devices: Add fw_cfg device #7117
Conversation
|
Here is how I tested the fw_cfg device. These are the same steps as the direct kernel boot instructions in the README for the chv repo. The only difference is that we must enable CONFIG_FW_CFG_SYSFS in the cloud hypervisor linux kernel. Here is how to build and run the vm with fw_cfg device. Now log into the vm with: |
|
@AlexOrozco1256 Please can you rebase to get rid of the merge commit? |
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
from
2196905 to
56caeef
Compare
Done. |
rbradford
left a comment
rbradford
left a comment
There was a problem hiding this comment.
I'm happy to go ahead with this (with those logging nits fixed) - i've mainly focused my review time on the generic changes.
Thank you so much for your patience!
Let's also think about the route to making this non-feature flag so that we can use it for booting a (less modified) edk2.
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
from
56caeef to
eae2db8
Compare
Thanks for the review! I will look into edk2 to see what else besides fw_cfg is missing. |
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
from
eae2db8 to
e94054b
Compare
likebreath
left a comment
likebreath
left a comment
There was a problem hiding this comment.
Thank you for the good work. Besides comments below, couple other thoughts:
- Please extend our GH workflows (mostly quality.yaml and build.yaml) to cover the
fw_cfgfeature flag; - Please add a documentation to explain what it does and how to use it;
Also, looks like adding CONFIG_FW_CFG_SYSFS to the guest kernel config is the only missing bit to add an integration test on fw_cfg, as what you described here.
If that's the case, It'd be great to have that integration test added, and I can help with adding the missing kernel config to reference kernel being used by our CI. (This is not required, since we don't require integration test for features behind feature flags).
| #[cfg(target_arch = "x86_64")] | ||
| let mut mem_regions = vec![ | ||
| (GuestAddress(0), EBDA_START.0 as usize, RegionType::Ram), | ||
| ( | ||
| MEM_32BIT_DEVICES_START, | ||
| MEM_32BIT_DEVICES_SIZE as usize, | ||
| RegionType::Reserved, | ||
| ), | ||
| ( | ||
| PCI_MMCONFIG_START, | ||
| PCI_MMCONFIG_SIZE as usize, | ||
| RegionType::Reserved, | ||
| ), | ||
| (STAGE0_START_ADDRESS, STAGE0_SIZE, RegionType::Reserved), | ||
| ]; | ||
| #[cfg(target_arch = "aarch64")] | ||
| let mut mem_regions = arch::aarch64::arch_memory_regions(); | ||
| if mem_size < MEM_32BIT_DEVICES_START.0 as usize { | ||
| mem_regions.push(( | ||
| HIGH_RAM_START, | ||
| mem_size - HIGH_RAM_START.0 as usize, | ||
| RegionType::Ram, | ||
| )); | ||
| } else { | ||
| mem_regions.push(( | ||
| HIGH_RAM_START, | ||
| MEM_32BIT_RESERVED_START.0 as usize - HIGH_RAM_START.0 as usize, | ||
| RegionType::Ram, | ||
| )); | ||
| mem_regions.push(( | ||
| RAM_64BIT_START, | ||
| mem_size - (MEM_32BIT_DEVICES_START.0 as usize), | ||
| RegionType::Ram, | ||
| )); | ||
| } |
There was a problem hiding this comment.
We also calculate the e820 maps from couple of other places, say from configure_pvh and configure_32bit_entry on x86 (not sure what's done on aarch64). I wonder if it would be beneficial to refactor related code so that they can be reused?
@rbradford You know this area much better than me.
There was a problem hiding this comment.
Good point but might be tricky as there are lots of very similar but subtly different formats for conveying the same information about e.g. the memory holes.
rbradford
dismissed
their stale review
@likebreath found some good gaps in my review.
