!129 sync patch

From: @JiaboFeng 
Reviewed-by: @imxcc 
Signed-off-by: @imxcc

0001-Micro-fix-the-ioctl-allow-for-aarch64.patch

@@ -0,0 +1,44 @@
+diff --git a/machine/src/aarch64/micro.rs b/machine/src/aarch64/micro.rs
+index d7e1b1d..42e9171 100644
+--- a/machine/src/aarch64/micro.rs
++++ b/machine/src/aarch64/micro.rs
+@@ -235,6 +235,7 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_ONE_REG() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_DEVICE_ATTR() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_REG_LIST() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_ONE_REG() as u32)
+ }
+ 
+ pub(crate) fn arch_syscall_whitelist() -> Vec<BpfRule> {
+diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs
+index fe03164..6ae9a56 100644
+--- a/machine/src/micro_common/syscall.rs
++++ b/machine/src/micro_common/syscall.rs
+@@ -86,6 +86,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
+         BpfRule::new(libc::SYS_accept4),
+         BpfRule::new(libc::SYS_lseek),
+         futex_rule(),
++        BpfRule::new(libc::SYS_clone),
+         BpfRule::new(libc::SYS_exit),
+         BpfRule::new(libc::SYS_exit_group),
+         BpfRule::new(libc::SYS_rt_sigreturn),
+@@ -158,6 +159,7 @@ fn ioctl_allow_list() -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_API_VERSION() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);
+     arch_ioctl_allow_list(bpf_rule)
+ }
+diff --git a/machine/src/x86_64/micro.rs b/machine/src/x86_64/micro.rs
+index d8fb92e..7b4e08e 100644
+--- a/machine/src/x86_64/micro.rs
++++ b/machine/src/x86_64/micro.rs
+@@ -238,7 +238,6 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_LAPIC() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MSRS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MSRS() as u32)
+-        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CPUID2() as u32)
+ }
+ 

