packages/stratovirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!52 [sync] PR-50: Update version to 2.1.0-4

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @imxcc 
Signed-off-by: @imxcc
This commit is contained in:
openeuler-ci-bot 2022-03-13 10:20:55 +00:00 committed by Gitee
commit 5e36df938e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
9 changed files with 2072 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
0016-docs-correct-the-command-for-booting-with-the-raw-im.patch Normal file
View File

@ -0,0 +1,64 @@
From f5435cecabd10dd8d7a97d9e0091e28b45e46957 Mon Sep 17 00:00:00 2001
From: zhouli57 <zhouli57@huawei.com>
Date: Mon, 7 Mar 2022 08:43:32 +0800
Subject: [PATCH 1/8] docs: correct the command for booting with the raw image
Signed-off-by: zhouli57 <zhouli57@huawei.com>
---
docs/boot.ch.md | 8 +++-----
docs/boot.md | 4 ++--
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/docs/boot.ch.md b/docs/boot.ch.md
index 31153a9..774e4a8 100644
--- a/docs/boot.ch.md
+++ b/docs/boot.ch.md
@@ -225,7 +225,7 @@ fi
-m 2G \
-append "console=${con} reboot=k panic=1 root=/dev/vda rw" \
-drive file=/path/to/rootfs,id=rootfs,readonly=off,direct=off \
- -device virtio-blk-device,drive=rootfs,id=rootfs \
+ -device virtio-blk-pci,drive=rootfs,id=blk1,bus=pcie.0,addr=0x2 \
-drive file=/path/to/OVMF_CODE.fd,if=pflash,unit=0,readonly=true \
-drive file=/path/to/OVMF_VARS.fd,if=pflash,unit=1 \
-qmp unix:/path/to/socket,server,nowait \
@@ -237,12 +237,10 @@ fi
```shell
/usr/bin/stratovirt \
-machine ${machine} \
- -kernel /path/to/kernel \
-smp 1 \
-m 2G \
- -append "console=${con} reboot=k panic=1 root=/dev/vda rw" \
- -drive file=/path/to/rootfs,id=rootfs,readonly=off,direct=off \
- -device virtio-blk-device,drive=rootfs \
+ -drive file=/path/to/raw_image,id=raw_image,readonly=off,direct=off \
+ -device virtio-blk-pci,drive=raw_image,id=blk1,bus=pcie.0,addr=0x2 \
-drive file=/path/to/OVMF_CODE.fd,if=pflash,unit=0,readonly=true \
-drive file=/path/to/OVMF_VARS.fd,if=pflash,unit=1 \
-qmp unix:/path/to/socket,server,nowait \
diff --git a/docs/boot.md b/docs/boot.md
index 64d75b4..66541fa 100644
--- a/docs/boot.md
+++ b/docs/boot.md
@@ -230,7 +230,7 @@ fi
-m 2G \
-append "console=${con} reboot=k panic=1 root=/dev/vda rw" \
-drive file=/path/to/rootfs,id=rootfs,readonly=off,direct=off \
- -device virtio-blk-device,drive=rootfs,id=rootfs \
+ -device virtio-blk-pci,drive=rootfs,id=blk1,bus=pcie.0,addr=0x2 \
-drive file=/path/to/OVMF_CODE.fd,if=pflash,unit=0,readonly=true \
-drive file=/path/to/OVMF_VARS.fd,if=pflash,unit=1 \
-qmp unix:/path/to/socket,server,nowait \
@@ -245,7 +245,7 @@ The command for booting with the raw image is as follows:
-smp 1 \
-m 2G \
-drive file=/path/to/raw_image,id=raw_image,readonly=off,direct=off \
- -device virtio-blk-device,drive=raw_image \
+ -device virtio-blk-pci,drive=raw_image,id=blk1,bus=pcie.0,addr=0x2 \
-drive file=/path/to/OVMF_CODE.fd,if=pflash,unit=0,readonly=true \
-drive file=/path/to/OVMF_VARS.fd,if=pflash,unit=1 \
-qmp unix:/path/to/socket,server,nowait \
--
2.20.1

112
0017-pci-no-need-to-delete-the-unmapped-region.patch Normal file
View File

@ -0,0 +1,112 @@
From cd3d687aeaee2d94a1b09895b14f87a3f232cb22 Mon Sep 17 00:00:00 2001
From: zhouli57 <zhouli57@huawei.com>
Date: Mon, 7 Mar 2022 20:51:56 +0800
Subject: [PATCH 2/8] pci: no need to delete the unmapped region
When we hot-plug a pci device but fail for some reason, for example,
hot-plug to an unsupported bus, at this point, the device has finished
registering the region, and we need to clean up the registered region.
