alioth: add

Author: astro

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Major Changes in microvm.nix
 
+## Unreleased
+
+* Add the [alioth VMM](https://github.com/google/alioth)
+
 ## 0.5.0 (2024-04-06)
 
 * **tap interfaces** are now **multi-queue** when running with more

README.md

@@ -55,6 +55,7 @@ imperatively with the provided `microvm` command.
 | [crosvm](https://chromium.googlesource.com/chromiumos/platform/crosvm/) | Rust     | 9p shares broken                         |
 | [kvmtool](https://github.com/kvmtool/kvmtool)                           | C        | no virtiofs shares, no control socket    |
 | [stratovirt](https://github.com/openeuler-mirror/stratovirt)            | Rust     | no 9p/virtiofs shares, no control socket |
+| [alioth](https://github.com/google/alioth)                              | Rust     | no virtiofs shares, no control socket    |
 
 
 ## Installation

checks/default.nix

@@ -47,6 +47,11 @@ let
       modules = [ {
         microvm.hypervisor = "kvmtool";
       } ];
+    } {
+      id = "alioth";
+      modules = [ {
+        microvm.hypervisor = "alioth";
+      } ];
     } ]
     # ro-store
     [ {

checks/startup-shutdown.nix

@@ -33,6 +33,7 @@ let
                 cloud-hypervisor = "poweroff";
                 crosvm = "reboot";
                 kvmtool = "reboot";
+                alioth = "poweroff";
               }.${config.microvm.hypervisor};
             in ''
               ${pkgs.coreutils}/bin/uname > /output/kernel-name

flake.lock

@@ -8,14 +8,18 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    fenix = {
+      url = "github:nix-community/fenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     flake-utils.url = "github:numtide/flake-utils";
     spectrum = {
       url = "git+https://spectrum-os.org/git/spectrum";
       flake = false;
     };
   };
 
-  outputs = { self, nixpkgs, flake-utils, spectrum }:
+  outputs = { self, nixpkgs, fenix, flake-utils, spectrum }:
     let
       systems = [
         "x86_64-linux"
@@ -91,7 +95,10 @@
 
         packages =
           let
-            pkgs = nixpkgs.legacyPackages.${system};
+            pkgs = import nixpkgs {
+              overlays = [ self.overlay ];
+            };
+            rustNightly = fenix.packages.${system}.minimal.toolchain;
           in {
             build-microvm = pkgs.callPackage ./pkgs/build-microvm.nix { inherit self; };
             doc = pkgs.callPackage ./pkgs/doc.nix { inherit nixpkgs; };
@@ -108,13 +115,20 @@
                 crosvm-example
                 kvmtool-example
                 stratovirt-example
+                alioth-example
                 virtiofsd
               ];
               pathsToLink = [ "/" ];
               extraOutputsToInstall = [ "dev" ];
               ignoreCollisions = true;
             };
             waypipe = overrideWaypipe pkgs;
+            alioth = pkgs.callPackage ./pkgs/alioth.nix {
+              rustPlatform = pkgs.makeRustPlatform {
+                cargo = rustNightly;
+                rustc = rustNightly;
+              };
+            };
           } //
           # wrap self.nixosConfigurations in executable packages
           builtins.foldl' (result: systemName:
@@ -145,7 +159,18 @@
         overlay = final: prev: {
           cloud-hypervisor-graphics = prev.callPackage (spectrum + "/pkgs/cloud-hypervisor") {};
           waypipe = overrideWaypipe prev;
+          alioth =
+            let
+              rustNightly = fenix.packages.${final.system}.minimal.toolchain;
+            in
+              prev.callPackage ./pkgs/alioth.nix {
+                rustPlatform = final.makeRustPlatform {
+                  cargo = rustNightly;
+                  rustc = rustNightly;
+                };
+              };
         };
+        overlays.default = self.overlay;
 
         nixosModules = {
           microvm = import ./nixos-modules/microvm;
@@ -179,6 +204,7 @@
                     networking.hostName = "${hypervisor}-microvm";
                     services.getty.autologinUser = "root";
 
+                    nixpkgs.overlays = [ self.overlay ];
                     microvm.hypervisor = hypervisor;
                     # share the host's /nix/store if the hypervisor can do 9p
                     microvm.shares = lib.optional (builtins.elem hypervisor hypervisorsWith9p) {

flake.nix

@@ -7,6 +7,7 @@ rec {
     "crosvm"
     "kvmtool"
     "stratovirt"
+    "alioth"
   ];
 
   hypervisorsWithNetwork = hypervisors;

