17ad58457SRob Bradford // Copyright © 2022 Intel Corporation
27ad58457SRob Bradford //
37ad58457SRob Bradford // SPDX-License-Identifier: Apache-2.0
47ad58457SRob Bradford //
5dce82a34SGregory Anders use std::net::{IpAddr, Ipv4Addr};
661e57e1cSRuoqing He use std::path::PathBuf;
761e57e1cSRuoqing He use std::{fs, result};
888a9f799SRob Bradford
97ad58457SRob Bradford use net_util::MacAddr;
107ad58457SRob Bradford use serde::{Deserialize, Serialize};
117ad58457SRob Bradford use virtio_devices::RateLimiterConfig;
127ad58457SRob Bradford
1361e57e1cSRuoqing He use crate::landlock::LandlockError;
1461e57e1cSRuoqing He use crate::Landlock;
1588a9f799SRob Bradford
16d2f0e8aeSPraveen K Paladugu pub type LandlockResult<T> = result::Result<T, LandlockError>;
17d2f0e8aeSPraveen K Paladugu
18d2f0e8aeSPraveen K Paladugu /// Trait to apply Landlock on VmConfig elements
19d2f0e8aeSPraveen K Paladugu pub(crate) trait ApplyLandlock {
20d2f0e8aeSPraveen K Paladugu /// Apply Landlock rules to file paths
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>21d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>;
22d2f0e8aeSPraveen K Paladugu }
23d2f0e8aeSPraveen K Paladugu
247ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
257ad58457SRob Bradford pub struct CpuAffinity {
267ad58457SRob Bradford pub vcpu: u8,
27e3327947SSean Banko pub host_cpus: Vec<usize>,
287ad58457SRob Bradford }
297ad58457SRob Bradford
307ad58457SRob Bradford #[derive(Clone, Debug, Default, PartialEq, Eq, Deserialize, Serialize)]
317ad58457SRob Bradford pub struct CpuFeatures {
327ad58457SRob Bradford #[cfg(target_arch = "x86_64")]
337ad58457SRob Bradford #[serde(default)]
347ad58457SRob Bradford pub amx: bool,
357ad58457SRob Bradford }
367ad58457SRob Bradford
377ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
387ad58457SRob Bradford pub struct CpuTopology {
397ad58457SRob Bradford pub threads_per_core: u8,
407ad58457SRob Bradford pub cores_per_die: u8,
417ad58457SRob Bradford pub dies_per_package: u8,
427ad58457SRob Bradford pub packages: u8,
437ad58457SRob Bradford }
447ad58457SRob Bradford
457ad58457SRob Bradford // When booting with PVH boot the maximum physical addressable size
467ad58457SRob Bradford // is a 46 bit address space even when the host supports with 5-level
477ad58457SRob Bradford // paging.
487ad58457SRob Bradford pub const DEFAULT_MAX_PHYS_BITS: u8 = 46;
497ad58457SRob Bradford
default_cpuconfig_max_phys_bits() -> u8507ad58457SRob Bradford pub fn default_cpuconfig_max_phys_bits() -> u8 {
517ad58457SRob Bradford DEFAULT_MAX_PHYS_BITS
527ad58457SRob Bradford }
537ad58457SRob Bradford
547ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
557ad58457SRob Bradford pub struct CpusConfig {
567ad58457SRob Bradford pub boot_vcpus: u8,
577ad58457SRob Bradford pub max_vcpus: u8,
587ad58457SRob Bradford #[serde(default)]
597ad58457SRob Bradford pub topology: Option<CpuTopology>,
607ad58457SRob Bradford #[serde(default)]
617ad58457SRob Bradford pub kvm_hyperv: bool,
627ad58457SRob Bradford #[serde(default = "default_cpuconfig_max_phys_bits")]
637ad58457SRob Bradford pub max_phys_bits: u8,
647ad58457SRob Bradford #[serde(default)]
657ad58457SRob Bradford pub affinity: Option<Vec<CpuAffinity>>,
667ad58457SRob Bradford #[serde(default)]
677ad58457SRob Bradford pub features: CpuFeatures,
687ad58457SRob Bradford }
697ad58457SRob Bradford
70d692dfb8SRob Bradford pub const DEFAULT_VCPUS: u8 = 1;
71d692dfb8SRob Bradford
72d692dfb8SRob Bradford impl Default for CpusConfig {
default() -> Self73d692dfb8SRob Bradford fn default() -> Self {
74d692dfb8SRob Bradford CpusConfig {
75d692dfb8SRob Bradford boot_vcpus: DEFAULT_VCPUS,
76d692dfb8SRob Bradford max_vcpus: DEFAULT_VCPUS,
77d692dfb8SRob Bradford topology: None,
78d692dfb8SRob Bradford kvm_hyperv: false,
79d692dfb8SRob Bradford max_phys_bits: DEFAULT_MAX_PHYS_BITS,
80d692dfb8SRob Bradford affinity: None,
81d692dfb8SRob Bradford features: CpuFeatures::default(),
82d692dfb8SRob Bradford }
83d692dfb8SRob Bradford }
84d692dfb8SRob Bradford }
85d692dfb8SRob Bradford
867ad58457SRob Bradford pub const DEFAULT_NUM_PCI_SEGMENTS: u16 = 1;
default_platformconfig_num_pci_segments() -> u16877ad58457SRob Bradford pub fn default_platformconfig_num_pci_segments() -> u16 {
887ad58457SRob Bradford DEFAULT_NUM_PCI_SEGMENTS
897ad58457SRob Bradford }
907ad58457SRob Bradford
9174ca38f7SNikolay Edigaryev pub const DEFAULT_IOMMU_ADDRESS_WIDTH_BITS: u8 = 64;
default_platformconfig_iommu_address_width_bits() -> u89274ca38f7SNikolay Edigaryev pub fn default_platformconfig_iommu_address_width_bits() -> u8 {
9374ca38f7SNikolay Edigaryev DEFAULT_IOMMU_ADDRESS_WIDTH_BITS
9474ca38f7SNikolay Edigaryev }
9574ca38f7SNikolay Edigaryev
967ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
977ad58457SRob Bradford pub struct PlatformConfig {
987ad58457SRob Bradford #[serde(default = "default_platformconfig_num_pci_segments")]
997ad58457SRob Bradford pub num_pci_segments: u16,
1007ad58457SRob Bradford #[serde(default)]
1017ad58457SRob Bradford pub iommu_segments: Option<Vec<u16>>,
10274ca38f7SNikolay Edigaryev #[serde(default = "default_platformconfig_iommu_address_width_bits")]
10374ca38f7SNikolay Edigaryev pub iommu_address_width_bits: u8,
1047ad58457SRob Bradford #[serde(default)]
1057ad58457SRob Bradford pub serial_number: Option<String>,
1067ad58457SRob Bradford #[serde(default)]
1077ad58457SRob Bradford pub uuid: Option<String>,
1087ad58457SRob Bradford #[serde(default)]
1097ad58457SRob Bradford pub oem_strings: Option<Vec<String>>,
1107ad58457SRob Bradford #[cfg(feature = "tdx")]
1117ad58457SRob Bradford #[serde(default)]
1127ad58457SRob Bradford pub tdx: bool,
1135fd79571SJinank Jain #[cfg(feature = "sev_snp")]
1145fd79571SJinank Jain #[serde(default)]
1155fd79571SJinank Jain pub sev_snp: bool,
1167ad58457SRob Bradford }
1177ad58457SRob Bradford
118e7e856d8SThomas Barrett pub const DEFAULT_PCI_SEGMENT_APERTURE_WEIGHT: u32 = 1;
119e7e856d8SThomas Barrett
default_pci_segment_aperture_weight() -> u32120e7e856d8SThomas Barrett fn default_pci_segment_aperture_weight() -> u32 {
121e7e856d8SThomas Barrett DEFAULT_PCI_SEGMENT_APERTURE_WEIGHT
122e7e856d8SThomas Barrett }
123e7e856d8SThomas Barrett
124e7e856d8SThomas Barrett #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
125e7e856d8SThomas Barrett pub struct PciSegmentConfig {
126e7e856d8SThomas Barrett #[serde(default)]
127e7e856d8SThomas Barrett pub pci_segment: u16,
128e7e856d8SThomas Barrett #[serde(default = "default_pci_segment_aperture_weight")]