Because the device has not been actually used, the address in the BAR
may not have been updated, so there may be an error in unregister_bars.
in fact, there is no need to delete the unmapped region.
Signed-off-by: zhouli57 <zhouli57@huawei.com>
---
pci/src/config.rs | 75 ++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 71 insertions(+), 4 deletions(-)
diff --git a/pci/src/config.rs b/pci/src/config.rs
index 88d7f03..c2b4c88 100644
--- a/pci/src/config.rs
+++ b/pci/src/config.rs
@@ -569,11 +569,12 @@ impl PciConfig {
pub fn unregister_bars(&mut self, bus: &Arc<Mutex<PciBus>>) -> Result<()> {
let locked_bus = bus.lock().unwrap();
for bar in self.bars.iter_mut() {
+ if bar.address == BAR_SPACE_UNMAPPED || bar.size == 0 {
+ continue;
+ }
match bar.region_type {
- RegionType::Io => {
- if bar.address == BAR_SPACE_UNMAPPED || bar.size == 0 {
- continue;
- }
+ RegionType::Io =>
+ {
#[cfg(target_arch = "x86_64")]
if let Some(region) = bar.region.as_ref() {
locked_bus
@@ -1102,4 +1103,70 @@ mod tests {
assert_eq!(size1, 0x10);
assert_eq!(size2, 0x40);
}
+
+ #[test]
+ fn test_unregister_bars() {
+ let read_ops = move |_data: &mut [u8], _addr: GuestAddress, _offset: u64| -> bool { true };
+ let write_ops = move |_data: &[u8], _addr: GuestAddress, _offset: u64| -> bool { true };
+ let region_ops = RegionOps {
+ read: Arc::new(read_ops),
+ write: Arc::new(write_ops),
+ };
+ let region = Region::init_io_region(2048, region_ops);
+ let mut pci_config = PciConfig::new(PCI_CONFIG_SPACE_SIZE, 3);
+
+ // bar is unmapped
+ #[cfg(target_arch = "x86_64")]
+ pci_config.register_bar(0, region.clone(), RegionType::Io, false, 2048);
+ pci_config.register_bar(1, region.clone(), RegionType::Mem32Bit, false, 2048);
+ pci_config.register_bar(2, region.clone(), RegionType::Mem64Bit, true, 2048);
+
+ #[cfg(target_arch = "x86_64")]
+ let io_region = Region::init_container_region(1 << 16);
+ let mem_region = Region::init_container_region(u64::max_value());
+ let bus = Arc::new(Mutex::new(PciBus::new(
+ String::from("bus"),
+ #[cfg(target_arch = "x86_64")]
+ io_region.clone(),
+ mem_region.clone(),
+ )));
+
+ assert!(pci_config.unregister_bars(&bus).is_ok());
+
+ // bar is mapped
+ #[cfg(target_arch = "x86_64")]
+ pci_config.register_bar(0, region.clone(), RegionType::Io, false, 2048);
+ pci_config.register_bar(1, region.clone(), RegionType::Mem32Bit, false, 2048);
+ pci_config.register_bar(2, region.clone(), RegionType::Mem64Bit, true, 2048);
+
+ #[cfg(target_arch = "x86_64")]
+ le_write_u32(
+ &mut pci_config.config,
+ BAR_0 as usize,
