April 2022 - Stratos-dev - op-lists.linaro.org

Solution to restrict memory access under Xen

by Mathieu Poirier

Hi all, I came across this work [1] from Oleksandr today while shuffling through patches on LKML. I haven't looked at the details but from the cover letter is seems to provide the same kind of functionality as P-KVM. I will monitor the progress of this patchset. Regards, Mathieu [1]. https://www.spinics.net/lists/arm-kernel/msg970906.html

2 years, 2 months

2
1
0 0

Re: Understanding osdep_xenforeignmemory_map mmap behaviour

by Stefano Stabellini

I am pretty sure the reasons have to do with old x86 PV guests, so I am CCing Juergen and Boris. > Hi, > > While we've been working on the rust-vmm virtio backends on Xen we > obviously have to map guest memory info the userspace of the daemon. > However following the logic of what is going on is a little confusing. > For example in the Linux backend we have this: > > void *osdep_xenforeignmemory_map(xenforeignmemory_handle *fmem, > uint32_t dom, void *addr, > int prot, int flags, size_t num, > const xen_pfn_t arr[/*num*/], int err[/*num*/]) > { > int fd = fmem->fd; > privcmd_mmapbatch_v2_t ioctlx; > size_t i; > int rc; > > addr = mmap(addr, num << XC_PAGE_SHIFT, prot, flags | MAP_SHARED, > fd, 0); > if ( addr == MAP_FAILED ) > return NULL; > > ioctlx.num = num; > ioctlx.dom = dom; > ioctlx.addr = (unsigned long)addr; > ioctlx.arr = arr; > ioctlx.err = err; > > rc = ioctl(fd, IOCTL_PRIVCMD_MMAPBATCH_V2, &ioctlx); > > Where the fd passed down is associated with the /dev/xen/privcmd device > for issuing hypercalls on userspaces behalf. What is confusing is why > the function does it's own mmap - one would assume the passed addr would > be associated with a anonymous or file backed mmap region already that > the calling code has setup. Applying a mmap to a special device seems a > little odd. > > Looking at the implementation on the kernel side it seems the mmap > handler only sets a few flags: > > static int privcmd_mmap(struct file *file, struct vm_area_struct *vma) > { > /* DONTCOPY is essential for Xen because copy_page_range doesn't know > * how to recreate these mappings */ > vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTCOPY | > VM_DONTEXPAND | VM_DONTDUMP; > vma->vm_ops = &privcmd_vm_ops; > vma->vm_private_data = NULL; > > return 0; > } > > So can I confirm that the mmap of /dev/xen/privcmd is being called for > side effects? Is it so when the actual ioctl is called the correct flags > are set of the pages associated with the user space virtual address > range? > > Can I confirm there shouldn't be any limitation on where and how the > userspace virtual address space is setup for the mapping in the guest > memory? > > Is there a reason why this isn't done in the ioctl path itself? > > I'm trying to understand the differences between Xen and KVM in the API > choices here. I think the equivalent is the KVM_SET_USER_MEMORY_REGION > ioctl for KVM which brings a section of the guest physical address space > into the userspaces vaddr range.