129e7e856d8SThomas Barrett pub mmio32_aperture_weight: u32,
130e7e856d8SThomas Barrett #[serde(default = "default_pci_segment_aperture_weight")]
131e7e856d8SThomas Barrett pub mmio64_aperture_weight: u32,
132e7e856d8SThomas Barrett }
133e7e856d8SThomas Barrett
1347ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
1357ad58457SRob Bradford pub struct MemoryZoneConfig {
1367ad58457SRob Bradford pub id: String,
1377ad58457SRob Bradford pub size: u64,
1387ad58457SRob Bradford #[serde(default)]
1397ad58457SRob Bradford pub file: Option<PathBuf>,
1407ad58457SRob Bradford #[serde(default)]
1417ad58457SRob Bradford pub shared: bool,
1427ad58457SRob Bradford #[serde(default)]
1437ad58457SRob Bradford pub hugepages: bool,
1447ad58457SRob Bradford #[serde(default)]
1457ad58457SRob Bradford pub hugepage_size: Option<u64>,
1467ad58457SRob Bradford #[serde(default)]
1477ad58457SRob Bradford pub host_numa_node: Option<u32>,
1487ad58457SRob Bradford #[serde(default)]
1497ad58457SRob Bradford pub hotplug_size: Option<u64>,
1507ad58457SRob Bradford #[serde(default)]
1517ad58457SRob Bradford pub hotplugged_size: Option<u64>,
1527ad58457SRob Bradford #[serde(default)]
1537ad58457SRob Bradford pub prefault: bool,
1547ad58457SRob Bradford }
1557ad58457SRob Bradford
156d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for MemoryZoneConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>157d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
158d2f0e8aeSPraveen K Paladugu if let Some(file) = &self.file {
159d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(file.to_path_buf(), "rw")?;
160d2f0e8aeSPraveen K Paladugu }
161d2f0e8aeSPraveen K Paladugu Ok(())
162d2f0e8aeSPraveen K Paladugu }
163d2f0e8aeSPraveen K Paladugu }
164d2f0e8aeSPraveen K Paladugu
165574576c8SBo Chen #[derive(Clone, Copy, Debug, PartialEq, Eq, Deserialize, Serialize, Default)]
1667ad58457SRob Bradford pub enum HotplugMethod {
167574576c8SBo Chen #[default]
1687ad58457SRob Bradford Acpi,
1697ad58457SRob Bradford VirtioMem,
1707ad58457SRob Bradford }
1717ad58457SRob Bradford
default_memoryconfig_thp() -> bool172f603afc4SRob Bradford fn default_memoryconfig_thp() -> bool {
173f603afc4SRob Bradford true
174f603afc4SRob Bradford }
175f603afc4SRob Bradford
1767ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
1777ad58457SRob Bradford pub struct MemoryConfig {
1787ad58457SRob Bradford pub size: u64,
1797ad58457SRob Bradford #[serde(default)]
1807ad58457SRob Bradford pub mergeable: bool,
1817ad58457SRob Bradford #[serde(default)]
1827ad58457SRob Bradford pub hotplug_method: HotplugMethod,
1837ad58457SRob Bradford #[serde(default)]
1847ad58457SRob Bradford pub hotplug_size: Option<u64>,
1857ad58457SRob Bradford #[serde(default)]
1867ad58457SRob Bradford pub hotplugged_size: Option<u64>,
1877ad58457SRob Bradford #[serde(default)]
1887ad58457SRob Bradford pub shared: bool,
1897ad58457SRob Bradford #[serde(default)]
1907ad58457SRob Bradford pub hugepages: bool,
1917ad58457SRob Bradford #[serde(default)]
1927ad58457SRob Bradford pub hugepage_size: Option<u64>,
1937ad58457SRob Bradford #[serde(default)]
1947ad58457SRob Bradford pub prefault: bool,
1957ad58457SRob Bradford #[serde(default)]
1967ad58457SRob Bradford pub zones: Option<Vec<MemoryZoneConfig>>,
197f603afc4SRob Bradford #[serde(default = "default_memoryconfig_thp")]
198f603afc4SRob Bradford pub thp: bool,
1997ad58457SRob Bradford }
2007ad58457SRob Bradford
201d692dfb8SRob Bradford pub const DEFAULT_MEMORY_MB: u64 = 512;
202d692dfb8SRob Bradford
203d692dfb8SRob Bradford impl Default for MemoryConfig {
default() -> Self204d692dfb8SRob Bradford fn default() -> Self {
205d692dfb8SRob Bradford MemoryConfig {
206d692dfb8SRob Bradford size: DEFAULT_MEMORY_MB << 20,
207d692dfb8SRob Bradford mergeable: false,
208d692dfb8SRob Bradford hotplug_method: HotplugMethod::Acpi,
209d692dfb8SRob Bradford hotplug_size: None,
210d692dfb8SRob Bradford hotplugged_size: None,
211d692dfb8SRob Bradford shared: false,
212d692dfb8SRob Bradford hugepages: false,
213d692dfb8SRob Bradford hugepage_size: None,
214d692dfb8SRob Bradford prefault: false,
215d692dfb8SRob Bradford zones: None,
216f603afc4SRob Bradford thp: true,
217d692dfb8SRob Bradford }
218d692dfb8SRob Bradford }
219d692dfb8SRob Bradford }
220d692dfb8SRob Bradford
2218eb162e3SBo Chen #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize, Default)]
2227ad58457SRob Bradford pub enum VhostMode {
223574576c8SBo Chen #[default]
2247ad58457SRob Bradford Client,
2257ad58457SRob Bradford Server,
2267ad58457SRob Bradford }
2277ad58457SRob Bradford
2287ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
229c297d8d7SThomas Barrett pub struct RateLimiterGroupConfig {
230c297d8d7SThomas Barrett #[serde(default)]
231c297d8d7SThomas Barrett pub id: String,
232c297d8d7SThomas Barrett #[serde(default)]
233c297d8d7SThomas Barrett pub rate_limiter_config: RateLimiterConfig,
234c297d8d7SThomas Barrett }
235c297d8d7SThomas Barrett
236c297d8d7SThomas Barrett #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
237035c4b20Sacarp pub struct VirtQueueAffinity {
238035c4b20Sacarp pub queue_index: u16,
239035c4b20Sacarp pub host_cpus: Vec<usize>,
240035c4b20Sacarp }
241035c4b20Sacarp
242035c4b20Sacarp #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
2437ad58457SRob Bradford pub struct DiskConfig {
2447ad58457SRob Bradford pub path: Option<PathBuf>,
2457ad58457SRob Bradford #[serde(default)]
2467ad58457SRob Bradford pub readonly: bool,
2477ad58457SRob Bradford #[serde(default)]
2487ad58457SRob Bradford pub direct: bool,
2497ad58457SRob Bradford #[serde(default)]
2507ad58457SRob Bradford pub iommu: bool,
2517ad58457SRob Bradford #[serde(default = "default_diskconfig_num_queues")]
2527ad58457SRob Bradford pub num_queues: usize,
2537ad58457SRob Bradford #[serde(default = "default_diskconfig_queue_size")]
2547ad58457SRob Bradford pub queue_size: u16,
2557ad58457SRob Bradford #[serde(default)]
2567ad58457SRob Bradford pub vhost_user: bool,
2577ad58457SRob Bradford pub vhost_socket: Option<String>,
2587ad58457SRob Bradford #[serde(default)]
259c297d8d7SThomas Barrett pub rate_limit_group: Option<String>,
260c297d8d7SThomas Barrett #[serde(default)]
2617ad58457SRob Bradford pub rate_limiter_config: Option<RateLimiterConfig>,
2627ad58457SRob Bradford #[serde(default)]
2637ad58457SRob Bradford pub id: Option<String>,
2647ad58457SRob Bradford // For testing use only. Not exposed in API.