0002-snapshot-bugfix-VM-run-failed-from-memory-snapshot.patch

@@ -0,0 +1,302 @@
+From 3a5ef152b5e803998e6ec5a1e7172c01fcce8bcf Mon Sep 17 00:00:00 2001
+From: l00484210 <l00484210@notesmail.huawei.com/>
+Date: Wed, 11 Dec 2024 20:23:47 +0800
+Subject: [PATCH] snapshot: bugfix VM run failed from memory snapshot
+
+The kernel does not need to be loaded for snapshot restoration.
+
+Signed-off-by: Mingwang Li <limingwang@huawei.com>
+---
+ cpu/src/lib.rs                     | 22 ++++++++-------
+ cpu/src/x86_64/mod.rs              |  2 +-
+ devices/src/acpi/cpu_controller.rs |  4 +--
+ machine/src/aarch64/micro.rs       | 40 +++++++++++++++------------
+ machine/src/aarch64/standard.rs    | 44 ++++++++++++++++++------------
+ machine/src/lib.rs                 |  2 +-
+ machine/src/x86_64/micro.rs        |  9 ++++--
+ machine/src/x86_64/standard.rs     | 13 +++++++--
+ 8 files changed, 83 insertions(+), 53 deletions(-)
+
+diff --git a/cpu/src/lib.rs b/cpu/src/lib.rs
+index 7a11629..7698132 100644
+--- a/cpu/src/lib.rs
++++ b/cpu/src/lib.rs
+@@ -118,7 +118,7 @@ pub trait CPUInterface {
+     /// Realize `CPU` structure, set registers value for `CPU`.
+     fn realize(
+         &self,
+-        boot: &CPUBootConfig,
++        boot: &Option<CPUBootConfig>,
+         topology: &CPUTopology,
+         #[cfg(target_arch = "aarch64")] features: &CPUFeatures,
+     ) -> Result<()>;
+@@ -310,7 +310,7 @@ impl CPU {
+ impl CPUInterface for CPU {
+     fn realize(
+         &self,
+-        boot: &CPUBootConfig,
++        boot: &Option<CPUBootConfig>,
+         topology: &CPUTopology,
+         #[cfg(target_arch = "aarch64")] config: &CPUFeatures,
+     ) -> Result<()> {
+@@ -323,14 +323,16 @@ impl CPUInterface for CPU {
+             ))));
+         }
+
+-        self.hypervisor_cpu
+-            .set_boot_config(
+-                self.arch_cpu.clone(),
+-                boot,
+-                #[cfg(target_arch = "aarch64")]
+-                config,
+-            )
+-            .with_context(|| "Failed to realize arch cpu")?;
++        if let Some(boot) = boot {
++            self.hypervisor_cpu
++                .set_boot_config(
++                    self.arch_cpu.clone(),
++                    boot,
++                    #[cfg(target_arch = "aarch64")]
++                    config,
++                )
++                .with_context(|| "Failed to realize arch cpu")?;
++        }
+
+         self.arch_cpu
+             .lock()
+diff --git a/cpu/src/x86_64/mod.rs b/cpu/src/x86_64/mod.rs
+index 0a8ad16..acb6fb2 100644
+--- a/cpu/src/x86_64/mod.rs
++++ b/cpu/src/x86_64/mod.rs
+@@ -75,7 +75,7 @@ pub enum X86RegsIndex {
+
+ /// X86 CPU booting configure information
+ #[allow(clippy::upper_case_acronyms)]
+-#[derive(Default, Clone, Debug)]
++#[derive(Default, Clone, Debug, Copy)]
+ pub struct X86CPUBootConfig {
+     pub prot64_mode: bool,
+     /// Register %rip value
+diff --git a/devices/src/acpi/cpu_controller.rs b/devices/src/acpi/cpu_controller.rs
+index 1259e8d..73f2601 100644
+--- a/devices/src/acpi/cpu_controller.rs
++++ b/devices/src/acpi/cpu_controller.rs
+@@ -157,8 +157,8 @@ impl CpuController {
+         None
+     }
+
+-    pub fn get_boot_config(&self) -> &CPUBootConfig {
+-        &self.cpu_config.as_ref().unwrap().boot_config
++    pub fn get_boot_config(&self) -> CPUBootConfig {
++        self.cpu_config.as_ref().unwrap().boot_config
+     }
+
+     pub fn get_hotplug_cpu_info(&self) -> (String, u8) {
+diff --git a/machine/src/aarch64/micro.rs b/machine/src/aarch64/micro.rs
+index 42e9171..3e7cf38 100644
+--- a/machine/src/aarch64/micro.rs
++++ b/machine/src/aarch64/micro.rs
+@@ -20,7 +20,7 @@ use address_space::{AddressSpace, GuestAddress, Region};
+ use cpu::CPUTopology;
+ use devices::{legacy::PL031, ICGICConfig, ICGICv2Config, ICGICv3Config, GIC_IRQ_MAX};
+ use hypervisor::kvm::aarch64::*;
+-use machine_manager::config::{SerialConfig, VmConfig};
++use machine_manager::config::{MigrateMode, SerialConfig, VmConfig};
+ use migration::{MigrationManager, MigrationStatus};
+ use util::{
+     device_tree::{self, CompileFDT, FdtBuilder},
