diff --git a/Cargo.lock b/Cargo.lock index 543fb3316..410e82f71 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 4 +version = 3 [[package]] name = "addr2line" @@ -28,9 +28,9 @@ dependencies = [ [[package]] name = "allocator-api2" -version = "0.2.20" +version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45862d1c77f2228b9e10bc609d5bc203d86ebc9b87ad8d5d5167a6c9abf739d9" +checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" [[package]] name = "android-tzdata" @@ -59,9 +59,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.93" +version = "1.0.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c95c10ba0b00a02636238b814946408b1322d5ac4760326e6fb8ec956d85775" +checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487" [[package]] name = "arch" @@ -82,9 +82,9 @@ version = "0.1.0" [[package]] name = "async-trait" -version = "0.1.83" +version = "0.1.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd" +checksum = "e539d3fca749fcee5236ab05e93a52867dd549cc157c8cb7f99595f3cedffdb5" dependencies = [ "proc-macro2", "quote", @@ -145,16 +145,36 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" dependencies = [ "annotate-snippets", - "bitflags 2.6.0", + "bitflags 2.9.0", "cexpr", "clang-sys", - "itertools", + "itertools 0.12.1", "lazy_static", "lazycell", "proc-macro2", "quote", "regex", - "rustc-hash", + "rustc-hash 1.1.0", + "shlex", + "syn", +] + +[[package]] +name = "bindgen" +version = "0.71.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3" +dependencies = [ + "bitflags 2.9.0", + "cexpr", + "clang-sys", + "itertools 0.13.0", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash 2.1.1", "shlex", "syn", ] @@ -173,15 +193,15 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.6.0" +version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" +checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd" [[package]] name = "bumpalo" -version = "3.16.0" +version = "3.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" +checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf" [[package]] name = "byteorder" @@ -191,22 +211,20 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bzip2" -version = "0.5.0" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bafdbf26611df8c14810e268ddceda071c297570a5fb360ceddf617fe417ef58" +checksum = "49ecfb22d906f800d4fe833b6282cf4dc1c298f5057ca0b5445e5c209735ca47" dependencies = [ "bzip2-sys", - "libc", ] [[package]] name = "bzip2-sys" -version = "0.1.11+1.0.8" +version = "0.1.13+1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "736a955f3fa7875102d57c82b8cac37ec45224a07fd32d58f9f7a186b6cd4cdc" +checksum = "225bff33b2141874fe80d71e07d6eec4f85c5c216453dd96388240f96e1acc14" dependencies = [ "cc", - "libc", "pkg-config", ] @@ -222,9 +240,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.1" +version = "1.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd9de9f2205d5ef3fd67e685b0df337994ddd4495e2a28d185500d0e1edfea47" +checksum = "8e3a13707ac958681c13b39b458c073d0d9bc8a22cb1b2f4c8e55eb72c13f362" dependencies = [ "jobserver", "libc", @@ -264,16 +282,16 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" [[package]] name = "chrono" -version = "0.4.38" +version = "0.4.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" +checksum = "1a7964611d71df112cb1730f2ee67324fcf4d0fc6606acbbe9bfe06df124637c" dependencies = [ "android-tzdata", "iana-time-zone", "js-sys", "num-traits", "wasm-bindgen", - "windows-targets 0.52.6", + "windows-link", ] [[package]] @@ -337,18 +355,18 @@ dependencies = [ [[package]] name = "crossbeam-channel" -version = "0.5.13" +version = "0.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2" +checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2" dependencies = [ "crossbeam-utils", ] [[package]] name = "crossbeam-utils" -version = "0.8.20" +version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "curl" @@ -367,9 +385,9 @@ dependencies = [ [[package]] name = "curl-sys" -version = "0.4.78+curl-8.11.0" +version = "0.4.80+curl-8.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8eec768341c5c7789611ae51cf6c459099f22e64a5d5d0ce4892434e33821eaf" +checksum = "55f7df2eac63200c3ab25bde3b2268ef2ee56af3d238e76d61f01c3c49bff734" dependencies = [ "cc", "libc", @@ -434,9 +452,9 @@ dependencies = [ [[package]] name = "either" -version = "1.13.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" [[package]] name = "env_logger" @@ -453,15 +471,15 @@ dependencies = [ [[package]] name = "equivalent" -version = "1.0.1" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" [[package]] name = "flate2" -version = "1.0.35" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c936bfdafb507ebbf50b8074c54fa31c5be9a1e7e5f467dd659697041407d07c" +checksum = "7ced92e76e966ca2fd84c8f7aa01a4aea65b0eb6648d72f7c8f3e2764a67fece" dependencies = [ "crc32fast", "miniz_oxide", @@ -469,9 +487,9 @@ dependencies = [ [[package]] name = "foldhash" -version = "0.1.3" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f81ec6369c545a7d40e4589b5597581fa1c441fe1cce96dd1de43159910a36a2" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" [[package]] name = "foreign-types" @@ -585,7 +603,19 @@ checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", - "wasi", + "wasi 0.11.0+wasi-snapshot-preview1", +] + +[[package]] +name = "getrandom" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasi 0.14.2+wasi-0.2.4", ] [[package]] @@ -596,15 +626,15 @@ checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" [[package]] name = "glob" -version = "0.3.1" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" +checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "hashbrown" -version = "0.15.1" +version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a9bfc1af68b1726ea47d3d5109de126281def866b33970e10fbab11b5dafab3" +checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289" dependencies = [ "allocator-api2", "equivalent", @@ -634,9 +664,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "humantime" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +checksum = "9b112acc8b3adf4b107a8ec20977da0273a8c386765a3ec0229bd500a1443f9f" [[package]] name = "hvf" @@ -651,14 +681,15 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.61" +version = "0.1.