh | 6 +++--- scripts/run_integration_tests_x86_64.sh | 2 +- tests/integration.rs | 8 ++++++-- 5 files changed, 14 insertions(+), 13 deletions(-) diff --git a/resources/Dockerfile b/resources/Dockerfile index 3faa9c119f..0b370061b0 100644 --- a/resources/Dockerfile +++ b/resources/Dockerfile @@ -3,7 +3,7 @@ # When changing this file don't forget to update the tag name in the # .github/workflows/docker-image.yaml file if doing multiple per day -FROM ubuntu:20.04 as dev +FROM ubuntu:22.04 as dev ARG TARGETARCH ARG RUST_TOOLCHAIN="1.70.0" @@ -43,7 +43,6 @@ RUN apt-get update \ socat \ dosfstools \ cpio \ - python \ python3 \ python3-setuptools \ ntfs-3g \ diff --git a/scripts/dev_cli.sh b/scripts/dev_cli.sh index 35d6f39ca1..e2ca189c63 100755 --- a/scripts/dev_cli.sh +++ b/scripts/dev_cli.sh @@ -7,7 +7,7 @@ CLI_NAME="Cloud Hypervisor" CTR_IMAGE_TAG="ghcr.io/cloud-hypervisor/cloud-hypervisor" -CTR_IMAGE_VERSION="20231108-0" +CTR_IMAGE_VERSION="20231220-0" : "${CTR_IMAGE:=${CTR_IMAGE_TAG}:${CTR_IMAGE_VERSION}}" DOCKER_RUNTIME="docker" @@ -285,8 +285,7 @@ cmd_build() { rustflags="$RUSTFLAGS" target_cc="" if [ "$(uname -m)" = "aarch64" ] && [ "$libc" = "musl" ]; then - rustflags="$rustflags -C link-arg=-lgcc -C link_arg=-specs -C link_arg=/usr/lib/aarch64-linux-musl/musl-gcc.specs" - target_cc="musl-gcc" + rustflags="$rustflags -C link-args=-Wl,-Bstatic -C link-args=-lc" fi $DOCKER_RUNTIME run \ @@ -399,8 +398,7 @@ cmd_tests() { rustflags="$RUSTFLAGS" target_cc="" if [ "$(uname -m)" = "aarch64" ] && [ "$libc" = "musl" ]; then - rustflags="$rustflags -C link-arg=-lgcc -C link_arg=-specs -C link_arg=/usr/lib/aarch64-linux-musl/musl-gcc.specs" - target_cc="musl-gcc" + rustflags="$rustflags -C link-args=-Wl,-Bstatic -C link-args=-lc" fi if [[ "$unit" = true ]]; then diff --git a/scripts/run_integration_tests_aarch64.sh b/scripts/run_integration_tests_aarch64.sh index 5e40c6eb08..16e061cef3 100755 --- a/scripts/run_integration_tests_aarch64.sh +++ b/scripts/run_integration_tests_aarch64.sh @@ -20,7 +20,7 @@ build_spdk_nvme() { sed -i "/grpcio/d" scripts/pkgdep/debian.sh ./scripts/pkgdep.sh ./configure --with-vfio-user - chmod +x /usr/local/lib/python3.8/dist-packages/ninja/data/bin/ninja + chmod +x /usr/local/lib/python3.10/dist-packages/ninja/data/bin/ninja make -j `nproc` || exit 1 touch .built popd @@ -30,7 +30,7 @@ build_spdk_nvme() { fi cp "$WORKLOADS_DIR/spdk/build/bin/nvmf_tgt" $SPDK_DEPLOY_DIR/nvmf_tgt cp "$WORKLOADS_DIR/spdk/scripts/rpc.py" $SPDK_DEPLOY_DIR/rpc.py - cp -r "$WORKLOADS_DIR/spdk/scripts/rpc" $SPDK_DEPLOY_DIR/rpc + cp -r "$WORKLOADS_DIR/spdk/python/spdk/" $SPDK_DEPLOY_DIR/ cp -r "$WORKLOADS_DIR/spdk/python" $SPDK_DEPLOY_DIR/../ } @@ -38,7 +38,7 @@ build_virtiofsd() { VIRTIOFSD_DIR="$WORKLOADS_DIR/virtiofsd_build" VIRTIOFSD_REPO="https://gitlab.com/virtio-fs/virtiofsd.git" - checkout_repo "$VIRTIOFSD_DIR" "$VIRTIOFSD_REPO" v1.1.0 "220405d7a2606c92636d31992b5cb3036a41047b" + checkout_repo "$VIRTIOFSD_DIR" "$VIRTIOFSD_REPO" v1.8.0 "97ea7908fe7f9bc59916671a771bdcfaf4044b45" if [ ! -f "$VIRTIOFSD_DIR/.built" ]; then pushd $VIRTIOFSD_DIR diff --git a/scripts/run_integration_tests_x86_64.sh b/scripts/run_integration_tests_x86_64.sh index 285a853932..e189b179d9 100755 --- a/scripts/run_integration_tests_x86_64.sh +++ b/scripts/run_integration_tests_x86_64.sh @@ -116,7 +116,7 @@ if [ ! -f "$VIRTIOFSD" ]; then pushd $WORKLOADS_DIR git clone "https://gitlab.com/virtio-fs/virtiofsd.git" $VIRTIOFSD_DIR pushd $VIRTIOFSD_DIR - git checkout v1.1.0 + git checkout v1.8.0 time cargo build --release cp target/release/virtiofsd $VIRTIOFSD || exit 1 popd diff --git a/tests/integration.rs b/tests/integration.rs index 77500e1573..561125f2ae 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -4281,8 +4281,8 @@ mod common_parallel { fn test_vfio() { setup_vfio_network_interfaces(); - let focal = UbuntuDiskConfig::new(FOCAL_IMAGE_NAME.to_string()); - let guest = Guest::new_from_ip_range(Box::new(focal), "172.18", 0); + let jammy = UbuntuDiskConfig::new(JAMMY_IMAGE_NAME.to_string()); + let guest = Guest::new_from_ip_range(Box::new(jammy), "172.18", 0); let mut workload_path = dirs::home_dir().unwrap(); workload_path.push("workloads"); @@ -8055,6 +8055,7 @@ mod windows { } #[test] + #[ignore = "See #6037"] #[cfg(not(feature = "mshv"))] #[cfg(not(target_arch = "aarch64"))] fn test_windows_guest_disk_hotplug() { @@ -8150,6 +8151,7 @@ mod windows { } #[test] + #[ignore = "See #6037"] #[cfg(not(feature = "mshv"))] #[cfg(not(target_arch = "aarch64"))] fn test_windows_guest_disk_hotplug_multi() { @@ -9651,6 +9653,7 @@ mod live_migration { // Require to run ovs-dpdk tests sequentially because they rely on the same ovs-dpdk setup #[test] + #[ignore = "See #5532"] #[cfg(target_arch = "x86_64")] #[cfg(not(feature = "mshv"))] fn test_live_migration_ovs_dpdk() { @@ -9665,6 +9668,7 @@ mod live_migration { } #[test] + #[ignore = "See #5532"] #[cfg(target_arch = "x86_64")] #[cfg(not(feature = "mshv"))] fn test_live_upgrade_ovs_dpdk() { From 448fafd23a0608de5d3d12711db110b6108be470 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Tue, 6 Feb 2024 21:00:52 +0000 Subject: [PATCH 56/63] vmm: Directly clone console resize pipe Beta clippy fix: warning: this call to `as_ref.map(...)` does nothing --> vmm/src/device_manager.rs:1234:9 | 1234 | self.console_resize_pipe.as_ref().map(Arc::clone) | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: try: `self.console_resize_pipe.clone()` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#useless_asref = note: `#[warn(clippy::useless_asref)]` on by default Signed-off-by: Rob Bradford (cherry picked from commit e70bf598097b78e43d4f2dfef5fe41f1348dba70) --- vmm/src/device_manager.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vmm/src/device_manager.rs b/vmm/src/device_manager.rs index 883f0c0407..1c272a5dff 100644 --- a/vmm/src/device_manager.rs +++ b/vmm/src/device_manager.rs @@ -1177,7 +1177,7 @@ impl DeviceManager { } pub fn console_resize_pipe(&self) -> Option> { - self.console_resize_pipe.as_ref().map(Arc::clone) + self.console_resize_pipe.clone() } pub fn create_devices( From c59c61a983ab778724af0a098345e3c56180fddd Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Tue, 6 Feb 2024 21:02:54 +0000 Subject: [PATCH 57/63] vmm: Make thread local initialiser constant Beta clippy fix: warning: initializer for `thread_local` value can be made `const` --> vmm/src/sigwinch_listener.rs:27:40 | 27 | static TX: RefCell> = RefCell::new(None); | ^^^^^^^^^^^^^^^^^^ help: replace with: `const { RefCell::new(None) }` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#thread_local_initializer_can_be_made_const = note: `#[warn(clippy::thread_local_initializer_can_be_made_const)]` on by default Signed-off-by: Rob Bradford (cherry picked from commit 9dfc39d336c2cc921649e1faa2b60fd2820cd6b6) --- vmm/src/sigwinch_listener.