2657ad58457SRob Bradford #[serde(default)]
2667ad58457SRob Bradford pub disable_io_uring: bool,
267bae13c5cSThomas Barrett // For testing use only. Not exposed in API.
268bae13c5cSThomas Barrett #[serde(default)]
269bae13c5cSThomas Barrett pub disable_aio: bool,
2707ad58457SRob Bradford #[serde(default)]
2717ad58457SRob Bradford pub pci_segment: u16,
272c4e8e653SThomas Barrett #[serde(default)]
273c4e8e653SThomas Barrett pub serial: Option<String>,
274035c4b20Sacarp #[serde(default)]
275035c4b20Sacarp pub queue_affinity: Option<Vec<VirtQueueAffinity>>,
2767ad58457SRob Bradford }
2777ad58457SRob Bradford
278d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for DiskConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>279d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
280d2f0e8aeSPraveen K Paladugu if let Some(path) = &self.path {
281d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(path.to_path_buf(), "rw")?;
282d2f0e8aeSPraveen K Paladugu }
283d2f0e8aeSPraveen K Paladugu Ok(())
284d2f0e8aeSPraveen K Paladugu }
285d2f0e8aeSPraveen K Paladugu }
286d2f0e8aeSPraveen K Paladugu
2877d8d27c1SRob Bradford pub const DEFAULT_DISK_NUM_QUEUES: usize = 1;
2887ad58457SRob Bradford
default_diskconfig_num_queues() -> usize2897ad58457SRob Bradford pub fn default_diskconfig_num_queues() -> usize {
2907d8d27c1SRob Bradford DEFAULT_DISK_NUM_QUEUES
2917ad58457SRob Bradford }
2927ad58457SRob Bradford
2937d8d27c1SRob Bradford pub const DEFAULT_DISK_QUEUE_SIZE: u16 = 128;
2947d8d27c1SRob Bradford
default_diskconfig_queue_size() -> u162957ad58457SRob Bradford pub fn default_diskconfig_queue_size() -> u16 {
2967d8d27c1SRob Bradford DEFAULT_DISK_QUEUE_SIZE
2977ad58457SRob Bradford }
2987ad58457SRob Bradford
2998eb162e3SBo Chen #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
3007ad58457SRob Bradford pub struct NetConfig {
3017ad58457SRob Bradford #[serde(default = "default_netconfig_tap")]
3027ad58457SRob Bradford pub tap: Option<String>,
3037ad58457SRob Bradford #[serde(default = "default_netconfig_ip")]
304dce82a34SGregory Anders pub ip: IpAddr,
3057ad58457SRob Bradford #[serde(default = "default_netconfig_mask")]
306dce82a34SGregory Anders pub mask: IpAddr,
3077ad58457SRob Bradford #[serde(default = "default_netconfig_mac")]
3087ad58457SRob Bradford pub mac: MacAddr,
3097ad58457SRob Bradford #[serde(default)]
3107ad58457SRob Bradford pub host_mac: Option<MacAddr>,
3117ad58457SRob Bradford #[serde(default)]
3127ad58457SRob Bradford pub mtu: Option<u16>,
3137ad58457SRob Bradford #[serde(default)]
3147ad58457SRob Bradford pub iommu: bool,
3157ad58457SRob Bradford #[serde(default = "default_netconfig_num_queues")]
3167ad58457SRob Bradford pub num_queues: usize,
3177ad58457SRob Bradford #[serde(default = "default_netconfig_queue_size")]
3187ad58457SRob Bradford pub queue_size: u16,
3197ad58457SRob Bradford #[serde(default)]
3207ad58457SRob Bradford pub vhost_user: bool,
3217ad58457SRob Bradford pub vhost_socket: Option<String>,
3227ad58457SRob Bradford #[serde(default)]
3237ad58457SRob Bradford pub vhost_mode: VhostMode,
3247ad58457SRob Bradford #[serde(default)]
3257ad58457SRob Bradford pub id: Option<String>,
32611fa24cdSBo Chen #[serde(
32711fa24cdSBo Chen default,
32811fa24cdSBo Chen serialize_with = "serialize_netconfig_fds",
32911fa24cdSBo Chen deserialize_with = "deserialize_netconfig_fds"
33011fa24cdSBo Chen )]
3317ad58457SRob Bradford pub fds: Option<Vec<i32>>,
3327ad58457SRob Bradford #[serde(default)]
3337ad58457SRob Bradford pub rate_limiter_config: Option<RateLimiterConfig>,
3347ad58457SRob Bradford #[serde(default)]
3357ad58457SRob Bradford pub pci_segment: u16,
3363494080eSYong He #[serde(default = "default_netconfig_true")]
3373494080eSYong He pub offload_tso: bool,
3383494080eSYong He #[serde(default = "default_netconfig_true")]
3393494080eSYong He pub offload_ufo: bool,
3403494080eSYong He #[serde(default = "default_netconfig_true")]
3413494080eSYong He pub offload_csum: bool,
3423494080eSYong He }
3433494080eSYong He
default_netconfig_true() -> bool3443494080eSYong He pub fn default_netconfig_true() -> bool {
3453494080eSYong He true
3467ad58457SRob Bradford }
3477ad58457SRob Bradford
default_netconfig_tap() -> Option<String>3487ad58457SRob Bradford pub fn default_netconfig_tap() -> Option<String> {
3497ad58457SRob Bradford None
3507ad58457SRob Bradford }
3517ad58457SRob Bradford
default_netconfig_ip() -> IpAddr352dce82a34SGregory Anders pub fn default_netconfig_ip() -> IpAddr {
