containers
/
libkrunfw
mirror of https://github.com/containers/libkrunfw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: containers:v4.4.1
Branches Tags
containers:main
containers:amdsev
containers:linux-5.10
containers:v4.10.0
containers:v4.9.0
containers:v4.7.1
containers:v4.7.0
containers:v4.5.1
containers:v4.4.2
containers:v4.4.1
containers:v4.3.0
containers:v4.2.0
containers:v4.0.0
containers:v3.12.0
containers:v3.11.0
containers:v3.10.0
containers:v3.9.0
containers:v3.8.1
containers:v3.8.0
containers:v3.7.0
containers:v3.6.3
containers:v3.6.0
containers:v3.3.0
containers:v3.2.0
containers:v3.1.0
containers:v3.0.0
containers:v2.2.0
containers:v2.1.2
containers:v2.1.1
containers:v2.1.0
containers:v2.0.0
containers:v0.8
containers:v0.7
containers:v0.6
containers:v0.5
containers:v0.4
containers:v0.3
containers:v0.2
containers:v0.1
...
compare: containers:main
Branches Tags
containers:main
containers:amdsev
containers:linux-5.10
containers:v4.10.0
containers:v4.9.0
containers:v4.7.1
containers:v4.7.0
containers:v4.5.1
containers:v4.4.2
containers:v4.4.1
containers:v4.3.0
containers:v4.2.0
containers:v4.0.0
containers:v3.12.0
containers:v3.11.0
containers:v3.10.0
containers:v3.9.0
containers:v3.8.1
containers:v3.8.0
containers:v3.7.0
containers:v3.6.3
containers:v3.6.0
containers:v3.3.0
containers:v3.2.0
containers:v3.1.0
containers:v3.0.0
containers:v2.2.0
containers:v2.1.2
containers:v2.1.1
containers:v2.1.0
containers:v2.0.0
containers:v0.8
containers:v0.7
containers:v0.6
containers:v0.5
containers:v0.4
containers:v0.3
containers:v0.2
containers:v0.1

49 Commits
v4.4.1 ... main

Author SHA1 Message Date
Xeonacid 79d9ff95eb Add riscv64 support 
Co-authored-by: Sergio Lopez <slp@redhat.com>
Signed-off-by: Xeonacid <h.dwwwwww@gmail.com>
 2025-06-30 13:41:55 +01:00
Sergio Lopez 3d07dc3482 Rebase on a v6.12.34 kernel 
Rebase on the latest stable kernel. No changes were needed in the
downstream patches.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2025-06-26 21:17:17 -04:00
Sergio Lopez e2bbc35b0e x86_64: enable VIRTIO_GPU 
Enable VIRTIO_GPU to support GPU acceleration on x86_64 hosts too.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2025-06-25 22:20:21 -04:00
Jake Correnti a70c65d97e Add TDX support 
Adds support for a TDX flavor. Additionally adjusts the qboot binary
locations such that SEV has a different binary than TDX.

Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
 2025-06-12 11:44:57 +01:00
Sergio Lopez cb36155605 Rebase on a 6.12.20 kernel 
Once again, only minor changes were required in
0008-virtio-vsock-support-dgrams.patch. I can't wait for DGRAM
support to get upstreamed.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2025-03-24 17:02:59 +01:00
Jan Noha 07e3309aaf Add krunvm debian environment for macOS build 
Signed-off-by: Jan Noha <nohajc@gmail.com>
 2025-03-20 13:27:23 +01:00
Sergio Lopez 488eb81b94 Rebase on a 6.12.12 kernel 
Only minor changes were required in 0008-virtio-vsock-support-dgrams.patch

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2025-02-11 12:43:04 +01:00
Stefano Brivio 034cbbf53b utils: Add kernel_size_time.sh to measure size and boot time 
This is what I've been using to measure size and execution times for
a test command (based on muvm) for the previous patches. It's made to
be used in a rebase script, for example:

  x ./utils/kernel_size_time.sh
  pick 12181bf config-libkrunfw_x86_64: Disable processor quirks and features we don't need
  x ./utils/kernel_size_time.sh
  pick 5c5badc config-libkrunfw_x86_64: Drop power management features and cpufreq
  x ./utils/kernel_size_time.sh

it's a bit bigger than what I wanted because of the time -p trick:
nowadays most distributions don't ship /usr/bin/time (at least by
default), but many shells skip support for the POSIX compatibility
mode (-p, which simplifies calculations) in their 'time' built-in,
so, if we need it, we need to re-execute under Bash (assuming it's
not the default non-interactive shell).

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 512234620a config-libkrunfw_x86_64: Disable process autogrouping feature 
Our users don't configure it anyway.

This saves 1632 bytes (26374048 -> 26372416) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 33a72344da config-libkrunfw_x86_64: Enable BASE_SMALL 
In typical libkrunfw usage, a small, nimble kernel is probably more
important than oversized lookup tables and suchlike.

This saves 80 bytes (26374128 -> 26374048) in the uncompressed kernel
image, which is not significant. However, memory savings might be
substantial depending on the usage.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 3fc6dd800f config-libkrunfw_x86_64: Drop support for ISA-style DMA 
This saves 760 bytes (26374888 -> 26374128) in the uncompressed kernel
image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 2327c81703 config-libkrunfw_x86_64: Drop support for relayfs 
We don't support WiFi adapters and debugfs either.

This saves 2216 bytes (26377104 -> 26374888) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 963a2771d7 config-libkrunfw_x86_64: Drop support for isolcpus command line option 
It doesn't make a lot of sense for virtual CPUs, I suppose.

This saves 1104 bytes (26378208 - 26377104) in the uncompressed kernel
image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio bdc6e3c251 config-libkrunfw_x86_64: No need for interrupt mitigation with VirtIO devices 
This saves 888 bytes (26379096 -> 26378208) in the uncompressed kernel
image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio a0ecd272ec config-libkrunfw_x86_64: Drop support for devices we're unlikely to ever see 
...such as DMA engines, x86 platform devices (laptop stuff), Microsoft
Surface platforms, clock subsystem. Disable staging drivers (we don't
have any selected).

This saves 32848 bytes (26411944 -> 26379096) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio f2925562d9 config-libkrunfw_x86_64: Drop support for hardware serial adapters 
virtio-serial does all that for us.

This saves 36480 bytes (26448424 -> 26411944) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 57d68b4194 config-libkrunfw_x86_64: Drop support for force-feedback joystick devices 
The host would be in charge of them anyway, we would only see
abstracted input devices I guess.

This saves 944 bytes (26449368 -> 26448424) in the uncompressed kernel
image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio b31a4ab84f config-libkrunfw_x86_64: No firmware loading for us 
VirtIO devices don't need any firmware to work.

This saves 7192 bytes (26456560 -> 26449368) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 123090b696 config-libkrunfw_x86_64: Disable unused or unusable network features 
We don't need:

- SYN cookies: we'll never switch them on with TSI or passt
- TCP MD5 signatures: same here
- ethtool support: of little use with virtio-net, no use with TSI
- XFRM (IPsec), I doubt typical users would set up IPsec endpoints
- TCP advanced congestion features: we only have CUBIC enabled anyway
- netlabel: CIPSO, CALIPSO and friends are pretty much obsolete

This saves 128208 bytes (26584768 -> 26456560) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio b085fa0f89 config-libkrunfw_x86_64: Drop swap and unused memory features 
...such as ZONE_DMA, and low-level statistics and counters that don't
really tell us anything in a guest anyway.

This saves 32968 bytes (26617736 -> 26584768) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio d8283baff1 config-libkrunfw_x86_64: Disable block throttling and autoload features 
I doubt a guest would ever need them.

This saves:

- 7896 bytes (26625632 -> 26617736) in the uncompressed kernel image

- 5 ms (230 -> 225, average of 1000 runs) for:
     muvm --mem=64 --vram=0 -c 0,1 -- true

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 63c4d29cd2 config-libkrunfw_x86_64: Drop 32-bit emulation features 
x32 won't work anyway, and I doubt that any post-modern application
outside x32 would use any of these.

This saves 80280 bytes (26705912 -> 26625632) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 8043cecb92 config-libkrunfw_x86_64: Drop power management features and cpufreq 
The host takes care of that for us.

Keep CPU_IDLE, CPU_IDLE_GOV_HALTPOLL, and HALTPOLL_CPUIDLE, as they
might be used when pinning vCPUs.

This saves 2189032 bytes (28894944 -> 26705912) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio d28d2632b7 config-libkrunfw_x86_64: Disable processor quirks and features we don't need 
We typically don't need access to local APIC modes via MSRs in a
guest. MTRRs are not relevant either.

Disable all processor and memory features and quirks we'll never need
in a virtual machine.

This saves 76904 bytes (28971848 -> 28894944) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio c909f27330 config-libkrunfw_x86_64: Drop PCSPKR_PLATFORM 
Even if we had a PC speaker, we couldn't access it anyway.

This saves 176 bytes (28972024 -> 28971848) in the uncompressed kernel
image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio a5094ce163 config-libkrunfw_x86_64: Disable kernel and process stack debugging features 
These might be useful for libkrun and libkrunfw development, but not
really for typical users, and single options can be easily enabled as
needed during development anyway.

This saves:

- 166976 bytes (29139000 -> 28972024) in the uncompressed kernel image

- 11 ms (241 -> 230, average of 1000 runs) for:
     muvm --mem=64 --vram=0 -c 0,1 -- true

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 0ad58f60dc config-libkrunfw_x86_64: Pick UNWINDER_GUESS, decrease log buffer size 
UNWINDER_GUESS should be good enough for any typical usage (unrelated
to kernel debugging), and 16 KiB of kernel logs is also more than
enough.

This saves 291624 bytes (29430624 -> 29139000) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Stefano Brivio 62444be1ed config-libkrunfw_x86_64: Drop POSIX_MQUEUE 
I doubt any modern containerised application would ever use mqueue,
it's just for legacy Solaris applications nowadays, and applications
in a container couldn't access it anyway.

This saves 3280 bytes (29433904 -> 29430624) in the uncompressed
kernel image.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-02-11 12:42:48 +01:00
Sergio Lopez 9e05e3a78d sev: add "acpi=off" to the bundled command line 
We don't need ACPI and it breaks SNP, since it attempts to find the ACPI
tables in unaccepted pages.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2025-01-27 13:35:07 -05:00
Stefano Brivio 140f1b4285 utils/krunfw_measurement: dlopen() and dlsym() don't set errno 
...we need to use dlerror() instead.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
 2025-01-27 16:48:24 +01:00
Sergio Lopez 6ab59eb70f Add MatiasVara to CODEOWNERS 
Signed-off-by: Sergio Lopez <slp@redhat.com>
 2025-01-20 20:03:08 +01:00
Sergio Lopez 1c9e041c72 Add a patch to fix building under GCC 15 
GCC 15 defaults to gnu23, breaking some parts of the kernel which
doesn't receive the "-std=gnu11" flag.

Add a patch to explicitly pass that flag to arch/x86/boot/compressed
until upstream makes up their mind on how to fix this.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2025-01-20 20:02:57 +01:00
Sasha Finkelstein 03fe3f1954 patches: Add virtgpu map fixes. 
This forces host mmaps to be aligned to maximum platform page size,
and allows partial maps of gem objects. Both are needed for
pipewire passthrough

Signed-off-by: Sasha Finkelstein <fnkl.kernel@gmail.com>
 2025-01-17 12:45:22 +01:00
Sergio Lopez 00a3b306ca Rebase on a 6.12.3 kernel 
Rebase on a 6.12.3 kernel, jumping to the next LTS series. Only a
surprisingly small amount of changes needed in the patches, mostly in
the DGRAM and TSI sets. A new qboot binary was also needed with a very
small change to account for the new SEV kernel entry point (tested under
SEV-ES on Naples).

We also dropped "0009-tests-add-vsock-dgram-tests.patch" to reduce the
maintenance burden (was useless anyway).