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vmm/src/sigwinch_listener.rs b/vmm/src/sigwinch_listener.rs index c4ef3119b6..0aad878539 100644 --- a/vmm/src/sigwinch_listener.rs +++ b/vmm/src/sigwinch_listener.rs @@ -24,7 +24,7 @@ use vmm_sys_util::signal::register_signal_handler; thread_local! { // The tty file descriptor is stored in a global variable so it // can be accessed by a signal handler. - static TX: RefCell> = RefCell::new(None); + static TX: RefCell> = const { RefCell::new(None) }; } fn with_tx R>(f: F) -> R { From baf719c6ff9a0664ab2ab9b0a6d3c3109e891ca5 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Tue, 6 Feb 2024 21:05:06 +0000 Subject: [PATCH 58/63] tests: Remove unnecessary use of vec![] macro Beta clippy fix warning: useless use of `vec!` --> tests/integration.rs:5845:23 | 5845 | let kernels = vec![direct_kernel_boot_path()]; | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: you can use an array directly: `[direct_kernel_boot_path()]` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#useless_vec = note: `#[warn(clippy::useless_vec)]` on by default Signed-off-by: Rob Bradford (cherry picked from commit 61afd93a5078a617a3b5e940d3729cbcb9b48ecf) --- tests/integration.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration.rs b/tests/integration.rs index 561125f2ae..faf71af29d 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -5841,7 +5841,7 @@ mod common_parallel { #[cfg(target_arch = "x86_64")] let mut kernels = vec![direct_kernel_boot_path()]; #[cfg(target_arch = "aarch64")] - let kernels = vec![direct_kernel_boot_path()]; + let kernels = [direct_kernel_boot_path()]; #[cfg(target_arch = "x86_64")] { From de6d6f255873f3a018bc33e59a5829ec09191a97 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Mon, 11 Mar 2024 15:05:17 -0700 Subject: [PATCH 59/63] hypervisor: Make (de)serialize for XsaveState backward compatible Signed-off-by: Bo Chen --- hypervisor/src/arch/x86/mod.rs | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/hypervisor/src/arch/x86/mod.rs b/hypervisor/src/arch/x86/mod.rs index 72b57072ff..b7d7f7733d 100644 --- a/hypervisor/src/arch/x86/mod.rs +++ b/hypervisor/src/arch/x86/mod.rs @@ -312,10 +312,10 @@ pub struct MsrEntry { pub data: u64, } +#[repr(C)] #[serde_with::serde_as] -#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)] +#[derive(Debug, Clone)] pub struct XsaveState { - #[serde_as(as = "[_; 1024usize]")] pub region: [u32; 1024usize], } @@ -325,3 +325,26 @@ impl Default for XsaveState { unsafe { ::std::mem::zeroed() } } } + +impl<'de> serde::Deserialize<'de> for XsaveState { + fn deserialize(deserializer: D) -> std::result::Result + where + D: serde::Deserializer<'de>, + { + let region: Vec = Vec::deserialize(deserializer)?; + let mut val: XsaveState = XsaveState::default(); + // This panics if the source and destination have different lengths. + val.region.copy_from_slice(®ion[..]); + Ok(val) + } +} + +impl serde::Serialize for XsaveState { + fn serialize(&self, serializer: S) -> std::result::Result + where + S: serde::Serializer, + { + let region = &self.region[..]; + region.serialize(serializer) + } +} From 3c4ff7de0140db26ec9394ad670cf328a5d57c31 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Mon, 11 Mar 2024 12:02:57 -0700 Subject: [PATCH 60/63] hypervisor: Use legacy definitions of kvm structs for live-upgrade Use 'kvm_vcpu_events_old' and 'kvm_clock_data_old' to support deserialization