353*f9c13447SMaximilian Güntner warn!("Deprecation warning: No IP address provided. A default IP address is assigned. This behavior will be deprecated soon.");
354dce82a34SGregory Anders IpAddr::V4(Ipv4Addr::new(192, 168, 249, 1))
3557ad58457SRob Bradford }
3567ad58457SRob Bradford
default_netconfig_mask() -> IpAddr357dce82a34SGregory Anders pub fn default_netconfig_mask() -> IpAddr {
358*f9c13447SMaximilian Güntner warn!("Deprecation warning: No network mask provided. A default network mask is assigned. This behavior will be deprecated soon.");
359dce82a34SGregory Anders IpAddr::V4(Ipv4Addr::new(255, 255, 255, 0))
3607ad58457SRob Bradford }
3617ad58457SRob Bradford
default_netconfig_mac() -> MacAddr3627ad58457SRob Bradford pub fn default_netconfig_mac() -> MacAddr {
3637ad58457SRob Bradford MacAddr::local_random()
3647ad58457SRob Bradford }
3657ad58457SRob Bradford
3667d8d27c1SRob Bradford pub const DEFAULT_NET_NUM_QUEUES: usize = 2;
3677d8d27c1SRob Bradford
default_netconfig_num_queues() -> usize3687ad58457SRob Bradford pub fn default_netconfig_num_queues() -> usize {
3697d8d27c1SRob Bradford DEFAULT_NET_NUM_QUEUES
3707ad58457SRob Bradford }
3717ad58457SRob Bradford
3727d8d27c1SRob Bradford pub const DEFAULT_NET_QUEUE_SIZE: u16 = 256;
3737d8d27c1SRob Bradford
default_netconfig_queue_size() -> u163747ad58457SRob Bradford pub fn default_netconfig_queue_size() -> u16 {
3757d8d27c1SRob Bradford DEFAULT_NET_QUEUE_SIZE
3767ad58457SRob Bradford }
3777ad58457SRob Bradford
serialize_netconfig_fds<S>(x: &Option<Vec<i32>>, s: S) -> Result<S::Ok, S::Error> where S: serde::Serializer,37811fa24cdSBo Chen fn serialize_netconfig_fds<S>(x: &Option<Vec<i32>>, s: S) -> Result<S::Ok, S::Error>
37911fa24cdSBo Chen where
38011fa24cdSBo Chen S: serde::Serializer,
38111fa24cdSBo Chen {
38211fa24cdSBo Chen if let Some(x) = x {
38311fa24cdSBo Chen warn!("'NetConfig' contains FDs that can't be serialized correctly. Serializing them as invalid FDs.");
38411fa24cdSBo Chen let invalid_fds = vec![-1; x.len()];
38511fa24cdSBo Chen s.serialize_some(&invalid_fds)
38611fa24cdSBo Chen } else {
38711fa24cdSBo Chen s.serialize_none()
38811fa24cdSBo Chen }
38911fa24cdSBo Chen }
39011fa24cdSBo Chen
deserialize_netconfig_fds<'de, D>(d: D) -> Result<Option<Vec<i32>>, D::Error> where D: serde::Deserializer<'de>,39111fa24cdSBo Chen fn deserialize_netconfig_fds<'de, D>(d: D) -> Result<Option<Vec<i32>>, D::Error>
39211fa24cdSBo Chen where
39311fa24cdSBo Chen D: serde::Deserializer<'de>,
39411fa24cdSBo Chen {
39511fa24cdSBo Chen let invalid_fds: Option<Vec<i32>> = Option::deserialize(d)?;
39611fa24cdSBo Chen if let Some(invalid_fds) = invalid_fds {
39711fa24cdSBo Chen warn!("'NetConfig' contains FDs that can't be deserialized correctly. Deserializing them as invalid FDs.");
39811fa24cdSBo Chen Ok(Some(vec![-1; invalid_fds.len()]))
39911fa24cdSBo Chen } else {
40011fa24cdSBo Chen Ok(None)
40111fa24cdSBo Chen }
40211fa24cdSBo Chen }
40311fa24cdSBo Chen
4047ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
4057ad58457SRob Bradford pub struct RngConfig {
4067ad58457SRob Bradford pub src: PathBuf,
4077ad58457SRob Bradford #[serde(default)]
4087ad58457SRob Bradford pub iommu: bool,
4097ad58457SRob Bradford }
4107ad58457SRob Bradford
411d692dfb8SRob Bradford pub const DEFAULT_RNG_SOURCE: &str = "/dev/urandom";
412d692dfb8SRob Bradford
413d692dfb8SRob Bradford impl Default for RngConfig {
default() -> Self414d692dfb8SRob Bradford fn default() -> Self {
415d692dfb8SRob Bradford RngConfig {
416d692dfb8SRob Bradford src: PathBuf::from(DEFAULT_RNG_SOURCE),
417d692dfb8SRob Bradford iommu: false,
418d692dfb8SRob Bradford }
419d692dfb8SRob Bradford }
420d692dfb8SRob Bradford }
421d692dfb8SRob Bradford
422d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for RngConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>423d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
424d2f0e8aeSPraveen K Paladugu // Rng Path only need read access
425d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(self.src.to_path_buf(), "r")?;
426d2f0e8aeSPraveen K Paladugu Ok(())
427d2f0e8aeSPraveen K Paladugu }
428d2f0e8aeSPraveen K Paladugu }
429d2f0e8aeSPraveen K Paladugu
4307ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
4317ad58457SRob Bradford pub struct BalloonConfig {
4327ad58457SRob Bradford pub size: u64,
4337ad58457SRob Bradford /// Option to deflate the balloon in case the guest is out of memory.
4347ad58457SRob Bradford #[serde(default)]
4357ad58457SRob Bradford pub deflate_on_oom: bool,
4367ad58457SRob Bradford /// Option to enable free page reporting from the guest.