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2025-01-17 12:23:40 +01:00
Sergio Lopez 563389b460 Rebase on a v6.6.63 kernel 
This is an almost clean rebase with only a minor change required in
(non-sev) patch number 5.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-12-02 12:05:51 -05:00
Sergio Lopez 2e089d0d81 Bump version to 4.5.1 
This version bumps the maximum number of CPUs to 16, and enables IPV6.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-07 17:09:50 +01:00
Sergio Lopez ca00a4d042 sev_x86_64: sync config with 6.6.59 
Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-07 11:22:23 +01:00
Sergio Lopez 428c505df6 x86_64: enable IPv6 
Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-07 11:22:23 +01:00
Sergio Lopez 4df993168c x86_64: bump max number of cpus to 16 
Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-07 11:22:23 +01:00
Sergio Lopez c1b66373ee x86_64: sync config with 6.6.59 
Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-07 11:22:23 +01:00
Sergio Lopez 5aa5f90061 aarch64: enable IPv6 
Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-07 11:22:23 +01:00
Sergio Lopez b44b505531 aarch64: bump max number of cpus to 16 
Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-07 11:22:23 +01:00
Sergio Lopez e77ecf996e aarch64: sync config with 6.6.59 
Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-07 11:22:23 +01:00
Sergio Lopez c12cee7856 Rebase on a v6.6.59 kernel 
This is a clean rebase with no changes needed in the downstream patches.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-11-06 18:15:42 +01:00
Asahi Lina 2581d12ef0 patches: Add two patches with DAX fixes 
Signed-off-by: Asahi Lina <lina@asahilina.net>
 2024-11-04 12:26:47 +01:00
Sergio Lopez 4cd124014d Bump release to 4.4.2 
This release adds support for OVERLAYFS (required by bootc) and a
patch to add a new prctl for 64 bit apps to opt-in for receiving
compat input events.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-10-08 13:45:44 +02:00
Sergio Lopez ca1a9d5291 ci: rename build-aarch64 to cross-build-aarch64 
For some reason we have a bogus workflow created on each new PR.
Let's see if renaming this workflow fixes it.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-10-08 13:45:44 +02:00
Sergio Lopez ab68f713e4 Add a patch for compat input in 64 bit apps 
This patch adds a prctl to enable 64 bit apps to opt-in to use
the compat variant of input syscalls.

Signed-off-by: Sergio Lopez <slp@redhat.com>
 2024-10-08 13:45:44 +02:00
Alberto Faria f343ea2a1b config: Enable CONFIG_OVERLAY_FS 
This is now required by bootc-install.

Don't enable it for the SEV variant as the bootc-install use case
probably doesn't apply to it.

Signed-off-by: Alberto Faria <afaria@redhat.com>
 2024-10-08 09:07:53 +02:00
44 changed files with 7530 additions and 1609 deletions
Show Stats Expand all files Collapse all files

4
.github/workflows/build-aarch64.yml → .github/workflows/cross-build-aarch64.yml vendored
View File

@ -1,10 +1,10 @@
name: Build aarch64 kernel
name: Cross-build aarch64 kernel
on: [pull_request, create]
jobs:
build:
if: github.event_name == 'pull_request'
name: Build aarch64 kernel
name: Cross-build aarch64 kernel
runs-on: ubuntu-latest
steps:
- name: Code checkout

17
.github/workflows/cross-build-riscv64.yml vendored Normal file
View File

@ -0,0 +1,17 @@
name: Cross-build riscv64 kernel
on: [pull_request, create]
jobs:
build:
if: github.event_name == 'pull_request'
name: Cross-build riscv64 kernel
runs-on: ubuntu-latest
steps:
- name: Code checkout
uses: actions/checkout@v2
- name: Install dependencies
run: sudo apt-get install -y make gcc bc bison flex elfutils python3-pyelftools curl patch libelf-dev gcc-riscv64-linux-gnu
- name: Build riscv64 kernel
run: make ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu-

2
.gitignore vendored
View File

@ -1,7 +1,7 @@
__pycache__
*.pyc
*~
libkrunfw.so
libkrunfw.so*
kernel.c
vmlinux
/tarballs

2
CODEOWNERS
View File

@ -1 +1 @@
* @slp @tylerfanelli
* @MatiasVara @slp @tylerfanelli

36
Makefile
View File

@ -1,4 +1,4 @@
KERNEL_VERSION = linux-6.6.52
KERNEL_VERSION = linux-6.12.34
KERNEL_REMOTE = https://cdn.kernel.org/pub/linux/kernel/v6.x/$(KERNEL_VERSION).tar.xz
KERNEL_TARBALL = tarballs/$(KERNEL_VERSION).tar.xz
KERNEL_SOURCES = $(KERNEL_VERSION)
@ -6,8 +6,8 @@ KERNEL_PATCHES = $(shell find patches/ -name "0*.patch" | sort)
KERNEL_C_BUNDLE = kernel.c
ABI_VERSION = 4
FULL_VERSION = 4.4.1
TIMESTAMP = "Thu Sep 26 16:00:58 CEST 2024"
FULL_VERSION = 4.10.0
TIMESTAMP = "Thu Jun 26 12:45:10 CEST 2025"
KERNEL_FLAGS = KBUILD_BUILD_TIMESTAMP=$(TIMESTAMP)
KERNEL_FLAGS += KBUILD_BUILD_USER=root
@ -15,7 +15,11 @@ KERNEL_FLAGS += KBUILD_BUILD_HOST=libkrunfw
ifeq ($(SEV),1)
VARIANT = -sev
KERNEL_PATCHES += $(shell find patches-sev/ -name "0*.patch" | sort)
KERNEL_PATCHES += $(shell find patches-tee/ -name "0*.patch" | sort)
endif
ifeq ($(TDX),1)
VARIANT = -tdx
KERNEL_PATCHES += $(shell find patches-tee/ -name "0*.patch" | sort)
endif
HOSTARCH = $(shell uname -m)
@ -27,6 +31,10 @@ else ifeq ($(ARCH),arm64)
GUESTARCH := aarch64
CC := $(CROSS_COMPILE)gcc
STRIP := $(CROSS_COMPILE)strip
else ifeq ($(ARCH),riscv)
GUESTARCH := riscv64
CC := $(CROSS_COMPILE)gcc
STRIP := $(CROSS_COMPILE)strip
else
GUESTARCH := $(ARCH)
CC := $(CROSS_COMPILE)gcc
@ -35,9 +43,11 @@ endif
KBUNDLE_TYPE_x86_64 = vmlinux
KBUNDLE_TYPE_aarch64 = Image
KBUNDLE_TYPE_riscv64 = Image
KERNEL_BINARY_x86_64 = $(KERNEL_SOURCES)/vmlinux
KERNEL_BINARY_aarch64 = $(KERNEL_SOURCES)/arch/arm64/boot/Image
KERNEL_BINARY_riscv64 = $(KERNEL_SOURCES)/arch/riscv/boot/Image
KRUNFW_BINARY_Linux = libkrunfw$(VARIANT).so.$(FULL_VERSION)
KRUNFW_SONAME_Linux = libkrunfw$(VARIANT).so.$(ABI_VERSION)
@ -57,7 +67,13 @@ ifeq ($(PREFIX),)
endif
ifeq ($(SEV),1)
QBOOT_BINARY = qboot/bios.bin
QBOOT_BINARY = qboot/sev/bios.bin
QBOOT_C_BUNDLE = qboot.c
INITRD_BINARY = initrd/initrd.gz
INITRD_C_BUNDLE = initrd.c
endif
ifeq ($(TDX),1)
QBOOT_BINARY = qboot/tdx/bios.bin
QBOOT_C_BUNDLE = qboot.c
INITRD_BINARY = initrd/initrd.gz
INITRD_C_BUNDLE = initrd.c
@ -100,6 +116,16 @@ $(INITRD_C_BUNDLE): $(INITRD_BINARY)
@python3 bin2cbundle.py -t initrd $(INITRD_BINARY) initrd.c
endif
ifeq ($(TDX),1)
$(QBOOT_C_BUNDLE): $(QBOOT_BINARY)
@echo "Generating $(QBOOT_C_BUNDLE) from $(QBOOT_BINARY)..."
@python3 bin2cbundle.py -t qboot $(QBOOT_BINARY) qboot.c
$(INITRD_C_BUNDLE): $(INITRD_BINARY)
@echo "Generating $(INITRD_C_BUNDLE) from $(INITRD_BINARY)..."
@python3 bin2cbundle.py -t initrd $(INITRD_BINARY) initrd.c
endif
$(KRUNFW_BINARY_$(OS)): $(KERNEL_C_BUNDLE) $(QBOOT_C_BUNDLE) $(INITRD_C_BUNDLE)
$(CC) -fPIC -DABI_VERSION=$(ABI_VERSION) -shared $(SONAME_$(OS)) -o $@ $(KERNEL_C_BUNDLE) $(QBOOT_C_BUNDLE) $(INITRD_C_BUNDLE)
ifeq ($(OS),Linux)