+ 2048 | BAR_IO_SPACE as u32,
+ )
+ .unwrap();
+ le_write_u32(&mut pci_config.config, BAR_0 as usize + REG_SIZE, 2048).unwrap();
+ le_write_u32(
+ &mut pci_config.config,
+ BAR_0 as usize + 2 * REG_SIZE,
+ 2048 | BAR_MEM_64BIT as u32 | BAR_PREFETCH as u32,
+ )
+ .unwrap();
+ le_write_u16(
+ &mut pci_config.config,
+ COMMAND as usize,
+ COMMAND_IO_SPACE | COMMAND_MEMORY_SPACE,
+ )
+ .unwrap();
+ pci_config
+ .update_bar_mapping(
+ #[cfg(target_arch = "x86_64")]
+ &io_region,
+ &mem_region,
+ )
+ .unwrap();
+
+ assert!(pci_config.unregister_bars(&bus).is_ok());
+ }
}
--
2.20.1

61
0018-arm-use-the-HighPcieEcam-region.patch Normal file
View File

@ -0,0 +1,61 @@
From afe05089a4284acef30a97fb88435fea46e29d8e Mon Sep 17 00:00:00 2001
From: zhouli57 <zhouli57@huawei.com>
Date: Fri, 11 Mar 2022 14:22:07 +0800
Subject: [PATCH 3/8] arm: use the HighPcieEcam region
We use 16MB ECAM region on arm, which only support 16 pcie buses, and
now we use the high ECAM region, which can support 256 pcie buses.
Signed-off-by: zhouli57 <zhouli57@huawei.com>
---
machine/src/standard_vm/aarch64/mod.rs | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/machine/src/standard_vm/aarch64/mod.rs b/machine/src/standard_vm/aarch64/mod.rs
index 1e6fc6c..ddf8a41 100644
--- a/machine/src/standard_vm/aarch64/mod.rs
+++ b/machine/src/standard_vm/aarch64/mod.rs
@@ -141,8 +141,8 @@ impl StdMachine {
sysbus,
pci_host: Arc::new(Mutex::new(PciHost::new(
&sys_mem,
- MEM_LAYOUT[LayoutEntryType::PcieEcam as usize],
- MEM_LAYOUT[LayoutEntryType::PcieMmio as usize],
+ MEM_LAYOUT[LayoutEntryType::HighPcieEcam as usize],
+ MEM_LAYOUT[LayoutEntryType::HighPcieMmio as usize],
))),
boot_source: Arc::new(Mutex::new(vm_config.clone().boot_source)),
vm_state: Arc::new((Mutex::new(KvmVmState::Created), Condvar::new())),
@@ -221,14 +221,14 @@ impl StdMachineOps for StdMachine {
let root_bus = Arc::downgrade(&self.pci_host.lock().unwrap().root_bus);
let mmconfig_region_ops = PciHost::build_mmconfig_ops(self.pci_host.clone());
let mmconfig_region = Region::init_io_region(
- MEM_LAYOUT[LayoutEntryType::PcieEcam as usize].1,
+ MEM_LAYOUT[LayoutEntryType::HighPcieEcam as usize].1,
mmconfig_region_ops,
);
self.sys_mem
.root()
.add_subregion(
mmconfig_region,
- MEM_LAYOUT[LayoutEntryType::PcieEcam as usize].0,
+ MEM_LAYOUT[LayoutEntryType::HighPcieEcam as usize].0,
)
.chain_err(|| "Failed to register ECAM in memory space.")?;
@@ -645,9 +645,9 @@ impl EventLoopManager for StdMachine {
//
// * `fdt` - Flatted device-tree blob where node will be filled into.