4377ad58457SRob Bradford #[serde(default)]
4387ad58457SRob Bradford pub free_page_reporting: bool,
4397ad58457SRob Bradford }
4407ad58457SRob Bradford
4415f18ac3bSYuanchu Xie #[cfg(feature = "pvmemcontrol")]
4425f18ac3bSYuanchu Xie #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize, Default)]
4435f18ac3bSYuanchu Xie pub struct PvmemcontrolConfig {}
4445f18ac3bSYuanchu Xie
4457ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
4467ad58457SRob Bradford pub struct FsConfig {
4477ad58457SRob Bradford pub tag: String,
4487ad58457SRob Bradford pub socket: PathBuf,
4497ad58457SRob Bradford #[serde(default = "default_fsconfig_num_queues")]
4507ad58457SRob Bradford pub num_queues: usize,
4517ad58457SRob Bradford #[serde(default = "default_fsconfig_queue_size")]
4527ad58457SRob Bradford pub queue_size: u16,
4537ad58457SRob Bradford #[serde(default)]
4547ad58457SRob Bradford pub id: Option<String>,
4557ad58457SRob Bradford #[serde(default)]
4567ad58457SRob Bradford pub pci_segment: u16,
4577ad58457SRob Bradford }
4587ad58457SRob Bradford
default_fsconfig_num_queues() -> usize4597ad58457SRob Bradford pub fn default_fsconfig_num_queues() -> usize {
4607ad58457SRob Bradford 1
4617ad58457SRob Bradford }
4627ad58457SRob Bradford
default_fsconfig_queue_size() -> u164637ad58457SRob Bradford pub fn default_fsconfig_queue_size() -> u16 {
4647ad58457SRob Bradford 1024
4657ad58457SRob Bradford }
4667ad58457SRob Bradford
467d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for FsConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>468d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
469d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(self.socket.to_path_buf(), "rw")?;
470d2f0e8aeSPraveen K Paladugu Ok(())
471d2f0e8aeSPraveen K Paladugu }
472d2f0e8aeSPraveen K Paladugu }
473d2f0e8aeSPraveen K Paladugu
47476741961SAlyssa Ross #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
4757ad58457SRob Bradford pub struct PmemConfig {
4767ad58457SRob Bradford pub file: PathBuf,
4777ad58457SRob Bradford #[serde(default)]
4787ad58457SRob Bradford pub size: Option<u64>,
4797ad58457SRob Bradford #[serde(default)]
4807ad58457SRob Bradford pub iommu: bool,
4817ad58457SRob Bradford #[serde(default)]
4827ad58457SRob Bradford pub discard_writes: bool,
4837ad58457SRob Bradford #[serde(default)]
4847ad58457SRob Bradford pub id: Option<String>,
4857ad58457SRob Bradford #[serde(default)]
4867ad58457SRob Bradford pub pci_segment: u16,
4877ad58457SRob Bradford }
4887ad58457SRob Bradford
489d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for PmemConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>490d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
491a38b4c7fSAndrew Consroe let access = if self.discard_writes { "r" } else { "rw" };
492a38b4c7fSAndrew Consroe landlock.add_rule_with_access(self.file.to_path_buf(), access)?;
493d2f0e8aeSPraveen K Paladugu Ok(())
494d2f0e8aeSPraveen K Paladugu }
495d2f0e8aeSPraveen K Paladugu }
496d2f0e8aeSPraveen K Paladugu
4977ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
4987ad58457SRob Bradford pub enum ConsoleOutputMode {
4997ad58457SRob Bradford Off,
5007ad58457SRob Bradford Pty,
5017ad58457SRob Bradford Tty,
5027ad58457SRob Bradford File,
5036d1077fcSPraveen K Paladugu Socket,
5047ad58457SRob Bradford Null,
5057ad58457SRob Bradford }
5067ad58457SRob Bradford
5077ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
5087ad58457SRob Bradford pub struct ConsoleConfig {
5097ad58457SRob Bradford #[serde(default = "default_consoleconfig_file")]
5107ad58457SRob Bradford pub file: Option<PathBuf>,
5117ad58457SRob Bradford pub mode: ConsoleOutputMode,
5127ad58457SRob Bradford #[serde(default)]
5137ad58457SRob Bradford pub iommu: bool,
5146d1077fcSPraveen K Paladugu pub socket: Option<PathBuf>,
5157ad58457SRob Bradford }
5167ad58457SRob Bradford
default_consoleconfig_file() -> Option<PathBuf>5177ad58457SRob Bradford pub fn default_consoleconfig_file() -> Option<PathBuf> {
5187ad58457SRob Bradford None
5197ad58457SRob Bradford }
5207ad58457SRob Bradford
521d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for ConsoleConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>522d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
523d2f0e8aeSPraveen K Paladugu if let Some(file) = &self.file {
524d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(file.to_path_buf(), "rw")?;
525d2f0e8aeSPraveen K Paladugu }
526d2f0e8aeSPraveen K Paladugu if let Some(socket) = &self.socket {
527d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(socket.to_path_buf(), "rw")?;
528d2f0e8aeSPraveen K Paladugu }
529d2f0e8aeSPraveen K Paladugu Ok(())
530d2f0e8aeSPraveen K Paladugu }
531d2f0e8aeSPraveen K Paladugu }
532d2f0e8aeSPraveen K Paladugu
533e50a6411SPhilipp Schuster #[cfg(target_arch = "x86_64")]
534e50a6411SPhilipp Schuster #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
535e50a6411SPhilipp Schuster pub struct DebugConsoleConfig {
536e50a6411SPhilipp Schuster #[serde(default)]
537e50a6411SPhilipp Schuster pub file: Option<PathBuf>,
538e50a6411SPhilipp Schuster pub mode: ConsoleOutputMode,
539e50a6411SPhilipp Schuster /// Optionally dedicated I/O-port, if the default port should not be used.
540e50a6411SPhilipp Schuster pub iobase: Option<u16>,
541e50a6411SPhilipp Schuster }
542e50a6411SPhilipp Schuster
543e50a6411SPhilipp Schuster #[cfg(target_arch = "x86_64")]
544e50a6411SPhilipp Schuster impl Default for DebugConsoleConfig {
default() -> Self545e50a6411SPhilipp Schuster fn default() -> Self {
546e50a6411SPhilipp Schuster Self {
547e50a6411SPhilipp Schuster file: None,
548e50a6411SPhilipp Schuster mode: ConsoleOutputMode::Off,
549e50a6411SPhilipp Schuster iobase: Some(devices::debug_console::DEFAULT_PORT as u16),
550e50a6411SPhilipp Schuster }
551e50a6411SPhilipp Schuster }
552e50a6411SPhilipp Schuster }
553d2f0e8aeSPraveen K Paladugu #[cfg(target_arch = "x86_64")]
554d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for DebugConsoleConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>555d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
556d2f0e8aeSPraveen K Paladugu if let Some(file) = &self.file {
557d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(file.to_path_buf(), "rw")?;
558d2f0e8aeSPraveen K Paladugu }
559d2f0e8aeSPraveen K Paladugu Ok(())
560d2f0e8aeSPraveen K Paladugu }
561d2f0e8aeSPraveen K Paladugu }
562e50a6411SPhilipp Schuster
56376741961SAlyssa Ross #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
5647ad58457SRob Bradford pub struct DeviceConfig {
5657ad58457SRob Bradford pub path: PathBuf,
5667ad58457SRob Bradford #[serde(default)]
5677ad58457SRob Bradford pub iommu: bool,
5687ad58457SRob Bradford #[serde(default)]
5697ad58457SRob Bradford pub id: Option<String>,
5707ad58457SRob Bradford #[serde(default)]
5717ad58457SRob Bradford pub pci_segment: u16,
572b750c332SThomas Barrett #[serde(default)]
573b750c332SThomas Barrett pub x_nv_gpudirect_clique: Option<u8>,
5747ad58457SRob Bradford }
5757ad58457SRob Bradford
576d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for DeviceConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>577d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
578d2f0e8aeSPraveen K Paladugu let device_path = fs::read_link(self.path.as_path()).map_err(LandlockError::OpenPath)?;
579d2f0e8aeSPraveen K Paladugu let iommu_group = device_path.file_name();
580d2f0e8aeSPraveen K Paladugu let iommu_group_str = iommu_group
581d2f0e8aeSPraveen K Paladugu .ok_or(LandlockError::InvalidPath)?