2 years, 3 months

5
14
0 0

Virtio on Xen with Rust

by Viresh Kumar

Hello, We verified our hypervisor-agnostic Rust based vhost-user backends with Qemu based setup earlier, and there was growing concern if they were truly hypervisor-agnostic. In order to prove that, we decided to give it a try with Xen, a type-1 bare-metal hypervisor. We are happy to announce that we were able to make progress on that front and have a working setup where we can test our existing Rust based backends, like I2C, GPIO, RNG (though only I2C is tested as of now) over Xen. Key components: -------------- - Xen: https://github.com/vireshk/xen Xen requires MMIO and device specific support in order to populate the required devices at the guest. This tree contains four patches on the top of mainline Xen, two from Oleksandr (mmio/disk) and two from me (I2C). - libxen-sys: https://github.com/vireshk/libxen-sys We currently depend on the userspace tools/libraries provided by Xen, like xendevicemodel, xenevtchn, xenforeignmemory, etc. This crates provides Rust wrappers over those calls, generated automatically with help of bindgen utility in Rust, that allow us to use the installed Xen libraries. Though we plan to replace this with Rust based "oxerun" (find below) in longer run. - oxerun (WIP): https://gitlab.com/mathieupoirier/oxerun/-/tree/xen-ioctls This is Rust based implementations for Ioctl and hypercalls to Xen. This is WIP and should eventually replace "libxen-sys" crate entirely (which are C based implementation of the same). - vhost-device: https://github.com/vireshk/vhost-device These are Rust based vhost-user backends, maintained inside the rust-vmm project. This already contain support for I2C and RNG, while GPIO is under review. These are not required to be modified based on hypervisor and are truly hypervisor-agnostic. Ideally the backends are hypervisor agnostic, as explained earlier, but because of the way Xen maps the guest memory currently, we need a minor update for the backends to work. Xen maps the memory via a kernel file /dev/xen/privcmd, which needs calls to mmap() followed by an ioctl() to make it work. For this a hack has been added to one of the rust-vmm crates, vm-virtio, which is used by vhost-user. https://github.com/vireshk/vm-memory/commit/54b56c4dd7293428edbd7731c4dbe57… The update to vm-memory is responsible to do ioctl() after the already present mmap(). - vhost-user-master (WIP): https://github.com/vireshk/vhost-user-master This implements the master side interface of the vhost protocol, and is like the vhost-user-backend (https://github.com/rust-vmm/vhost-user-backend) crate maintained inside the rust-vmm project, which provides similar infrastructure for the backends to use. This shall be hypervisor independent and provide APIs for the hypervisor specific implementations. This will eventually be maintained inside the rust-vmm project and used by all Rust based hypervisors. - xen-vhost-master (WIP): https://github.com/vireshk/xen-vhost-master This is the Xen specific implementation and uses the APIs provided by "vhost-user-master", "oxerun" and "libxen-sys" crates for its functioning. This is designed based on the EPAM's "virtio-disk" repository (https://github.com/xen-troops/virtio-disk/) and is pretty much similar to it. One can see the analogy as: Virtio-disk == "Xen-vhost-master" + "vhost-user-master" + "oxerun" + "libxen-sys" + "vhost-device". Test setup: ---------- 1. Build Xen: $ ./configure --libdir=/usr/lib --build=x86_64-unknown-linux-gnu --host=aarch64-linux-gnu --disable-docs --disable-golang --disable-ocamltools --with-system-qemu=/root/qemu/build/i386-softmmu/qemu-system-i386; $ make -j9 debball CROSS_COMPILE=aarch64-linux-gnu- XEN_TARGET_ARCH=arm64 2. Run Xen via Qemu on X86 machine: $ qemu-system-aarch64 -machine virt,virtualization=on -cpu cortex-a57 -serial mon:stdio \ -device virtio-net-pci,netdev=net0 -netdev user,id=net0,hostfwd=tcp::8022-:22 \ -device virtio-scsi-pci -drive file=/home/vireshk/virtio/debian-bullseye-arm64.qcow2,index=0,id=hd0,if=none,format=qcow2 -device scsi-hd,drive=hd0 \ -display none -m 8192 -smp 8 -kernel /home/vireshk/virtio/xen/xen \ -append "dom0_mem=5G,max:5G dom0_max_vcpus=7 loglvl=all guest_loglvl=all" \ -device guest-loader,addr=0x46000000,kernel=/home/vireshk/kernel/barm64/arch/arm64/boot/Image,bootargs="root=/dev/sda2 console=hvc0 earlyprintk=xen" \ -device ds1338,address=0x20 # This is required to create a virtual I2C based RTC device on Dom0. This should get Dom0 up and running. 3. Build rust crates: $ cd /root/ $ git clone https://github.com/vireshk/xen-vhost-master $ cd xen-vhost-master $ cargo build $ cd ../ $ git clone https://github.com/vireshk/vhost-device $ cd vhost-device $ cargo build 4. Setup I2C based RTC device $ echo ds1338 0x20 > /sys/bus/i2c/devices/i2c-0/new_device; echo 0-0020 > /sys/bus/i2c/devices/0-0020/driver/unbind 5. Lets run everything now # Start the I2C backend in one terminal (open new terminal with "ssh # root@localhost -p8022"). This tells the I2C backend to hook up to # "/root/vi2c.sock0" socket and wait for the master to start transacting. $ /root/vhost-device/target/debug/vhost-device-i2c -s /root/vi2c.sock -c 1 -l 0:32 # Start the xen-vhost-master in another terminal. This provides the path of # the socket to the master side and the device to look from Xen, which is I2C # here. $ /root/xen-vhost-master/target/debug/xen-vhost-master --socket-path /root/vi2c.sock0 --name i2c # Start guest in another terminal, i2c_domu.conf is attached. The guest kernel # should have Virtio related config options enabled, along with i2c-virtio # driver. $ xl create -c i2c_domu.conf # The guest should boot fine now. Once the guest is up, you can create the I2C # RTC device and use it. Following will create /dev/rtc0 in the guest, which # you can configure with 'hwclock' utility. $ echo ds1338 0x20 > /sys/bus/i2c/devices/i2c-0/new_device Hope this helps. -- viresh