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220" +checksum = "b0c919e5debc312ad217002b8048a17b7d83f80703865bbfcfebb0458b0b27d8" dependencies = [ "android_system_properties", "core-foundation-sys", "iana-time-zone-haiku", "js-sys", + "log", "wasm-bindgen", "windows-core", ] @@ -695,9 +726,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.6.0" +version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da" +checksum = "cea70ddb795996207ad57735b50c5982d8844f38ba9ee5f1aedcfb708a2aa11e" dependencies = [ "equivalent", "hashbrown", @@ -718,27 +749,38 @@ dependencies = [ "either", ] +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + [[package]] name = "itoa" -version = "1.0.11" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" +checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" [[package]] name = "jobserver" -version = "0.1.32" +version = "0.1.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" +checksum = "38f262f097c174adebe41eb73d66ae9c06b2844fb0da69969647bbddd9b0538a" dependencies = [ + "getrandom 0.3.2", "libc", ] [[package]] name = "js-sys" -version = "0.3.72" +version = "0.3.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a88f1bda2bd75b0452a14784937d796722fdebfe50df998aeb3f0b7603019a9" +checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f" dependencies = [ + "once_cell", "wasm-bindgen", ] @@ -750,7 +792,7 @@ checksum = "21350cefefc9715198c3c5319a5eb23ce4cc89b4b567599fb88f0d4a011c1d2d" dependencies = [ "serde", "serde_json", - "sev", + "sev 4.0.0", ] [[package]] @@ -776,7 +818,7 @@ version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "083c460d5a272c2f22205973e319147b791d92a288d7d7a8d4c6194f95229440" dependencies = [ - "bitflags 2.6.0", + "bitflags 2.9.0", "kvm-bindings", "libc", "vmm-sys-util", @@ -796,9 +838,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.164" +version = "0.2.172" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "433bfe06b8c75da9b2e3fbea6e5329ff87748f0b144ef75306e674c3f6f7c13f" +checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" [[package]] name = "libkrun" @@ -816,14 +858,15 @@ dependencies = [ "once_cell", "polly", "utils", + "vm-memory", "vmm", ] [[package]] name = "libloading" -version = "0.8.5" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" +checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" dependencies = [ "cfg-if", "windows-targets 0.52.6", @@ -835,7 +878,7 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" dependencies = [ - "bitflags 2.6.0", + "bitflags 2.9.0", "libc", ] @@ -845,7 +888,7 @@ version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "65f3a4b81b2a2d8c7f300643676202debd1b7c929dbf5c9bb89402ea11d19810" dependencies = [ - "bitflags 2.6.0", + "bitflags 2.9.0", "cc", "convert_case", "cookie-factory", @@ -862,16 +905,16 @@ version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf0d9716420364790e85cbb9d3ac2c950bde16a7dd36f3209b7dfdfc4a24d01f" dependencies = [ - "bindgen", + "bindgen 0.69.5", "cc", "system-deps", ] [[package]] name = "libz-sys" -version = "1.1.20" +version = "1.1.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2d16453e800a8cf6dd2fc3eb4bc99b786a9b90c663b8559a5b1a041bf89e472" +checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d" dependencies = [ "cc", "libc", @@ -890,15 +933,15 @@ dependencies = [ [[package]] name = "log" -version = "0.4.22" +version = "0.4.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" +checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "lru" -version = "0.12.5" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38" +checksum = "9f8cc7106155f10bdf99a6f379688f543ad6596a415375b36a59a054ceda1198" dependencies = [ "hashbrown", ] @@ -935,9 +978,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.8.0" +version = "0.8.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1" +checksum = "3be647b768db090acb35d5ec5db2b0e1f1de11133ca123b9eacf5137868f892a" dependencies = [ "adler2", ] @@ -973,7 +1016,7 @@ version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" dependencies = [ - "bitflags 2.6.0", + "bitflags 2.9.0", "cfg-if", "libc", ] @@ -984,7 +1027,7 @@ version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" dependencies = [ - "bitflags 2.6.0", + "bitflags 2.9.0", "cfg-if", "cfg_aliases", "libc", @@ -1011,26 +1054,26 @@ dependencies = [ [[package]] name = "object" -version = "0.36.5" +version = "0.36.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e" +checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" dependencies = [ "memchr", ] [[package]] name = "once_cell" -version = "1.20.2" +version = "1.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" +checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" [[package]] name = "openssl" -version = "0.10.68" +version = "0.10.