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
5 times, most recently
from
c7a4b63 to
263743f
Compare
I added an integration test that does exactly what my comment here was doing. I use direct kernel boot to boot a vm and verify that the item I added to the fw_cfg device is accessible from within the guest and has the correct contents. I would just need help from @likebreath to enable the CONFIG_FW_CFG_SYSFS option in the reference kernel. |
Of course. I will try to get to it tomorrow. Thanks for the quick turn-around. |
This enables integration test of the `fw_cfg` device [1]. [1] cloud-hypervisor/cloud-hypervisor#7117 Signed-off-by: Bo Chen <[email protected]>
This enables integration test of the `fw_cfg` device [1]. [1] cloud-hypervisor/cloud-hypervisor#7117 Signed-off-by: Bo Chen <[email protected]>
@AlexOrozco1256 Okay. New kernel release was out, plus changes to consume it #7137. I also pushed few commits to kick-off the added fw_cfg tests here. Let's rebase and squash the couple commits into the integration test commit later. FWIW, I ran the test locally on a aarch64 machine, and found the test failed. I looked into the guest and found the "/sys/firmware/qemu_fw_cfg/by_name/opt/org.test/fw_cfg_test_item/raw" is missing while "/sys/firmware/qemu_fw_cfg/". I believe the arm64 worker will fail for the same reason. PTAL. Thanks. |
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
3 times, most recently
from
6069a50 to
393271b
Compare
likebreath
left a comment
likebreath
left a comment
There was a problem hiding this comment.
Some comments below around CLI, which should all be relatively easy to resolve.
I believe we are very close to land this large PR, once #7226 is landed (and you can rebase). Thanks again for the persistency.
| .map(|p| p.kernel.as_ref().map(File::open)) | ||
| .unwrap_or_default() | ||
| .transpose() | ||
| .map_err(Error::MissingFwCfgKernelFile)?; |
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
from
665eb4e to
8fde3f6
Compare
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
3 times, most recently
from
232cbcc to
2156cfe
Compare
|
last force push:
|
likebreath
left a comment
likebreath
left a comment
There was a problem hiding this comment.
LGTM. Only two minor comments added. Can you please rebase? I think we are ready to merge.
I was hoping to get the new "linux-loader" release, but that's alright to not include that.
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
from
2156cfe to
2bb6ad1
Compare
I can fix this in a follow-up PR. Thanks for the review! I really appreciate it |
Here we add the fw_cfg device as a legacy device to the device manager. It is guarded behind a fw_cfg flag in vmm at creation of the DeviceManager. In this cl we implement the fw_cfg device with one function (signature). Signed-off-by: Alex Orozco <[email protected]>
The kernel and initramfs are passed to the fw_cfg device as file references. The cmdline is passed directly. Signed-off-by: Alex Orozco <[email protected]>
We build the memory map in the fw_cfg device based on the memory size. Signed-off-by: Alex Orozco <[email protected]>
The acpi tables are created in the same place the acpi tables would be created for the regular bootflow, except here we add them to the fw_cfg device to be measured by the fw and then the fw will put the acpi tables into memory. Signed-off-by: Alex Orozco <[email protected]>
We pass a reference to the guest memory when we create the device in DeviceManager. This allows us to access the guest memory for DMA. Signed-off-by: Alex Orozco <[email protected]>
This allows the fw_cfg device to be recognized by the guest linux kernel. This becomes more relavnt in the following cl where I add the option to load files into the guest via fw_cfg. The Linux kernel already has a fw_cfg driver that will automatically load these files under /sys when CONFIG_FW_CFG_SYSFS is enabled in the kernel config For arm we must add fw_cfg to the devices tree Signed-off-by: Alex Orozco <[email protected]>
This allows us to enable/disable the fw_cfg device via the cli We can also now upload files into the guest vm using fw_cfg_items via the cli Signed-off-by: Alex Orozco <[email protected]>
This test verifies that we can see custom items added to the fw_cfg device from inside the guest Signed-off-by: Alex Orozco <[email protected]>
AlexOrozco1256
force-pushed
the
pr-fw_cfg
branch
from
2bb6ad1 to
7bea7a3
Compare
|
last push I:
|
likebreath
left a comment
likebreath
left a comment
There was a problem hiding this comment.
Thanks again for the good work and persistency. We are now ready to land it. :)
5d478c5
4 participants
We are working with the project Oak team to enable running Oak Containers on cloud hypervisor. These containers are SEV-SNP enlightened and can be used alongside with the rest of the oak suite for attestation and measurement of the cvm.
Here is the functionality we are adding to CHV.
Additional design/implementation details can be found here: https://tinyurl.com/chv-kvm-sev-snp
See: #6653