+@@ -160,8 +160,12 @@ impl MachineOps for LightMachine {
+             vm_config.machine_config.nr_cpus,
+         )?;
+
+-        let boot_config =
+-            locked_vm.load_boot_source(None, MEM_LAYOUT[LayoutEntryType::Mem as usize].0)?;
++        let migrate_info = locked_vm.get_migrate_info();
++        let boot_config = if migrate_info.0 == MigrateMode::Unknown {
++            Some(locked_vm.load_boot_source(None, MEM_LAYOUT[LayoutEntryType::Mem as usize].0)?)
++        } else {
++            None
++        };
+         let cpu_config = locked_vm.load_cpu_features(vm_config)?;
+
+         let hypervisor = locked_vm.base.hypervisor.clone();
+@@ -186,20 +190,22 @@ impl MachineOps for LightMachine {
+         locked_vm.add_devices(vm_config)?;
+         trace::replaceable_info(&locked_vm.replaceable_info);
+
+-        let mut fdt_helper = FdtBuilder::new();
+-        locked_vm
+-            .generate_fdt_node(&mut fdt_helper)
+-            .with_context(|| MachineError::GenFdtErr)?;
+-        let fdt_vec = fdt_helper.finish()?;
+-        locked_vm
+-            .base
+-            .sys_mem
+-            .write(
+-                &mut fdt_vec.as_slice(),
+-                GuestAddress(boot_config.fdt_addr),
+-                fdt_vec.len() as u64,
+-            )
+-            .with_context(|| MachineError::WrtFdtErr(boot_config.fdt_addr, fdt_vec.len()))?;
++        if let Some(boot_cfg) = boot_config {
++            let mut fdt_helper = FdtBuilder::new();
++            locked_vm
++                .generate_fdt_node(&mut fdt_helper)
++                .with_context(|| MachineError::GenFdtErr)?;
++            let fdt_vec = fdt_helper.finish()?;
++            locked_vm
++                .base
++                .sys_mem
++                .write(
++                    &mut fdt_vec.as_slice(),
++                    GuestAddress(boot_cfg.fdt_addr),
++                    fdt_vec.len() as u64,
++                )
++                .with_context(|| MachineError::WrtFdtErr(boot_cfg.fdt_addr, fdt_vec.len()))?;
++        }
+
+         MigrationManager::register_vm_instance(vm.clone());
+         MigrationManager::register_migration_instance(locked_vm.base.migration_hypervisor.clone());
+diff --git a/machine/src/aarch64/standard.rs b/machine/src/aarch64/standard.rs
+index 8544a2b..416298a 100644
+--- a/machine/src/aarch64/standard.rs
++++ b/machine/src/aarch64/standard.rs
+@@ -606,8 +606,16 @@ impl MachineOps for StdMachine {
+             .with_context(|| MachineError::InitPCIeHostErr)?;
+         let fwcfg = locked_vm.add_fwcfg_device(nr_cpus)?;
+
+-        let boot_config = locked_vm
+-            .load_boot_source(fwcfg.as_ref(), MEM_LAYOUT[LayoutEntryType::Mem as usize].0)?;
++        let migrate = locked_vm.get_migrate_info();
++        let boot_config =
++            if migrate.0 == MigrateMode::Unknown {
++                Some(locked_vm.load_boot_source(
++                    fwcfg.as_ref(),
++                    MEM_LAYOUT[LayoutEntryType::Mem as usize].0,
++                )?)
++            } else {
++                None
++            };
+         let cpu_config = locked_vm.load_cpu_features(vm_config)?;
+
+         let hypervisor = locked_vm.base.hypervisor.clone();
+@@ -632,21 +640,23 @@ impl MachineOps for StdMachine {
+             .add_devices(vm_config)
+             .with_context(|| "Failed to add devices")?;
+
+-        let mut fdt_helper = FdtBuilder::new();
+-        locked_vm
+-            .generate_fdt_node(&mut fdt_helper)
+-            .with_context(|| MachineError::GenFdtErr)?;
+-        let fdt_vec = fdt_helper.finish()?;
+-        locked_vm.dtb_vec = fdt_vec.clone();
+-        locked_vm
+-            .base
+-            .sys_mem
+-            .write(
+-                &mut fdt_vec.as_slice(),
+-                GuestAddress(boot_config.fdt_addr),
+-                fdt_vec.len() as u64,
+-            )
+-            .with_context(|| MachineError::WrtFdtErr(boot_config.fdt_addr, fdt_vec.len()))?;
++        if let Some(boot_cfg) = boot_config {
++            let mut fdt_helper = FdtBuilder::new();