2 years, 5 months

7
20
0 0

[PATCH v2] xen/arm: p2m don't fall over on FEAT_LPA enabled hw

by Alex Bennée

When we introduced FEAT_LPA to QEMU's -cpu max we discovered older kernels had a bug where the physical address was copied directly from ID_AA64MMFR0_EL1.PARange field. The early cpu_init code of Xen commits the same error by blindly copying across the max supported range. Unsurprisingly when the page tables aren't set up for these greater ranges hilarity ensues and the hypervisor crashes fairly early on in the boot-up sequence. This happens when we write to the control register in enable_mmu(). Attempt to fix this the same way as the Linux kernel does by gating PARange to the maximum the hypervisor can handle. I also had to fix up code in p2m which panics when it sees an "invalid" entry in PARange. Signed-off-by: Alex Bennée <alex.bennee(a)linaro.org> Cc: Richard Henderson <richard.henderson(a)linaro.org> Cc: Stefano Stabellini <sstabellini(a)kernel.org> Cc: Julien Grall <julien(a)xen.org> Cc: Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> Cc: Bertrand Marquis <bertrand.marquis(a)arm.com> --- v2 - clamp p2m_ipa_bits = PADDR_BIT instead --- xen/arch/arm/arm64/head.S | 6 ++++++ xen/arch/arm/p2m.c | 10 +++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index aa1f88c764..057dd5d925 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -473,6 +473,12 @@ cpu_init: ldr x0, =(TCR_RES1|TCR_SH0_IS|TCR_ORGN0_WBWA|TCR_IRGN0_WBWA|TCR_T0SZ(64-48)) /* ID_AA64MMFR0_EL1[3:0] (PARange) corresponds to TCR_EL2[18:16] (PS) */ mrs x1, ID_AA64MMFR0_EL1 + /* Limit to 48 bits, 256TB PA range (#5) */ + ubfm x1, x1, #0, #3 + mov x2, #5 + cmp x1, x2 + csel x1, x1, x2, lt + bfi x0, x1, #16, #3 msr tcr_el2, x0 diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index fb71fa4c1c..3349b464a3 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -32,10 +32,10 @@ static unsigned int __read_mostly max_vmid = MAX_VMID_8_BIT; #define P2M_ROOT_PAGES (1<<P2M_ROOT_ORDER) /* - * Set larger than any possible value, so the number of IPA bits can be + * Set to the maximum configured support for IPA bits, so the number of IPA bits can be * restricted by external entity (e.g. IOMMU). */ -unsigned int __read_mostly p2m_ipa_bits = 64; +unsigned int __read_mostly p2m_ipa_bits = PADDR_BITS; /* Helpers to lookup the properties of each level */ static const paddr_t level_masks[] = @@ -2030,7 +2030,7 @@ void __init setup_virt_paging(void) unsigned int root_order; /* Page order of the root of the p2m */ unsigned int sl0; /* Desired SL0, maximum in comment */ } pa_range_info[] = { - /* T0SZ minimum and SL0 maximum from ARM DDI 0487A.b Table D4-5 */ + /* T0SZ minimum and SL0 maximum from ARM DDI 0487H.a Table D5-6 */ /* PA size, t0sz(min), root-order, sl0(max) */ [0] = { 32, 32/*32*/, 0, 1 }, [1] = { 36, 28/*28*/, 0, 1 }, @@ -2038,7 +2038,7 @@ void __init setup_virt_paging(void) [3] = { 42, 22/*22*/, 3, 1 }, [4] = { 44, 20/*20*/, 0, 2 }, [5] = { 48, 16/*16*/, 0, 2 }, - [6] = { 0 }, /* Invalid */ + [6] = { 52, 12/*12*/, 3, 3 }, [7] = { 0 } /* Invalid */ }; @@ -2069,7 +2069,7 @@ void __init setup_virt_paging(void) } } - /* pa_range is 4 bits, but the defined encodings are only 3 bits */ + /* pa_range is 4 bits but we don't support all modes */ if ( pa_range >= ARRAY_SIZE(pa_range_info) || !pa_range_info[pa_range].pabits ) panic("Unknown encoding of ID_AA64MMFR0_EL1.PARange %x\n", pa_range); -- 2.30.2