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5" +checksum = "fedfea7d58a1f73118430a55da6a286e7b044961736ce96a16a17068ea25e5da" dependencies = [ - "bitflags 2.6.0", + "bitflags 2.9.0", "cfg-if", "foreign-types", "libc", @@ -1052,15 +1095,15 @@ dependencies = [ [[package]] name = "openssl-probe" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" [[package]] name = "openssl-sys" -version = "0.9.104" +version = "0.9.107" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741" +checksum = "8288979acd84749c744a9014b4382d42b8f7b2592847b5afb2ed29e5d16ede07" dependencies = [ "cc", "libc", @@ -1086,9 +1129,9 @@ dependencies = [ [[package]] name = "pin-project-lite" -version = "0.2.15" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff" +checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" [[package]] name = "pin-utils" @@ -1103,7 +1146,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08e645ba5c45109106d56610b3ee60eb13a6f2beb8b74f8dc8186cf261788dda" dependencies = [ "anyhow", - "bitflags 2.6.0", + "bitflags 2.9.0", "libc", "libspa", "libspa-sys", @@ -1119,16 +1162,16 @@ version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "849e188f90b1dda88fe2bfe1ad31fe5f158af2c98f80fb5d13726c44f3f01112" dependencies = [ - "bindgen", + "bindgen 0.69.5", "libspa-sys", "system-deps", ] [[package]] name = "pkg-config" -version = "0.3.31" +version = "0.3.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" [[package]] name = "polly" @@ -1140,18 +1183,28 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.20" +version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" dependencies = [ - "zerocopy 0.7.35", + "zerocopy 0.8.24", +] + +[[package]] +name = "prettyplease" +version = "0.2.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "664ec5419c51e34154eec046ebcba56312d5a2fc3b09a06da188e1ad21afadf6" +dependencies = [ + "proc-macro2", + "syn", ] [[package]] name = "proc-macro2" -version = "1.0.89" +version = "1.0.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" dependencies = [ "unicode-ident", ] @@ -1173,13 +1226,19 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.37" +version = "1.0.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" dependencies = [ "proc-macro2", ] +[[package]] +name = "r-efi" +version = "5.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" + [[package]] name = "rand" version = "0.8.5" @@ -1207,9 +1266,15 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom", + "getrandom 0.2.15", ] +[[package]] +name = "rangemap" +version = "1.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f60fcc7d6849342eff22c4350c8b9a989ee8ceabc4b481253e8946b9fe83d684" + [[package]] name = "rdrand" version = "0.8.3" @@ -1225,7 +1290,7 @@ version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43" dependencies = [ - "getrandom", + "getrandom 0.2.15", "libredox", "thiserror", ] @@ -1261,9 +1326,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" [[package]] name = "remain" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46aef80f842736de545ada6ec65b81ee91504efd6853f4b96de7414c42ae7443" +checksum = "d7ef12e84481ab4006cb942f8682bba28ece7270743e649442027c5db87df126" dependencies = [ "proc-macro2", "quote", @@ -1282,6 +1347,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + [[package]] name = "rustc_version" version = "0.4.1" @@ -1291,6 +1362,12 @@ dependencies = [ "semver", ] +[[package]] +name = "rustversion" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2" + [[package]] name = "rutabaga_gfx" version = "0.1.2" @@ -1309,30 +1386,30 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.18" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" +checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" [[package]] name = "schannel" -version = "0.1.26" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01227be5826fa0690321a2ba6c5cd57a19cf3f6a09e76973b58e61de6ab9d1c1" +checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" dependencies = [ "windows-sys 0.59.0", ] [[package]] name = "semver" -version = "1.0.23" +version = "1.0.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" +checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" [[package]] name = "serde" -version = "1.0.215" +version = "1.0.219" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" dependencies = [ "serde_derive", ] @@ -1348,18 +1425,18 @@ dependencies = [ [[package]] name = "serde_bytes" -version = "0.11.15" +version = "0.11.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "387cc504cb06bb40a96c8e04e951fe01854cf6bc921053c954e4a606d9675c6a" +checksum = "8437fd221bde2d4ca316d61b90e337e9e702b3820b87d63caa9ba6c02bd06d96" dependencies = [ "serde", ] [[package]] name = "serde_derive" -version = "1.0.215" +version = "1.0.219" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" dependencies = [ "proc-macro2", "quote", @@ -1368,9 +1445,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.133" +version = "1.0.140" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377" +checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373" dependencies = [ "itoa", "memchr", @@ -1413,6 +1490,32 @@ dependencies = [ "uuid", ] +[[package]] +name = "sev" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20ac277517d8fffdf3c41096323ed705b3a7c75e397129c072fb448339839d0f" +dependencies = [ + "base64", + "bincode", + "bitfield", + "bitflags 1.3.2", + "byteorder", + "codicon", + "dirs", + "hex", + "iocuddle", + "lazy_static", + "libc", + "openssl", + "rdrand", + "serde", + "serde-big-array", + "serde_bytes", + "static_assertions", + "uuid", +] + [[package]] name = "shlex" version = "1.3.0" @@ -1430,9 +1533,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.13.2" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" +checksum = "8917285742e9f3e1683f0a9c4e6b57960b7314d0b08d30d1ecd426713ee2eee9" [[package]] name = "smbios" @@ -1443,9 +1546,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.5.7" +version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" +checksum = "4f5fd57c80058a56cf5c777ab8a126398ece8e442983605d280a44ce79d0edef" dependencies = [ "libc", "windows-sys 0.52.0", @@ -1459,9 +1562,9 @@ checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" [[package]] name = "syn" -version = "2.0.87" +version = "2.