lib/default.nix

@@ -0,0 +1,62 @@
+{ pkgs
+, microvmConfig
+, macvtapFds
+}:
+
+let
+  inherit (pkgs) lib;
+  inherit (microvmConfig)
+    user
+    vcpu mem interfaces volumes shares devices vsock
+    kernel initrdPath
+    storeDisk storeOnDisk;
+in {
+  command =
+    if user != null
+    then throw "alioth will not change user"
+    else builtins.concatStringsSep " " (
+      [
+        "${pkgs.alioth}/bin/alioth" "run"
+        "--mem-size" "${toString mem}M"
+        "--num-cpu" (toString vcpu)
+        "-k" (lib.escapeShellArg "${kernel}/${pkgs.stdenv.hostPlatform.linux-kernel.target}")
+        "-i" initrdPath
+        "-c" (lib.escapeShellArg "console=ttyS0 reboot=k panic=1 ${toString microvmConfig.kernelParams}")
+        "--entropy"
+      ]
+      ++
+      lib.optionals storeOnDisk [
+        "--blk" (lib.escapeShellArg "path=${storeDisk},readonly=true")
+      ]
+      ++
+      builtins.concatMap ({ image, ... }:
+        [ "--blk" (lib.escapeShellArg image) ]
+      ) volumes
+      ++
+      builtins.concatMap ({ proto, socket, tag, ... }:
+        if proto == "virtiofs"
+        then [
+          "--fs" (lib.escapeShellArg "vu,socket=${socket},tag=${tag}")
+        ] else throw "9p shares not implemented for alioth"
+      ) shares
+      ++
+      builtins.concatMap ({ type, id, mac, ... }:
+        if type == "tap"
+        then [
+          "--net" (lib.escapeShellArg "if_name=${id},mac=${mac},queue_pairs=${toString vcpu}")
+        ]
+        else throw "interface type ${type} is not supported by alioth"
+      ) interfaces
+      ++
+      map ({ ... }:
+        throw "PCI/USB passthrough is not supported on alioth"
+      ) devices
+      ++
+      lib.optionals (vsock.cid != null) [
+        "--vsock" "vhost,cid=${toString vsock.cid}"
+      ]
+    );
+
+  # TODO:
+  canShutdown = false;
+}

lib/runners/alioth.nix

@@ -0,0 +1,75 @@
+From 553d05d8364e2bbba807279b4d30949d0764b444 Mon Sep 17 00:00:00 2001
+From: Astro <[email protected]>
+Date: Tue, 9 Jul 2024 12:44:17 +0200
+Subject: [PATCH] feat(blk): allow configuring readonly block devices
+
+---
+ alioth-cli/src/main.rs       |  2 +-
+ alioth/src/virtio/dev/blk.rs | 11 +++++++++--
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/alioth-cli/src/main.rs b/alioth-cli/src/main.rs
+index 74aa578..3858afb 100644
+--- a/alioth-cli/src/main.rs
++++ b/alioth-cli/src/main.rs
+@@ -253,7 +253,7 @@ fn main_run(args: RunArgs) -> Result<(), Error> {
+             .context(error::CreateDevice)?;
+     }
+     for (index, blk) in args.blk.into_iter().enumerate() {
+-        let param = BlockParam { path: blk.into() };
++        let param: BlockParam = serde_aco::from_arg(&blk).context(error::ParseArg { arg: blk })?;
+         vm.add_virtio_dev(format!("virtio-blk-{index}"), param)
+             .context(error::CreateDevice)?;
+     }
+diff --git a/alioth/src/virtio/dev/blk.rs b/alioth/src/virtio/dev/blk.rs
+index 29fc6ce..3127e24 100644
+--- a/alioth/src/virtio/dev/blk.rs
++++ b/alioth/src/virtio/dev/blk.rs
+@@ -21,6 +21,7 @@ use std::sync::Arc;
+ use bitflags::bitflags;
+ use mio::event::Event;
+ use mio::Registry;
++use serde::Deserialize;
+ use zerocopy::{AsBytes, FromBytes, FromZeroes};
+ 
+ use crate::mem::mapped::RamBus;
+@@ -122,8 +123,10 @@ pub struct BlockConfig {
+ }
+ impl_mmio_for_zerocopy!(BlockConfig);
+ 
++#[derive(Debug, Clone, Deserialize)]
+ pub struct BlockParam {
+     pub path: PathBuf,
++    pub readonly: bool,
+ }
+ 
+ impl DevParam for BlockParam {
+@@ -144,7 +147,7 @@ pub struct Block {
+ 
+ impl Block {
+     pub fn new(param: BlockParam, name: Arc<String>) -> Result<Self> {
+-        let disk = OpenOptions::new().read(true).write(true).open(param.path)?;
++        let disk = OpenOptions::new().read(true).write(!param.readonly).open(param.path)?;
+         let len = disk.metadata()?.len();
+         let config = BlockConfig {
+             capacity: len / SECTOR_SIZE as u64,
+@@ -152,11 +155,15 @@ impl Block {
+             ..Default::default()
+         };
+         let config = Arc::new(config);
++        let mut feature = BlockFeature::FLUSH;
++        if param.readonly {
++            feature |= BlockFeature::RO;
++        }
+         Ok(Block {
+             name,
+             disk,
+             config,
+-            feature: BlockFeature::FLUSH,
++            feature,
+         })
+     }
+ 
+-- 
+2.44.1
+

pkgs/alioth-blk-ro.patch

@@ -0,0 +1,33 @@
+# TODO: upstream to nixpkgs once it no longer requires rust nightly
+{ lib, fetchFromGitHub, rustPlatform }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "alioth";
+  version = "0.3.0";
+
+  src = fetchFromGitHub {
+    owner = "google";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-brlbLjlpOYz+Qzn2IG9y6ty+yF6MohG5IhI+BHu6LuA=";
+  };
+
+  patches = [
+    ./alioth-blk-ro.patch
+  ];
+
+  cargoHash = "sha256-jRyRy1aKLk92bUvw4Q4lE8q7bnTDgJ7pWCMIW4nBo1A=";
+  separateDebugInfo = true;
+
+  # TODO: Broken
+  doCheck = false;
+
+  meta = with lib; {
+    homepage = "https://github.com/google/alioth";
+    description = "Experimental Type-2 Hypervisor in Rust implemented from scratch";
+    license = licenses.asl20;
+    mainProgram = "alioth";
+    maintainers = with maintainers; [ astro ];
+    platforms = [ "aarch64-linux" "x86_64-linux" ];
+  };
+}