2 years, 6 months

3
7
0 0

[RFC PATCH] xen/arm: p2m don't fall over on FEAT_LPA enabled hw

by Alex Bennée

When we introduced FEAT_LPA to QEMU's -cpu max we discovered older kernels had a bug where the physical address was copied directly from ID_AA64MMFR0_EL1.PARange field. The early cpu_init code of Xen commits the same error by blindly copying across the max supported range. Unsurprisingly when the page tables aren't set up for these greater ranges hilarity ensues and the hypervisor crashes fairly early on in the boot-up sequence. This happens when we write to the control register in enable_mmu(). Attempt to fix this the same way as the Linux kernel does by gating PARange to the maximum the hypervisor can handle. I also had to fix up code in p2m which panics when it sees an "invalid" entry in PARange. Signed-off-by: Alex Bennée <alex.bennee(a)linaro.org> Cc: Richard Henderson <richard.henderson(a)linaro.org> Cc: Stefano Stabellini <sstabellini(a)kernel.org> Cc: Julien Grall <julien(a)xen.org> Cc: Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> Cc: Bertrand Marquis <bertrand.marquis(a)arm.com> --- xen/arch/arm/arm64/head.S | 6 ++++++ xen/arch/arm/p2m.c | 9 ++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index aa1f88c764..057dd5d925 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -473,6 +473,12 @@ cpu_init: ldr x0, =(TCR_RES1|TCR_SH0_IS|TCR_ORGN0_WBWA|TCR_IRGN0_WBWA|TCR_T0SZ(64-48)) /* ID_AA64MMFR0_EL1[3:0] (PARange) corresponds to TCR_EL2[18:16] (PS) */ mrs x1, ID_AA64MMFR0_EL1 + /* Limit to 48 bits, 256TB PA range (#5) */ + ubfm x1, x1, #0, #3 + mov x2, #5 + cmp x1, x2 + csel x1, x1, x2, lt + bfi x0, x1, #16, #3 msr tcr_el2, x0 diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index fb71fa4c1c..e5a88095f8 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -2030,7 +2030,7 @@ void __init setup_virt_paging(void) unsigned int root_order; /* Page order of the root of the p2m */ unsigned int sl0; /* Desired SL0, maximum in comment */ } pa_range_info[] = { - /* T0SZ minimum and SL0 maximum from ARM DDI 0487A.b Table D4-5 */ + /* T0SZ minimum and SL0 maximum from ARM DDI 0487H.a Table D5-6 */ /* PA size, t0sz(min), root-order, sl0(max) */ [0] = { 32, 32/*32*/, 0, 1 }, [1] = { 36, 28/*28*/, 0, 1 }, @@ -2038,7 +2038,7 @@ void __init setup_virt_paging(void) [3] = { 42, 22/*22*/, 3, 1 }, [4] = { 44, 20/*20*/, 0, 2 }, [5] = { 48, 16/*16*/, 0, 2 }, - [6] = { 0 }, /* Invalid */ + [6] = { 52, 12/*12*/, 3, 3 }, [7] = { 0 } /* Invalid */ }; @@ -2069,10 +2069,13 @@ void __init setup_virt_paging(void) } } - /* pa_range is 4 bits, but the defined encodings are only 3 bits */ + /* pa_range is 4 bits but we don't support all modes */ if ( pa_range >= ARRAY_SIZE(pa_range_info) || !pa_range_info[pa_range].pabits ) panic("Unknown encoding of ID_AA64MMFR0_EL1.PARange %x\n", pa_range); + if ( pa_range > 5 ) + pa_range = 5; + val |= VTCR_PS(pa_range); val |= VTCR_TG0_4K; -- 2.30.2