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d" +checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0" dependencies = [ "proc-macro2", "quote", @@ -1518,9 +1621,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.41.1" +version = "1.44.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cfb5bee7a6a52939ca9224d6ac897bb669134078daa8735560897f69de4d33" +checksum = "e6b88822cbe49de4185e3a4cbf8321dd487cf5fe0c5c65695fef6346371e9c48" dependencies = [ "backtrace", "pin-project-lite", @@ -1528,9 +1631,9 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.19" +version = "0.8.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e" +checksum = "cd87a5cdd6ffab733b2f74bc4fd7ee5fff6634124999ac278c35fc78c6120148" dependencies = [ "serde", "serde_spanned", @@ -1549,9 +1652,9 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.22.22" +version = "0.22.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5" +checksum = "17b4795ff5edd201c7cd6dca065ae59972ce77d1b80fa0a84d94950ece7d1474" dependencies = [ "indexmap", "serde", @@ -1562,9 +1665,9 @@ dependencies = [ [[package]] name = "tracing" -version = "0.1.40" +version = "0.1.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" +checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" dependencies = [ "pin-project-lite", "tracing-attributes", @@ -1573,9 +1676,9 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.27" +version = "0.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" +checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" dependencies = [ "proc-macro2", "quote", @@ -1584,18 +1687,18 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.32" +version = "0.1.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" +checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c" dependencies = [ "once_cell", ] [[package]] name = "unicode-ident" -version = "1.0.13" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" +checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" [[package]] name = "unicode-segmentation" @@ -1622,9 +1725,9 @@ dependencies = [ [[package]] name = "uuid" -version = "1.11.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a" +checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9" dependencies = [ "serde", ] @@ -1643,9 +1746,12 @@ checksum = "852e951cb7832cb45cb1169900d19760cfa39b82bc0ea9c0e5a14ae88411c98b" [[package]] name = "virtio-bindings" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1711e61c00f8cb450bd15368152a1e37a12ef195008ddc7d0f4812f9e2b30a68" +checksum = "cd2fe65550801ac106389d41f34cb1b32c4f7aaedf1b6cda1da3a211880de7f6" +dependencies = [ + "bindgen 0.71.1", +] [[package]] name = "vm-fdt" @@ -1688,10 +1794,11 @@ dependencies = [ "nix 0.24.3", "polly", "procfs", + "rangemap", "rdrand", "serde", "serde_json", - "sev", + "sev 6.0.0", "utils", "vm-memory", "vmm-sys-util", @@ -1714,26 +1821,35 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wasi" +version = "0.14.2+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +dependencies = [ + "wit-bindgen-rt", +] + [[package]] name = "wasm-bindgen" -version = "0.2.95" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e" +checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5" dependencies = [ "cfg-if", "once_cell", + "rustversion", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.95" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358" +checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" dependencies = [ "bumpalo", "log", - "once_cell", "proc-macro2", "quote", "syn", @@ -1742,9 +1858,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.95" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56" +checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1752,9 +1868,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.95" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68" +checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" dependencies = [ "proc-macro2", "quote", @@ -1765,9 +1881,12 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.95" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d" +checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d" +dependencies = [ + "unicode-ident", +] [[package]] name = "winapi" @@ -1802,11 +1921,61 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows-core" -version = "0.52.0" +version = "0.61.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" +checksum = "4763c1de310c86d75a878046489e2e5ba02c649d185f21c67d4cf8a56d098980" dependencies = [ - "windows-targets 0.52.6", + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.59.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-link" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38" + +[[package]] +name = "windows-result" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c64fd11a4fd95df68efcfee5f44a294fe71b8bc6a91993e2791938abcc712252" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-strings" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a2ba9642430ee452d5a7aa78d72907ebe8cfda358e8cb7918a2050581322f97" +dependencies = [ + "windows-link", ] [[package]] @@ -1959,13 +2128,22 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "0.6.20" +version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36c1fec1a2bb5866f07c25f68c26e565c4c200aebb96d7e55710c19d3e8ac49b" +checksum = "63d3fcd9bba44b03821e7d699eeee959f3126dcc4aa8e4ae18ec617c2a5cea10" dependencies = [ "memchr", ] +[[package]] +name = "wit-bindgen-rt" +version = "0.39.