582d2f0e8aeSPraveen K Paladugu .to_str()
583d2f0e8aeSPraveen K Paladugu .ok_or(LandlockError::InvalidPath)?;
584d2f0e8aeSPraveen K Paladugu
585d2f0e8aeSPraveen K Paladugu let vfio_group_path = "/dev/vfio/".to_owned() + iommu_group_str;
586d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(vfio_group_path.into(), "rw")?;
587d2f0e8aeSPraveen K Paladugu
588d2f0e8aeSPraveen K Paladugu Ok(())
589d2f0e8aeSPraveen K Paladugu }
590d2f0e8aeSPraveen K Paladugu }
591d2f0e8aeSPraveen K Paladugu
59276741961SAlyssa Ross #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
5937ad58457SRob Bradford pub struct UserDeviceConfig {
5947ad58457SRob Bradford pub socket: PathBuf,
5957ad58457SRob Bradford #[serde(default)]
5967ad58457SRob Bradford pub id: Option<String>,
5977ad58457SRob Bradford #[serde(default)]
5987ad58457SRob Bradford pub pci_segment: u16,
5997ad58457SRob Bradford }
6007ad58457SRob Bradford
601d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for UserDeviceConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>602d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
603d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(self.socket.to_path_buf(), "rw")?;
604d2f0e8aeSPraveen K Paladugu Ok(())
605d2f0e8aeSPraveen K Paladugu }
606d2f0e8aeSPraveen K Paladugu }
607d2f0e8aeSPraveen K Paladugu
60876741961SAlyssa Ross #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
6097ad58457SRob Bradford pub struct VdpaConfig {
6107ad58457SRob Bradford pub path: PathBuf,
6117ad58457SRob Bradford #[serde(default = "default_vdpaconfig_num_queues")]
6127ad58457SRob Bradford pub num_queues: usize,
6137ad58457SRob Bradford #[serde(default)]
6147ad58457SRob Bradford pub iommu: bool,
6157ad58457SRob Bradford #[serde(default)]
6167ad58457SRob Bradford pub id: Option<String>,
6177ad58457SRob Bradford #[serde(default)]
6187ad58457SRob Bradford pub pci_segment: u16,
6197ad58457SRob Bradford }
6207ad58457SRob Bradford
default_vdpaconfig_num_queues() -> usize6217ad58457SRob Bradford pub fn default_vdpaconfig_num_queues() -> usize {
6227ad58457SRob Bradford 1
6237ad58457SRob Bradford }
6247ad58457SRob Bradford
625d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for VdpaConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>626d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
627d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(self.path.to_path_buf(), "rw")?;
628d2f0e8aeSPraveen K Paladugu Ok(())
629d2f0e8aeSPraveen K Paladugu }
630d2f0e8aeSPraveen K Paladugu }
631d2f0e8aeSPraveen K Paladugu
63276741961SAlyssa Ross #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
6337ad58457SRob Bradford pub struct VsockConfig {
634451d3fb2SAlyssa Ross pub cid: u32,
6357ad58457SRob Bradford pub socket: PathBuf,
6367ad58457SRob Bradford #[serde(default)]
6377ad58457SRob Bradford pub iommu: bool,
6387ad58457SRob Bradford #[serde(default)]
6397ad58457SRob Bradford pub id: Option<String>,
6407ad58457SRob Bradford #[serde(default)]
6417ad58457SRob Bradford pub pci_segment: u16,
6427ad58457SRob Bradford }
6437ad58457SRob Bradford
644d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for VsockConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>645d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
646d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(self.socket.to_path_buf(), "rw")?;
647d2f0e8aeSPraveen K Paladugu Ok(())
648d2f0e8aeSPraveen K Paladugu }
649d2f0e8aeSPraveen K Paladugu }
650d2f0e8aeSPraveen K Paladugu
6517ad58457SRob Bradford #[cfg(target_arch = "x86_64")]
65276741961SAlyssa Ross #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
6537ad58457SRob Bradford pub struct SgxEpcConfig {
6547ad58457SRob Bradford pub id: String,
6557ad58457SRob Bradford #[serde(default)]
6567ad58457SRob Bradford pub size: u64,
6577ad58457SRob Bradford #[serde(default)]
6587ad58457SRob Bradford pub prefault: bool,
6597ad58457SRob Bradford }
6607ad58457SRob Bradford
66176741961SAlyssa Ross #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
6627ad58457SRob Bradford pub struct NumaDistance {
6637ad58457SRob Bradford #[serde(default)]
6647ad58457SRob Bradford pub destination: u32,
6657ad58457SRob Bradford #[serde(default)]
6667ad58457SRob Bradford pub distance: u8,
6677ad58457SRob Bradford }
6687ad58457SRob Bradford
66976741961SAlyssa Ross #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
6707ad58457SRob Bradford pub struct NumaConfig {
6717ad58457SRob Bradford #[serde(default)]
6727ad58457SRob Bradford pub guest_numa_id: u32,
6737ad58457SRob Bradford #[serde(default)]
6747ad58457SRob Bradford pub cpus: Option<Vec<u8>>,
6757ad58457SRob Bradford #[serde(default)]
6767ad58457SRob Bradford pub distances: Option<Vec<NumaDistance>>,
6777ad58457SRob Bradford #[serde(default)]
6787ad58457SRob Bradford pub memory_zones: Option<Vec<String>>,
6797ad58457SRob Bradford #[cfg(target_arch = "x86_64")]
6807ad58457SRob Bradford #[serde(default)]
6817ad58457SRob Bradford pub sgx_epc_sections: Option<Vec<String>>,
6823029fbeaSThomas Barrett #[serde(default)]
6833029fbeaSThomas Barrett pub pci_segments: Option<Vec<u16>>,
6847ad58457SRob Bradford }
6857ad58457SRob Bradford
68676741961SAlyssa Ross #[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
6877ad58457SRob Bradford pub struct PayloadConfig {
6887ad58457SRob Bradford #[serde(default)]
6897ad58457SRob Bradford pub firmware: Option<PathBuf>,
6907ad58457SRob Bradford #[serde(default)]
6917ad58457SRob Bradford pub kernel: Option<PathBuf>,
6927ad58457SRob Bradford #[serde(default)]
6937ad58457SRob Bradford pub cmdline: Option<String>,
6947ad58457SRob Bradford #[serde(default)]
6957ad58457SRob Bradford pub initramfs: Option<PathBuf>,
69613ef424bSMuminul Islam #[cfg(feature = "igvm")]
69713ef424bSMuminul Islam #[serde(default)]
69813ef424bSMuminul Islam pub igvm: Option<PathBuf>,
699aa6c486aSMuminul Islam #[cfg(feature = "sev_snp")]
700aa6c486aSMuminul Islam #[serde(default)]
701aa6c486aSMuminul Islam pub host_data: Option<String>,
7027ad58457SRob Bradford }
7037ad58457SRob Bradford