++            locked_vm
++                .generate_fdt_node(&mut fdt_helper)
++                .with_context(|| MachineError::GenFdtErr)?;
++            let fdt_vec = fdt_helper.finish()?;
++            locked_vm.dtb_vec = fdt_vec.clone();
++            locked_vm
++                .base
++                .sys_mem
++                .write(
++                    &mut fdt_vec.as_slice(),
++                    GuestAddress(boot_cfg.fdt_addr),
++                    fdt_vec.len() as u64,
++                )
++                .with_context(|| MachineError::WrtFdtErr(boot_cfg.fdt_addr, fdt_vec.len()))?;
++        }
+
+         // If it is direct kernel boot mode, the ACPI can not be enabled.
+         if let Some(fw_cfg) = fwcfg {
+diff --git a/machine/src/lib.rs b/machine/src/lib.rs
+index 6c13c03..c1c0c22 100644
+--- a/machine/src/lib.rs
++++ b/machine/src/lib.rs
+@@ -465,7 +465,7 @@ pub trait MachineOps {
+         nr_cpus: u8,
+         #[cfg(target_arch = "x86_64")] max_cpus: u8,
+         topology: &CPUTopology,
+-        boot_cfg: &CPUBootConfig,
++        boot_cfg: &Option<CPUBootConfig>,
+         #[cfg(target_arch = "aarch64")] vcpu_cfg: &CPUFeatures,
+     ) -> Result<Vec<Arc<CPU>>>
+     where
+diff --git a/machine/src/x86_64/micro.rs b/machine/src/x86_64/micro.rs
+index 7b4e08e..77ea440 100644
+--- a/machine/src/x86_64/micro.rs
++++ b/machine/src/x86_64/micro.rs
+@@ -22,7 +22,7 @@ use cpu::{CPUBootConfig, CPUTopology};
+ use devices::legacy::FwCfgOps;
+ use hypervisor::kvm::x86_64::*;
+ use hypervisor::kvm::*;
+-use machine_manager::config::{SerialConfig, VmConfig};
++use machine_manager::config::{MigrateMode, SerialConfig, VmConfig};
+ use migration::{MigrationManager, MigrationStatus};
+ use util::seccomp::{BpfRule, SeccompCmpOpt};
+ use virtio::VirtioMmioDevice;
+@@ -174,7 +174,12 @@ impl MachineOps for LightMachine {
+         locked_vm.add_devices(vm_config)?;
+         trace::replaceable_info(&locked_vm.replaceable_info);
+
+-        let boot_config = locked_vm.load_boot_source(None)?;
++        let migrate_info = locked_vm.get_migrate_info();
++        let boot_config = if migrate_info.0 == MigrateMode::Unknown {
++            Some(locked_vm.load_boot_source(None)?)
++        } else {
++            None
++        };
+         let hypervisor = locked_vm.base.hypervisor.clone();
+         locked_vm.base.cpus.extend(<Self as MachineOps>::init_vcpu(
+             vm.clone(),
+diff --git a/machine/src/x86_64/standard.rs b/machine/src/x86_64/standard.rs
+index 790e542..3aac836 100644
+--- a/machine/src/x86_64/standard.rs
++++ b/machine/src/x86_64/standard.rs
+@@ -371,7 +371,7 @@ impl StdMachineOps for StdMachine {
+                 hypervisor,
+                 self.base.cpu_topo.max_cpus,
+             )?;
+-            vcpu.realize(boot_cfg, topology).with_context(|| {
++            vcpu.realize(&Some(boot_cfg), topology).with_context(|| {
+                 format!(
+                     "Failed to realize arch cpu register/features for CPU {}",
+                     vcpu_id
+@@ -559,7 +559,12 @@ impl MachineOps for StdMachine {
+         locked_vm.add_devices(vm_config)?;
+
+         let fwcfg = locked_vm.add_fwcfg_device(nr_cpus, max_cpus)?;
+-        let boot_config = locked_vm.load_boot_source(fwcfg.as_ref())?;
++        let migrate = locked_vm.get_migrate_info();
++        let boot_config = if migrate.0 == MigrateMode::Unknown {
++            Some(locked_vm.load_boot_source(fwcfg.as_ref())?)
++        } else {
++            None
++        };
+         let topology = CPUTopology::new().set_topology((
+             vm_config.machine_config.nr_threads,
+             vm_config.machine_config.nr_cores,
+@@ -575,7 +580,9 @@ impl MachineOps for StdMachine {
+             &boot_config,
+         )?);
+
+-        locked_vm.init_cpu_controller(boot_config, topology, vm.clone())?;
++        if migrate.0 == MigrateMode::Unknown {
++            locked_vm.init_cpu_controller(boot_config.unwrap(), topology, vm.clone())?;
++        }
+
+         if let Some(fw_cfg) = fwcfg {
+             locked_vm
+--
+2.33.0
+