fn generate_pci_host_node(fdt: &mut FdtBuilder) -> util::errors::Result<()> {
- let pcie_ecam_base = MEM_LAYOUT[LayoutEntryType::PcieEcam as usize].0;
- let pcie_ecam_size = MEM_LAYOUT[LayoutEntryType::PcieEcam as usize].1;
- let pcie_buses_num = MEM_LAYOUT[LayoutEntryType::PcieEcam as usize].1 >> 20;
+ let pcie_ecam_base = MEM_LAYOUT[LayoutEntryType::HighPcieEcam as usize].0;
+ let pcie_ecam_size = MEM_LAYOUT[LayoutEntryType::HighPcieEcam as usize].1;
+ let pcie_buses_num = MEM_LAYOUT[LayoutEntryType::HighPcieEcam as usize].1 >> 20;
let node = format!("pcie@{:x}", pcie_ecam_base);
let pci_node_dep = fdt.begin_node(&node)?;
fdt.set_property_string("compatible", "pci-host-ecam-generic")?;
--
2.20.1

73
0019-vfio-fix-hot-plug-the-same-device-multiple-times-pro.patch Normal file
View File

@ -0,0 +1,73 @@
From 13e120e99398ece2ceab00f90d0087123309ea60 Mon Sep 17 00:00:00 2001
From: "Xinle.Guo" <guoxinle1@huawei.com>
Date: Fri, 11 Mar 2022 14:50:48 +0800
Subject: [PATCH 4/8] vfio: fix hot plug the same device multiple times problem
It will success to hot plug the same device after the second
time. But this is not what we expected. So, we check if the
device name is repeated before get VFIO device.
Signed-off-by: Xinle.Guo <guoxinle1@huawei.com>
---
vfio/src/vfio_dev.rs | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/vfio/src/vfio_dev.rs b/vfio/src/vfio_dev.rs
index 9607b71..198421c 100644
--- a/vfio/src/vfio_dev.rs
+++ b/vfio/src/vfio_dev.rs
@@ -464,6 +464,8 @@ pub struct VfioDevInfo {
pub struct VfioDevice {
/// File descriptor for a VFIO device instance.
pub fd: File,
+ /// Identify the unique VFIO device.
+ pub name: String,
/// Vfio group the device belongs to.
pub group: Weak<VfioGroup>,
/// Vfio container the device belongs to.
@@ -515,10 +517,12 @@ impl VfioDevice {
let group =
Self::vfio_get_group(&path, mem_as).chain_err(|| "Failed to get iommu group")?;
- let fd = Self::vfio_get_device(&group, &path).chain_err(|| "Failed to get vfio device")?;
+ let (name, fd) =
+ Self::vfio_get_device(&group, &path).chain_err(|| "Failed to get vfio device")?;
let dev_info = Self::get_dev_info(&fd).chain_err(|| "Failed to get device info")?;
let vfio_dev = Arc::new(Mutex::new(VfioDevice {
fd,
+ name,
group: Arc::downgrade(&group),
container: group.container.clone(),
dev_info,
@@ -569,11 +573,18 @@ impl VfioDevice {
Ok(group)
}
- fn vfio_get_device(group: &VfioGroup, name: &Path) -> Result<File> {
+ fn vfio_get_device(group: &VfioGroup, name: &Path) -> Result<(String, File)> {
let mut dev_name: &str = "";
if let Some(n) = name.file_name() {
dev_name = n.to_str().chain_err(|| "Invalid device path")?;
}
+
+ for device in group.devices.lock().unwrap().iter() {
+ if device.1.lock().unwrap().name == dev_name {
+ bail!("Device {} is already attached", dev_name);
+ }
+ }
+
let path: CString = CString::new(dev_name.as_bytes())
.chain_err(|| "Failed to convert device name to CString type of data")?;
let ptr = path.as_ptr();
@@ -589,7 +600,7 @@ impl VfioDevice {
// Safe as we have verified that fd is a valid FD.