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" +dependencies = [ + "bitflags 2.9.0", +] + [[package]] name = "yansi-term" version = "0.1.2" @@ -1987,12 +2165,11 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.35" +version = "0.8.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +checksum = "2586fea28e186957ef732a5f8b3be2da217d65c5969d4b1e17f973ebbe876879" dependencies = [ - "byteorder", - "zerocopy-derive 0.7.35", + "zerocopy-derive 0.8.24", ] [[package]] @@ -2008,9 +2185,9 @@ dependencies = [ [[package]] name = "zerocopy-derive" -version = "0.7.35" +version = "0.8.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +checksum = "a996a8f63c5c4448cd959ac1bab0aaa3306ccfd060472f85943ee0750f0169be" dependencies = [ "proc-macro2", "quote", @@ -2019,27 +2196,27 @@ dependencies = [ [[package]] name = "zstd" -version = "0.13.2" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcf2b778a664581e31e389454a7072dab1647606d44f7feea22cd5abb9c9f3f9" +checksum = "e91ee311a569c327171651566e07972200e76fcfe2242a4fa446149a3881c08a" dependencies = [ "zstd-safe", ] [[package]] name = "zstd-safe" -version = "7.2.1" +version = "7.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54a3ab4db68cea366acc5c897c7b4d4d1b8994a9cd6e6f841f8964566a419059" +checksum = "8f49c4d5f0abb602a93fb8736af2a4f4dd9512e36f7f570d66e65ff867ed3b9d" dependencies = [ "zstd-sys", ] [[package]] name = "zstd-sys" -version = "2.0.13+zstd.1.5.6" +version = "2.0.15+zstd.1.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38ff0f21cfee8f97d94cef41359e0c89aa6113028ab0291aa8ca0038995a95aa" +checksum = "eb81183ddd97d0c74cedf1d50d85c8d08c1b8b68ee863bdee9e706eedba1a237" dependencies = [ "cc", "pkg-config", diff --git a/src/libkrun/Cargo.toml b/src/libkrun/Cargo.toml index 90f74c7a6..8ee3494bf 100644 --- a/src/libkrun/Cargo.toml +++ b/src/libkrun/Cargo.toml @@ -34,6 +34,7 @@ hvf = { path = "../hvf" } [target.'cfg(target_os = "linux")'.dependencies] kvm-bindings = { version = ">=0.11", features = ["fam-wrappers"] } kvm-ioctls = ">=0.21" +vm-memory = ">=0.13" [lib] name = "krun" diff --git a/src/libkrun/src/lib.rs b/src/libkrun/src/lib.rs index caf374622..8131fee8c 100644 --- a/src/libkrun/src/lib.rs +++ b/src/libkrun/src/lib.rs @@ -5,6 +5,8 @@ use std::collections::hash_map::Entry; use std::collections::HashMap; use std::convert::TryInto; use std::env; +#[cfg(feature = "tee")] +use std::ffi::c_void; use std::ffi::CStr; #[cfg(target_os = "linux")] use std::ffi::CString; @@ -20,7 +22,7 @@ use std::sync::atomic::{AtomicI32, Ordering}; use std::sync::LazyLock; use std::sync::Mutex; -#[cfg(target_os = "macos")] +#[cfg(any(target_os = "macos", feature = "tee"))] use crossbeam_channel::unbounded; #[cfg(feature = "blk")] use devices::virtio::block::ImageType; @@ -54,6 +56,17 @@ use vmm::vmm_config::machine_config::VmConfig; use vmm::vmm_config::net::NetworkInterfaceConfig; use vmm::vmm_config::vsock::VsockDeviceConfig; +#[cfg(feature = "tee")] +use kvm_bindings::{kvm_memory_attributes, KVM_MEMORY_ATTRIBUTE_PRIVATE}; + +#[cfg(feature = "tee")] +use vm_memory::{guest_memory::GuestMemory, GuestAddress, GuestMemoryRegion, MemoryRegionAddress}; + +#[cfg(feature = "tee")] +use libc::{ + fallocate, madvise, EFD_SEMAPHORE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_PUNCH_HOLE, MADV_DONTNEED, +}; + // Value returned on success. We use libc's errors otherwise. const KRUN_SUCCESS: i32 = 0; // Maximum number of arguments/environment variables we allow @@ -1486,6 +1499,11 @@ pub extern "C" fn krun_start_enter(ctx_id: u32) -> i32 { #[cfg(target_arch = "x86_64")] let (irq_sender, irq_receiver) = crossbeam_channel::unbounded(); + #[cfg(feature = "tee")] + let (pm_sender, pm_receiver) = unbounded(); + #[cfg(feature = "tee")] + let pm_efd = + EventFd::new(EFD_SEMAPHORE).expect("unable to create TEE memory properties eventfd"); let _vmm = match vmm::builder::build_microvm( &ctx_cfg.vmr, @@ -1495,6 +1513,13 @@ pub extern "C" fn krun_start_enter(ctx_id: u32) -> i32 { sender, #[cfg(target_arch = "x86_64")] irq_sender, + #[cfg(feature = "tee")] + ( + pm_sender, + pm_efd + .try_clone() + .expect("unable to clone TEE memory properties eventfd"), + ), ) { Ok(vmm) => vmm, Err(e) => { @@ -1503,7 +1528,7 @@ pub extern "C" fn krun_start_enter(ctx_id: u32) -> i32 { } }; - #[cfg(target_os = "macos")] + #[cfg(any(target_os = "macos", feature = "tee"))] let mapper_vmm = _vmm.clone(); #[cfg(target_arch = "x86_64")] @@ -1577,6 +1602,93 @@ pub extern "C" fn krun_start_enter(ctx_id: u32) -> i32 { .unwrap(); } + #[cfg(feature = "tee")] + let guest_mem = _vmm.lock().unwrap().guest_memory().clone(); + + #[cfg(feature = "tee")] + std::thread::Builder::new() + .name("TEE memory properties worker".into()) + .spawn(move || loop { + match pm_receiver.recv() { + Err(e) => error!("Error in pm receiver: {:?}", e), + Ok(m) => { + let (guest_memfd, region_start) = mapper_vmm + .lock() + .unwrap() + .kvm_vm() + .guest_memfd_get(m.gpa) + .unwrap_or_else(|| panic!("unable to find KVM guest_memfd for memory region corresponding to GPA 0x{:x}", m.gpa)); + + let attributes: u64 = if m.private { + KVM_MEMORY_ATTRIBUTE_PRIVATE as u64 + } else { + 0 + }; + + let attr = kvm_memory_attributes { + address: m.gpa, + size: m.size, + attributes, + flags: 0, + }; + + mapper_vmm + .lock() + .unwrap() + .kvm_vm() + .fd() + .set_memory_attributes(attr) + .unwrap_or_else(|_| panic!("unable to set memory attributes for memory region corresponding to guest address 0x{:x}", m.gpa)); + + let region = guest_mem.find_region(GuestAddress(m.gpa)); + if region.is_none() { + error!