8
README.md
View File

@ -46,6 +46,14 @@ This will create a lightweight Linux VM using ```krunvm``` with the current work
make
```
By default, the build environment is based on a Fedora image. There is also a Debian variant which can be selected by setting the `BUILDER` environment variable.
```
BUILDER=debian ./build_on_krunvm.sh
```
In general, `./build_on_krunvm.sh` will always delegate to `./build_on_krunvm_${BUILDER}.sh` so additional environments can be added like this if needed.
## Known limitations
* To save memory, the embedded kernel is configured with ```CONFIG_NR_CPUS=8```, which limits the maximum number of supported CPUs to 8. If this kernel runs in a VM with more CPUs, only the first 8 will be initialized and used.

42
build_on_krunvm.sh
View File

@ -3,47 +3,9 @@
# This is a helper script for building the Linux kernel on macOS using
# a lightweight VM with krunvm.
KRUNVM=`which krunvm`
if [ -z "$KRUNVM" ]; then
echo "Couldn't find krunvm binary"
exit -1
fi
: "${BUILDER:=fedora}"
# realpath does not exist by default on macOS, use `brew install coreutils` to get it
SCRIPTPATH=`realpath $0`
WORKDIR=`dirname $SCRIPTPATH`
krunvm create fedora --name libkrunfw-builder --cpus 2 --mem 2048 -v $WORKDIR:/work -w /work
if [ $? != 0 ]; then
echo "Error creating lightweight VM"
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/dnf -- install -y 'dnf-command(builddep)' python3-pyelftools
if [ $? != 0 ]; then
echo "Error installing dnf-builddep on VM"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/dnf -- builddep -y kernel
if [ $? != 0 ]; then
echo "Error installing build dependencies for kernel"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/make -- -j2
if [ $? != 0 ]; then
echo "Error running command on VM"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm delete libkrunfw-builder
if [ ! -e "kernel.c" ]; then
echo "There was a problem building the kernel bundle in the VM"
exit -1
fi
exit 0
$WORKDIR/build_on_krunvm_${BUILDER}.sh

56
build_on_krunvm_debian.sh Executable file
View File

@ -0,0 +1,56 @@
#!/bin/sh
# This is a helper script for building the Linux kernel on macOS using
# a lightweight VM with krunvm.
KRUNVM=`which krunvm`
if [ -z "$KRUNVM" ]; then
echo "Couldn't find krunvm binary"
exit -1
fi
# realpath does not exist by default on macOS, use `brew install coreutils` to get it
SCRIPTPATH=`realpath $0`
WORKDIR=`dirname $SCRIPTPATH`
krunvm create debian:bookworm-slim --name libkrunfw-builder --cpus 2 --mem 2048 -v $WORKDIR:/work -w /work
if [ $? != 0 ]; then
echo "Error creating lightweight VM"
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/apt-get -- update
if [ $? != 0 ]; then
echo "Error updating debian repository"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/apt-get -- upgrade -y
if [ $? != 0 ]; then
echo "Error upgrading debian packages"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/apt-get -- install -y curl build-essential python3-pyelftools bc kmod cpio flex libncurses5-dev libelf-dev libssl-dev dwarves bison
if [ $? != 0 ]; then
echo "Error installing build dependencies on VM"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/make -- -j2
if [ $? != 0 ]; then
echo "Error running command on VM"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm delete libkrunfw-builder
if [ ! -e "kernel.c" ]; then
echo "There was a problem building the kernel bundle in the VM"
exit -1
fi
exit 0

49
build_on_krunvm_fedora.sh Executable file
View File

@ -0,0 +1,49 @@
#!/bin/sh
# This is a helper script for building the Linux kernel on macOS using
# a lightweight VM with krunvm.
KRUNVM=`which krunvm`
if [ -z "$KRUNVM" ]; then
echo "Couldn't find krunvm binary"
exit -1
fi
# realpath does not exist by default on macOS, use `brew install coreutils` to get it
SCRIPTPATH=`realpath $0`
WORKDIR=`dirname $SCRIPTPATH`
krunvm create fedora --name libkrunfw-builder --cpus 2 --mem 2048 -v $WORKDIR:/work -w /work
if [ $? != 0 ]; then
echo "Error creating lightweight VM"
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/dnf -- install -y 'dnf-command(builddep)' python3-pyelftools
if [ $? != 0 ]; then
echo "Error installing dnf-builddep on VM"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/dnf -- builddep -y kernel
if [ $? != 0 ]; then
echo "Error installing build dependencies for kernel"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm start libkrunfw-builder /usr/bin/make -- -j2
if [ $? != 0 ]; then
echo "Error running command on VM"
krunvm delete libkrunfw-builder
exit -1
fi
krunvm delete libkrunfw-builder
if [ ! -e "kernel.c" ]; then
echo "There was a problem building the kernel bundle in the VM"
exit -1
fi
exit 0

49
config-libkrunfw-sev_x86_64
View File

@ -1,21 +1,21 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 6.6.32 Kernel Configuration
# Linux/x86 6.6.59 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.1 20240316 (Red Hat 13.2.1-7)"
CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.0.1 20240411 (Red Hat 14.0.1-0)"
CONFIG_CC_IS_GCC=y
CONFIG_GCC_VERSION=130201
CONFIG_GCC_VERSION=140001
CONFIG_CLANG_VERSION=0
CONFIG_AS_IS_GNU=y
CONFIG_AS_VERSION=24000
CONFIG_AS_VERSION=24100
CONFIG_LD_IS_BFD=y
CONFIG_LD_VERSION=24000
CONFIG_LD_VERSION=24100
CONFIG_LLD_VERSION=0
CONFIG_RUST_IS_AVAILABLE=y
CONFIG_CC_CAN_LINK=y
CONFIG_CC_CAN_LINK_STATIC=y
CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y
CONFIG_TOOLS_SUPPORT_RELR=y
CONFIG_CC_HAS_ASM_INLINE=y
CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
@ -276,6 +276,7 @@ CONFIG_PERF_EVENTS=y
# end of Kernel Performance Events And Counters
CONFIG_PROFILING=y
# CONFIG_RUST is not set
#
# Kexec and crash features
@ -452,13 +453,12 @@ CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_DYNAMIC_MEMORY_LAYOUT=y
CONFIG_RANDOMIZE_MEMORY=y
CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
# CONFIG_ADDRESS_MASKING is not set
CONFIG_HOTPLUG_CPU=y
# CONFIG_COMPAT_VDSO is not set
CONFIG_LEGACY_VSYSCALL_XONLY=y
# CONFIG_LEGACY_VSYSCALL_NONE is not set
CONFIG_CMDLINE_BOOL=y
CONFIG_CMDLINE="reboot=k panic=-1 panic_print=0 nomodules console=hvc0 quiet rootfstype=virtiofs rw no-kvmapf tsi_hijack init=/init.krun virtio_mmio.device=4K@0xd0000000:5 virtio_mmio.device=4K@0xd0001000:6 virtio_mmio.device=4K@0xd0002000:7 virtio_mmio.device=4K@0xd0003000:8 virtio_mmio.device=4K@0xd0004000:9"
CONFIG_CMDLINE="reboot=k panic=-1 panic_print=0 nomodules console=hvc0 quiet rootfstype=virtiofs rw no-kvmapf tsi_hijack acpi=off init=/init.krun virtio_mmio.device=4K@0xd0000000:5 virtio_mmio.device=4K@0xd0001000:6 virtio_mmio.device=4K@0xd0002000:7 virtio_mmio.device=4K@0xd0003000:8 virtio_mmio.device=4K@0xd0004000:9"
CONFIG_CMDLINE_OVERRIDE=y
CONFIG_MODIFY_LDT_SYSCALL=y
# CONFIG_STRICT_SIGALTSTACK_SIZE is not set
@ -778,6 +778,7 @@ CONFIG_BASE_SMALL=0
CONFIG_BLOCK=y
CONFIG_BLOCK_LEGACY_AUTOLOAD=y
CONFIG_BLK_CGROUP_RWSTAT=y
CONFIG_BLK_CGROUP_PUNT_BIO=y
CONFIG_BLK_DEV_BSG_COMMON=y
CONFIG_BLK_DEV_BSGLIB=y
CONFIG_BLK_DEV_INTEGRITY=y
@ -904,6 +905,7 @@ CONFIG_MIGRATION=y
CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y
CONFIG_ARCH_ENABLE_THP_MIGRATION=y
CONFIG_CONTIG_ALLOC=y
CONFIG_PCP_BATCH_SCALE_MAX=5
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_KSM=y
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
@ -1018,7 +1020,7 @@ CONFIG_TCP_MD5SIG=y
# CONFIG_IPV6 is not set
CONFIG_NETLABEL=y
# CONFIG_MPTCP is not set
# CONFIG_NETWORK_SECMARK is not set
CONFIG_NETWORK_SECMARK=y
CONFIG_NET_PTP_CLASSIFY=y
# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
# CONFIG_NETFILTER is not set
@ -1885,6 +1887,12 @@ CONFIG_XFS_SUPPORT_ASCII_CI=y
# CONFIG_XFS_DEBUG is not set
# CONFIG_GFS2_FS is not set
CONFIG_BTRFS_FS=y
# CONFIG_BTRFS_FS_POSIX_ACL is not set
# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set
# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set
# CONFIG_BTRFS_DEBUG is not set
# CONFIG_BTRFS_ASSERT is not set
# CONFIG_BTRFS_FS_REF_VERIFY is not set
# CONFIG_NILFS2_FS is not set
# CONFIG_F2FS_FS is not set
CONFIG_FS_POSIX_ACL=y
@ -2023,15 +2031,25 @@ CONFIG_ENCRYPTED_KEYS=y
# CONFIG_USER_DECRYPTED_DATA is not set
CONFIG_KEY_DH_OPERATIONS=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_PROC_MEM_ALWAYS_FORCE=y
# CONFIG_PROC_MEM_FORCE_PTRACE is not set
# CONFIG_PROC_MEM_NO_FORCE is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
# CONFIG_SECURITY_PATH is not set
CONFIG_LSM_MMAP_MIN_ADDR=65536
# CONFIG_HARDENED_USERCOPY is not set
CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
CONFIG_SECURITY_SELINUX=y
# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
# CONFIG_SECURITY_SELINUX_DEBUG is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
@ -2042,6 +2060,7 @@ CONFIG_SECURITY_SELINUX=y
# CONFIG_SECURITY_LANDLOCK is not set
# CONFIG_INTEGRITY is not set
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,bpf"
@ -2178,7 +2197,7 @@ CONFIG_CRYPTO_ESSIV=y
#
# Hashes, digests, and MACs
#
# CONFIG_CRYPTO_BLAKE2B is not set
CONFIG_CRYPTO_BLAKE2B=y
# CONFIG_CRYPTO_CMAC is not set
CONFIG_CRYPTO_GHASH=y
CONFIG_CRYPTO_HMAC=y
@ -2196,7 +2215,7 @@ CONFIG_CRYPTO_SHA3=y
# CONFIG_CRYPTO_VMAC is not set
# CONFIG_CRYPTO_WP512 is not set
# CONFIG_CRYPTO_XCBC is not set
# CONFIG_CRYPTO_XXHASH is not set
CONFIG_CRYPTO_XXHASH=y
# end of Hashes, digests, and MACs
#
@ -2295,6 +2314,8 @@ CONFIG_BINARY_PRINTF=y
#
# Library routines
#
CONFIG_RAID6_PQ=y
CONFIG_RAID6_PQ_BENCHMARK=y
# CONFIG_PACKING is not set
CONFIG_BITREVERSE=y
CONFIG_GENERIC_STRNCPY_FROM_USER=y
@ -2347,6 +2368,9 @@ CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y
CONFIG_LZO_COMPRESS=y
CONFIG_LZO_DECOMPRESS=y
CONFIG_ZSTD_COMMON=y
CONFIG_ZSTD_COMPRESS=y
CONFIG_ZSTD_DECOMPRESS=y
CONFIG_XZ_DEC=y
CONFIG_XZ_DEC_X86=y
CONFIG_XZ_DEC_POWERPC=y
@ -2375,7 +2399,6 @@ CONFIG_DMA_COHERENT_POOL=y
# CONFIG_DMA_API_DEBUG is not set
# CONFIG_DMA_MAP_BENCHMARK is not set
CONFIG_SGL_ALLOC=y
# CONFIG_FORCE_NR_CPUS is not set
CONFIG_CPU_RMAP=y
CONFIG_DQL=y
CONFIG_NLATTR=y
@ -2437,6 +2460,7 @@ CONFIG_STRIP_ASM_SYMS=y
CONFIG_DEBUG_SECTION_MISMATCH=y
CONFIG_SECTION_MISMATCH_WARN_ONLY=y
# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set
CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
CONFIG_OBJTOOL=y
CONFIG_STACK_VALIDATION=y
@ -2506,6 +2530,7 @@ CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
CONFIG_HAVE_ARCH_KASAN=y
CONFIG_HAVE_ARCH_KASAN_VMALLOC=y
CONFIG_CC_HAS_KASAN_GENERIC=y
CONFIG_CC_HAS_KASAN_SW_TAGS=y
CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y
# CONFIG_KASAN is not set
CONFIG_HAVE_ARCH_KFENCE=y

2807
config-libkrunfw-tdx_x86_64 Normal file
View File

File diff suppressed because it is too large Load Diff

145
config-libkrunfw_aarch64
View File

@ -1,24 +1,23 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/arm64 6.6.22 Kernel Configuration
# Linux/arm64 6.6.59 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.1 20231205 (Red Hat 13.2.1-6)"
CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.1 20240912 (Red Hat 14.2.1-3)"
CONFIG_CC_IS_GCC=y