0003-hypervisor-kvm-Fix-setting-core-reg-error-when-resto.patch

@@ -0,0 +1,135 @@
+From 5551d6b5abaf9d5241904425e3991c256b30d22f Mon Sep 17 00:00:00 2001
+From: frankyj915 <yangjieyj.yang@huawei.com>
+Date: Sun, 15 Dec 2024 09:31:20 +0800
+Subject: [PATCH 1/2] hypervisor/kvm: Fix setting core reg error when restoring
+ VM
+
+vcpu_init() should be called before setting vcpu regs.
+
+Fix 5edbafc(migration: bugfix for mgiration)
+
+Signed-off-by: frankyj915 <yangjieyj.yang@huawei.com>
+---
+ cpu/src/lib.rs                    | 20 +++++++++-----------
+ hypervisor/src/kvm/aarch64/mod.rs |  6 ++++--
+ hypervisor/src/kvm/mod.rs         |  4 ++--
+ hypervisor/src/kvm/x86_64/mod.rs  |  8 +++++---
+ 4 files changed, 20 insertions(+), 18 deletions(-)
+
+diff --git a/cpu/src/lib.rs b/cpu/src/lib.rs
+index 7698132..873cb49 100644
+--- a/cpu/src/lib.rs
++++ b/cpu/src/lib.rs
+@@ -160,7 +160,7 @@ pub trait CPUHypervisorOps: Send + Sync {
+     fn set_boot_config(
+         &self,
+         arch_cpu: Arc<Mutex<ArchCPU>>,
+-        boot_config: &CPUBootConfig,
++        boot_config: &Option<CPUBootConfig>,
+         #[cfg(target_arch = "aarch64")] vcpu_config: &CPUFeatures,
+     ) -> Result<()>;
+ 
+@@ -323,16 +323,14 @@ impl CPUInterface for CPU {
+             ))));
+         }
+ 
+-        if let Some(boot) = boot {
+-            self.hypervisor_cpu
+-                .set_boot_config(
+-                    self.arch_cpu.clone(),
+-                    boot,
+-                    #[cfg(target_arch = "aarch64")]
+-                    config,
+-                )
+-                .with_context(|| "Failed to realize arch cpu")?;
+-        }
++        self.hypervisor_cpu
++            .set_boot_config(
++                self.arch_cpu.clone(),
++                boot,
++                #[cfg(target_arch = "aarch64")]
++                config,
++            )
++            .with_context(|| "Failed to realize arch cpu")?;
+ 
+         self.arch_cpu
+             .lock()
+diff --git a/hypervisor/src/kvm/aarch64/mod.rs b/hypervisor/src/kvm/aarch64/mod.rs
+index 0721236..5d2a938 100644
+--- a/hypervisor/src/kvm/aarch64/mod.rs
++++ b/hypervisor/src/kvm/aarch64/mod.rs
+@@ -135,7 +135,7 @@ impl KvmCpu {
+     pub fn arch_set_boot_config(
+         &self,
+         arch_cpu: Arc<Mutex<ArchCPU>>,
+-        boot_config: &CPUBootConfig,
++        boot_config: &Option<CPUBootConfig>,
+         vcpu_config: &CPUFeatures,
+     ) -> Result<()> {
+         let mut kvi = self.kvi.lock().unwrap();
+@@ -169,7 +169,9 @@ impl KvmCpu {
+         }
+         drop(kvi);
+ 
+-        arch_cpu.lock().unwrap().set_core_reg(boot_config);
++        if let Some(cfg) = boot_config {
++            arch_cpu.lock().unwrap().set_core_reg(cfg);
++        }
+ 
+         self.arch_vcpu_init()?;
+ 
+diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs
+index 671eb54..e20f102 100644
+--- a/hypervisor/src/kvm/mod.rs
++++ b/hypervisor/src/kvm/mod.rs
+@@ -544,7 +544,7 @@ impl CPUHypervisorOps for KvmCpu {
+     fn set_boot_config(
+         &self,
+         arch_cpu: Arc<Mutex<ArchCPU>>,
+-        boot_config: &CPUBootConfig,
++        boot_config: &Option<CPUBootConfig>,
+         #[cfg(target_arch = "aarch64")] vcpu_config: &CPUFeatures,
+     ) -> Result<()> {
+         #[cfg(target_arch = "aarch64")]
+@@ -1067,7 +1067,7 @@ mod test {
+         let cpu = CPU::new(hypervisor_cpu.clone(), 0, x86_cpu, vm.clone());
+         // test `set_boot_config` function
+         assert!(hypervisor_cpu
+-            .set_boot_config(cpu.arch().clone(), &cpu_config)
++            .set_boot_config(cpu.arch().clone(), &Some(cpu_config))
+             .is_ok());
+ 
+         // test setup special registers
+diff --git a/hypervisor/src/kvm/x86_64/mod.rs b/hypervisor/src/kvm/x86_64/mod.rs
+index 7d7e7b5..e7d08ef 100644
+--- a/hypervisor/src/kvm/x86_64/mod.rs
++++ b/hypervisor/src/kvm/x86_64/mod.rs
+@@ -84,7 +84,7 @@ impl KvmCpu {
+     pub fn arch_set_boot_config(
+         &self,
+         arch_cpu: Arc<Mutex<ArchCPU>>,
+-        boot_config: &CPUBootConfig,
++        boot_config: &Option<CPUBootConfig>,
+     ) -> Result<()> {
+         let mut locked_arch_cpu = arch_cpu.lock().unwrap();
+         let apic_id = locked_arch_cpu.apic_id;
+@@ -93,12 +93,14 @@ impl KvmCpu {
+             .get_lapic()
+             .with_context(|| format!("Failed to get lapic for CPU {}/KVM", apic_id))?;
+         locked_arch_cpu.setup_lapic(lapic)?;
+-        locked_arch_cpu.setup_regs(boot_config);
+         let sregs = self
+             .fd
+             .get_sregs()
+             .with_context(|| format!("Failed to get sregs for CPU {}/KVM", apic_id))?;
+-        locked_arch_cpu.setup_sregs(sregs, boot_config)?;
++        if let Some(cfg) = boot_config {
++            locked_arch_cpu.setup_regs(cfg);
++            locked_arch_cpu.setup_sregs(sregs, cfg)?;
++        }
+         locked_arch_cpu.setup_fpu();
+         locked_arch_cpu.setup_msrs();
+ 
+-- 
+2.34.1
+

