hypervisor: Switch to use the new StandardRegisters

With this we are removing the CloudHypervisor definition of
StandardRegisters instead using an enum which contains different
variants of StandardR

hypervisor: Switch to use the new StandardRegisters

With this we are removing the CloudHypervisor definition of
StandardRegisters instead using an enum which contains different
variants of StandardRegisters coming from their bindigs crate.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>

show more ...

hypervisor: Implement StandardRegisters as union of KVM & MSHV

Currently we are redefining StandardRegisters instead of using the ones
coming from bindings. With this we can remove the unnecessary
c

hypervisor: Implement StandardRegisters as union of KVM & MSHV

Currently we are redefining StandardRegisters instead of using the ones
coming from bindings. With this we can remove the unnecessary
construction of global structure which contains fields from different
hypervisor dependent structs.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>

show more ...

hypervisor: Add an API to create default StandardRegisters

This will be used to create StandardRegisters for a given vcpu in
future.

Signed-off-by: Jinank Jain <jinankjain@microsoft.com>

misc: Fix spelling issues

Misspellings were identified by:
https://github.com/marketplace/actions/check-spelling

* Initial corrections based on forbidden patterns from the action
* Additional cor

misc: Fix spelling issues

Misspellings were identified by:
https://github.com/marketplace/actions/check-spelling

* Initial corrections based on forbidden patterns from the action
* Additional corrections by Google Chrome auto-suggest
* Some manual corrections
* Adding markdown bullets to readme credits section

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

show more ...

hypervisor: kvm: Introduce Mutex around VcpuFd

This is required as the VcpuFd::run and VcpuFd::set_immediate_exit
methods now take a &mut self. I explored alternative solutions:

1. Using RefCell fo

hypervisor: kvm: Introduce Mutex around VcpuFd

This is required as the VcpuFd::run and VcpuFd::set_immediate_exit
methods now take a &mut self. I explored alternative solutions:

1. Using RefCell for runtime interior mutability - the Vcpu trait is
Sync and it's not possible to use RefCell with types that are Sync.
2. Using UnsafeCell - the mutable reference nature of ::run and and
::set_kvm_immediate_exit was added for a reason so it unwise to
bypass this.
3. Adjusting the trait interface to expose the &mut self - this requires
an Arc<Mutex<>> around the hypervisor::vcpu::Vcpu object and was very
intrusive.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>

show more ...

hypervisor: Remove unused VmExit enum members

The members for {Io, Mmio}{Read, Write} are unused as instead exits of
those types are handled through the VmOps interface. Removing these is
also a pre

hypervisor: Remove unused VmExit enum members

The members for {Io, Mmio}{Read, Write} are unused as instead exits of
those types are handled through the VmOps interface. Removing these is
also a prerequisite due to changes in the mutability of the
VcpuFd::run() method.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>

show more ...

hypervisor: Remove import of TryInto

This is already provided by the prelude.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>

vmm: support injecting NMI

Inject NMI interrupt when needed, by call ioctl KVM_NMI.

Signed-off-by: Yi Wang <foxywang@tencent.com>

build: Bump vmm-sys-util crate and its consumers

This patch bumps the following crates, including `kvm-bindings@0.7.0`*,
`kvm-ioctls@0.16.0`**, `linux-loader@0.11.0`, `versionize@0.2.0`,
`versionize

build: Bump vmm-sys-util crate and its consumers

This patch bumps the following crates, including `kvm-bindings@0.7.0`*,
`kvm-ioctls@0.16.0`**, `linux-loader@0.11.0`, `versionize@0.2.0`,
`versionize_derive@0.1.6`***, `vhost@0.10.0`,
`vhost-user-backend@0.13.1`, `virtio-queue@0.11.0`, `vm-memory@0.14.0`,
`vmm-sys-util@0.12.1`, and the latest of `vfio-bindings`, `vfio-ioctls`,
`mshv-bindings`,`mshv-ioctls`, and `vfio-user`.

* A fork of the `kvm-bindings` crate is being used to support
serialization of various structs for migration [1]. Also, code changes
are made to accommodate the updated `struct xsave` from the Linux
kernel. Note: these changes related to `struct xsave` break
live-upgrade.