CONFIG_GCC_VERSION=130201
CONFIG_GCC_VERSION=140201
CONFIG_CLANG_VERSION=0
CONFIG_AS_IS_GNU=y
CONFIG_AS_VERSION=24000
CONFIG_AS_VERSION=24100
CONFIG_LD_IS_BFD=y
CONFIG_LD_VERSION=24000
CONFIG_LD_VERSION=24100
CONFIG_LLD_VERSION=0
CONFIG_CC_CAN_LINK=y
CONFIG_CC_CAN_LINK_STATIC=y
CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y
CONFIG_CC_HAS_ASM_INLINE=y
CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
CONFIG_PAHOLE_VERSION=125
CONFIG_PAHOLE_VERSION=0
CONFIG_IRQ_WORK=y
CONFIG_BUILDTIME_TABLE_SORT=y
CONFIG_THREAD_INFO_IN_TASK=y
@ -156,7 +155,7 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
CONFIG_CC_HAS_INT128=y
CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5"
CONFIG_GCC11_NO_ARRAY_BOUNDS=y
CONFIG_GCC10_NO_ARRAY_BOUNDS=y
CONFIG_CC_NO_ARRAY_BOUNDS=y
CONFIG_ARCH_SUPPORTS_INT128=y
CONFIG_CGROUPS=y
@ -277,6 +276,7 @@ CONFIG_PGTABLE_LEVELS=4
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_ARCH_PROC_KCORE_TEXT=y
CONFIG_BUILTIN_RETURN_ADDRESS_STRIPS_PAC=y
CONFIG_ARM64_ACTLR_STATE=y
#
# Platform selection
@ -361,6 +361,7 @@ CONFIG_ARM64_ERRATUM_2645198=y
CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD=y
CONFIG_ARM64_ERRATUM_2966298=y
CONFIG_ARM64_ERRATUM_3117295=y
CONFIG_ARM64_ERRATUM_3194386=y
CONFIG_CAVIUM_ERRATUM_22375=y
CONFIG_CAVIUM_ERRATUM_23154=y
CONFIG_CAVIUM_ERRATUM_27456=y
@ -390,7 +391,7 @@ CONFIG_CPU_LITTLE_ENDIAN=y
CONFIG_SCHED_MC=y
# CONFIG_SCHED_CLUSTER is not set
CONFIG_SCHED_SMT=y
CONFIG_NR_CPUS=8
CONFIG_NR_CPUS=16
CONFIG_HOTPLUG_CPU=y
# CONFIG_NUMA is not set
CONFIG_HZ_100=y
@ -528,6 +529,7 @@ CONFIG_ARCH_SUSPEND_POSSIBLE=y
CONFIG_HAVE_KVM=y
# CONFIG_VIRTUALIZATION is not set
CONFIG_CPU_MITIGATIONS=y
#
# General architecture-dependent options
@ -640,8 +642,6 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
# end of GCOV-based kernel profiling
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_GCC_PLUGINS=y
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
CONFIG_FUNCTION_ALIGNMENT_4B=y
CONFIG_FUNCTION_ALIGNMENT=4
# end of General architecture-dependent options
@ -653,6 +653,7 @@ CONFIG_BLOCK=y
CONFIG_BLOCK_LEGACY_AUTOLOAD=y
CONFIG_BLK_RQ_ALLOC_TIME=y
CONFIG_BLK_CGROUP_RWSTAT=y
CONFIG_BLK_CGROUP_PUNT_BIO=y
CONFIG_BLK_DEV_BSG_COMMON=y
CONFIG_BLK_ICQ=y
CONFIG_BLK_DEV_BSGLIB=y
@ -807,11 +808,11 @@ CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y
# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD is not set
CONFIG_ZSWAP_COMPRESSOR_DEFAULT="lzo"
CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y
# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD is not set
# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED is not set
# CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC is not set
CONFIG_ZSWAP_ZPOOL_DEFAULT="zbud"
CONFIG_ZBUD=y
CONFIG_Z3FOLD=y
# CONFIG_Z3FOLD_DEPRECATED is not set
CONFIG_ZSMALLOC=y
# CONFIG_ZSMALLOC_STAT is not set
CONFIG_ZSMALLOC_CHAIN_SIZE=8
@ -857,6 +858,7 @@ CONFIG_MIGRATION=y
CONFIG_DEVICE_MIGRATION=y
CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y
CONFIG_CONTIG_ALLOC=y
CONFIG_PCP_BATCH_SCALE_MAX=5
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_KSM=y
CONFIG_DEFAULT_MMAP_MIN_ADDR=32768
@ -945,7 +947,23 @@ CONFIG_INET_DIAG_DESTROY=y
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
CONFIG_TCP_MD5SIG=y
# CONFIG_IPV6 is not set
CONFIG_IPV6=y
# CONFIG_IPV6_ROUTER_PREF is not set
# CONFIG_IPV6_OPTIMISTIC_DAD is not set
# CONFIG_INET6_AH is not set
# CONFIG_INET6_ESP is not set
# CONFIG_INET6_IPCOMP is not set
# CONFIG_IPV6_MIP6 is not set
# CONFIG_IPV6_VTI is not set
# CONFIG_IPV6_SIT is not set
# CONFIG_IPV6_TUNNEL is not set
CONFIG_IPV6_FOU=y
# CONFIG_IPV6_MULTIPLE_TABLES is not set
# CONFIG_IPV6_MROUTE is not set
# CONFIG_IPV6_SEG6_LWTUNNEL is not set
# CONFIG_IPV6_SEG6_HMAC is not set
# CONFIG_IPV6_RPL_LWTUNNEL is not set
# CONFIG_IPV6_IOAM6_LWTUNNEL is not set
# CONFIG_MPTCP is not set
# CONFIG_NETWORK_SECMARK is not set
CONFIG_NET_PTP_CLASSIFY=y
@ -966,6 +984,7 @@ CONFIG_NETWORK_PHY_TIMESTAMPING=y
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_PHONET is not set
# CONFIG_6LOWPAN is not set
# CONFIG_IEEE802154 is not set
# CONFIG_NET_SCHED is not set
# CONFIG_DCB is not set
@ -1439,7 +1458,30 @@ CONFIG_INPUT_EVDEV=y
# CONFIG_INPUT_TABLET is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
CONFIG_INPUT_MISC=y
# CONFIG_INPUT_AD714X is not set
# CONFIG_INPUT_ATMEL_CAPTOUCH is not set
# CONFIG_INPUT_BMA150 is not set
# CONFIG_INPUT_E3X0_BUTTON is not set
# CONFIG_INPUT_MAX77650_ONKEY is not set
# CONFIG_INPUT_MMA8450 is not set
# CONFIG_INPUT_GPIO_BEEPER is not set
# CONFIG_INPUT_GPIO_DECODER is not set
# CONFIG_INPUT_GPIO_VIBRA is not set
# CONFIG_INPUT_KXTJ9 is not set
# CONFIG_INPUT_AXP20X_PEK is not set
CONFIG_INPUT_UINPUT=y
# CONFIG_INPUT_PCF8574 is not set
# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set
# CONFIG_INPUT_DA7280_HAPTICS is not set
# CONFIG_INPUT_ADXL34X is not set
# CONFIG_INPUT_IBM_PANEL is not set
# CONFIG_INPUT_IQS269A is not set
# CONFIG_INPUT_IQS626A is not set
# CONFIG_INPUT_IQS7222 is not set
# CONFIG_INPUT_CMA3000 is not set
# CONFIG_INPUT_DRV260X_HAPTICS is not set
# CONFIG_INPUT_DRV2665_HAPTICS is not set
# CONFIG_INPUT_DRV2667_HAPTICS is not set
CONFIG_RMI4_CORE=y
# CONFIG_RMI4_I2C is not set
# CONFIG_RMI4_SMB is not set
@ -2497,6 +2539,7 @@ CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_VALIDATE_FS_PARSER=y
CONFIG_FS_IOMAP=y
CONFIG_BUFFER_HEAD=y
CONFIG_LEGACY_DIRECT_IO=y
# CONFIG_EXT2_FS is not set
# CONFIG_EXT3_FS is not set
CONFIG_EXT4_FS=y
@ -2510,9 +2553,23 @@ CONFIG_FS_MBCACHE=y
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
CONFIG_XFS_FS=y
CONFIG_XFS_SUPPORT_V4=y
CONFIG_XFS_SUPPORT_ASCII_CI=y
# CONFIG_XFS_QUOTA is not set
# CONFIG_XFS_POSIX_ACL is not set
# CONFIG_XFS_RT is not set
# CONFIG_XFS_ONLINE_SCRUB is not set
# CONFIG_XFS_WARN is not set
# CONFIG_XFS_DEBUG is not set
# CONFIG_GFS2_FS is not set
# CONFIG_OCFS2_FS is not set
CONFIG_BTRFS_FS=y
# CONFIG_BTRFS_FS_POSIX_ACL is not set
# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set
# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set
# CONFIG_BTRFS_DEBUG is not set
# CONFIG_BTRFS_ASSERT is not set
# CONFIG_BTRFS_FS_REF_VERIFY is not set
# CONFIG_NILFS2_FS is not set
# CONFIG_F2FS_FS is not set
# CONFIG_ZONEFS_FS is not set
@ -2565,8 +2622,12 @@ CONFIG_CACHEFILES=y
#
# DOS/FAT/EXFAT/NT Filesystems
#
CONFIG_FAT_FS=y
# CONFIG_MSDOS_FS is not set
CONFIG_VFAT_FS=y
CONFIG_FAT_DEFAULT_CODEPAGE=437
CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
# CONFIG_FAT_DEFAULT_UTF8 is not set
# CONFIG_EXFAT_FS is not set
# CONFIG_NTFS_FS is not set
# CONFIG_NTFS3_FS is not set
@ -2645,8 +2706,56 @@ CONFIG_EROFS_FS_ZIP=y
# CONFIG_EROFS_FS_PCPU_KTHREAD is not set
# CONFIG_NETWORK_FILESYSTEMS is not set
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="iso8859-1"
CONFIG_NLS_CODEPAGE_437=y
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
# CONFIG_NLS_CODEPAGE_863 is not set
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_936 is not set
# CONFIG_NLS_CODEPAGE_950 is not set
# CONFIG_NLS_CODEPAGE_932 is not set
# CONFIG_NLS_CODEPAGE_949 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_13 is not set
# CONFIG_NLS_ISO8859_14 is not set
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
# CONFIG_NLS_MAC_ROMAN is not set
# CONFIG_NLS_MAC_CELTIC is not set
# CONFIG_NLS_MAC_CENTEURO is not set
# CONFIG_NLS_MAC_CROATIAN is not set
# CONFIG_NLS_MAC_CYRILLIC is not set
# CONFIG_NLS_MAC_GAELIC is not set
# CONFIG_NLS_MAC_GREEK is not set
# CONFIG_NLS_MAC_ICELAND is not set
# CONFIG_NLS_MAC_INUIT is not set
# CONFIG_NLS_MAC_ROMANIAN is not set
# CONFIG_NLS_MAC_TURKISH is not set
# CONFIG_NLS_UTF8 is not set
# CONFIG_DLM is not set
CONFIG_UNICODE=y
# CONFIG_UNICODE_NORMALIZATION_SELFTEST is not set
@ -2666,12 +2775,14 @@ CONFIG_ENCRYPTED_KEYS=y
CONFIG_KEY_DH_OPERATIONS=y
# CONFIG_KEY_NOTIFICATIONS is not set
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_PROC_MEM_ALWAYS_FORCE=y
# CONFIG_PROC_MEM_FORCE_PTRACE is not set
# CONFIG_PROC_MEM_NO_FORCE is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
# CONFIG_HARDENED_USERCOPY is not set
# CONFIG_FORTIFY_SOURCE is not set
# CONFIG_STATIC_USERMODEHELPER is not set
CONFIG_SECURITY_SELINUX=y
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
@ -2688,7 +2799,6 @@ CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y
CONFIG_INIT_STACK_NONE=y
# CONFIG_INIT_STACK_ALL_PATTERN is not set
# CONFIG_INIT_STACK_ALL_ZERO is not set
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y
@ -2703,11 +2813,10 @@ CONFIG_BUG_ON_DATA_CORRUPTION=y
# end of Hardening of kernel data structures
CONFIG_RANDSTRUCT_NONE=y
# CONFIG_RANDSTRUCT_FULL is not set
# CONFIG_RANDSTRUCT_PERFORMANCE is not set
# end of Kernel hardening options
# end of Security options
CONFIG_XOR_BLOCKS=y
CONFIG_CRYPTO=y
#

3206
config-libkrunfw_riscv64 Normal file
View File

File diff suppressed because it is too large Load Diff

776
config-libkrunfw_x86_64
View File

File diff suppressed because it is too large Load Diff

10
patches-sev/0001-virtio-enable-DMA-API-if-memory-is-restricted.patch → patches-tee/0001-virtio-enable-DMA-API-if-memory-is-restricted.patch
View File

@ -1,4 +1,4 @@
From 6616593252269d81b003d7aa1e7e4dd156d1a629 Mon Sep 17 00:00:00 2001
From c1c7696bb15ad96da859c15acc6ffe6d7b8d71ab Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@sinrega.org>
Date: Fri, 10 Sep 2021 13:05:01 +0200
Subject: [PATCH 1/4] virtio: enable DMA API if memory is restricted
@ -15,10 +15,10 @@ Signed-off-by: Sergio Lopez <slp@redhat.com>
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index 71dee622b771..f92475dbca43 100644
index b9095751e43b..9e6420d5bc66 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -180,12 +180,6 @@ static int virtio_features_ok(struct virtio_device *dev)
@@ -213,12 +213,6 @@ static int virtio_features_ok(struct virtio_device *dev)
"device must provide VIRTIO_F_VERSION_1\n");
return -ENODEV;
}
@ -32,7 +32,7 @@ index 71dee622b771..f92475dbca43 100644
if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1))
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 80669e05bf0e..438b4f6c5cdb 100644
index 147926c8bae0..87fd943cafa3 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -6,6 +6,7 @@
@ -54,5 +54,5 @@ index 80669e05bf0e..438b4f6c5cdb 100644
/*
* In theory, it's possible to have a buggy QEMU-supposed
--
2.46.0
2.49.0

18
patches-sev/0002-x86-sev-write-AP-reset-vector.patch → patches-tee/0002-x86-sev-write-AP-reset-vector.patch
View File

@ -1,4 +1,4 @@
From ecbb6d5db802293ef27575a672336e17e8c2abfd Mon Sep 17 00:00:00 2001
From eb4f5e615e0a6e75515449253e4014812b8008cf Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Thu, 20 Oct 2022 10:23:16 +0200
Subject: [PATCH 2/4] x86/sev: write AP reset vector
@ -8,14 +8,14 @@ into the AP reset vector used by libkrun's qboot.
Signed-off-by: Sergio Lopez <slp@redhat.com>
---
arch/x86/kernel/sev.c | 25 ++++++++++++++++++++++++-