from legacy definitions of kvm structs, so that we can support live-upgrade from previous point releases. Signed-off-by: Bo Chen --- Cargo.lock | 2 +- Cargo.toml | 2 +- fuzz/Cargo.lock | 2 +- fuzz/Cargo.toml | 2 +- hypervisor/Cargo.toml | 2 +- hypervisor/src/kvm/mod.rs | 8 ++++---- hypervisor/src/kvm/x86_64/mod.rs | 2 +- hypervisor/src/lib.rs | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b05b2ad3f6..f195416939 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1152,7 +1152,7 @@ dependencies = [ [[package]] name = "kvm-bindings" version = "0.7.0" -source = "git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-v0.7.0#2dcf85d4f8aa55befcaa996b699ddb18ec9ed059" +source = "git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-live-upgrade-stable-37.x#f03fc575cdf20c3af9ca3d4d203f171943d95be4" dependencies = [ "serde", "serde_derive", diff --git a/Cargo.toml b/Cargo.toml index 2bce87916d..6c3bcc04a7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -52,7 +52,7 @@ zbus = { version = "3.11.1", optional = true } # List of patched crates [patch.crates-io] -kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.7.0" } +kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-live-upgrade-stable-37.x" } versionize_derive = { git = "https://github.com/cloud-hypervisor/versionize_derive", branch = "ch-0.1.6" } [dev-dependencies] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 7c0efcd521..4cfb581705 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -477,7 +477,7 @@ dependencies = [ [[package]] name = "kvm-bindings" version = "0.7.0" -source = "git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-v0.7.0#2dcf85d4f8aa55befcaa996b699ddb18ec9ed059" +source = "git+https://github.com/cloud-hypervisor/kvm-bindings?branch=ch-live-upgrade-stable-37.x#f03fc575cdf20c3af9ca3d4d203f171943d95be4" dependencies = [ "serde", "serde_derive", diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 5bec783840..c7931670c4 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -35,7 +35,7 @@ vm-virtio = { path = "../vm-virtio" } path = ".." [patch.crates-io] -kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.7.0" } +kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-live-upgrade-stable-37.x" } versionize_derive = { git = "https://github.com/cloud-hypervisor/versionize_derive", branch = "ch-0.1.6" } # Prevent this from interfering with workspaces diff --git a/hypervisor/Cargo.toml b/hypervisor/Cargo.toml index ce49f50d47..44dee71e2b 100644 --- a/hypervisor/Cargo.toml +++ b/hypervisor/Cargo.toml @@ -19,7 +19,7 @@ igvm_parser = { git = "https://github.com/microsoft/igvm", branch = "main", pack libc = "0.2.147" log = "0.4.20" kvm-ioctls = { version = "0.16.0", optional = true } -kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-v0.7.0", features = ["with-serde", "fam-wrappers"], optional = true } +kvm-bindings = { git = "https://github.com/cloud-hypervisor/kvm-bindings", branch = "ch-live-upgrade-stable-37.x", features = ["with-serde", "fam-wrappers"], optional = true } mshv-bindings = { git = "https://github.com/rust-vmm/mshv", branch = "main", features = ["with-serde", "fam-wrappers"], optional = true } mshv-ioctls = { git = "https://github.com/rust-vmm/mshv", branch = "main", optional = true} serde = { version = "1.0.168", features = ["rc", "derive"] } diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs index 6d91452f76..00d4dfaa45 100644 --- a/hypervisor/src/kvm/mod.rs +++ b/hypervisor/src/kvm/mod.rs @@ -315,7 +315,7 @@ impl From for VcpuKvmState { #[cfg(target_arch = "x86_64")] impl From for ClockData { fn from(d: kvm_clock_data) -> Self { - ClockData::Kvm(d) + ClockData::Kvm(d.into()) } } @@ -323,7 +323,7 @@ impl From for ClockData { impl From for kvm_clock_data { fn from(ms: ClockData) -> Self { match ms { - ClockData::Kvm(s) => s, + ClockData::Kvm(s) => s.into(), /* Needed in case other hypervisors are enabled */ #[allow(unreachable_patterns)] _ => panic!("CpuState is not valid"), @@ -1977,7 +1977,7 @@ impl cpu::Vcpu for KvmVcpu { msr_entries }; - let vcpu_events = self.get_vcpu_events()?; + let vcpu_events = self.get_vcpu_events()?.into(); let tsc_khz = self.tsc_khz()?; Ok(VcpuKvmState { @@ -2130,7 +2130,7 @@ impl cpu::Vcpu for KvmVcpu { } } - self.set_vcpu_events(&state.vcpu_events)?; + self.set_vcpu_events(&state.vcpu_events.into())?; Ok(()) } diff --git a/hypervisor/src/kvm/x86_64/mod.rs b/hypervisor/src/kvm/x86_64/mod.rs index cb4d069e32..953daffc4d 100644 --- a/hypervisor/src/kvm/x86_64/mod.rs +++ b/hypervisor/src/kvm/x86_64/mod.rs @@ -22,7 +22,7 @@ pub use { kvm_bindings::kvm_cpuid_entry2, kvm_bindings::kvm_dtable, kvm_bindings::kvm_fpu, kvm_bindings::kvm_lapic_state, kvm_bindings::kvm_mp_state as MpState, kvm_bindings::kvm_msr_entry, kvm_bindings::kvm_regs, kvm_bindings::kvm_segment, - kvm_bindings::kvm_sregs, kvm_bindings::kvm_vcpu_events as VcpuEvents, + kvm_bindings::kvm_sregs, kvm_bindings::kvm_vcpu_events_old as VcpuEvents, kvm_bindings::kvm_xcrs as ExtendedControlRegisters, kvm_bindings::kvm_xsave, kvm_bindings::CpuId, kvm_bindings::MsrList, kvm_bindings::Msrs as MsrEntries, kvm_bindings::KVM_CPUID_FLAG_SIGNIFCANT_INDEX, diff --git a/hypervisor/src/lib.rs b/hypervisor/src/lib.rs index 447e8abd4a..d5a7ed1f14 100644 --- a/hypervisor/src/lib.rs +++ b/hypervisor/src/lib.rs @@ -162,7 +162,7 @@ pub enum CpuState { #[cfg(target_arch = "x86_64")] pub enum ClockData { #[cfg(feature = "kvm")] - Kvm(kvm_bindings::kvm_clock_data), + Kvm(kvm_bindings::kvm_clock_data_old), #[cfg(feature = "mshv")] Mshv, /* MSHV does not support ClockData yet */ } From 2a9978f3c029651b3375de8e25643885d6f543b0 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Wed, 13 Mar 2024 16:12:19 -0700 Subject: [PATCH 61/63] tests: Enable live upgrade tests Signed-off-by: Bo Chen --- tests/integration.rs | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/integration.rs b/tests/integration.rs index faf71af29d..4e5f5269b7 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -9596,51 +9596,43 @@ mod live_migration { } #[test] - #[ignore = "See #6134"] fn test_live_upgrade_basic() { _test_live_migration(true, false) } #[test] - #[ignore = "See #6134"] fn test_live_upgrade_local() { _test_live_migration(true, true) } #[test] - #[ignore = "See #6134"] #[cfg(not(feature = "mshv"))] fn test_live_upgrade_numa() { _test_live_migration_numa(true, false) } #[test] - #[ignore = "See #6134"] #[cfg(not(feature = "mshv"))] fn test_live_upgrade_numa_local() { _test_live_migration_numa(true, true) } #[test] - #[ignore = "See #6134"] fn test_live_upgrade_watchdog() { _test_live_migration_watchdog(true, false) } #[test] - #[ignore = "See #6134"] fn test_live_upgrade_watchdog_local() { _test_live_migration_watchdog(true, true) } #[test] - #[ignore = "See #6134"] fn test_live_upgrade_balloon() { _test_live_migration_balloon(true, false) } #[test] - #[ignore = "See #6134"] fn test_live_upgrade_balloon_local() { _test_live_migration_balloon(true, true) } From 259b8aa1c86ee593cab2c08c19c7bd141cc529e2 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Wed, 13 Mar 2024 18:56:30 -0700 Subject: [PATCH 62/63] tests: Run "test_live_upgrade_numa" on aarch64 only Our Azure VM for x86_64 workers are now much smaller, and does not have enough RAM to run the "test_live_upgrade_numa" test. Instead, this test will still be tested on the aarch64 worker, and the "local" upgrade variation of the same test will also be tested on all workers. So we should be good from test coverage point of view. Signed-off-by: Bo Chen --- tests/integration.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration.rs b/tests/integration.rs index 4e5f5269b7..800d7ca1e2 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -9606,6 +9606,7 @@ mod live_migration { } #[test] + #[cfg(target_arch = "aarch64")] // see: #6272 #[cfg(not(feature = "mshv"))] fn test_live_upgrade_numa() { _test_live_migration_numa(true, false) From 115c455eaf57de1aa7a1a76f3c07cc813dbbe019 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Thu, 14 Mar 2024 19:59:22 -0700 Subject: [PATCH 63/63] build: Release v37.1 (bug fix release) Signed-off-by: Bo Chen --- Cargo.lock | 2 +- Cargo.toml | 2 +- release-notes.md | 13 +++++++++++++ vm-migration/src/lib.rs | 2 +- 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f195416939..5aa8801055 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -439,7 +439,7 @@ checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" [[package]] name = "cloud-hypervisor" -version = "37.0.0" +version = "37.1.0" dependencies = [ "anyhow", "api_client", diff --git a/Cargo.toml b/Cargo.toml index 6c3bcc04a7..0e8599a460 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cloud-hypervisor" -version = "37.0.0" +version = "37.1.0" authors = ["The Cloud Hypervisor Authors"] edition = "2021" default-run = "cloud-hypervisor" diff --git a/release-notes.md b/release-notes.md index 39a55590dd..b8f1e19be3 100644 --- a/release-notes.md +++ b/release-notes.md @@ -1,3 +1,4 @@ +- [v37.1](#v371) - [v37.0](#v370) - [Long Term Support (LTS) Release](#long-term-support-lts-release) - [Improved VFIO Device Passthrough with Multiple PCI Segments](#improved-vfio-device-passthrough-with-multiple-pci-segments) @@ -318,6 +319,18 @@ - [Unit testing](#unit-testing) - [Integration tests parallelization](#integration-tests-parallelization) +# v37.1 + +This is a bug fix release. The following issues have been addressed: + +* Fix several security advisories from dependencies (#6134, #6141) +* Enable HTT flag to avoid crashing cpu topology enumeration software +such as hwloc in the guest (#6146) +* Enable nested virtualization on AMD if supported (#6106) +* Handle non-power-of-two CPU topology properly (#6062) +* Various bug fixes around virtio-vsock(#6080, #6091, #6095) +* Align VFIO devices PCI BARs naturally (#6196) + # v37.0 This release has been tracked in our [roadmap diff --git a/vm-migration/src/lib.rs b/vm-migration/src/lib.rs index fc6398367d..2fb08af7f4 100644 --- a/vm-migration/src/lib.rs +++ b/vm-migration/src/lib.rs @@ -13,7 +13,7 @@ pub mod protocol; /// Global VMM version for versioning const MAJOR_VERSION: u16 = 37; -const MINOR_VERSION: u16 = 0; +const MINOR_VERSION: u16 = 1; const VMM_VERSION: u16 = MAJOR_VERSION << 12 | MINOR_VERSION & 0b1111; pub trait VersionMapped {