0004-micro_comman-syscall-Update-ioctl-allow-list.patch

@@ -0,0 +1,50 @@
+From e9c9d3de82eb926ab6d494358c7a1891b171e190 Mon Sep 17 00:00:00 2001
+From: frankyj915 <yangjieyj.yang@huawei.com>
+Date: Sun, 15 Dec 2024 09:35:03 +0800
+Subject: [PATCH] micro_comman/syscall: Update ioctl allow list
+
+Signed-off-by: frankyj915 <yangjieyj.yang@huawei.com>
+---
+ hypervisor/src/kvm/mod.rs           | 6 ++++++
+ machine/src/micro_common/syscall.rs | 8 +++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs
+index e20f102..b88aeed 100644
+--- a/hypervisor/src/kvm/mod.rs
++++ b/hypervisor/src/kvm/mod.rs
+@@ -99,6 +99,12 @@ ioctl_iowr_nr!(KVM_GET_IRQCHIP, KVMIO, 0x62, kvm_irqchip);
+ ioctl_iow_nr!(KVM_IRQ_LINE, KVMIO, 0x61, kvm_irq_level);
+ ioctl_iow_nr!(KVM_SET_MP_STATE, KVMIO, 0x99, kvm_mp_state);
+ ioctl_iow_nr!(KVM_SET_VCPU_EVENTS, KVMIO, 0xa0, kvm_vcpu_events);
++#[cfg(target_arch = "x86_64")]
++ioctl_iow_nr!(KVM_SET_PIT2, KVMIO, 0xa0, kvm_pit_state2);
++#[cfg(target_arch = "x86_64")]
++ioctl_iow_nr!(KVM_SET_CLOCK, KVMIO, 0x7b, kvm_clock_data);
++#[cfg(target_arch = "x86_64")]
++ioctl_ior_nr!(KVM_SET_IRQCHIP, KVMIO, 0x63, kvm_irqchip);
+ 
+ #[allow(clippy::upper_case_acronyms)]
+ #[derive(Default)]
+diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs
+index 6ae9a56..ca8327f 100644
+--- a/machine/src/micro_common/syscall.rs
++++ b/machine/src/micro_common/syscall.rs
+@@ -160,7 +160,13 @@ fn ioctl_allow_list() -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
+-        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_USER_MEMORY_REGION);
++    #[cfg(target_arch = "x86_64")]
++    let bpf_rule = bpf_rule
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_PIT2() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CLOCK() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_IRQCHIP() as u32);
+     arch_ioctl_allow_list(bpf_rule)
+ }
+ 
+-- 
+2.34.1
+

README.md

@@ -0,0 +1,96 @@
+# StratoVirt
+StratoVirt is an enterprise-level virtualization platform for cloud data centers
+in the computing industry. It implements a set of architecture that supports
+three scenarios: virtual machines, containers, and serverless computing.
+
+StratoVirt has competitive advantages in light weight and low noise, software
+and hardware coordination, and Rust language-level security.
+
+StratoVirt reserves interface and design for importing more features, even
+evaluates to standard virtualization.
+
+## How to start
+
+### Preparation
+Before building StratoVirt, make sure that Rust language and Cargo have already
+been installed. If not, you can find installation guidance via following link:
+
+https://www.rust-lang.org/tools/install
+
+And it will get smaller memory overhead if you prepare musl toolchain for rust.
+
+### Build StratoVirt
+To build StratoVirt, clone the project and build it first:
+```sh
+$ git clone https://gitee.com/openeuler/stratovirt.git
+$ cd stratovirt
+$ make build
+```
+Now you can find StratoVirt binary in `target/release/stratovirt`.
+
+### Run a VM with StratoVirt
+To run StratoVirt quickly, requires
+* A PE or bzImage (only x86_64) format Linux kernel
+* An EXT4 filesystem, raw format rootfs disk image
+
+You can get kernel and rootfs image from the following link:
+
+https://repo.openeuler.org/openEuler-22.03-LTS/stratovirt_img/
+
+For standard VM, firmware file of EDK2 which follows UEFI is required.
+
+```shell
+# If the socket of qmp exists, remove it first.
+
+# Start microvm
+$ ./target/release/stratovirt \
+    -machine microvm \
+    -kernel /path/to/kernel \
+    -append "console=ttyS0 root=/dev/vda reboot=k panic=1" \
+    -drive file=/path/to/rootfs,id=rootfs,readonly=off \
+    -device virtio-blk-device,drive=rootfs,id=rootfs \
+    -qmp unix:/path/to/socket,server,nowait \
+    -serial stdio
+
+# Start standard VM on x86_64
+$ ./target/release/stratovirt \
+    -machine q35 \
+    -kernel /path/to/kernel \
+    -append "console=ttyS0 root=/dev/vda reboot=k panic=1" \
+    -drive file=/path/to/firmware,if=pflash,unit=0,readonly=true \
+    -device pcie-root-port,port=0x0,addr=0x1.0x0,bus=pcie.0,id=pcie.1 \
+    -drive file=/path/to/rootfs,id=rootfs,readonly=off \
+    -device virtio-blk-pci,drive=rootfs,bus=pcie.1,addr=0x0.0x0,id=blk-0 \
+    -qmp unix:/path/to/socket,server,nowait \
+    -serial stdio
+```
+
+The detailed guidance of making rootfs, compiling kernel and building StratoVirt
+can be found in [StratoVirt QuickStart](./docs/quickstart.md).
+
+StratoVirt supports much more features, the detailed guidance can be found in
+[Configuration Guidebook](docs/config_guidebook.md).
+
+## Design
+
+To get more details about StratoVirt's core architecture design, refer to
+[StratoVirt design](./docs/design.md).
+
+## How to contribute
+We welcome new contributors! And we are happy to provide guidance and help for
+new contributors. StratoVirt follows Rust formatting conventions, which can be
+found at:
+
+https://github.com/rust-dev-tools/fmt-rfcs/tree/master/guide
+https://github.com/rust-lang/rust-clippy
+
+You can get more information about StratoVirt at:
+
+https://gitee.com/openeuler/stratovirt/wikis
+
+If you find a bug or have some ideas, please send an email to the
+[virt mailing list](https://mailweb.openeuler.org/postorius/lists/virt.openeuler.org/)
+or submit an [issue](https://gitee.com/openeuler/stratovirt/issues).
+
+## Licensing
+StratoVirt is licensed under the Mulan PSL v2.

