hypervisor: Implement retrieval of TDX capabilities

Extend the Hypervisor API in order to retrieve the TDX capabilities from
the underlying hypervisor.

Signed-off-by: Sebastien Boeuf <sebastien.boe

hypervisor: Implement retrieval of TDX capabilities

Extend the Hypervisor API in order to retrieve the TDX capabilities from
the underlying hypervisor.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

show more ...

hypervisor: Don't enable TDX debug

This might not be correctly supported, therefore best to keep it
disabled by default.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

hypervisor: mshv: fix a comment

It should have said MSHV in the comment.

Signed-off-by: Wei Liu <liuwe@microsoft.com>

hypervisor: Add `VmExit::Debug` for x86/KVM

This commit adds `VmExit::Debug` for x86/KVM. When the guest hits a
hardware breakpoint, `VcpuExit::Debug` vm exit occurs. This vm exit
will be handled wi

hypervisor: Add `VmExit::Debug` for x86/KVM

This commit adds `VmExit::Debug` for x86/KVM. When the guest hits a
hardware breakpoint, `VcpuExit::Debug` vm exit occurs. This vm exit
will be handled with code implemented in the following commits.

Signed-off-by: Akira Moroo <retrage01@gmail.com>

show more ...

hypervisor: Add `set_guest_debug` for x86/KVM

This commit adds `set_guest_debug` implementation for x86/KVM. This
function sets hardware breakpoints and single step to debug registers.

NOTE: The `s

hypervisor: Add `set_guest_debug` for x86/KVM

This commit adds `set_guest_debug` implementation for x86/KVM. This
function sets hardware breakpoints and single step to debug registers.

NOTE: The `set_guest_debug` implementation is based on the crosvm
implementation [1].

[1]
https://github.com/google/crosvm/blob/main/hypervisor/src/kvm/x86_64.rs

Signed-off-by: Akira Moroo <retrage01@gmail.com>

show more ...

hypervisor: Add `translate_gva` for x86/KVM

This commit adds `translate_gva` for x86/KVM. The same name function is
already implemented for MSHV, but the implementation differs as
KVM_TRANSLATE does

hypervisor: Add `translate_gva` for x86/KVM

This commit adds `translate_gva` for x86/KVM. The same name function is
already implemented for MSHV, but the implementation differs as
KVM_TRANSLATE does not take the flag argument and does not return status
code. This change requires the newer version of kvm-ioctls [1].

[1]
https://github.com/rust-vmm/kvm-ioctls/commit/97ff779b6ea96ae451308149b0ae38f13b271c19

Signed-off-by: Akira Moroo <retrage01@gmail.com>

show more ...

hypervisor: Remove mshv specific type from `translate_gva`

`translate_gva` returns mshv-specific type `hv_translate_gva_result`.
This return type is not a problem since this function is implemented

hypervisor: Remove mshv specific type from `translate_gva`

`translate_gva` returns mshv-specific type `hv_translate_gva_result`.
This return type is not a problem since this function is implemented
only for mshv, but we need to remove the type as the same function will
be implemented for KVM in PR #3575. This commit replaces the
mshv-specific type with `u32`.

Signed-off-by: Akira Moroo <retrage01@gmail.com>

show more ...

hypervisor: Add support for TDX exit reason to KVM

Relying on the recent additions to the kvm-ioctls crate, this commit
implements the support for providing the exit reason details to the
caller, wh

hypervisor: Add support for TDX exit reason to KVM

Relying on the recent additions to the kvm-ioctls crate, this commit
implements the support for providing the exit reason details to the
caller, which allows the identification of the type of hypercall that
was issued. It also introduces a way for the consumer to set the status
code that must be sent back to the guest.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

show more ...

vmm: Ensure that PIO and MMIO exits complete before pausing

As per this kernel documentation:

For KVM_EXIT_IO, KVM_EXIT_MMIO, KVM_EXIT_OSI, KVM_EXIT_PAPR, KVM_EXIT_XEN,
KVM_EXIT_EPR, KV

vmm: Ensure that PIO and MMIO exits complete before pausing

As per this kernel documentation:

For KVM_EXIT_IO, KVM_EXIT_MMIO, KVM_EXIT_OSI, KVM_EXIT_PAPR, KVM_EXIT_XEN,
KVM_EXIT_EPR, KVM_EXIT_X86_RDMSR and KVM_EXIT_X86_WRMSR the corresponding
operations are complete (and guest state is consistent) only after userspace
has re-entered the kernel with KVM_RUN. The kernel side will first finish
incomplete operations and then check for pending signals.

The pending state of the operation is not preserved in state which is
visible to userspace, thus userspace should ensure that the operation is
completed before performing a live migration. Userspace can re-enter the
guest with an unmasked signal pending or with the immediate_exit field set
to complete pending operations without allowing any further instructions
to be executed.

Since we capture the state as part of the pause and override it as part
of the resume we must ensure the state is consistent otherwise we will
lose the results of the MMIO or PIO operation that caused the exit from
which we paused.

Fixes: #3658

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

show more ...

hypervisor: add has/set trait for vcpu

Like devicefd, vcpufd also has ability to set/has attribute through kvm
ioctl. These traits are used when enable PMU on arm64, so add it here.

Signed-off-by:

hypervisor: add has/set trait for vcpu

Like devicefd, vcpufd also has ability to set/has attribute through kvm
ioctl. These traits are used when enable PMU on arm64, so add it here.

Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>

show more ...

hypervisor: kvm: Ignore -EINVAL from KVM_KVMCLOCK_CTRL ioctl()

If the guest hasn't initialised a PV clock then the KVM_KVMCLOCK_CTRL
ioctl will return -EINVAL. Therefore if running in the firmware o

hypervisor: kvm: Ignore -EINVAL from KVM_KVMCLOCK_CTRL ioctl()

If the guest hasn't initialised a PV clock then the KVM_KVMCLOCK_CTRL
ioctl will return -EINVAL. Therefore if running in the firmware or an OS
that doesn't use the PV clock then we should ignore that error

Tested by migrating a VM that has not yet booted into the Linux kernel
(just in firmware) by specifying no disk image:

e.g. target/debug/cloud-hypervisor --kernel ~/workloads/hypervisor-fw --api-socket /tmp/api --serial tty --console off

Fixes: #3586

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

show more ...

hypervisor: mshv: Fix beta clippy issue

error: this boolean expression can be simplified
--> hypervisor/src/mshv/mod.rs:348:25
|
348 | !(unsafe { access_info.__bindgen

hypervisor: mshv: Fix beta clippy issue

error: this boolean expression can be simplified
--> hypervisor/src/mshv/mod.rs:348:25
|
348 | !(unsafe { access_info.__bindgen_anon_1.string_op() } == 1),
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: try: `unsafe { access_info.__bindgen_anon_1.string_op() } != 1`
|
= note: `-D clippy::nonminimal-bool` implied by `-D warnings`
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#nonminimal_bool

error: this boolean expression can be simplified
--> hypervisor/src/mshv/mod.rs:352:25
|
352 | !(unsafe { access_info.__bindgen_anon_1.rep_prefix() } == 1),
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: try: `unsafe { access_info.__bindgen_anon_1.rep_prefix() } != 1`
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#nonminimal_bool

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

show more ...

hypervisor: Add support for setting KVM identity map

Extending the Vm trait with set_identity_map_address() in order to
expose this ioctl to the VMM.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf

hypervisor: Add support for setting KVM identity map

Extending the Vm trait with set_identity_map_address() in order to
expose this ioctl to the VMM.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

show more ...

arch, hypervisor, vmm: Explicitly place the TSS in the 32-bit space

Place the 3 page TSS at an explicit location in the 32-bit address space
to avoid conflicting with the loaded raw firmware.

Signe

arch, hypervisor, vmm: Explicitly place the TSS in the 32-bit space

Place the 3 page TSS at an explicit location in the 32-bit address space
to avoid conflicting with the loaded raw firmware.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

show more ...

hypervisor: add a few safety comments

Signed-off-by: Wei Liu <liuwe@microsoft.com>

hypervisor: drop one unsafe from mock_vmm

Simple aggregate types are Sync by default. There is no need to use
`impl Sync` for MockVmm (a simple struct).

Signed-off-by: Wei Liu <liuwe@microsoft.com>

hypervisor: aarch64: move a comment to where it should be

No functional change.

Signed-off-by: Wei Liu <liuwe@microsoft.com>

hypervisor: aarch64: remove undefined behaviour in offset__of

The variable tmp was never initialized. Calling assume_init when the
content is not yet initialized causes immediate undefined behaviour

hypervisor: aarch64: remove undefined behaviour in offset__of

The variable tmp was never initialized. Calling assume_init when the
content is not yet initialized causes immediate undefined behaviour.

We also cannot create any intermediate references because they will be
subject to the same requirements for references -- the referred object
must be valid.

Signed-off-by: Wei Liu <liuwe@microsoft.com>

show more ...

hypervisor: aarch64: Use assert!() rather than if+panic

As identified by the new beta clippy.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

hypervisor: mshv: Use assert!() rather than if+panic

As identified by the new beta clippy.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

hypervisor: emulator: Print out all exception details

Print out all the details from an emulator exception.

As identified by the new beta clippy.

Signed-off-by: Rob Bradford <robert.bradford@intel

hypervisor: emulator: Print out all exception details

Print out all the details from an emulator exception.

As identified by the new beta clippy.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

show more ...

hypervisor: Add Misc register to Save/Restore state for MSHV

Hypercall register needs to be saved and restored for
TLB flush and IPI synthetic features enablement.
Enabling these two synthetic featu

hypervisor: Add Misc register to Save/Restore state for MSHV

Hypercall register needs to be saved and restored for
TLB flush and IPI synthetic features enablement.
Enabling these two synthetic features improves
guest performance.

Signed-off-by: Muminul Islam <muislam@microsoft.com>

show more ...

hypervisor: kvm: Add missing MSR related to Hyper-V

When the synthetic interrupt controller is enabled, an extra set of MSRs
must be stored in case of migration. There was one MSR missing in the
lis

hypervisor: kvm: Add missing MSR related to Hyper-V

When the synthetic interrupt controller is enabled, an extra set of MSRs
must be stored in case of migration. There was one MSR missing in the
list, HV_X64_MSR_SINT14 corresponding to the 15th interrupt source from
the synthetic interrupt controller.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

show more ...

hypervisor: mshv: drop one unsafe in code

The binding already provides a default() method which does the same
thing.

Signed-off-by: Wei Liu <liuwe@microsoft.com>

deps: Bump kvm-bindings to v0.5.0

Update the kvm-bindings dependency so that Cloud Hypervisor now depends
on the version 0.5.0, which is based on Linux kernel v5.13.0. We still
have to rely on a for

deps: Bump kvm-bindings to v0.5.0

Update the kvm-bindings dependency so that Cloud Hypervisor now depends
on the version 0.5.0, which is based on Linux kernel v5.13.0. We still
have to rely on a forked version to be able to serialize all the KVM
structures we need.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

show more ...