2 years, 7 months

2
1
0 0

Xen Rust VirtIO demos work breakdown for Project Stratos

by Alex Bennée

Hi, The following is a breakdown (as best I can figure) of the work needed to demonstrate VirtIO backends in Rust on the Xen hypervisor. It requires work across a number of projects but notably core rust and virtio enabling in the Xen project (building on the work EPAM has already done) and the start of enabling rust-vmm crate to work with Xen. The first demo is a fairly simple toy to exercise the direct hypercall approach for a unikernel backend. On it's own it isn't super impressive but hopefully serves as a proof of concept for the idea of having backends running in a single exception level where latency will be important. The second is a much more ambitious bridge between Xen and vhost-user to allow for re-use of the existing vhost-user backends with the bridge acting as a proxy for what would usually be a full VMM in the type-2 hypervisor case. With that in mind the rust-vmm work is only aimed at doing the device emulation and doesn't address the larger question of how type-1 hypervisors can be integrated into the rust-vmm hypervisor model. A quick note about the estimates. They are exceedingly rough guesses plucked out of the air and I would be grateful for feedback from the appropriate domain experts on if I'm being overly optimistic or pessimistic. The links to the Stratos JIRA should be at least read accessible to all although they contain the same information as the attached document (albeit with nicer PNG renderings of my ASCII art ;-). There is a Stratos sync-up call next Thursday: https://calendar.google.com/event?action=TEMPLATE&tmeid=MWpidm5lbzM5NjlydnA… and I'm sure there will also be discussion in the various projects (hence the wide CC list). The Stratos calls are open to anyone who wants to attend and we welcome feedback from all who are interested. So on with the work breakdown: ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ STRATOS PLANNING FOR 21 TO 22 Alex Bennée ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Table of Contents ───────────────── 1. Xen Rust Bindings ([STR-51]) .. 1. Upstream an "official" rust crate for Xen ([STR-52]) .. 2. Basic Hypervisor Interactions hypercalls ([STR-53]) .. 3. [#10] Access to XenStore service ([STR-54]) .. 4. VirtIO support hypercalls ([STR-55]) 2. Xen Hypervisor Support for Stratos ([STR-56]) .. 1. Stable ABI for foreignmemory mapping to non-dom0 ([STR-57]) .. 2. Tweaks to tooling to launch VirtIO guests 3. rust-vmm support for Xen VirtIO ([STR-59]) .. 1. Make vm-memory Xen aware ([STR-60]) .. 2. Xen IO notification and IRQ injections ([STR-61]) 4. Stratos Demos .. 1. Rust based stubdomain monitor ([STR-62]) .. 2. Xen aware vhost-user master ([STR-63]) 1 Xen Rust Bindings ([STR-51]) ══════════════════════════════ There exists a [placeholder repository] with the start of a set of x86_64 bindings for Xen and a very basic hello world uni-kernel example. This forms the basis of the initial Xen Rust work and will be available as a [xen-sys crate] via cargo. [STR-51] <https://linaro.atlassian.net/browse/STR-51> [placeholder repository] <https://gitlab.com/cardoe/oxerun.git> [xen-sys crate] <https://crates.io/crates/xen-sys> 1.1 Upstream an "official" rust crate for Xen ([STR-52]) ──────────────────────────────────────────────────────── To start with we will want an upstream location for future work to be based upon. The intention is the crate is independent of the version of Xen it runs on (above the baseline version chosen). This will entail: • ☐ agreeing with upstream the name/location for the source • ☐ documenting the rules for the "stable" hypercall ABI • ☐ establish an internal interface to elide between ioctl mediated and direct hypercalls • ☐ ensure the crate is multi-arch and has feature parity for arm64 As such we expect the implementation to be standalone, i.e. not wrapping the existing Xen libraries for mediation. There should be a close (1-to-1) mapping between the interfaces in the crate and the eventual hypercall made to the hypervisor. Estimate: 4w (elapsed likely longer due to discussion) [STR-52] <https://linaro.atlassian.net/browse/STR-52> 1.2 Basic Hypervisor Interactions hypercalls ([STR-53]) ─────────────────────────────────────────────────────── These are the bare minimum hypercalls implemented as both ioctl and direct calls. These allow for