arch/x86/coco/sev/core.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 9905dc0e0b09..38df85fd1324 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -1116,6 +1116,29 @@ void __init snp_set_wakeup_secondary_cpu(void)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index de1df0cb45da..7ed486a790fb 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1266,6 +1266,29 @@ void __init snp_set_wakeup_secondary_cpu(void)
apic_update_callback(wakeup_secondary_cpu, wakeup_cpu_via_vmgexit);
}
@ -45,7 +45,7 @@ index 9905dc0e0b09..38df85fd1324 100644
int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh)
{
u16 startup_cs, startup_ip;
@@ -1127,7 +1150,7 @@ int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh)
@@ -1277,7 +1300,7 @@ int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh)
/* On UP guests there is no jump table so this is not a failure */
if (!jump_table_addr)
@ -55,5 +55,5 @@ index 9905dc0e0b09..38df85fd1324 100644
/* Check if AP Jump Table is page-aligned */
if (jump_table_addr & ~PAGE_MASK)
--
2.46.0
2.49.0

68
patches-sev/0003-Implement-driver-to-retrieve-secrets-from-cmdline.patch → patches-tee/0003-Implement-driver-to-retrieve-secrets-from-cmdline.patch
View File

@ -1,4 +1,4 @@
From 0738c09d916b06afa162facb0edc84ffe121c35a Mon Sep 17 00:00:00 2001
From 3cf48a7455f13e02f080cbbecf87f86a59b82ea7 Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Wed, 3 Aug 2022 12:35:12 +0200
Subject: [PATCH 3/4] Implement driver to retrieve secrets from cmdline
@ -14,24 +14,24 @@ efi_secret.c
Signed-off-by: Sergio Lopez <slp@redhat.com>
---
arch/x86/kernel/setup.c | 7 +
drivers/virt/Kconfig | 2 +
drivers/virt/Makefile | 1 +
arch/x86/kernel/setup.c | 6 +
drivers/virt/coco/Kconfig | 2 +
drivers/virt/coco/Makefile | 1 +
drivers/virt/coco/cmdline_secret/Kconfig | 13 ++
drivers/virt/coco/cmdline_secret/Makefile | 2 +
.../virt/coco/cmdline_secret/cmdline_secret.c | 135 ++++++++++++++++++
include/linux/init.h | 4 +
init/main.c | 13 ++
8 files changed, 177 insertions(+)
8 files changed, 176 insertions(+)
create mode 100644 drivers/virt/coco/cmdline_secret/Kconfig
create mode 100644 drivers/virt/coco/cmdline_secret/Makefile
create mode 100644 drivers/virt/coco/cmdline_secret/cmdline_secret.c
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index eb129277dcdd..3906896a62af 100644
index f1fea506e20f..3778d544e93b 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -876,7 +876,9 @@ void __init setup_arch(char **cmdline_p)
@@ -751,12 +751,18 @@ void __init setup_arch(char **cmdline_p)
*/
__flush_tlb_all();
#else
@ -41,42 +41,40 @@ index eb129277dcdd..3906896a62af 100644
boot_cpu_data.x86_phys_bits = MAX_PHYSMEM_BITS;
#endif
@@ -961,6 +963,11 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_CMDLINE_BOOL
#ifdef CONFIG_CMDLINE_OVERRIDE
+#ifdef CONFIG_CMDLINE_SECRET
+ strscpy(early_secret_cmdline, boot_command_line, COMMAND_LINE_SIZE);
+ memzero_explicit(boot_command_line, COMMAND_LINE_SIZE);
+ clflush_cache_range(boot_command_line, COMMAND_LINE_SIZE);
+#endif
strscpy(boot_command_line, builtin_cmdline, COMMAND_LINE_SIZE);
#else
if (builtin_cmdline[0]) {
diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig
index f79ab13a5c28..4a62feec1a0e 100644
--- a/drivers/virt/Kconfig
+++ b/drivers/virt/Kconfig
@@ -50,6 +50,8 @@ source "drivers/virt/acrn/Kconfig"
source "drivers/virt/coco/efi_secret/Kconfig"
diff --git a/drivers/virt/coco/Kconfig b/drivers/virt/coco/Kconfig
index d9ff676bf48d..fd37c502b42d 100644
--- a/drivers/virt/coco/Kconfig
+++ b/drivers/virt/coco/Kconfig
@@ -7,6 +7,8 @@ config TSM_REPORTS
select CONFIGFS_FS
tristate
+source "drivers/virt/coco/cmdline_secret/Kconfig"
+
source "drivers/virt/coco/sev-guest/Kconfig"
source "drivers/virt/coco/efi_secret/Kconfig"
source "drivers/virt/coco/tdx-guest/Kconfig"
diff --git a/drivers/virt/Makefile b/drivers/virt/Makefile
index e9aa6fc96fab..9174d4f9286e 100644
--- a/drivers/virt/Makefile
+++ b/drivers/virt/Makefile
@@ -10,5 +10,6 @@ obj-y += vboxguest/
obj-$(CONFIG_NITRO_ENCLAVES) += nitro_enclaves/
obj-$(CONFIG_ACRN_HSM) += acrn/
obj-$(CONFIG_EFI_SECRET) += coco/efi_secret/
+obj-$(CONFIG_CMDLINE_SECRET) += coco/cmdline_secret/
obj-$(CONFIG_SEV_GUEST) += coco/sev-guest/
obj-$(CONFIG_INTEL_TDX_GUEST) += coco/tdx-guest/
source "drivers/virt/coco/pkvm-guest/Kconfig"
diff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile
index b69c30c1c720..da3d9254900c 100644
--- a/drivers/virt/coco/Makefile
+++ b/drivers/virt/coco/Makefile
@@ -3,6 +3,7 @@
# Confidential computing related collateral
#
obj-$(CONFIG_TSM_REPORTS) += tsm.o
+obj-$(CONFIG_CMDLINE_SECRET) += cmdline_secret/
obj-$(CONFIG_EFI_SECRET) += efi_secret/
obj-$(CONFIG_ARM_PKVM_GUEST) += pkvm-guest/
obj-$(CONFIG_SEV_GUEST) += sev-guest/
diff --git a/drivers/virt/coco/cmdline_secret/Kconfig b/drivers/virt/coco/cmdline_secret/Kconfig
new file mode 100644
index 000000000000..bb601280d50d
@ -246,7 +244,7 @@ index 000000000000..e53edce18768
+module_init(cmdline_secret_init);
+module_exit(cmdline_secret_exit);
diff --git a/include/linux/init.h b/include/linux/init.h
index 01b52c9c7526..889a0cf32832 100644
index ee1309473bc6..96c0f3c72395 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -143,6 +143,10 @@ extern int do_one_initcall(initcall_t fn);
@ -261,10 +259,10 @@ index 01b52c9c7526..889a0cf32832 100644
/* used by init/main.c */
diff --git a/init/main.c b/init/main.c
index c787e94cc898..2fb8a8af9af6 100644
index c4778edae797..a475bd3bcb34 100644
--- a/init/main.c
+++ b/init/main.c
@@ -147,6 +147,11 @@ static char *extra_command_line;
@@ -149,6 +149,11 @@ static char *extra_command_line;
/* Extra init arguments */
static char *extra_init_args;
@ -276,7 +274,7 @@ index c787e94cc898..2fb8a8af9af6 100644
#ifdef CONFIG_BOOT_CONFIG
/* Is bootconfig on command line? */
static bool bootconfig_found;
@@ -670,6 +675,14 @@ static void __init setup_command_line(char *command_line)
@@ -685,6 +690,14 @@ static void __init setup_command_line(char *command_line)
}
saved_command_line_len = strlen(saved_command_line);
@ -292,5 +290,5 @@ index c787e94cc898..2fb8a8af9af6 100644
/*
--
2.46.0
2.49.0

6
patches-sev/0004-x86-sev-Avoid-using-native_cpuid.patch → patches-tee/0004-x86-sev-Avoid-using-native_cpuid.patch
View File

@ -1,4 +1,4 @@
From 95ae01ac9240b47dcdeda540e59a24ba0bdaf963 Mon Sep 17 00:00:00 2001
From f4fa2d46824f4704ade2c6d1d42b8e1fa9eb8e4a Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Wed, 5 Jun 2024 16:20:08 +0200
Subject: [PATCH 4/4] x86/sev: Avoid using native_cpuid
@ -16,7 +16,7 @@ Signed-off-by: Sergio Lopez <slp@redhat.com>
1 file changed, 3 insertions(+), 23 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index cc47a818a640..a2b5b08eee23 100644
index b922b9fea6b6..c0de732b0121 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -495,37 +495,17 @@ void __head sme_enable(struct boot_params *bp)
@ -61,5 +61,5 @@ index cc47a818a640..a2b5b08eee23 100644
/* Check the SEV MSR whether SEV or SME is enabled */
RIP_REL_REF(sev_status) = msr = __rdmsr(MSR_AMD64_SEV);
--
2.46.0
2.49.0

25
patches/0001-krunfw-Don-t-panic-when-init-dies.patch
View File

@ -1,7 +1,7 @@
From 7f18f75689b7b0f34ca711daa4e29e2d4ae5f910 Mon Sep 17 00:00:00 2001
From 2b3f8ccfb19e97f1ac92c1c1c7525ddac4477c52 Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Thu, 2 Mar 2023 07:34:49 +0100
Subject: [PATCH 01/17] krunfw: Don't panic when init dies
Subject: [PATCH 01/21] krunfw: Don't panic when init dies
In libkrun, the isolated process runs as PID 1. When it exits,
trigger an orderly reboot instead of panic'ing.
@ -11,23 +11,24 @@ play with the printk levels instead.
Signed-off-by: Sergio Lopez <slp@redhat.com>
---
kernel/exit.c | 5 +++++
kernel/exit.c | 6 ++++++
kernel/reboot.c | 2 ++
2 files changed, 7 insertions(+)
2 files changed, 8 insertions(+)
diff --git a/kernel/exit.c b/kernel/exit.c
index 3540b2c9b1b6..8348e9825945 100644
index 56b8bd9487b4..6e65dcb5f9dd 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -69,6 +69,7 @@
@@ -69,6 +69,8 @@
#include <linux/rethook.h>
#include <linux/sysfs.h>
#include <linux/user_events.h>
+#include <linux/reboot.h>
+
#include <linux/uaccess.h>
#include <asm/unistd.h>
@@ -840,8 +841,12 @@ void __noreturn do_exit(long code)
#include <uapi/linux/wait.h>
@@ -905,8 +907,12 @@ void __noreturn do_exit(long code)
* immediately to get a useable coredump.
*/
if (unlikely(is_global_init(tsk)))
@ -41,10 +42,10 @@ index 3540b2c9b1b6..8348e9825945 100644
#ifdef CONFIG_POSIX_TIMERS
hrtimer_cancel(&tsk->signal->real_timer);
diff --git a/kernel/reboot.c b/kernel/reboot.c
index 6ebef11c8876..4323caa5b871 100644
index d6ee090eda94..f6947c5bd671 100644
--- a/kernel/reboot.c
+++ b/kernel/reboot.c
@@ -269,10 +269,12 @@ void kernel_restart(char *cmd)
@@ -278,10 +278,12 @@ void kernel_restart(char *cmd)
do_kernel_restart_prepare();
migrate_to_reboot_cpu();
syscore_shutdown();
@ -58,5 +59,5 @@ index 6ebef11c8876..4323caa5b871 100644
machine_restart(cmd);
}
--
2.46.0
2.49.0

10
patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch
View File

@ -1,7 +1,7 @@
From 5ed6edb3e75df34958f788bca363748cea75eea1 Mon Sep 17 00:00:00 2001
From 032a1c9438576fd209739d2f522cbe0966cadcbd Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Mon, 16 May 2022 16:04:27 +0200
Subject: [PATCH 02/17] krunfw: Ignore run_cmd on orderly reboot
Subject: [PATCH 02/21] krunfw: Ignore run_cmd on orderly reboot
We don't really support restarting the conventional way, so ignore
"run_cmd" so we can fall back to an emergency sync and reboot.
@ -12,10 +12,10 @@ Signed-off-by: Sergio Lopez <slp@redhat.com>
1 file changed, 4 insertions(+)
diff --git a/kernel/reboot.c b/kernel/reboot.c
index 4323caa5b871..d9d6f0dd2ebc 100644
index f6947c5bd671..5925d8fcfbfa 100644
--- a/kernel/reboot.c
+++ b/kernel/reboot.c
@@ -836,7 +836,11 @@ static int __orderly_reboot(void)
@@ -853,7 +853,11 @@ static int __orderly_reboot(void)
{
int ret;
@ -28,5 +28,5 @@ index 4323caa5b871..d9d6f0dd2ebc 100644
if (ret) {
pr_warn("Failed to start orderly reboot: forcing the issue\n");
--
2.46.0
2.49.0

38
patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch
View File

@ -1,7 +1,7 @@
From 06a9c813b4f59d92edf78a6011a719629323081c Mon Sep 17 00:00:00 2001
From cd8a65ac0e41402e57e680a13cfa4bee3d55101e Mon Sep 17 00:00:00 2001
From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
Date: Sat, 10 Jun 2023 00:58:28 +0000
Subject: [PATCH 03/17] vsock/dgram: generalize recvmsg and drop
Subject: [PATCH 03/21] vsock/dgram: generalize recvmsg and drop
transport->dgram_dequeue
This commit drops the transport->dgram_dequeue callback and makes
@ -23,10 +23,10 @@ Signed-off-by: Bobby Eshleman <bobby.eshleman@bytedance.com>
9 files changed, 137 insertions(+), 52 deletions(-)
diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index d94a06008ff6..549158375086 100644
index 802153e23073..1b3e6963335b 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -410,9 +410,11 @@ static struct virtio_transport vhost_transport = {