let device = unsafe { File::from_raw_fd(fd) };
- Ok(device)
+ Ok((String::from(dev_name), device))
}
fn get_dev_info(device: &File) -> Result<VfioDevInfo> {
--
2.20.1

226
0020-machine-update-seccomp-rules.patch Normal file
View File

@ -0,0 +1,226 @@
From 639982129fb79cc8f175497cd5b091a6dfd3ec40 Mon Sep 17 00:00:00 2001
From: zhouli57 <zhouli57@huawei.com>
Date: Tue, 8 Mar 2022 15:42:13 +0800
Subject: [PATCH 5/8] machine: update seccomp rules
Fix the problem of snapshot failure caused by compiling with a new
version(1.57) of the compiler on openEuler 22.03 LTS.
Signed-off-by: zhouli57 <zhouli57@huawei.com>
---
machine/src/micro_vm/syscall.rs | 46 ++++++++++++++++----
machine/src/standard_vm/aarch64/syscall.rs | 33 +++++++++++----
machine/src/standard_vm/x86_64/syscall.rs | 49 +++++++++++++++++-----
3 files changed, 102 insertions(+), 26 deletions(-)
diff --git a/machine/src/micro_vm/syscall.rs b/machine/src/micro_vm/syscall.rs
index ff066a9..5e9c6d8 100644
--- a/machine/src/micro_vm/syscall.rs
+++ b/machine/src/micro_vm/syscall.rs
@@ -22,6 +22,7 @@ const FUTEX_CMP_REQUEUE: u32 = 4;
const FUTEX_WAKE_OP: u32 = 5;
const FUTEX_WAIT_BITSET: u32 = 9;
const FUTEX_PRIVATE_FLAG: u32 = 128;
+const FUTEX_CLOCK_REALTIME: u32 = 256;
const FUTEX_WAIT_PRIVATE: u32 = FUTEX_WAIT | FUTEX_PRIVATE_FLAG;
const FUTEX_WAKE_PRIVATE: u32 = FUTEX_WAKE | FUTEX_PRIVATE_FLAG;
const FUTEX_CMP_REQUEUE_PRIVATE: u32 = FUTEX_CMP_REQUEUE | FUTEX_PRIVATE_FLAG;
@@ -88,12 +89,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_munmap),
BpfRule::new(libc::SYS_accept4),
BpfRule::new(libc::SYS_lseek),
- BpfRule::new(libc::SYS_futex)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE),
+ futex_rule(),
BpfRule::new(libc::SYS_exit),
BpfRule::new(libc::SYS_exit_group),
BpfRule::new(libc::SYS_rt_sigreturn),
@@ -121,9 +117,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_mkdir),
#[cfg(target_arch = "aarch64")]
BpfRule::new(libc::SYS_mkdirat),
- BpfRule::new(libc::SYS_madvise)
- .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32)
- .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32),
+ madvise_rule(),
]
}
@@ -181,3 +175,37 @@ fn ioctl_arch_allow_list(bpf_rule: BpfRule) -> BpfRule {
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_DEVICE_ATTR() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_REG_LIST() as u32)
}
+
+fn madvise_rule() -> BpfRule {
+ #[cfg(all(target_env = "musl", target_arch = "x86_64"))]
+ return BpfRule::new(libc::SYS_madvise)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_FREE as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32);
+ #[cfg(not(all(target_env = "musl", target_arch = "x86_64")))]
+ return BpfRule::new(libc::SYS_madvise)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32);
+}
+
+fn futex_rule() -> BpfRule {
+ #[cfg(target_env = "musl")]
+ return BpfRule::new(libc::SYS_futex)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE);
+ #[cfg(target_env = "gnu")]
+ return BpfRule::new(libc::SYS_futex)
+ .add_constraint(
+ SeccompCmpOpt::Eq,
+ 1,
+ FUTEX_WAIT_BITSET_PRIVATE | FUTEX_CLOCK_REALTIME,
+ )
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE);
+}
diff --git a/machine/src/standard_vm/aarch64/syscall.rs b/machine/src/standard_vm/aarch64/syscall.rs