a very basic binary to: • ☐ console_io - output IO via the Xen console • ☐ domctl stub - basic stub for domain control (different API?) • ☐ sysctl stub - basic stub for system control (different API?) The idea would be this provides enough hypercall interface to query the list of domains and output their status via the xen console. There is an open question about if the domctl and sysctl hypercalls are way to go. Estimate: 6w [STR-53] <https://linaro.atlassian.net/browse/STR-53> 1.3 [#10] Access to XenStore service ([STR-54]) ─────────────────────────────────────────────── This is a shared configuration storage space accessed via either Unix sockets (on dom0) or via the Xenbus. This is used to access configuration information for the domain. Is this needed for a backend though? Can everything just be passed direct on the command line? Estimate: 4w [STR-54] <https://linaro.atlassian.net/browse/STR-54> 1.4 VirtIO support hypercalls ([STR-55]) ──────────────────────────────────────── These are the hypercalls that need to be implemented to support a VirtIO backend. This includes the ability to map another guests memory into the current domains address space, register to receive IOREQ events when the guest knocks at the doorbell and inject kicks into the guest. The hypercalls we need to support would be: • ☐ dmop - device model ops (*_ioreq_server, setirq, nr_vpus) • ☐ foreignmemory - map and unmap guest memory The DMOP space is larger than what we need for an IOREQ backend so I've based it just on what arch/arm/dm.c exports which is the subset introduced for EPAM's virtio work. Estimate: 12w [STR-55] <https://linaro.atlassian.net/browse/STR-55> 2 Xen Hypervisor Support for Stratos ([STR-56]) ═══════════════════════════════════════════════ These tasks include tasks needed to support the various different deployments of Stratos components in Xen. [STR-56] <https://linaro.atlassian.net/browse/STR-56> 2.1 Stable ABI for foreignmemory mapping to non-dom0 ([STR-57]) ─────────────────────────────────────────────────────────────── Currently the foreign memory mapping support only works for dom0 due to reference counting issues. If we are to support backends running in their own domains this will need to get fixed. Estimate: 8w [STR-57] <https://linaro.atlassian.net/browse/STR-57> 2.2 Tweaks to tooling to launch VirtIO guests ───────────────────────────────────────────── There might not be too much to do here. The EPAM work already did something similar for their PoC for virtio-block. Essentially we need to ensure: • ☐ DT bindings are passed to the guest for virtio-mmio device discovery • ☐ Our rust backend can be instantiated before the domU is launched This currently assumes the tools and the backend are running in dom0. Estimate: 4w 3 rust-vmm support for Xen VirtIO ([STR-59]) ════════════════════════════════════════════ This encompasses the tasks required to get a vhost-user server up and running while interfacing to the Xen hypervisor. This will require the xen-sys.rs crate for the actual interface to the hypervisor. We need to work out how a Xen configuration option would be passed to the various bits of rust-vmm when something is being built. [STR-59] <https://linaro.atlassian.net/browse/STR-59> 3.1 Make vm-memory Xen aware ([STR-60]) ─────────────────────────────────────── The vm-memory crate is the root crate for abstracting access to the guests memory. It currently has multiple configuration builds to handle difference between mmap on Windows and Unix. Although mmap isn't directly exposed the public interfaces support a mmap like interface. We would need to: • ☐ work out how to expose foreign memory via the vm-memory mechanism I'm not sure if this just means implementing the GuestMemory trait for a GuestMemoryXen or if we need to present a mmap like interface. Estimate: 8w [STR-60] <https://linaro.atlassian.net/browse/STR-60> 3.2 Xen IO notification and IRQ injections ([STR-61]) ───────────────────────────────────────────────────── The KVM world provides for ioeventfd (notifications) and irqfd (injection) to signal asynchronously between the guest and the backend. As far a I can tell this is currently handled inside the various VMMs which assume a KVM backend. While the vhost-user slave code doesn't see the register_ioevent/register_irqfd events it does deal with EventFDs throughout the code. Perhaps the best approach here would be