@@ -419,9 +419,11 @@ static struct virtio_transport vhost_transport = {
.cancel_pkt = vhost_transport_cancel_pkt,
.dgram_enqueue = virtio_transport_dgram_enqueue,
@ -40,10 +40,10 @@ index d94a06008ff6..549158375086 100644
.stream_enqueue = virtio_transport_stream_enqueue,
.stream_dequeue = virtio_transport_stream_dequeue,
diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h
index fbf30721bac9..1098a4c0d738 100644
index 36fb3edfa403..44fb05e1ee75 100644
--- a/include/linux/virtio_vsock.h
+++ b/include/linux/virtio_vsock.h
@@ -219,6 +219,9 @@ bool virtio_transport_stream_allow(u32 cid, u32 port);
@@ -236,6 +236,9 @@ bool virtio_transport_stream_allow(u32 cid, u32 port);
int virtio_transport_dgram_bind(struct vsock_sock *vsk,
struct sockaddr_vm *addr);
bool virtio_transport_dgram_allow(u32 cid, u32 port);
@ -54,7 +54,7 @@ index fbf30721bac9..1098a4c0d738 100644
int virtio_transport_connect(struct vsock_sock *vsk);
diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h
index f8b09a82f62e..7a342d406c34 100644
index 9e85424c8343..fe0fb5c01823 100644
--- a/include/net/af_vsock.h
+++ b/include/net/af_vsock.h
@@ -120,11 +120,20 @@ struct vsock_transport {
@ -81,10 +81,10 @@ index f8b09a82f62e..7a342d406c34 100644
/* STREAM. */
/* TODO: stream_bind() */
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index f5eb737a677d..c3fdb22cfd39 100644
index d08f205b33dc..3ba57d2339a3 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1273,10 +1273,62 @@ static int vsock_dgram_connect(struct socket *sock,
@@ -1324,10 +1324,62 @@ static int vsock_dgram_connect(struct socket *sock,
int __vsock_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
size_t len, int flags)
{
@ -151,10 +151,10 @@ index f5eb737a677d..c3fdb22cfd39 100644
int vsock_dgram_recvmsg(struct socket *sock, struct msghdr *msg,
diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c
index e2157e387217..a83b30d366af 100644
index 56c232cf5b0f..cc0a6c3401d3 100644
--- a/net/vmw_vsock/hyperv_transport.c
+++ b/net/vmw_vsock/hyperv_transport.c
@@ -556,8 +556,17 @@ static int hvs_dgram_bind(struct vsock_sock *vsk, struct sockaddr_vm *addr)
@@ -557,8 +557,17 @@ static int hvs_dgram_bind(struct vsock_sock *vsk, struct sockaddr_vm *addr)
return -EOPNOTSUPP;
}
@ -174,7 +174,7 @@ index e2157e387217..a83b30d366af 100644
{
return -EOPNOTSUPP;
}
@@ -833,7 +842,9 @@ static struct vsock_transport hvs_transport = {
@@ -834,7 +843,9 @@ static struct vsock_transport hvs_transport = {
.shutdown = hvs_shutdown,
.dgram_bind = hvs_dgram_bind,
@ -186,10 +186,10 @@ index e2157e387217..a83b30d366af 100644
.dgram_allow = hvs_dgram_allow,
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 2925f5d27ad3..332d6d580cba 100644
index f0e48e6911fc..c0d4f6e47cb7 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -430,9 +430,11 @@ static struct virtio_transport virtio_transport = {
@@ -552,9 +552,11 @@ static struct virtio_transport virtio_transport = {
.cancel_pkt = virtio_transport_cancel_pkt,
.dgram_bind = virtio_transport_dgram_bind,
@ -203,10 +203,10 @@ index 2925f5d27ad3..332d6d580cba 100644
.stream_dequeue = virtio_transport_stream_dequeue,
.stream_enqueue = virtio_transport_stream_enqueue,
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index e87fd9480acd..ed1235d57ffb 100644
index 2c9b1011cdcc..ad4dedcfa320 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -860,6 +860,24 @@ int virtio_transport_dgram_bind(struct vsock_sock *vsk,
@@ -1054,6 +1054,24 @@ int virtio_transport_dgram_bind(struct vsock_sock *vsk,
}
EXPORT_SYMBOL_GPL(virtio_transport_dgram_bind);
@ -331,10 +331,10 @@ index b370070194fa..bbc63826bf48 100644
.stream_enqueue = vmci_transport_stream_enqueue,
.stream_has_data = vmci_transport_stream_has_data,
diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c
index 0ce65d0a4a44..6b19e308a140 100644
index 6e78927a598e..3d5e05d8950f 100644
--- a/net/vmw_vsock/vsock_loopback.c
+++ b/net/vmw_vsock/vsock_loopback.c
@@ -62,9 +62,11 @@ static struct virtio_transport loopback_transport = {
@@ -66,9 +66,11 @@ static struct virtio_transport loopback_transport = {
.cancel_pkt = vsock_loopback_cancel_pkt,
.dgram_bind = virtio_transport_dgram_bind,
@ -348,5 +348,5 @@ index 0ce65d0a4a44..6b19e308a140 100644
.stream_dequeue = virtio_transport_stream_dequeue,
.stream_enqueue = virtio_transport_stream_enqueue,
--
2.46.0
2.49.0

12
patches/0004-vsock-refactor-transport-lookup-code.patch
View File

@ -1,7 +1,7 @@
From 5a2b5b9c1a9f473836c361153b15c10eab012e9a Mon Sep 17 00:00:00 2001
From 7b1488e5e1e6de64b764544609f745ebe24f5aa0 Mon Sep 17 00:00:00 2001
From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
Date: Sat, 10 Jun 2023 00:58:29 +0000
Subject: [PATCH 04/17] vsock: refactor transport lookup code
Subject: [PATCH 04/21] vsock: refactor transport lookup code
Introduce new reusable function vsock_connectible_lookup_transport()
that performs the transport lookup logic.
@ -14,10 +14,10 @@ Signed-off-by: Bobby Eshleman <bobby.eshleman@bytedance.com>
1 file changed, 18 insertions(+), 7 deletions(-)
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index c3fdb22cfd39..5a517638deed 100644
index 3ba57d2339a3..186e28329dd4 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -424,6 +424,22 @@ static void vsock_deassign_transport(struct vsock_sock *vsk)
@@ -430,6 +430,22 @@ static void vsock_deassign_transport(struct vsock_sock *vsk)
vsk->transport = NULL;
}
@ -40,7 +40,7 @@ index c3fdb22cfd39..5a517638deed 100644
/* Assign a transport to a socket and call the .init transport callback.
*
* Note: for connection oriented socket this must be called when vsk->remote_addr
@@ -464,13 +480,8 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk)
@@ -470,13 +486,8 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk)
break;
case SOCK_STREAM:
case SOCK_SEQPACKET:
@ -57,5 +57,5 @@ index c3fdb22cfd39..5a517638deed 100644
default:
return -ESOCKTNOSUPPORT;
--
2.46.0
2.49.0

50
patches/0005-vsock-support-multi-transport-datagrams.patch
View File

@ -1,7 +1,7 @@
From 10b18bb2d94abcf35e199c76fcf9921de1dbb9ae Mon Sep 17 00:00:00 2001
From 07e9d1bdd10dc2a484a5d3b421efe184d05b4ddb Mon Sep 17 00:00:00 2001
From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
Date: Sat, 10 Jun 2023 00:58:30 +0000
Subject: [PATCH 05/17] vsock: support multi-transport datagrams
Subject: [PATCH 05/21] vsock: support multi-transport datagrams
This patch adds support for multi-transport datagrams.
@ -57,10 +57,10 @@ Signed-off-by: Bobby Eshleman <bobby.eshleman@bytedance.com>
7 files changed, 60 insertions(+), 36 deletions(-)
diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 549158375086..ea093563b96b 100644
index 1b3e6963335b..d58be350ddca 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -410,7 +410,6 @@ static struct virtio_transport vhost_transport = {
@@ -419,7 +419,6 @@ static struct virtio_transport vhost_transport = {
.cancel_pkt = vhost_transport_cancel_pkt,
.dgram_enqueue = virtio_transport_dgram_enqueue,
@ -69,10 +69,10 @@ index 549158375086..ea093563b96b 100644
.dgram_get_cid = virtio_transport_dgram_get_cid,
.dgram_get_port = virtio_transport_dgram_get_port,
diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h
index 1098a4c0d738..26339021418d 100644
index 44fb05e1ee75..efb028ea6463 100644
--- a/include/linux/virtio_vsock.h
+++ b/include/linux/virtio_vsock.h
@@ -216,8 +216,6 @@ void virtio_transport_notify_buffer_size(struct vsock_sock *vsk, u64 *val);
@@ -233,8 +233,6 @@ void virtio_transport_notify_buffer_size(struct vsock_sock *vsk, u64 *val);
u64 virtio_transport_stream_rcvhiwat(struct vsock_sock *vsk);
bool virtio_transport_stream_is_active(struct vsock_sock *vsk);
bool virtio_transport_stream_allow(u32 cid, u32 port);
@ -82,10 +82,10 @@ index 1098a4c0d738..26339021418d 100644
int virtio_transport_dgram_get_cid(struct sk_buff *skb, unsigned int *cid);
int virtio_transport_dgram_get_port(struct sk_buff *skb, unsigned int *port);
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 5a517638deed..afe28d3b0b74 100644
index 186e28329dd4..8112fd22218b 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -440,6 +440,18 @@ vsock_connectible_lookup_transport(unsigned int cid, __u8 flags)
@@ -446,6 +446,18 @@ vsock_connectible_lookup_transport(unsigned int cid, __u8 flags)
return transport;
}
@ -104,7 +104,7 @@ index 5a517638deed..afe28d3b0b74 100644
/* Assign a transport to a socket and call the .init transport callback.
*
* Note: for connection oriented socket this must be called when vsk->remote_addr
@@ -476,7 +488,8 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk)
@@ -482,7 +494,8 @@ int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk)
switch (sk->sk_type) {
case SOCK_DGRAM:
@ -114,7 +114,7 @@ index 5a517638deed..afe28d3b0b74 100644
break;
case SOCK_STREAM:
case SOCK_SEQPACKET:
@@ -693,6 +706,9 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
@@ -708,6 +721,9 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
static int __vsock_bind_dgram(struct vsock_sock *vsk,
struct sockaddr_vm *addr)
{
@ -124,7 +124,7 @@ index 5a517638deed..afe28d3b0b74 100644
return vsk->transport->dgram_bind(vsk, addr);
}
@@ -1174,19 +1190,24 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
@@ -1225,19 +1241,24 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
lock_sock(sk);
@ -156,7 +156,7 @@ index 5a517638deed..afe28d3b0b74 100644
/* Ensure this address is of the right type and is a valid
* destination.
*/
@@ -1195,11 +1216,27 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
@@ -1246,11 +1267,27 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
remote_addr->svm_cid = transport->get_local_cid();
if (!vsock_addr_bound(remote_addr)) {
@ -184,7 +184,7 @@ index 5a517638deed..afe28d3b0b74 100644
if (remote_addr->svm_cid == VMADDR_CID_ANY)
remote_addr->svm_cid = transport->get_local_cid();
@@ -1207,23 +1244,23 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
@@ -1258,23 +1295,23 @@ static int vsock_dgram_sendmsg(struct socket *sock, struct msghdr *msg,
/* XXX Should connect() or this function ensure remote_addr is
* bound?
*/
@ -217,7 +217,7 @@ index 5a517638deed..afe28d3b0b74 100644
out:
release_sock(sk);
return err;
@@ -1257,13 +1294,18 @@ static int vsock_dgram_connect(struct socket *sock,
@@ -1308,13 +1345,18 @@ static int vsock_dgram_connect(struct socket *sock,
if (err)
goto out;
@ -238,11 +238,11 @@ index 5a517638deed..afe28d3b0b74 100644
/* sock map disallows redirection of non-TCP sockets with sk_state !=
diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transport.c
index a83b30d366af..1a9e9a22c929 100644
index cc0a6c3401d3..4c6d705cc9e6 100644
--- a/net/vmw_vsock/hyperv_transport.c
+++ b/net/vmw_vsock/hyperv_transport.c
@@ -551,11 +551,6 @@ static void hvs_destruct(struct vsock_sock *vsk)
kfree(hvs);
@@ -552,11 +552,6 @@ static void hvs_destruct(struct vsock_sock *vsk)
vsk->trans = NULL;
}
-static int hvs_dgram_bind(struct vsock_sock *vsk, struct sockaddr_vm *addr)
@ -253,7 +253,7 @@ index a83b30d366af..1a9e9a22c929 100644