index e8ecdd5..ed3140e 100644
--- a/machine/src/standard_vm/aarch64/syscall.rs
+++ b/machine/src/standard_vm/aarch64/syscall.rs
@@ -28,6 +28,7 @@ const FUTEX_CMP_REQUEUE: u32 = 4;
const FUTEX_WAKE_OP: u32 = 5;
const FUTEX_WAIT_BITSET: u32 = 9;
const FUTEX_PRIVATE_FLAG: u32 = 128;
+const FUTEX_CLOCK_REALTIME: u32 = 256;
const FUTEX_WAIT_PRIVATE: u32 = FUTEX_WAIT | FUTEX_PRIVATE_FLAG;
const FUTEX_WAKE_PRIVATE: u32 = FUTEX_WAKE | FUTEX_PRIVATE_FLAG;
const FUTEX_CMP_REQUEUE_PRIVATE: u32 = FUTEX_CMP_REQUEUE | FUTEX_PRIVATE_FLAG;
@@ -91,13 +92,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_munmap),
BpfRule::new(libc::SYS_accept4),
BpfRule::new(libc::SYS_lseek),
- BpfRule::new(libc::SYS_futex)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE),
+ futex_rule(),
BpfRule::new(libc::SYS_exit),
BpfRule::new(libc::SYS_exit_group),
BpfRule::new(libc::SYS_rt_sigreturn),
@@ -189,3 +184,27 @@ fn madvise_rule() -> BpfRule {
.add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32)
.add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTDUMP as u32);
}
+
+fn futex_rule() -> BpfRule {
+ #[cfg(target_env = "musl")]
+ return BpfRule::new(libc::SYS_futex)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE);
+ #[cfg(target_env = "gnu")]
+ return BpfRule::new(libc::SYS_futex)
+ .add_constraint(
+ SeccompCmpOpt::Eq,
+ 1,
+ FUTEX_WAIT_BITSET_PRIVATE | FUTEX_CLOCK_REALTIME,
+ )
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE);
+}
diff --git a/machine/src/standard_vm/x86_64/syscall.rs b/machine/src/standard_vm/x86_64/syscall.rs
index f39170a..6f8e10d 100644
--- a/machine/src/standard_vm/x86_64/syscall.rs
+++ b/machine/src/standard_vm/x86_64/syscall.rs
@@ -28,6 +28,7 @@ const FUTEX_CMP_REQUEUE: u32 = 4;
const FUTEX_WAKE_OP: u32 = 5;
const FUTEX_WAIT_BITSET: u32 = 9;
const FUTEX_PRIVATE_FLAG: u32 = 128;
+const FUTEX_CLOCK_REALTIME: u32 = 256;
const FUTEX_WAIT_PRIVATE: u32 = FUTEX_WAIT | FUTEX_PRIVATE_FLAG;
const FUTEX_WAKE_PRIVATE: u32 = FUTEX_WAKE | FUTEX_PRIVATE_FLAG;
const FUTEX_CMP_REQUEUE_PRIVATE: u32 = FUTEX_CMP_REQUEUE | FUTEX_PRIVATE_FLAG;
@@ -94,12 +95,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_munmap),
BpfRule::new(libc::SYS_accept4),
BpfRule::new(libc::SYS_lseek),
- BpfRule::new(libc::SYS_futex)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
- .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE),
+ futex_rule(),
BpfRule::new(libc::SYS_exit),
BpfRule::new(libc::SYS_exit_group),
BpfRule::new(libc::SYS_rt_sigreturn),
@@ -118,10 +114,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
BpfRule::new(libc::SYS_statx),
BpfRule::new(libc::SYS_mkdir),
BpfRule::new(libc::SYS_unlink),
- BpfRule::new(libc::SYS_madvise)
- .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32)
- .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32)
- .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTDUMP as u32),
+ madvise_rule(),
BpfRule::new(libc::SYS_msync),
BpfRule::new(libc::SYS_readlinkat),
#[cfg(target_env = "musl")]
@@ -202,3 +195,39 @@ fn ioctl_allow_list() -> BpfRule {
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MSRS() as u32)
.add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
}
+
+fn madvise_rule() -> BpfRule {