to create a IOREQ crate that can create EventFD descriptors which can then be passed to the slaves to use for notification and injection. Otherwise there might be an argument for a new crate that can encapsulate this behaviour for both KVM/ioeventd and Xen/IOREQ setups? Estimate: 8w? [STR-61] <https://linaro.atlassian.net/browse/STR-61> 4 Stratos Demos ═══════════════ These tasks cover the creation of demos that brig together all the previous bits of work to demonstrate a new area of capability that has been opened up by Stratos work. 4.1 Rust based stubdomain monitor ([STR-62]) ──────────────────────────────────────────── This is a basic demo that is a proof of concept for a unikernel style backend written in pure Rust. This work would be a useful precursor for things such as the RTOS Dom0 on a safety island ([STR-11]) or as a carrier for the virtio-scmi backend. The monitor program will periodically poll the state of the other domains and echo their status to the Xen console. Estimate: 4w #+name: stub-domain-example #+begin_src ditaa :cmdline -o :file stub_domain_example.png Dom0 | DomU | DomStub | | : /-------------\ : | |cPNK | | | | | | | | | | /------------------------------------\ | | GuestOS | | |cPNK | | | | | EL0 | Dom0 Userspace (xl tools, QEMU) | | | | | /---------------\ | | | | | | |cYEL | \------------------------------------/ | | | | | | +------------------------------------+ | | | | | Rust Monitor | EL1 |cA1B Dom0 Kernel | | | | | | | +------------------------------------+ | \-------------/ | \---------------/ -------------------------------------------------------------------------------=------------------ +-------------------------------------------------------------------------------------+ EL2 |cC02 Xen Hypervisor | +-------------------------------------------------------------------------------------+ #+end_src [STR-62] <https://linaro.atlassian.net/browse/STR-62> [STR-11] <https://linaro.atlassian.net/browse/STR-11> 4.2 Xen aware vhost-user master ([STR-63]) ────────────────────────────────────────── Usually the master side of a vhost-user system is embedded directly in the VMM itself. However in a Xen deployment their is no overarching VMM but a series of utility programs that query the hypervisor directly. The Xen tooling is also responsible for setting up any support processes that are responsible for emulating HW for the guest. The task aims to bridge the gap between Xen's normal HW emulation path (ioreq) and VirtIO's userspace device emulation (vhost-user). The process would be started with some information on where the virtio-mmio address space is and what the slave binary will be. It will then: • map the guest into Dom0 userspace and attach to a MemFD • register the appropriate memory regions as IOREQ regions with Xen • create EventFD channels for the virtio kick notifications (one each way) • spawn the vhost-user slave process and mediate the notifications and kicks between the slave and Xen itself #+name: xen-vhost-user-master #+begin_src ditaa :cmdline -o :file xen_vhost_user_master.png Dom0 DomU | | | | | | +-------------------+ +-------------------+ | | |----------->| | | | vhost-user | vhost-user | vhost-user | : /------------------------------------\ | slave | protocol | master | | | | | (existing) |<-----------| (rust) | | | | +-------------------+ +-------------------+ | | | ^ ^ | ^ | | Guest Userspace | | | | | | | | | | | IOREQ | | | | | | | | | | | v v V | | \------------------------------------/ +---------------------------------------------------+ | +------------------------------------+ | ^ ^ | ioctl ^ | | | | | | iofd/irqfd eventFD | | | | | | Guest Kernel | | +---------------------------+ | | | | | +-------------+ | | | | | | | | virtio-dev | | | Host Kernel V | | | | +-------------+ | +---------------------------------------------------+ | +------------------------------------+ | ^ | | ^ | hyper | | | ----------------------=------------- | -=--- | ----=------ | -----=- | --------=------------------ | call | Trap | | IRQ V | V | +-------------------------------------------------------------------------------------+ | | ^ | ^ | | | +-------------+ | | EL2 | Xen Hypervisor | | | | +-------------------------------+ | | | +-------------------------------------------------------------------------------------+ #+end_src [STR-63] <https://linaro.atlassian.net/browse/STR-63> -- Alex Bennée