704d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for PayloadConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>705d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
706d2f0e8aeSPraveen K Paladugu // Payload only needs read access
707d2f0e8aeSPraveen K Paladugu if let Some(firmware) = &self.firmware {
708d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(firmware.to_path_buf(), "r")?;
709d2f0e8aeSPraveen K Paladugu }
710d2f0e8aeSPraveen K Paladugu
711d2f0e8aeSPraveen K Paladugu if let Some(kernel) = &self.kernel {
712d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(kernel.to_path_buf(), "r")?;
713d2f0e8aeSPraveen K Paladugu }
714d2f0e8aeSPraveen K Paladugu
715d2f0e8aeSPraveen K Paladugu if let Some(initramfs) = &self.initramfs {
716d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(initramfs.to_path_buf(), "r")?;
717d2f0e8aeSPraveen K Paladugu }
718d2f0e8aeSPraveen K Paladugu
719d2f0e8aeSPraveen K Paladugu #[cfg(feature = "igvm")]
720d2f0e8aeSPraveen K Paladugu if let Some(igvm) = &self.igvm {
721d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(igvm.to_path_buf(), "r")?;
722d2f0e8aeSPraveen K Paladugu }
723d2f0e8aeSPraveen K Paladugu
724d2f0e8aeSPraveen K Paladugu Ok(())
725d2f0e8aeSPraveen K Paladugu }
726d2f0e8aeSPraveen K Paladugu }
727d2f0e8aeSPraveen K Paladugu
default_serial() -> ConsoleConfig72829cf637fSBo Chen pub fn default_serial() -> ConsoleConfig {
72929cf637fSBo Chen ConsoleConfig {
73029cf637fSBo Chen file: None,
73129cf637fSBo Chen mode: ConsoleOutputMode::Null,
73229cf637fSBo Chen iommu: false,
7336d1077fcSPraveen K Paladugu socket: None,
73429cf637fSBo Chen }
73529cf637fSBo Chen }
73629cf637fSBo Chen
default_console() -> ConsoleConfig73729cf637fSBo Chen pub fn default_console() -> ConsoleConfig {
73829cf637fSBo Chen ConsoleConfig {
73929cf637fSBo Chen file: None,
74029cf637fSBo Chen mode: ConsoleOutputMode::Tty,
74129cf637fSBo Chen iommu: false,
7426d1077fcSPraveen K Paladugu socket: None,
74329cf637fSBo Chen }
74429cf637fSBo Chen }
74529cf637fSBo Chen
7467ad58457SRob Bradford #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
7477122e298SPraveen K Paladugu pub struct TpmConfig {
7487122e298SPraveen K Paladugu pub socket: PathBuf,
7497122e298SPraveen K Paladugu }
7507122e298SPraveen K Paladugu
751d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for TpmConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>752d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
753d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(self.socket.to_path_buf(), "rw")?;
754d2f0e8aeSPraveen K Paladugu Ok(())
755d2f0e8aeSPraveen K Paladugu }
756d2f0e8aeSPraveen K Paladugu }
757d2f0e8aeSPraveen K Paladugu
758d2f0e8aeSPraveen K Paladugu #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
759d2f0e8aeSPraveen K Paladugu pub struct LandlockConfig {
760d2f0e8aeSPraveen K Paladugu pub path: PathBuf,
761d2f0e8aeSPraveen K Paladugu pub access: String,
762d2f0e8aeSPraveen K Paladugu }
763d2f0e8aeSPraveen K Paladugu
764d2f0e8aeSPraveen K Paladugu impl ApplyLandlock for LandlockConfig {
apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()>765d2f0e8aeSPraveen K Paladugu fn apply_landlock(&self, landlock: &mut Landlock) -> LandlockResult<()> {
766d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access(self.path.to_path_buf(), self.access.clone().as_str())?;
767d2f0e8aeSPraveen K Paladugu Ok(())
768d2f0e8aeSPraveen K Paladugu }
769d2f0e8aeSPraveen K Paladugu }
770d2f0e8aeSPraveen K Paladugu
771e3d2917dSBo Chen #[derive(Debug, PartialEq, Eq, Deserialize, Serialize)]
7727ad58457SRob Bradford pub struct VmConfig {
7737ad58457SRob Bradford #[serde(default)]
7747ad58457SRob Bradford pub cpus: CpusConfig,
7757ad58457SRob Bradford #[serde(default)]
7767ad58457SRob Bradford pub memory: MemoryConfig,
7777ad58457SRob Bradford pub payload: Option<PayloadConfig>,
778c297d8d7SThomas Barrett pub rate_limit_groups: Option<Vec<RateLimiterGroupConfig>>,
7797ad58457SRob Bradford pub disks: Option<Vec<DiskConfig>>,
7807ad58457SRob Bradford pub net: Option<Vec<NetConfig>>,
7817ad58457SRob Bradford #[serde(default)]
7827ad58457SRob Bradford pub rng: RngConfig,
7837ad58457SRob Bradford pub balloon: Option<BalloonConfig>,
7847ad58457SRob Bradford pub fs: Option<Vec<FsConfig>>,
7857ad58457SRob Bradford pub pmem: Option<Vec<PmemConfig>>,
78629cf637fSBo Chen #[serde(default = "default_serial")]
7877ad58457SRob Bradford pub serial: ConsoleConfig,
78829cf637fSBo Chen #[serde(default = "default_console")]
7897ad58457SRob Bradford pub console: ConsoleConfig,
790e50a6411SPhilipp Schuster #[cfg(target_arch = "x86_64")]
791e50a6411SPhilipp Schuster #[serde(default)]
792e50a6411SPhilipp Schuster pub debug_console: DebugConsoleConfig,
7937ad58457SRob Bradford pub devices: Option<Vec<DeviceConfig>>,
7947ad58457SRob Bradford pub user_devices: Option<Vec<UserDeviceConfig>>,
7957ad58457SRob Bradford pub vdpa: Option<Vec<VdpaConfig>>,
7967ad58457SRob Bradford pub vsock: Option<VsockConfig>,
7975f18ac3bSYuanchu Xie #[cfg(feature = "pvmemcontrol")]
7985f18ac3bSYuanchu Xie #[serde(default)]
7995f18ac3bSYuanchu Xie pub pvmemcontrol: Option<PvmemcontrolConfig>,
8007ad58457SRob Bradford #[serde(default)]
801d99c0c0dSYi Wang pub pvpanic: bool,
802d99c0c0dSYi Wang #[serde(default)]
8037ad58457SRob Bradford pub iommu: bool,
8047ad58457SRob Bradford #[cfg(target_arch = "x86_64")]
8057ad58457SRob Bradford pub sgx_epc: Option<Vec<SgxEpcConfig>>,
8067ad58457SRob Bradford pub numa: Option<Vec<NumaConfig>>,
8077ad58457SRob Bradford #[serde(default)]
8087ad58457SRob Bradford pub watchdog: bool,
8097ad58457SRob Bradford #[cfg(feature = "guest_debug")]
810f346687eSAlyssa Ross #[serde(default)]
8117ad58457SRob Bradford pub gdb: bool,
812e7e856d8SThomas Barrett pub pci_segments: Option<Vec<PciSegmentConfig>>,
8137ad58457SRob Bradford pub platform: Option<PlatformConfig>,
8147122e298SPraveen K Paladugu pub tpm: Option<TpmConfig>,
8157bf0cc1eSPhilipp Schuster // Preserved FDs are the ones that share the same life-time as its holding
816a84b540bSBo Chen // VmConfig instance, such as FDs for creating TAP devices.