+ #[cfg(target_env = "musl")]
+ return BpfRule::new(libc::SYS_madvise)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_FREE as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTDUMP as u32);
+ #[cfg(target_env = "gnu")]
+ return BpfRule::new(libc::SYS_madvise)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32)
+ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTDUMP as u32);
+}
+
+fn futex_rule() -> BpfRule {
+ #[cfg(target_env = "musl")]
+ return BpfRule::new(libc::SYS_futex)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE);
+ #[cfg(target_env = "gnu")]
+ return BpfRule::new(libc::SYS_futex)
+ .add_constraint(
+ SeccompCmpOpt::Eq,
+ 1,
+ FUTEX_WAIT_BITSET_PRIVATE | FUTEX_CLOCK_REALTIME,
+ )
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_CMP_REQUEUE_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAKE_OP_PRIVATE)
+ .add_constraint(SeccompCmpOpt::Eq, 1, FUTEX_WAIT_BITSET_PRIVATE);
+}
--
2.20.1

57
0021-console-fix-the-bug-of-delete-park-fd.patch Normal file
View File

@ -0,0 +1,57 @@
From 0dbad5e4ba71f344767fee9d7180495d8cb26a84 Mon Sep 17 00:00:00 2001
From: Jiajie Li <lijiajie11@huawei.com>
Date: Fri, 11 Mar 2022 21:24:16 +0800
Subject: [PATCH 6/8] console: fix the bug of delete park fd
Console device need two fd: listen_fd and stream_fd. Only one of
them can be valid in event loop. When stream_fd is valid, it will
park stream fd. At this time, send the reboot command through the
console device, deactivate function will delete both of these fds.
But the sequence is importent. If you delete listen_fd first, then
deleting stream_fd will try to delete the listen_fd which is it's
park fd. It will get an error: NoParkedFd.
Fix it by delete delete stream_fd first.
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
---
virtio/src/console.rs | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/virtio/src/console.rs b/virtio/src/console.rs
index 48d3838..1192d28 100644
--- a/virtio/src/console.rs
+++ b/virtio/src/console.rs
@@ -234,14 +234,6 @@ impl ConsoleHandler {
}
}
ChardevType::Socket(_) => {
- let listener_fd = locked_chardev.listener.as_ref().unwrap().as_raw_fd();
- notifiers.push(EventNotifier::new(
- NotifierOperation::Delete,
- listener_fd,
- None,
- EventSet::IN,
- Vec::new(),
- ));
if let Some(stream_fd) = locked_chardev.stream_fd {
notifiers.push(EventNotifier::new(
NotifierOperation::Delete,
@@ -251,6 +243,14 @@ impl ConsoleHandler {
Vec::new(),
));
}
+ let listener_fd = locked_chardev.listener.as_ref().unwrap().as_raw_fd();
+ notifiers.push(EventNotifier::new(
+ NotifierOperation::Delete,
+ listener_fd,
+ None,
+ EventSet::IN,
+ Vec::new(),
+ ));
}
_ => (),
}
--
2.20.1

26
0022-docs-add-the-description-of-hot-plug-of-PCI-devices.patch Normal file
View File

@ -0,0 +1,26 @@
From 00927b92ea59d61ac757f942c0b88a9413ab1105 Mon Sep 17 00:00:00 2001
From: zhouli57 <zhouli57@huawei.com>
Date: Sat, 12 Mar 2022 09:05:03 +0800
Subject: [PATCH 7/8] docs: add the description of hot plug of PCI devices
Signed-off-by: zhouli57 <zhouli57@huawei.com>
---
docs/qmp.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docs/qmp.md b/docs/qmp.md
index be933fa..ceee6fd 100644
--- a/docs/qmp.md
+++ b/docs/qmp.md
@@ -166,6 +166,8 @@ Add a device.