stratovirt.spec

@@ -5,20 +5,21 @@
 %define _unpackaged_files_terminate_build 0
 
 Name:           stratovirt
-Version:        2.2.0
-Release:        15
+Version:        2.4.0
+Release:        5
 Summary:        StratoVirt is an opensource VMM(Virtual Machine Manager) which aims to perform next generation virtualization.
 
 License:        MulanPSL-2.0
 URL:            https://gitee.com/openeuler/stratovirt
 Source0:        https://gitee.com/openeuler/stratovirt/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
+Patch001:0001-Micro-fix-the-ioctl-allow-for-aarch64.patch
+Patch002:0002-snapshot-bugfix-VM-run-failed-from-memory-snapshot.patch
+Patch003:0003-hypervisor-kvm-Fix-setting-core-reg-error-when-resto.patch
+Patch004:0004-micro_comman-syscall-Update-ioctl-allow-list.patch
 
 ExclusiveArch:  x86_64 aarch64
 
-Patch001:	util-byte_code-Fix-UT-failure-under-high-version-rus.patch
-Patch002:	vsock-diable-VIRTIO_F_ACCESS_PLATFORM-feature.patch
-
 Requires:       pixman
 Requires:       pixman-devel
 
@@ -66,10 +67,7 @@ Summary:        %{summary}
 %files       -n stratovirt
 %defattr(-,root,root,-)
 %{_bindir}/stratovirt
-%{_bindir}/ozone
-%{_bindir}/vhost_user_fs
 %{_libdir}/stratovirt/static/stratovirt
-%{_libdir}/stratovirt/static/vhost_user_fs
 
 %prep
 %autosetup -p1
@@ -85,14 +83,17 @@ sed -i '/\[source.local-registry\]/a directory = "vendor"' ./.cargo/config
 sed -i '/^rustflags/d' ./.cargo/config
 sed -i '/\[build\]/arustflags = \["-Copt-level=3", "-Cdebuginfo=2", "-Clink-arg=-Wl,-z,relro,-z,now", "-Ccodegen-units=1", "--cap-lints=warn", \]' ./.cargo/config
 
+sed -i '$a\[profile.release\]' ./.cargo/config
+sed -i '$adebug = true' ./.cargo/config
+
 %ifarch aarch64
 sed -i 's/rustflags = \[/&"-Clink-arg=-lgcc", /' ./.cargo/config
 %endif
 
-%{_cargo} build --release -Z avoid-dev-deps --target=%{rust_musl_target} --all-features
+%{_cargo} build --release -Z avoid-dev-deps --target=%{rust_musl_target} --features "boot_time pvpanic demo_device vnc vnc_auth ramfb virtio_gpu trace_to_logger trace_to_ftrace trace_to_hitrace"
 
 sed -i 's/rustflags = \[/&"-Clink-arg=-lpixman-1", /' ./.cargo/config
-%{_cargo} build --release -Z avoid-dev-deps --target=%{rust_gnu_target} --all-features
+%{_cargo} build --release -Z avoid-dev-deps --target=%{rust_gnu_target} --features "boot_time pvpanic demo_device vnc vnc_auth ramfb virtio_gpu trace_to_logger trace_to_ftrace trace_to_hitrace"
 
 %check
 RUST_BACKTRACE=1 cargo test --workspace --exclude mod_test -- --nocapture --test-threads=1
@@ -101,14 +102,31 @@ RUST_BACKTRACE=1 cargo test --workspace --exclude mod_test -- --nocapture --test
 rm -rf %{buildroot}
 install -d %{buildroot}%{_bindir}
 install -D -m555 ./target/%{rust_gnu_target}/release/stratovirt %{buildroot}%{_bindir}
-install -D -m555 ./target/%{rust_musl_target}/release/ozone %{buildroot}%{_bindir}
-install -D -m555 ./target/%{rust_gnu_target}/release/vhost_user_fs %{buildroot}%{_bindir}
 
 install -d %{buildroot}%{_libdir}/stratovirt/static
 install -D -m555 ./target/%{rust_musl_target}/release/stratovirt %{buildroot}%{_libdir}/stratovirt/static
-install -D -m555 ./target/%{rust_musl_target}/release/vhost_user_fs %{buildroot}%{_libdir}/stratovirt/static
 