("guest memory region corresponding to GPA 0x{:x} not found", m.gpa); + pm_efd.write(1).unwrap(); + continue; + } + + let offset = m.gpa - region_start; + + if m.private { + let region_addr = MemoryRegionAddress(offset); + + let host_startaddr = region + .unwrap() + .get_host_address(region_addr) + .expect("host address corresponding to memory region address 0x{:x} not found"); + + let ret = unsafe { + madvise( + host_startaddr as *mut c_void, + m.size.try_into().unwrap(), + MADV_DONTNEED, + ) + }; + + if ret < 0 { + error!("unable to advise kernel that memory region corresponding to GPA 0x{:x} will likely not be needed (madvise)", m.gpa); + } + } else { + let ret = unsafe { + fallocate( + guest_memfd, + FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, + offset as i64, + m.size as i64, + ) + }; + + if ret < 0 { + error!("unable to allocate space in guest_memfd for shared memory (fallocate)"); + } + } + + pm_efd.write(1).unwrap(); + } + } + }) + .unwrap(); + loop { match event_manager.run() { Ok(_) => {} diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml index 3e0a4444f..0a0122c83 100644 --- a/src/vmm/Cargo.toml +++ b/src/vmm/Cargo.toml @@ -21,6 +21,7 @@ libc = ">=0.2.39" linux-loader = { version = "0.13.0", features = ["bzimage", "elf", "pe"] } log = "0.4.0" vm-memory = { version = ">=0.13", features = ["backend-mmap"] } +rangemap = "1.5.1" arch = { path = "../arch" } devices = { path = "../devices" } @@ -35,7 +36,7 @@ procfs = { version = "0.12", optional = true } rdrand = { version = "^0.8", optional = true } serde = { version = "1.0.125", optional = true } serde_json = { version = "1.0.64", optional = true } -sev = { version = "4.0.0", features = ["openssl"], optional = true } +sev = { version = "6.0.0", features = ["openssl"], optional = true } curl = { version = "0.4", optional = true } nix = "0.24.1" diff --git a/src/vmm/src/builder.rs b/src/vmm/src/builder.rs index 67a1511dd..190675f8f 100644 --- a/src/vmm/src/builder.rs +++ b/src/vmm/src/builder.rs @@ -4,7 +4,11 @@ //! Enables pre-boot setup, instantiation and booting of a Firecracker VMM. #[cfg(target_os = "macos")] -use crossbeam_channel::{unbounded, Sender}; +use crossbeam_channel::unbounded; + +#[cfg(any(target_os = "macos", feature = "tee"))] +use crossbeam_channel::Sender; + use kernel::cmdline::Cmdline; #[cfg(target_os = "macos")] use std::collections::HashMap; @@ -21,6 +25,8 @@ use super::{Error, Vmm}; #[cfg(target_arch = "x86_64")] use crate::device_manager::legacy::PortIODeviceManager; use crate::device_manager::mmio::MMIODeviceManager; +#[cfg(feature = "tee")] +use crate::linux::vstate::MemoryProperties; use crate::resources::VmResources; use crate::vmm_config::external_kernel::{ExternalKernel, KernelFormat}; #[cfg(all(target_os = "linux", target_arch = "aarch64"))] @@ -513,6 +519,7 @@ pub fn build_microvm( devices::legacy::IrqWorkerMessage, EventFd, )>, + #[cfg(feature = "tee")] pm_sender: (Sender, EventFd), ) -> std::result::Result>, StartMicrovmError> { let payload = choose_payload(vm_resources)?; @@ -688,6 +695,8 @@ pub fn build_microvm( payload_config.entry_addr, &pio_device_manager.io_bus, &exit_evt, + #[cfg(feature = "tee")] + pm_sender, ) .map_err(StartMicrovmError::Internal)?; } @@ -861,7 +870,7 @@ pub fn build_microvm( .map_err(VstateError::KvmCpuId) .map_err(StartMicrovmError::SecureVirtAttest)?; vmm.kvm_vm() - .snp_secure_virt_attest( + .snp_secure_virt_measure( cpuid, vmm.guest_memory(), measured_regions, @@ -1448,6 +1457,7 @@ fn create_vcpus_x86_64( entry_addr: GuestAddress, io_bus: &devices::Bus, exit_evt: &EventFd, + #[cfg(feature = "tee")] pm_sender: (Sender, EventFd), ) -> super::Result> { let mut vcpus = Vec::with_capacity(vcpu_config.vcpu_count as usize); for cpu_index in 0..vcpu_config.vcpu_count { @@ -1458,6 +1468,8 @@ fn create_vcpus_x86_64( vm.supported_msrs().clone(), io_bus.clone(), exit_evt.try_clone().map_err(Error::EventFd)?, + #[cfg(feature = "tee")] + (pm_sender.0.clone(), pm_sender.1.try_clone().unwrap()), ) .map_err(Error::Vcpu)?; diff --git a/src/vmm/src/linux/tee/amdsnp.rs b/src/vmm/src/linux/tee/amdsnp.rs index c338e22f6..81b84e95b 100644 --- a/src/vmm/src/linux/tee/amdsnp.rs +++ b/src/vmm/src/linux/tee/amdsnp.rs @@ -6,8 +6,11 @@ use std::{ use crate::vstate::MeasuredRegion; use arch::x86_64::layout::*; -use sev::firmware::{guest::GuestPolicy, host::Firmware}; -use sev::launch::snp::*; +use sev::{ + error::FirmwareError, + firmware::{guest::GuestPolicy, host::Firmware}, + launch::snp::*, +}; use kvm_bindings::{kvm_enc_region, CpuId, KVM_CPUID_FLAG_SIGNIFCANT_INDEX}; use kvm_ioctls::VmFd; @@ -19,12 +22,12 @@ use vm_memory::{ pub enum Error { CpuIdWrite, CpuIdFull, - CreateLauncher(std::io::Error), + CreateLauncher(FirmwareError), GuestMemoryWrite(vm_memory::GuestMemoryError), GuestMemoryRead(vm_memory::GuestMemoryError), - LaunchStart(std::io::Error), - LaunchUpdate(std::io::Error), - LaunchFinish(std::io::Error), + LaunchStart(FirmwareError), + LaunchUpdate(FirmwareError), + LaunchFinish(FirmwareError), MemoryEncryptRegion, OpenFirmware(std::io::Error), } @@ -105,9 +108,9 @@ impl AmdSnp { } let mut policy = GuestPolicy(0); - policy.set_smt_allowed(1); + policy.set_smt_allowed(true); - let start = Start::new(None, policy, false, [0; 16]); + let start = Start::new(policy, [0; 16]); let launcher = launcher.start(start).map_err(Error::LaunchStart)?; @@ -281,7 +284,6 @@ impl AmdSnp { launcher: &mut Launcher, page_type: PageType, ) -> Result<(), Error> { - let dp = VmplPerms::empty(); let ga = GuestAddress(region.guest_addr); /* @@ -296,15 +298,11 @@ impl AmdSnp { let ptr = bytes.ptr_guard().as_ptr(); let slice: &[u8] = unsafe { slice::from_raw_parts(ptr, region.size) }; - let update = Update::new( - region.guest_addr >> 12, - slice, - false, - page_type, - (dp, dp, dp), - ); + let update = Update::new(region.guest_addr >> 12, slice, page_type); - launcher.update_data(update).map_err(Error::LaunchUpdate) + launcher + .update_data(update, region.guest_addr, region.size as u64) + .map_err(Error::LaunchUpdate) } pub fn vm_measure( diff --git a/src/vmm/src/linux/vstate.rs b/src/vmm/src/linux/vstate.rs index 29ef7df59..6deae875e 100644 --- a/src/vmm/src/linux/vstate.rs +++ b/src/vmm/src/linux/vstate.rs @@ -11,7 +11,6 @@ use std::cell::Cell; use std::fmt::{Display, Formatter}; use std::io; -#[cfg(feature = "tee")] use std::os::unix::io::RawFd; use std::result; @@ -41,16 +40,23 @@ use kvm_bindings::{ KVM_MAX_CPUID_ENTRIES, }; use kvm_bindings::{ - kvm_userspace_memory_region, KVM_API_VERSION, KVM_SYSTEM_EVENT_RESET, KVM_SYSTEM_EVENT_SHUTDOWN, + kvm_create_guest_memfd, kvm_memory_attributes, kvm_userspace_memory_region, + kvm_userspace_memory_region2, KVM_API_VERSION, KVM_MEMORY_ATTRIBUTE_PRIVATE, + KVM_MEM_GUEST_MEMFD, KVM_SYSTEM_EVENT_RESET, KVM_SYSTEM_EVENT_SHUTDOWN, }; -use kvm_ioctls::*; +#[cfg(feature = "tee")] +use kvm_bindings::{kvm_enable_cap, KVM_CAP_EXIT_HYPERCALL, KVM_MEMORY_EXIT_FLAG_PRIVATE}; +use kvm_ioctls::{Cap::*, *}; use utils::eventfd::EventFd; use utils::signal::{register_signal_handler, sigrtmin, Killable}; use utils::sm::StateMachine; use vm_memory::{ Address, GuestAddress, GuestMemory, GuestMemoryError, GuestMemoryMmap, GuestMemoryRegion, + GuestRegionMmap, }; +use rangemap::RangeMap; + #[cfg(feature = "amd-sev")] use sev::launch::snp; @@ -63,6 +69,8 @@ pub enum Error { #[cfg(target_arch = "x86_64")] /// A call to cpuid instruction failed. CpuId(cpuid::Error), + /// Unable to create a KVM guest_memfd. + CreateGuestMemfd(kvm_ioctls::Error), #[cfg(target_arch = "x86_64")] /// Error configuring the floating point related registers FPUConfiguration(arch::x86_64::regs::Error), @@ -73,6 +81,9 @@ pub enum Error { GuestMSRs(arch::x86_64::msr::Error), /// Hyperthreading flag is not initialized. HTNotInitialized, + /// Unable to enable KVM hypercall exits. + #[cfg(feature = "tee")] + HypercallExitEnable(kvm_ioctls::Error), /// Cannot configure the IRQ. Irq(kvm_ioctls::Error), /// The host kernel reports an invalid KVM API version. @@ -99,6 +110,8 @@ pub enum Error { #[cfg(target_arch = "x86_64")] /// Error configuring the general purpose registers REGSConfiguration(arch::x86_64::regs::Error), + /// Cannot set memory region attributes. + SetMemoryAttributes(kvm_ioctls::Error), /// Cannot set the memory regions. SetUserMemoryRegion(kvm_ioctls::Error), /// Error creating memory map for SHM region. @@ -197,6 +210,9 @@ pub enum Error { VcpuTlsNotPresent, /// Unexpected KVM_RUN exit reason VcpuUnhandledKvmExit, + /// Unsupported KVM_EXIT_HYPERCALL. + #[cfg(feature = "tee")] + VcpuUnsupportedHypercall, /// Cannot open the VM file descriptor. VmFd(kvm_ioctls::Error), #[cfg(target_arch = "x86_64")] @@ -228,10 +244,13 @@ impl Display for Error { match self { #[cfg(target_arch = "x86_64")] CpuId(e) => write!(f, "Cpuid error: {e:?}"), + CreateGuestMemfd(e) => write!(f, "Unable to create KVM guest_memfd: {e:?}"), GuestMemoryMmap(e) => write!(f, "Guest memory error: {e:?}"), #[cfg(target_arch = "x86_64")] GuestMSRs(e) => write!(f, "Retrieving supported guest MSRs fails: {e:?}"), HTNotInitialized => write!(f, "Hyperthreading flag is not initialized"), + #[cfg(feature = "tee")] + HypercallExitEnable(e) => write!(f, "Unable to enable KVM hypercall exits: {e}"), KvmApiVersion(v) => { write!(f, "The host kernel reports an invalid KVM API version: {v}") } @@ -252,6 +271,7 @@ impl Display for Error { f, "Cannot set the local interruption due to bad configuration: {e:?}" ), + SetMemoryAttributes(e) => write!(f, "Cannot set memory region attributes: {e}"), SetUserMemoryRegion(e) => write!(f, "Cannot set the memory regions: {e}"), ShmMmap(e) => write!(f, "Error creating memory map for SHM region: {e}"), #[cfg(feature = "tee")] @@ -333,6 +353,8 @@ impl Display for Error { VcpuTlsInit => write!(f, "Cannot clean init vcpu TLS"), VcpuTlsNotPresent => write!(f, "Vcpu not present in TLS"), VcpuUnhandledKvmExit => write!(f, "Unexpected KVM_RUN exit reason"), + #[cfg(feature = "tee")] + VcpuUnsupportedHypercall => write!(f, "Unsupported KVM_EXIT_HYPERCALL"), #[cfg(target_arch = "x86_64")] VmGetPit2(e) => write!(f, "Failed to get KVM vm pit state: {e}"), #[cfg(target_arch = "x86_64")] @@ -378,7 +400,6 @@ pub struct KvmContext { impl KvmContext { pub fn new() -> Result { - use kvm_ioctls::Cap::*; let kvm = Kvm::new().expect("Error creating the Kvm object"); // Check that KVM has the correct version. @@ -433,6 +454,8 @@ pub struct Vm { #[cfg(feature = "amd-sev")] pub tee_config: Tee, + + pub guest_memfds: RangeMap, } impl Vm { @@ -457,13 +480,16 @@ impl Vm { supported_cpuid, #[cfg(target_arch = "x86_64")] supported_msrs, + guest_memfds: RangeMap::new(), }) } #[cfg(feature = "amd-sev")] pub fn new(kvm: &Kvm, tee_config: &TeeConfig) -> Result { //create fd for interacting with kvm-vm specific functions - let vm_fd = kvm.create_vm().map_err(Error::VmFd)?; + let vm_fd = kvm + .create_vm_with_type(4 /* KVM_X86_SNP_VM */) + .map_err(Error::VmFd)?; let supported_cpuid = kvm .get_supported_cpuid(KVM_MAX_CPUID_ENTRIES) @@ -472,6 +498,15 @@ impl Vm { let supported_msrs = arch::x86_64::msr::supported_guest_msrs(kvm).map_err(Error::GuestMSRs)?; + let cap = kvm_enable_cap { + cap: KVM_CAP_EXIT_HYPERCALL, + flags: 0, + args: [1 << 12 /* KVM_HC_MAP_GPA_RANGE */, 0, 0, 0], + ..Default::default() + }; + + vm_fd.enable_cap(&cap).map_err(Error::HypercallExitEnable)?; + let tee = match tee_config.tee { Tee::Snp => Some(AmdSnp::new().map_err(Error::SnpSecVirtInit)?), _ => return Err(Error::InvalidTee), @@ -484,6 +519,7 @@ impl Vm { supported_msrs, tee, tee_config: tee_config.tee, + guest_memfds: RangeMap::new(), }) } @@ -508,17 +544,42 @@ impl Vm { if guest_mem.num_regions() > kvm_max_memslots { return Err(Error::NotEnoughMemorySlots); } + for region in guest_mem.iter() { - // It's safe to unwrap because the guest address is valid. - let host_addr = guest_mem.get_host_address(region.start_addr()).unwrap(); - debug!