static int hvs_dgram_get_cid(struct sk_buff *skb, unsigned int *cid)
{
return -EOPNOTSUPP;
@@ -841,7 +836,6 @@ static struct vsock_transport hvs_transport = {
@@ -842,7 +837,6 @@ static struct vsock_transport hvs_transport = {
.connect = hvs_connect,
.shutdown = hvs_shutdown,
@ -262,10 +262,10 @@ index a83b30d366af..1a9e9a22c929 100644
.dgram_get_port = hvs_dgram_get_port,
.dgram_get_length = hvs_dgram_get_length,
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 332d6d580cba..4e138ad3c113 100644
index c0d4f6e47cb7..a50c678ae1ae 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -429,7 +429,6 @@ static struct virtio_transport virtio_transport = {
@@ -551,7 +551,6 @@ static struct virtio_transport virtio_transport = {
.shutdown = virtio_transport_shutdown,
.cancel_pkt = virtio_transport_cancel_pkt,
@ -274,10 +274,10 @@ index 332d6d580cba..4e138ad3c113 100644
.dgram_allow = virtio_transport_dgram_allow,
.dgram_get_cid = virtio_transport_dgram_get_cid,
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index ed1235d57ffb..0b2f6c211544 100644
index ad4dedcfa320..96b6303b24c2 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -853,13 +853,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port)
@@ -1047,13 +1047,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port)
}
EXPORT_SYMBOL_GPL(virtio_transport_stream_allow);
@ -292,10 +292,10 @@ index ed1235d57ffb..0b2f6c211544 100644
{
return -EOPNOTSUPP;
diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c
index 6b19e308a140..21a4debde550 100644
index 3d5e05d8950f..9e9e124f8d2b 100644
--- a/net/vmw_vsock/vsock_loopback.c
+++ b/net/vmw_vsock/vsock_loopback.c
@@ -61,7 +61,6 @@ static struct virtio_transport loopback_transport = {
@@ -65,7 +65,6 @@ static struct virtio_transport loopback_transport = {
.shutdown = virtio_transport_shutdown,
.cancel_pkt = vsock_loopback_cancel_pkt,
@ -304,5 +304,5 @@ index 6b19e308a140..21a4debde550 100644
.dgram_allow = virtio_transport_dgram_allow,
.dgram_get_cid = virtio_transport_dgram_get_cid,
--
2.46.0
2.49.0

20
patches/0006-vsock-make-vsock-bind-reusable.patch
View File

@ -1,7 +1,7 @@
From 9b076ce6da60de7904d340289a2187325efee512 Mon Sep 17 00:00:00 2001
From ca7e3bce7612e1eba6e16ee8a831c32764fc1ec3 Mon Sep 17 00:00:00 2001
From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
Date: Sat, 10 Jun 2023 00:58:31 +0000
Subject: [PATCH 06/17] vsock: make vsock bind reusable
Subject: [PATCH 06/21] vsock: make vsock bind reusable
This commit makes the bind table management functions in vsock usable
for different bind tables. For use by datagrams in a future patch.
@ -12,10 +12,10 @@ Signed-off-by: Bobby Eshleman <bobby.eshleman@bytedance.com>
1 file changed, 26 insertions(+), 7 deletions(-)
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index afe28d3b0b74..6a94a623dd07 100644
index 8112fd22218b..68f7bc0c771a 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -232,11 +232,12 @@ static void __vsock_remove_connected(struct vsock_sock *vsk)
@@ -235,11 +235,12 @@ static void __vsock_remove_connected(struct vsock_sock *vsk)
sock_put(&vsk->sk);
}
@ -30,7 +30,7 @@ index afe28d3b0b74..6a94a623dd07 100644
if (vsock_addr_equals_addr(addr, &vsk->local_addr))
return sk_vsock(vsk);
@@ -249,6 +250,11 @@ static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr)
@@ -252,6 +253,11 @@ static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr)
return NULL;
}
@ -42,7 +42,7 @@ index afe28d3b0b74..6a94a623dd07 100644
static struct sock *__vsock_find_connected_socket(struct sockaddr_vm *src,
struct sockaddr_vm *dst)
{
@@ -648,12 +654,17 @@ static void vsock_pending_work(struct work_struct *work)
@@ -663,12 +669,17 @@ static void vsock_pending_work(struct work_struct *work)
/**** SOCKET OPERATIONS ****/
@ -62,7 +62,7 @@ index afe28d3b0b74..6a94a623dd07 100644
if (!port)
port = get_random_u32_above(LAST_RESERVED_PORT);
@@ -669,7 +680,8 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
@@ -684,7 +695,8 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
new_addr.svm_port = port++;
@ -72,7 +72,7 @@ index afe28d3b0b74..6a94a623dd07 100644
found = true;
break;
}
@@ -686,7 +698,8 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
@@ -701,7 +713,8 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
return -EACCES;
}
@ -82,7 +82,7 @@ index afe28d3b0b74..6a94a623dd07 100644
return -EADDRINUSE;
}
@@ -698,11 +711,17 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
@@ -713,11 +726,17 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
* by AF_UNIX.
*/
__vsock_remove_bound(vsk);
@ -102,5 +102,5 @@ index afe28d3b0b74..6a94a623dd07 100644
struct sockaddr_vm *addr)
{
--
2.46.0
2.49.0

6
patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch
View File

@ -1,7 +1,7 @@
From f9c572bf348f3eda2d0763ecf0e212cf6861d769 Mon Sep 17 00:00:00 2001
From a12028232381a2ab434130526d20c99d1f13a8cc Mon Sep 17 00:00:00 2001
From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
Date: Sat, 10 Jun 2023 00:58:32 +0000
Subject: [PATCH 07/17] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit
Subject: [PATCH 07/21] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit
This commit adds a feature bit for virtio vsock to support datagrams.
@ -24,5 +24,5 @@ index 64738838bee5..9c25f267bbc0 100644
struct virtio_vsock_config {
__le64 guest_cid;
--
2.46.0
2.49.0

237
patches/0008-virtio-vsock-support-dgrams.patch
View File

@ -1,7 +1,7 @@
From cea879931c45169784b8b2301ae02ee45c4aa20d Mon Sep 17 00:00:00 2001
From 11edfc45450ed7eb5e4478352b8a4a2d3d917edd Mon Sep 17 00:00:00 2001
From: Bobby Eshleman <bobby.eshleman () bytedance ! com>
Date: Sat, 10 Jun 2023 00:58:33 +0000
Subject: [PATCH 08/17] virtio/vsock: support dgrams
Subject: [PATCH 08/21] virtio/vsock: support dgrams
This commit adds support for datagrams over virtio/vsock.
@ -29,14 +29,14 @@ Signed-off-by: Bobby Eshleman <bobby.eshleman@bytedance.com>
include/linux/virtio_vsock.h | 5 +-
include/net/af_vsock.h | 1 +
include/uapi/linux/virtio_vsock.h | 1 +
net/vmw_vsock/af_vsock.c | 58 ++++++-
net/vmw_vsock/virtio_transport.c | 23 ++-
net/vmw_vsock/virtio_transport_common.c | 207 ++++++++++++++++++------
net/vmw_vsock/af_vsock.c | 62 +++++++--
net/vmw_vsock/virtio_transport.c | 23 +++-
net/vmw_vsock/virtio_transport_common.c | 175 ++++++++++++++++++------
net/vmw_vsock/vsock_loopback.c | 8 +-
8 files changed, 264 insertions(+), 66 deletions(-)
8 files changed, 242 insertions(+), 60 deletions(-)
diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index ea093563b96b..a3fea3cd2603 100644
index d58be350ddca..e5469c367a0f 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -32,7 +32,8 @@
@ -57,15 +57,15 @@ index ea093563b96b..a3fea3cd2603 100644
bool seqpacket_allow;
};
@@ -394,6 +396,7 @@ static bool vhost_vsock_more_replies(struct vhost_vsock *vsock)
return val < vq->num;
@@ -403,6 +405,7 @@ static bool vhost_transport_msgzerocopy_allow(void)
return true;
}
+static bool vhost_transport_dgram_allow(u32 cid, u32 port);
static bool vhost_transport_seqpacket_allow(u32 remote_cid);
static struct virtio_transport vhost_transport = {
@@ -410,10 +413,11 @@ static struct virtio_transport vhost_transport = {
@@ -419,10 +422,11 @@ static struct virtio_transport vhost_transport = {
.cancel_pkt = vhost_transport_cancel_pkt,
.dgram_enqueue = virtio_transport_dgram_enqueue,
@ -78,7 +78,7 @@ index ea093563b96b..a3fea3cd2603 100644
.stream_enqueue = virtio_transport_stream_enqueue,
.stream_dequeue = virtio_transport_stream_dequeue,
@@ -447,6 +451,22 @@ static struct virtio_transport vhost_transport = {
@@ -460,6 +464,22 @@ static struct virtio_transport vhost_transport = {
.send_pkt = vhost_transport_send_pkt,
};
@ -101,7 +101,7 @@ index ea093563b96b..a3fea3cd2603 100644
static bool vhost_transport_seqpacket_allow(u32 remote_cid)
{
struct vhost_vsock *vsock;
@@ -803,6 +823,9 @@ static int vhost_vsock_set_features(struct vhost_vsock *vsock, u64 features)
@@ -816,6 +836,9 @@ static int vhost_vsock_set_features(struct vhost_vsock *vsock, u64 features)
vsock->seqpacket_allow = features & (1ULL << VIRTIO_VSOCK_F_SEQPACKET);
@ -112,10 +112,10 @@ index ea093563b96b..a3fea3cd2603 100644
vq = &vsock->vqs[i];
mutex_lock(&vq->mutex);
diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h
index 26339021418d..ca5aeb0f9c2e 100644
index efb028ea6463..9e9287933fc0 100644
--- a/include/linux/virtio_vsock.h
+++ b/include/linux/virtio_vsock.h
@@ -216,7 +216,6 @@ void virtio_transport_notify_buffer_size(struct vsock_sock *vsk, u64 *val);
@@ -233,7 +233,6 @@ void virtio_transport_notify_buffer_size(struct vsock_sock *vsk, u64 *val);
u64 virtio_transport_stream_rcvhiwat(struct vsock_sock *vsk);
bool virtio_transport_stream_is_active(struct vsock_sock *vsk);
bool virtio_transport_stream_allow(u32 cid, u32 port);
@ -123,7 +123,7 @@ index 26339021418d..ca5aeb0f9c2e 100644
int virtio_transport_dgram_get_cid(struct sk_buff *skb, unsigned int *cid);
int virtio_transport_dgram_get_port(struct sk_buff *skb, unsigned int *port);
int virtio_transport_dgram_get_length(struct sk_buff *skb, size_t *len);
@@ -248,4 +247,8 @@ void virtio_transport_deliver_tap_pkt(struct sk_buff *skb);
@@ -265,4 +264,8 @@ void virtio_transport_deliver_tap_pkt(struct sk_buff *skb);
int virtio_transport_purge_skbs(void *vsk, struct sk_buff_head *list);
int virtio_transport_read_skb(struct vsock_sock *vsk, skb_read_actor_t read_actor);
int virtio_transport_notify_set_rcvlowat(struct vsock_sock *vsk, int val);
@ -133,10 +133,10 @@ index 26339021418d..ca5aeb0f9c2e 100644
+int virtio_transport_dgram_get_length(struct sk_buff *skb, size_t *len);
#endif /* _LINUX_VIRTIO_VSOCK_H */
diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h
index 7a342d406c34..92c1b7f46789 100644
index fe0fb5c01823..5e557b578a29 100644
--- a/include/net/af_vsock.h
+++ b/include/net/af_vsock.h
@@ -224,6 +224,7 @@ void vsock_for_each_connected_socket(struct vsock_transport *transport,
@@ -230,6 +230,7 @@ void vsock_for_each_connected_socket(struct vsock_transport *transport,
void (*fn)(struct sock *sk));
int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk);
bool vsock_find_cid(unsigned int cid);
@ -157,18 +157,18 @@ index 9c25f267bbc0..27b4b2b8bf13 100644
enum virtio_vsock_op {
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 6a94a623dd07..391ee534246a 100644
index 68f7bc0c771a..cf8cb43922ba 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -116,6 +116,7 @@
static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr);
@@ -118,6 +118,7 @@ static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr);
static void vsock_sk_destruct(struct sock *sk);
static int vsock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb);
static void vsock_close(struct sock *sk, long timeout);
+static bool sock_type_connectible(u16 type);
/* Protocol family. */
struct proto vsock_proto = {
@@ -182,6 +183,8 @@ struct list_head vsock_connected_table[VSOCK_HASH_SIZE];
@@ -185,6 +186,8 @@ struct list_head vsock_connected_table[VSOCK_HASH_SIZE];