 %changelog
+* Tue Dec 17 2024 frankyj915 <yangjieyj.yang@huawei.com> - 2.4.0-5
+- Fix setting core reg error when restoring VM.
+- Update ioctl allow list.
+
+* Wed Dec 11 2024 Mingwang Li <limingwang@huawei.com> - 2.4.0-4
+- bugfix VM run failed from memory snapshot
+
+* Thu Nov 21 2024 jinyihua <jinyihua@huawei.com> - 2.4.0-3
+- Micro fix the ioctl allow for aarch64
+
+* Tue Jul 30 2024 xufei <xufei30@huawei.com> - 2.4.0-2
+- set debug is true for build debug package
+- add rust to BuildRequires
+
+* Fri May 10 2024 wenyuanlau <liuwenyuan9@huawei.com> 2.4.0-1
+- Update to StratoVirt 2.4.0
+
+* Mon Sep 11 2023 yezengruan <yezengruan@huawei.com> 2.2.0-16
+- Add README.md
+
 * Fri Sep  8 2023 ganqixin <ganqixin@huawei.com> - 2.2.0-15
 - Delete -static-pie for musl
 

util-byte_code-Fix-UT-failure-under-high-version-rus.patch

@@ -1,39 +0,0 @@
-From 8604dc722c504d943791a2b4039308bb05cbb728 Mon Sep 17 00:00:00 2001
-From: Keqian Zhu <zhukeqian1@huawei.com>
-Date: Wed, 1 Mar 2023 09:17:04 +0800
-Subject: [PATCH] util/byte_code: Fix UT failure under high version rustc
-
-The memory layout of high version rustc is different, use
-repr C to fix the layout.
-
-Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
----
- util/src/byte_code.rs | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/util/src/byte_code.rs b/util/src/byte_code.rs
-index cd460459..0bdfe086 100644
---- a/util/src/byte_code.rs
-+++ b/util/src/byte_code.rs
-@@ -75,6 +75,7 @@ impl ByteCode for i128 {}
- mod test {
-     use super::*;
- 
-+    #[repr(C)]
-     #[allow(dead_code)]
-     #[derive(Copy, Clone, Default)]
-     struct TestData {
-@@ -105,9 +106,9 @@ mod test {
-         };
- 
-         let mut target = Vec::new();
-+        target.extend_from_slice(b"bytecode");
-         target.extend_from_slice(&[0x79, 0x56, 0x34, 0x12]);
-         target.extend_from_slice(&[0_u8; 4]);
--        target.extend_from_slice(b"bytecode");
-         assert_eq!(data.as_bytes().to_vec(), target);
- 
-         // Convert failed because byte stream's length is not equal to size of struct.
--- 
-2.33.0
-

vsock-diable-VIRTIO_F_ACCESS_PLATFORM-feature.patch

@@ -1,42 +0,0 @@
-From 7e8d64b3c21f606dd0b030f324b098444d489bc3 Mon Sep 17 00:00:00 2001
-From: Yan Wang <wangyan122@huawei.com>
-Date: Fri, 1 Sep 2023 17:19:26 +0800
-Subject: [PATCH] vsock: diable VIRTIO_F_ACCESS_PLATFORM feature
-
-Currently, we don't support VIRTIO_F_ACCESS_PLATFORM feature.
-So, disable it.
-
-Signed-off-by: Yan Wang <wangyan122@huawei.com>
----
- virtio/src/vhost/kernel/vsock.rs | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/virtio/src/vhost/kernel/vsock.rs b/virtio/src/vhost/kernel/vsock.rs
-index 17bc342..2b05fd0 100644
---- a/virtio/src/vhost/kernel/vsock.rs
-+++ b/virtio/src/vhost/kernel/vsock.rs
-@@ -30,7 +30,8 @@ use crate::VirtioError;
- use anyhow::{anyhow, bail, Context, Result};
- 
- use super::super::super::{
--    Queue, VirtioDevice, VirtioInterrupt, VirtioInterruptType, VIRTIO_TYPE_VSOCK,
-+    Queue, VirtioDevice, VirtioInterrupt, VirtioInterruptType, VIRTIO_F_ACCESS_PLATFORM,
-+    VIRTIO_TYPE_VSOCK,
- };
- use super::super::{VhostNotify, VhostOps};
- use super::{VhostBackend, VhostIoHandler, VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING};
-@@ -174,9 +175,10 @@ impl VirtioDevice for Vsock {
-         backend
-             .set_owner()
-             .with_context(|| "Failed to set owner for vsock")?;
--        self.state.device_features = backend
-+        let features = backend
-             .get_features()
-             .with_context(|| "Failed to get features for vsock")?;
-+        self.state.device_features = features & !(1_u64 << VIRTIO_F_ACCESS_PLATFORM);
-         self.backend = Some(backend);
- 
-         Ok(())
--- 
-2.34.1
-