("Guest memory starts at {:x?}", host_addr); + self.memory_region_set(guest_mem, region)?; + } + + #[cfg(target_arch = "x86_64")] + self.fd + .set_tss_address(arch::x86_64::layout::KVM_TSS_ADDRESS as usize) + .map_err(Error::VmSetup)?; + + Ok(()) + } + + pub fn guest_memfd_get(&self, gpa: u64) -> Option<(RawFd, u64)> { + self.guest_memfds.get(&gpa).copied() + } + + #[allow(unused_mut)] + fn memory_region_set( + &mut self, + guest_mem: &GuestMemoryMmap, + region: &GuestRegionMmap, + ) -> Result<()> { + let host_addr = guest_mem.get_host_address(region.start_addr()).unwrap(); + let start = region.start_addr().raw_value(); + let end = start + region.len(); + + if !self.fd.check_extension(GuestMemfd) { let memory_region = kvm_userspace_memory_region { slot: self.next_mem_slot, - guest_phys_addr: region.start_addr().raw_value(), + guest_phys_addr: start, memory_size: region.len(), userspace_addr: host_addr as u64, flags: 0, }; + // Safe because we mapped the memory region, we made sure that the regions // are not overlapping. unsafe { @@ -526,13 +587,52 @@ impl Vm { .set_user_memory_region(memory_region) .map_err(Error::SetUserMemoryRegion)?; }; - self.next_mem_slot += 1; + } else { + // Create a guest_memfd and set the region. + let guest_memfd = self + .fd + .create_guest_memfd(kvm_create_guest_memfd { + size: region.size() as u64, + flags: 0, + reserved: [0; 6], + }) + .map_err(Error::CreateGuestMemfd)?; + + let memory_region = kvm_userspace_memory_region2 { + slot: self.next_mem_slot, + flags: KVM_MEM_GUEST_MEMFD, + guest_phys_addr: start, + memory_size: region.len(), + userspace_addr: host_addr as u64, + guest_memfd_offset: 0, + guest_memfd: guest_memfd as u32, + pad1: 0, + pad2: [0; 14], + }; + + // Safe because we mapped the memory region, we made sure that the regions + // are not overlapping. + unsafe { + self.fd + .set_user_memory_region2(memory_region) + .map_err(Error::SetUserMemoryRegion)?; + }; + + let attr = kvm_memory_attributes { + address: start, + size: region.len(), + attributes: KVM_MEMORY_ATTRIBUTE_PRIVATE as u64, + flags: 0, + }; + + self.fd + .set_memory_attributes(attr) + .map_err(Error::SetMemoryAttributes)?; + + self.guest_memfds.insert(start..end, (guest_memfd, start)); } - #[cfg(target_arch = "x86_64")] - self.fd - .set_tss_address(arch::x86_64::layout::KVM_TSS_ADDRESS as usize) - .map_err(Error::VmSetup)?; + self.next_mem_slot += 1; Ok(()) } @@ -551,7 +651,7 @@ impl Vm { } #[cfg(feature = "amd-sev")] - pub fn snp_secure_virt_attest( + pub fn snp_secure_virt_measure( &self, cpuid: CpuId, guest_mem: &GuestMemoryMmap, @@ -646,6 +746,13 @@ pub struct VmState { ioapic: kvm_irqchip, } +#[cfg(feature = "tee")] +pub struct MemoryProperties { + pub gpa: u64, + pub size: u64, + pub private: bool, +} + /// Encapsulates configuration parameters for the guest vCPUS. #[derive(Debug, Eq, PartialEq)] pub struct VcpuConfig { @@ -687,6 +794,9 @@ pub struct Vcpu { response_receiver: Option>, // The transmitting end of the responses channel owned by the vcpu side. response_sender: Sender, + + #[cfg(feature = "tee")] + pm_sender: (Sender, EventFd), } impl Vcpu { @@ -790,6 +900,7 @@ impl Vcpu { msr_list: MsrList, io_bus: devices::Bus, exit_evt: EventFd, + #[cfg(feature = "tee")] pm_sender: (Sender, EventFd), ) -> Result { let kvm_vcpu = vm_fd.create_vcpu(id as u64).map_err(Error::VcpuFd)?; let (event_sender, event_receiver) = unbounded(); @@ -808,6 +919,8 @@ impl Vcpu { event_sender: Some(event_sender), response_receiver: Some(response_receiver), response_sender, + #[cfg(feature = "tee")] + pm_sender, }) } @@ -1093,6 +1206,26 @@ impl Vcpu { fn run_emulation(&mut self) -> Result { match self.fd.run() { Ok(run) => match run { + #[cfg(feature = "tee")] + VcpuExit::Hypercall(hypercall) => { + if hypercall.nr != 12 + /* KVM_HC_MAP_GPA_RANGE */ + { + return Err(Error::VcpuUnsupportedHypercall); + } + + let gpa = hypercall.args[0]; + let size = hypercall.args[1] * 0x1000; /* TARGET_PAGE_SIZE */ + let attributes = hypercall.args[2]; + + let private = !matches!(attributes, 0); + + let mem_properties = MemoryProperties { gpa, size, private }; + + self.pm_sender.0.send(mem_properties).unwrap(); + let _ = self.pm_sender.1.read().unwrap(); + Ok(VcpuEmulation::Handled) + } #[cfg(target_arch = "x86_64")] VcpuExit::IoIn(addr, data) => { self.io_bus.read(0, u64::from(addr), data); @@ -1103,6 +1236,17 @@ impl Vcpu { self.io_bus.write(0, u64::from(addr), data); Ok(VcpuEmulation::Handled) } + #[cfg(feature = "tee")] + VcpuExit::MemoryFault { gpa, size, flags } => { + let private = (flags & (KVM_MEMORY_EXIT_FLAG_PRIVATE as u64)) != 0; + + let mem_properties = MemoryProperties { gpa, size, private }; + + self.pm_sender.0.send(mem_properties).unwrap(); + let _ = self.pm_sender.1.read().unwrap(); + + Ok(VcpuEmulation::Handled) + } VcpuExit::MmioRead(addr, data) => { if let Some(ref mmio_bus) = self.mmio_bus { mmio_bus.read(0, addr, data);