** The new `kvm-ioctls` crate introduced breaking changes for
the `get/set_one_reg` API on `aarch64` [2], so code changes are made to
the new APIs.

*** A fork of the `versionize_derive` crate is being used to support
versionize on packed structs [3].

[1] https://github.com/cloud-hypervisor/kvm-bindings/tree/ch-v0.7.0
[2] https://github.com/rust-vmm/kvm-ioctls/pull/223
[3] https://github.com/cloud-hypervisor/versionize_derive/tree/ch-0.1.6

Fixes: #6072

Signed-off-by: Bo Chen <chen.bo@intel.com>

show more ...

hypervisor: kvm: Import TDX vmcall structure

Consistent with the other data structures and constants used in TDX
support code import the necessary structures from the kernel for
accessing the vmcall

hypervisor: kvm: Import TDX vmcall structure

Consistent with the other data structures and constants used in TDX
support code import the necessary structures from the kernel for
accessing the vmcall structure.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>

show more ...

hypervisor: fix few typos and cosmetic issues

This patch adds missing new lines after functions,
fixes few typos in the comments, adds few missing
comments to SNP related functions.

Signed-off-by:

hypervisor: fix few typos and cosmetic issues

This patch adds missing new lines after functions,
fixes few typos in the comments, adds few missing
comments to SNP related functions.

Signed-off-by: Muminul Islam <muislam@microsoft.com>

show more ...

hypervisor: Set destination vCPU TSC frequency to source

Include the TSC frequency as part of the KVM state so that it will be
restored at the destination.

This ensures migration works correctly be

hypervisor: Set destination vCPU TSC frequency to source

Include the TSC frequency as part of the KVM state so that it will be
restored at the destination.

This ensures migration works correctly between hosts that have a
different TSC frequency if the guest is running with TSC as the source
of timekeeping.

Fixes: #5786

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>

show more ...

misc: Fix various spelling errors using typos

This fixes all typos found by the typos utility with respect to the config file.

Signed-off-by: Philipp Schuster <philipp.schuster@cyberus-technology.d

misc: Fix various spelling errors using typos

This fixes all typos found by the typos utility with respect to the config file.

Signed-off-by: Philipp Schuster <philipp.schuster@cyberus-technology.de>

show more ...

hypervisor, vmm: Limit max number of vCPUs to hypervisor maximum

On KVM this is provided by an ioctl, on MSHV this is constant. Although
there is a HV_MAXIMUM_PROCESSORS constant the MSHV ioctl API

hypervisor, vmm: Limit max number of vCPUs to hypervisor maximum

On KVM this is provided by an ioctl, on MSHV this is constant. Although
there is a HV_MAXIMUM_PROCESSORS constant the MSHV ioctl API is limited
to u8.

Signed-off-by: Rob Bradford <rbradford@rivosinc.com>

show more ...

vmm: only use KVM_ARM_VCPU_PMU_V3 if available

Having PMU in guests isn't critical, and not all hardware supports
it (e.g. Apple Silicon).

CpuManager::init_pmu already has a fallback for if PMU is

vmm: only use KVM_ARM_VCPU_PMU_V3 if available

Having PMU in guests isn't critical, and not all hardware supports
it (e.g. Apple Silicon).

CpuManager::init_pmu already has a fallback for if PMU is not
supported by the VCPU, but we weren't getting that far, because we
would always try to initialise the VCPU with KVM_ARM_VCPU_PMU_V3, and
then bail when it returned with EINVAL.

Signed-off-by: Alyssa Ross <hi@alyssa.is>

show more ...

hypervisor: use proper doc tests for examples

It seems like these examples were always intended to be doctests,
since there are lines marked with "#" so that they are excluded from
the generated doc

hypervisor: use proper doc tests for examples

It seems like these examples were always intended to be doctests,
since there are lines marked with "#" so that they are excluded from
the generated documentation, but they were not recognised as doc tests
because they were not formatted correctly.

The code needed some adjustments so that it would actually compile and
run as doctests.

Signed-off-by: Alyssa Ross <hi@alyssa.is>

show more ...

hypervisor: rename get_cpuid to get_supported_cpuid

To better reflect its nature and avoid confusion with get_cpuid2.

No functional change.