2 years, 7 months

8
15
0 0

[PATCH V2 0/4] libgpiod: Add Rust bindings

by Viresh Kumar

Hi Bartosz, This patch adds rust bindings for libgpiod v2.0, this is already partially tested with the virtio rust backend I am developing, which uses these to talk to the host kernel. This is based of the next/post-libgpiod-2.0 branch. I will be adding testing infrastructure later on, once other bindings are converted to use gpiosim. V1->V2: - Added examples (I tested everything except gpiomon.rs, didn't have right hardware/mock device to test). - Build rust bindings as part of Make, update documentation. Thanks. -- Viresh Viresh Kumar (4): libgpiod: Generate rust FFI bindings libgpiod: Add rust wrappers rust: Add examples rust: Integrate building of rust bindings with make .gitignore | 5 + README | 8 +- TODO | 8 - bindings/Makefile.am | 6 + bindings/rust/Cargo.toml | 14 + bindings/rust/Makefile.am | 29 ++ bindings/rust/build.rs | 60 ++++ bindings/rust/examples/gpiodetect.rs | 38 +++ bindings/rust/examples/gpiofind.rs | 43 +++ bindings/rust/examples/gpioget.rs | 45 +++ bindings/rust/examples/gpioinfo.rs | 90 ++++++ bindings/rust/examples/gpiomon.rs | 73 +++++ bindings/rust/examples/gpioset.rs | 55 ++++ bindings/rust/src/bindings.rs | 16 + bindings/rust/src/chip.rs | 197 ++++++++++++ bindings/rust/src/edge_event.rs | 78 +++++ bindings/rust/src/event_buffer.rs | 59 ++++ bindings/rust/src/info_event.rs | 70 +++++ bindings/rust/src/lib.rs | 268 +++++++++++++++++ bindings/rust/src/line_config.rs | 431 +++++++++++++++++++++++++++ bindings/rust/src/line_info.rs | 186 ++++++++++++ bindings/rust/src/line_request.rs | 217 ++++++++++++++ bindings/rust/src/request_config.rs | 118 ++++++++ bindings/rust/wrapper.h | 2 + configure.ac | 16 + 25 files changed, 2121 insertions(+), 11 deletions(-) create mode 100644 bindings/rust/Cargo.toml create mode 100644 bindings/rust/Makefile.am create mode 100644 bindings/rust/build.rs create mode 100644 bindings/rust/examples/gpiodetect.rs create mode 100644 bindings/rust/examples/gpiofind.rs create mode 100644 bindings/rust/examples/gpioget.rs create mode 100644 bindings/rust/examples/gpioinfo.rs create mode 100644 bindings/rust/examples/gpiomon.rs create mode 100644 bindings/rust/examples/gpioset.rs create mode 100644 bindings/rust/src/bindings.rs create mode 100644 bindings/rust/src/chip.rs create mode 100644 bindings/rust/src/edge_event.rs create mode 100644 bindings/rust/src/event_buffer.rs create mode 100644 bindings/rust/src/info_event.rs create mode 100644 bindings/rust/src/lib.rs create mode 100644 bindings/rust/src/line_config.rs create mode 100644 bindings/rust/src/line_info.rs create mode 100644 bindings/rust/src/line_request.rs create mode 100644 bindings/rust/src/request_config.rs create mode 100644 bindings/rust/wrapper.h -- 2.31.1.272.g89b43f80a514

2 years, 7 months

5
25
0 0

[PATCH 0/2] virtio: Add vhost-user-gpio device's support

by Viresh Kumar

Hello, This patchset adds vhost-user-gpio device's support in Qemu. The support for the same has already been added to virtio specification and Linux Kernel. A Rust based backend is also in progress and is tested against this patchset: https://github.com/rust-vmm/vhost-device/pull/76 -- Viresh Viresh Kumar (2): hw/virtio: add boilerplate for vhost-user-gpio device hw/virtio: add vhost-user-gpio-pci boilerplate hw/virtio/Kconfig | 5 + hw/virtio/meson.build | 2 + hw/virtio/vhost-user-gpio-pci.c | 69 ++++++ hw/virtio/vhost-user-gpio.c | 343 ++++++++++++++++++++++++++++ include/hw/virtio/vhost-user-gpio.h | 35 +++ 5 files changed, 454 insertions(+) create mode 100644 hw/virtio/vhost-user-gpio-pci.c create mode 100644 hw/virtio/vhost-user-gpio.c create mode 100644 include/hw/virtio/vhost-user-gpio.h -- 2.31.1.272.g89b43f80a514

2 years, 8 months

3
18
0 0

2024

2023

2022

2021

2020

Stratos-dev April 2022