* Guest kernel config: CONFIG_HOTPLUG_PCI_PCIE=y
+* You are not advised to hot plug/unplug devices during VM startup, shutdown or suspension, or when the VM is under high pressure. In this case, the driver in the VM may not respond to requests, causing VM exceptions.
+
#### Example
```json
--
2.20.1

1439
0023-Modify-cargo-cllippy-warning-when-compiling-cargo-cl.patch Normal file
View File

File diff suppressed because it is too large Load Diff

15
stratovirt.spec
View File

@ -6,7 +6,7 @@
Name: stratovirt Name: stratovirt
Version: 2.1.0 Version: 2.1.0
Release: 3 Release: 4
Summary: StratoVirt is an opensource VMM(Virtual Machine Manager) which aims to perform next generation virtualization. Summary: StratoVirt is an opensource VMM(Virtual Machine Manager) which aims to perform next generation virtualization.
License: Mulan PSL v2 License: Mulan PSL v2
@ -28,6 +28,14 @@ Patch012: 0012-net-fix-the-bug-when-tap-is-abnormally-removed.patch
Patch013: 0013-docs-boot-update-detailed-usage-for-standard-boot.patch Patch013: 0013-docs-boot-update-detailed-usage-for-standard-boot.patch
Patch014: 0014-virtio-queue-fix-error-access-queue-s-host-virtual-a.patch Patch014: 0014-virtio-queue-fix-error-access-queue-s-host-virtual-a.patch
Patch015: 0015-vfio-doc-create-a-new-document-for-using-vfio.patch Patch015: 0015-vfio-doc-create-a-new-document-for-using-vfio.patch
Patch016: 0016-docs-correct-the-command-for-booting-with-the-raw-im.patch
Patch017: 0017-pci-no-need-to-delete-the-unmapped-region.patch
Patch018: 0018-arm-use-the-HighPcieEcam-region.patch
Patch019: 0019-vfio-fix-hot-plug-the-same-device-multiple-times-pro.patch
Patch020: 0020-machine-update-seccomp-rules.patch
Patch021: 0021-console-fix-the-bug-of-delete-park-fd.patch
Patch022: 0022-docs-add-the-description-of-hot-plug-of-PCI-devices.patch
Patch023: 0023-Modify-cargo-cllippy-warning-when-compiling-cargo-cl.patch
ExclusiveArch: x86_64 aarch64 ExclusiveArch: x86_64 aarch64
@ -82,6 +90,11 @@ chmod 555 ${RPM_BUILD_ROOT}/usr/bin/stratovirt
chmod 555 ${RPM_BUILD_ROOT}/usr/bin/ozone chmod 555 ${RPM_BUILD_ROOT}/usr/bin/ozone
%changelog %changelog
* Sun Mar 13 2022 Jie Yang <yangjieyj.yang@huawei.com> - 2.1.0-4
- Some bug fixes.
- Eliminate build warnings and clippy errors with Rust 1.57.0.
- Update docs.
* Fri Mar 01 2022 Jie Yang <yangjieyj.yang@huawei.com> - 2.1.0-3 * Fri Mar 01 2022 Jie Yang <yangjieyj.yang@huawei.com> - 2.1.0-3
- Fix memory snapshot failure with hotplugged devices. - Fix memory snapshot failure with hotplugged devices.
- Fix address translation for virtio devices. - Fix address translation for virtio devices.