Signed-off-by: Wei Liu <liuwe@microsoft.com>

arch, hypervisor: Populate CPUID leaf 0x4000_0010 (TSC frequency)

This hypervisor leaf includes details of the TSC frequency if that is
available from KVM. This can be used to efficiently calculate

arch, hypervisor: Populate CPUID leaf 0x4000_0010 (TSC frequency)

This hypervisor leaf includes details of the TSC frequency if that is
available from KVM. This can be used to efficiently calculate time
passed when there is an invariant TSC.

TEST=Run `cpuid` in the guest and observe the frequency populated.

Fixes: #5178

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

show more ...

tdx: Set the SEPT_VE_DISABLE attribute

This is required for booting Linux:

From: https://lore.kernel.org/all/20221028141220.29217-3-kirill.shutemov@linux.intel.com/

"""

Virtualization Exceptions

tdx: Set the SEPT_VE_DISABLE attribute

This is required for booting Linux:

From: https://lore.kernel.org/all/20221028141220.29217-3-kirill.shutemov@linux.intel.com/

"""

Virtualization Exceptions (#VE) are delivered to TDX guests due to
specific guest actions such as using specific instructions or accessing
a specific MSR.

Notable reason for #VE is access to specific guest physical addresses.
It requires special security considerations as it is not fully in
control of the guest kernel. VMM can remove a page from EPT page table
and trigger #VE on access.

The primary use-case for #VE on a memory access is MMIO: VMM removes
page from EPT to trigger exception in the guest which allows guest to
emulate MMIO with hypercalls.

MMIO only happens on shared memory. All conventional kernel memory is
private. This includes everything from kernel stacks to kernel text.

Handling exceptions on arbitrary accesses to kernel memory is
essentially impossible as handling #VE may require access to memory
that also triggers the exception.

TDX module provides mechanism to disable #VE delivery on access to
private memory. If SEPT_VE_DISABLE TD attribute is set, private EPT
violation will not be reflected to the guest as #VE, but will trigger
exit to VMM.

Make sure the attribute is set by VMM. Panic otherwise.

There's small window during the boot before the check where kernel has
early #VE handler. But the handler is only for port I/O and panic as
soon as it sees any other #VE reason.

SEPT_VE_DISABLE makes SEPT violation unrecoverable and terminating the
TD is the only option.

Kernel has no legitimate use-cases for #VE on private memory. It is
either a guest kernel bug (like access of unaccepted memory) or
malicious/buggy VMM that removes guest page that is still in use.

In both cases terminating TD is the right thing to do.

"""

With this change Cloud Hypervisor can boot the current Linux guest
kernel.

Reported-By: Jiaqi Gao <jiaqi.gao@intel.com
Signed-off-by: Rob Bradford <robert.bradford@intel.com>

show more ...

tdx: Update support based on kvm-upstream v5.19

In order to comply with latest TDX version, we rely onto the branch
kvm-upstream-2022.08.07-v5.19-rc8 from https://github.com/intel/tdx
repository. Up

tdx: Update support based on kvm-upstream v5.19

In order to comply with latest TDX version, we rely onto the branch
kvm-upstream-2022.08.07-v5.19-rc8 from https://github.com/intel/tdx
repository. Updates are based on changes that happened in
arch/x86/include/uapi/asm/kvm.h headers file.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

show more ...

hypervisor: kvm: aarch64: rename offset__of to offset_of

The double underscore made it different from how other projects would
name this particular macro.

No functional change.

Signed-off-by: Wei

hypervisor: kvm: aarch64: rename offset__of to offset_of

The double underscore made it different from how other projects would
name this particular macro.

No functional change.

Signed-off-by: Wei Liu <liuwe@microsoft.com>

show more ...

aarch64: Remove unnecessary casts (beta clippy check)

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

hypervisor: kvm: add two safety comments

Signed-off-by: Wei Liu <liuwe@microsoft.com>

misc: Manual beta clippy fixes (boolean to int conversion using if)

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

build: update to the latest kvm-ioctls

The latest kvm-ioctls contains a breaking change to its API. Now Arm's
get/set_one_reg use u128 instead of u64.

Signed-off-by: Wei Liu <liuwe@microsoft.com>