8177bf0cc1eSPhilipp Schuster // Preserved FDs will stay open as long as the holding VmConfig instance is
818a84b540bSBo Chen // valid, and will be closed when the holding VmConfig instance is destroyed.
819a84b540bSBo Chen #[serde(skip)]
820a84b540bSBo Chen pub preserved_fds: Option<Vec<i32>>,
821d2f0e8aeSPraveen K Paladugu #[serde(default)]
822d2f0e8aeSPraveen K Paladugu pub landlock_enable: bool,
823bd180bc3SPraveen K Paladugu pub landlock_rules: Option<Vec<LandlockConfig>>,
824d2f0e8aeSPraveen K Paladugu }
825d2f0e8aeSPraveen K Paladugu
826d2f0e8aeSPraveen K Paladugu impl VmConfig {
apply_landlock(&self) -> LandlockResult<()>827d2f0e8aeSPraveen K Paladugu pub(crate) fn apply_landlock(&self) -> LandlockResult<()> {
828d2f0e8aeSPraveen K Paladugu let mut landlock = Landlock::new()?;
829d2f0e8aeSPraveen K Paladugu
830d2f0e8aeSPraveen K Paladugu if let Some(mem_zones) = &self.memory.zones {
831d2f0e8aeSPraveen K Paladugu for zone in mem_zones.iter() {
832d2f0e8aeSPraveen K Paladugu zone.apply_landlock(&mut landlock)?;
833d2f0e8aeSPraveen K Paladugu }
834d2f0e8aeSPraveen K Paladugu }
835d2f0e8aeSPraveen K Paladugu
836d2f0e8aeSPraveen K Paladugu let disks = &self.disks;
837d2f0e8aeSPraveen K Paladugu if let Some(disks) = disks {
838d2f0e8aeSPraveen K Paladugu for disk in disks.iter() {
839d2f0e8aeSPraveen K Paladugu disk.apply_landlock(&mut landlock)?;
840d2f0e8aeSPraveen K Paladugu }
841d2f0e8aeSPraveen K Paladugu }
842d2f0e8aeSPraveen K Paladugu
843d2f0e8aeSPraveen K Paladugu self.rng.apply_landlock(&mut landlock)?;
844d2f0e8aeSPraveen K Paladugu
845d2f0e8aeSPraveen K Paladugu if let Some(fs_configs) = &self.fs {
846d2f0e8aeSPraveen K Paladugu for fs_config in fs_configs.iter() {
847d2f0e8aeSPraveen K Paladugu fs_config.apply_landlock(&mut landlock)?;
848d2f0e8aeSPraveen K Paladugu }
849d2f0e8aeSPraveen K Paladugu }
850d2f0e8aeSPraveen K Paladugu
851d2f0e8aeSPraveen K Paladugu if let Some(pmem_configs) = &self.pmem {
852d2f0e8aeSPraveen K Paladugu for pmem_config in pmem_configs.iter() {
853d2f0e8aeSPraveen K Paladugu pmem_config.apply_landlock(&mut landlock)?;
854d2f0e8aeSPraveen K Paladugu }
855d2f0e8aeSPraveen K Paladugu }
856d2f0e8aeSPraveen K Paladugu
857d2f0e8aeSPraveen K Paladugu self.console.apply_landlock(&mut landlock)?;
858d2f0e8aeSPraveen K Paladugu self.serial.apply_landlock(&mut landlock)?;
859d2f0e8aeSPraveen K Paladugu
860d2f0e8aeSPraveen K Paladugu #[cfg(target_arch = "x86_64")]
861d2f0e8aeSPraveen K Paladugu {
862d2f0e8aeSPraveen K Paladugu self.debug_console.apply_landlock(&mut landlock)?;
863d2f0e8aeSPraveen K Paladugu }
864d2f0e8aeSPraveen K Paladugu
865d2f0e8aeSPraveen K Paladugu if let Some(devices) = &self.devices {
866d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access("/dev/vfio/vfio".into(), "rw")?;
867d2f0e8aeSPraveen K Paladugu
868d2f0e8aeSPraveen K Paladugu for device in devices.iter() {
869d2f0e8aeSPraveen K Paladugu device.apply_landlock(&mut landlock)?;
870d2f0e8aeSPraveen K Paladugu }
871d2f0e8aeSPraveen K Paladugu }
872d2f0e8aeSPraveen K Paladugu
873d2f0e8aeSPraveen K Paladugu if let Some(user_devices) = &self.user_devices {
874d2f0e8aeSPraveen K Paladugu for user_devices in user_devices.iter() {
875d2f0e8aeSPraveen K Paladugu user_devices.apply_landlock(&mut landlock)?;
876d2f0e8aeSPraveen K Paladugu }
877d2f0e8aeSPraveen K Paladugu }
878d2f0e8aeSPraveen K Paladugu
879d2f0e8aeSPraveen K Paladugu if let Some(vdpa_configs) = &self.vdpa {
880d2f0e8aeSPraveen K Paladugu for vdpa_config in vdpa_configs.iter() {
881d2f0e8aeSPraveen K Paladugu vdpa_config.apply_landlock(&mut landlock)?;
882d2f0e8aeSPraveen K Paladugu }
883d2f0e8aeSPraveen K Paladugu }
884d2f0e8aeSPraveen K Paladugu
885d2f0e8aeSPraveen K Paladugu if let Some(vsock_config) = &self.vsock {
886d2f0e8aeSPraveen K Paladugu vsock_config.apply_landlock(&mut landlock)?;
887d2f0e8aeSPraveen K Paladugu }
888d2f0e8aeSPraveen K Paladugu
889d2f0e8aeSPraveen K Paladugu if let Some(payload) = &self.payload {
890d2f0e8aeSPraveen K Paladugu payload.apply_landlock(&mut landlock)?;
891d2f0e8aeSPraveen K Paladugu }
892d2f0e8aeSPraveen K Paladugu
893d2f0e8aeSPraveen K Paladugu if let Some(tpm_config) = &self.tpm {
894d2f0e8aeSPraveen K Paladugu tpm_config.apply_landlock(&mut landlock)?;
895d2f0e8aeSPraveen K Paladugu }
896d2f0e8aeSPraveen K Paladugu
897d2f0e8aeSPraveen K Paladugu if self.net.is_some() {
898d2f0e8aeSPraveen K Paladugu landlock.add_rule_with_access("/dev/net/tun".into(), "rw")?;
899d2f0e8aeSPraveen K Paladugu }
900d2f0e8aeSPraveen K Paladugu
901bd180bc3SPraveen K Paladugu if let Some(landlock_rules) = &self.landlock_rules {
902bd180bc3SPraveen K Paladugu for landlock_rule in landlock_rules.iter() {
903bd180bc3SPraveen K Paladugu landlock_rule.apply_landlock(&mut landlock)?;
904d2f0e8aeSPraveen K Paladugu }
905d2f0e8aeSPraveen K Paladugu }
906d2f0e8aeSPraveen K Paladugu
907d2f0e8aeSPraveen K Paladugu landlock.restrict_self()?;
908d2f0e8aeSPraveen K Paladugu
909d2f0e8aeSPraveen K Paladugu Ok(())
910d2f0e8aeSPraveen K Paladugu }
911b3e5738bSPraveen K Paladugu }
912