EXPORT_SYMBOL_GPL(vsock_connected_table);
DEFINE_SPINLOCK(vsock_table_lock);
EXPORT_SYMBOL_GPL(vsock_table_lock);
@ -177,7 +177,7 @@ index 6a94a623dd07..391ee534246a 100644
/* Autobind this socket to the local address if necessary. */
static int vsock_auto_bind(struct vsock_sock *vsk)
@@ -204,6 +207,9 @@ static void vsock_init_tables(void)
@@ -207,6 +210,9 @@ static void vsock_init_tables(void)
for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++)
INIT_LIST_HEAD(&vsock_connected_table[i]);
@ -187,7 +187,7 @@ index 6a94a623dd07..391ee534246a 100644
}
static void __vsock_insert_bound(struct list_head *list,
@@ -232,8 +238,8 @@ static void __vsock_remove_connected(struct vsock_sock *vsk)
@@ -235,8 +241,8 @@ static void __vsock_remove_connected(struct vsock_sock *vsk)
sock_put(&vsk->sk);
}
@ -198,7 +198,7 @@ index 6a94a623dd07..391ee534246a 100644
{
struct vsock_sock *vsk;
@@ -250,6 +256,23 @@ struct sock *vsock_find_bound_socket_common(struct sockaddr_vm *addr,
@@ -253,6 +259,23 @@ struct sock *vsock_find_bound_socket_common(struct sockaddr_vm *addr,
return NULL;
}
@ -222,7 +222,7 @@ index 6a94a623dd07..391ee534246a 100644
static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr)
{
return vsock_find_bound_socket_common(addr, vsock_bound_sockets(addr));
@@ -289,6 +312,14 @@ void vsock_insert_connected(struct vsock_sock *vsk)
@@ -292,6 +315,14 @@ void vsock_insert_connected(struct vsock_sock *vsk)
}
EXPORT_SYMBOL_GPL(vsock_insert_connected);
@ -237,19 +237,23 @@ index 6a94a623dd07..391ee534246a 100644
void vsock_remove_bound(struct vsock_sock *vsk)
{
spin_lock_bh(&vsock_table_lock);
@@ -340,7 +371,10 @@ EXPORT_SYMBOL_GPL(vsock_find_connected_socket);
@@ -344,9 +375,12 @@ EXPORT_SYMBOL_GPL(vsock_find_connected_socket);
void vsock_remove_sock(struct vsock_sock *vsk)
{
- vsock_remove_bound(vsk);
+ if (sock_type_connectible(sk_vsock(vsk)->sk_type))
+ vsock_remove_bound(vsk);
+ else
+ vsock_remove_dgram_bound(vsk);
/* Transport reassignment must not remove the binding. */
- if (sock_flag(sk_vsock(vsk), SOCK_DEAD))
- vsock_remove_bound(vsk);
-
+ if (sock_flag(sk_vsock(vsk), SOCK_DEAD)) {
+ if (sock_type_connectible(sk_vsock(vsk)->sk_type))
+ vsock_remove_bound(vsk);
+ else
+ vsock_remove_dgram_bound(vsk);
+ }
vsock_remove_connected(vsk);
}
EXPORT_SYMBOL_GPL(vsock_remove_sock);
@@ -722,11 +756,19 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
@@ -737,11 +771,19 @@ static int __vsock_bind_connectible(struct vsock_sock *vsk,
return vsock_bind_common(vsk, addr, vsock_bind_table, VSOCK_HASH_SIZE + 1);
}
@ -273,7 +277,7 @@ index 6a94a623dd07..391ee534246a 100644
return vsk->transport->dgram_bind(vsk, addr);
}
@@ -757,7 +799,7 @@ static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr)
@@ -772,7 +814,7 @@ static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr)
break;
case SOCK_DGRAM:
@ -283,27 +287,27 @@ index 6a94a623dd07..391ee534246a 100644
default:
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 4e138ad3c113..3dd63dc8f6b7 100644
index a50c678ae1ae..b3565bf5c8f7 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -63,6 +63,7 @@ struct virtio_vsock {
u32 guest_cid;
bool seqpacket_allow;
@@ -74,6 +74,7 @@ struct virtio_vsock {
*/
struct scatterlist *out_sgs[MAX_SKB_FRAGS + 1];
struct scatterlist out_bufs[MAX_SKB_FRAGS + 1];
+ bool dgram_allow;
};
static u32 virtio_transport_get_local_cid(void)
@@ -414,6 +415,7 @@ static void virtio_vsock_rx_done(struct virtqueue *vq)
queue_work(virtio_vsock_workqueue, &vsock->rx_work);
@@ -536,6 +537,7 @@ static bool virtio_transport_msgzerocopy_allow(void)
return true;
}
+static bool virtio_transport_dgram_allow(u32 cid, u32 port);
static bool virtio_transport_seqpacket_allow(u32 remote_cid);
static struct virtio_transport virtio_transport = {
@@ -467,6 +469,21 @@ static struct virtio_transport virtio_transport = {
.send_pkt = virtio_transport_send_pkt,
@@ -594,6 +596,21 @@ static struct virtio_transport virtio_transport = {
.can_msgzerocopy = virtio_transport_can_msgzerocopy,
};
+static bool virtio_transport_dgram_allow(u32 cid, u32 port)
@ -324,7 +328,7 @@ index 4e138ad3c113..3dd63dc8f6b7 100644
static bool virtio_transport_seqpacket_allow(u32 remote_cid)
{
struct virtio_vsock *vsock;
@@ -674,6 +691,9 @@ static int virtio_vsock_probe(struct virtio_device *vdev)
@@ -800,6 +817,9 @@ static int virtio_vsock_probe(struct virtio_device *vdev)
if (virtio_has_feature(vdev, VIRTIO_VSOCK_F_SEQPACKET))
vsock->seqpacket_allow = true;
@ -334,7 +338,7 @@ index 4e138ad3c113..3dd63dc8f6b7 100644
vdev->priv = vsock;
ret = virtio_vsock_vqs_init(vsock);
@@ -768,7 +788,8 @@ static struct virtio_device_id id_table[] = {
@@ -897,7 +917,8 @@ static struct virtio_device_id id_table[] = {
};
static unsigned int features[] = {
@ -345,11 +349,11 @@ index 4e138ad3c113..3dd63dc8f6b7 100644
static struct virtio_driver virtio_vsock_driver = {
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index 0b2f6c211544..7ff2d3a44dc2 100644
index 96b6303b24c2..0cb9261e433d 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -37,6 +37,35 @@ virtio_transport_get_ops(struct vsock_sock *vsk)
return container_of(t, struct virtio_transport, transport);
@@ -136,6 +136,35 @@ static void virtio_transport_init_hdr(struct sk_buff *skb,
hdr->fwd_cnt = cpu_to_le32(0);
}
+/* Requires info->msg and info->vsk */
@ -381,59 +385,10 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
+ return skb;
+}
+
/* Returns a new packet on success, otherwise returns NULL.
*
* If NULL is returned, errp is set to a negative errno.
@@ -47,7 +76,8 @@ virtio_transport_alloc_skb(struct virtio_vsock_pkt_info *info,
u32 src_cid,
u32 src_port,
u32 dst_cid,
- u32 dst_port)
+ u32 dst_port,
+ int *errp)
{
const size_t skb_len = VIRTIO_VSOCK_SKB_HEADROOM + len;
struct virtio_vsock_hdr *hdr;
@@ -55,9 +85,21 @@ virtio_transport_alloc_skb(struct virtio_vsock_pkt_info *info,
void *payload;
int err;
- skb = virtio_vsock_alloc_skb(skb_len, GFP_KERNEL);
- if (!skb)
+ /* dgrams do not use credits, self-throttle according to sk_sndbuf
+ * using sock_alloc_send_skb. This helps avoid triggering the OOM.
+ */
+ if (info->vsk && info->type == VIRTIO_VSOCK_TYPE_DGRAM) {
+ skb = virtio_transport_sock_alloc_send_skb(info, skb_len, GFP_KERNEL, &err);
+ } else {
+ skb = virtio_vsock_alloc_skb(skb_len, GFP_KERNEL);
+ if (!skb)
+ err = -ENOMEM;
+ }
+
+ if (!skb) {
+ *errp = err;
return NULL;
+ }
hdr = virtio_vsock_hdr(skb);
hdr->type = cpu_to_le16(info->type);
@@ -98,12 +140,14 @@ virtio_transport_alloc_skb(struct virtio_vsock_pkt_info *info,
if (info->vsk && !skb_set_owner_sk_safe(skb, sk_vsock(info->vsk))) {
WARN_ONCE(1, "failed to allocate skb on vsock socket with sk_refcnt == 0\n");
+ err = -EFAULT;
goto out;
}
return skb;
out:
+ *errp = err;
kfree_skb(skb);
return NULL;
}
@@ -185,7 +229,9 @@ EXPORT_SYMBOL_GPL(virtio_transport_deliver_tap_pkt);
static void virtio_transport_copy_nonlinear_skb(const struct sk_buff *skb,
void *dst,
size_t len)
@@ -238,7 +267,9 @@ EXPORT_SYMBOL_GPL(virtio_transport_deliver_tap_pkt);
static u16 virtio_transport_get_type(struct sock *sk)
{
@ -444,22 +399,7 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
return VIRTIO_VSOCK_TYPE_STREAM;
else
return VIRTIO_VSOCK_TYPE_SEQPACKET;
@@ -241,11 +287,10 @@ static int virtio_transport_send_pkt_info(struct vsock_sock *vsk,
skb = virtio_transport_alloc_skb(info, skb_len,
src_cid, src_port,
- dst_cid, dst_port);
- if (!skb) {
- ret = -ENOMEM;
+ dst_cid, dst_port,
+ &ret);
+ if (!skb)
break;
- }
virtio_transport_inc_tx_pkt(vvs, skb);
@@ -646,14 +691,30 @@ virtio_transport_seqpacket_enqueue(struct vsock_sock *vsk,
@@ -840,14 +871,30 @@ virtio_transport_seqpacket_enqueue(struct vsock_sock *vsk,
}
EXPORT_SYMBOL_GPL(virtio_transport_seqpacket_enqueue);
@ -468,10 +408,12 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
- struct msghdr *msg,
- size_t len, int flags)
+int virtio_transport_dgram_get_cid(struct sk_buff *skb, unsigned int *cid)
+{
{
- return -EOPNOTSUPP;
+ *cid = le64_to_cpu(virtio_vsock_hdr(skb)->src_cid);
+ return 0;
+}
}
-EXPORT_SYMBOL_GPL(virtio_transport_dgram_dequeue);
+EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_cid);
+
+int virtio_transport_dgram_get_port(struct sk_buff *skb, unsigned int *port)
@ -482,21 +424,19 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
+EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_port);
+
+int virtio_transport_dgram_get_length(struct sk_buff *skb, size_t *len)
{
- return -EOPNOTSUPP;
+{
+ /* The device layer must have already moved the data ptr beyond the
+ * header for skb->len to be correct.
+ */
+ WARN_ON(skb->data == skb->head);
+ *len = skb->len;
+ return 0;
}
-EXPORT_SYMBOL_GPL(virtio_transport_dgram_dequeue);
+}
+EXPORT_SYMBOL_GPL(virtio_transport_dgram_get_length);
s64 virtio_transport_stream_has_data(struct vsock_sock *vsk)
{
@@ -853,30 +914,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port)
@@ -1047,30 +1094,6 @@ bool virtio_transport_stream_allow(u32 cid, u32 port)
}
EXPORT_SYMBOL_GPL(virtio_transport_stream_allow);
@ -527,7 +467,7 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
int virtio_transport_connect(struct vsock_sock *vsk)
{
struct virtio_vsock_pkt_info info = {
@@ -909,7 +946,34 @@ virtio_transport_dgram_enqueue(struct vsock_sock *vsk,
@@ -1103,7 +1126,33 @@ virtio_transport_dgram_enqueue(struct vsock_sock *vsk,
struct msghdr *msg,
size_t dgram_len)
{
@ -550,20 +490,19 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
+ src_cid = t_ops->transport.get_local_cid();
+ src_port = vsk->local_addr.svm_port;
+
+ skb = virtio_transport_alloc_skb(&info, dgram_len,
+ skb = virtio_transport_alloc_skb(&info, dgram_len, false,
+ src_cid, src_port,
+ remote_addr->svm_cid,
+ remote_addr->svm_port,
+ &err);
+ remote_addr->svm_port);
+
+ if (!skb)
+ return err;
+ return -EINVAL;
+
+ return t_ops->send_pkt(skb);
}
EXPORT_SYMBOL_GPL(virtio_transport_dgram_enqueue);
@@ -966,6 +1030,7 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t,
@@ -1176,6 +1225,7 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t,
.reply = true,
};
struct sk_buff *reply;
@ -571,20 +510,16 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
/* Send RST only if the original pkt is not a RST pkt */
if (le16_to_cpu(hdr->op) == VIRTIO_VSOCK_OP_RST)
@@ -978,9 +1043,10 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t,
le64_to_cpu(hdr->dst_cid),
le32_to_cpu(hdr->dst_port),
@@ -1190,7 +1240,7 @@ static int virtio_transport_reset_no_sock(const struct virtio_transport *t,
le64_to_cpu(hdr->src_cid),
- le32_to_cpu(hdr->src_port));
+ le32_to_cpu(hdr->src_port),
+ &err);
le32_to_cpu(hdr->src_port));
if (!reply)
- return -ENOMEM;
+ return err;
+ return -EINVAL;
return t->send_pkt(reply);
}
@@ -1200,6 +1266,21 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk,
@@ -1418,6 +1468,21 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk,
kfree_skb(skb);
}
@ -606,7 +541,7 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
static int
virtio_transport_recv_connected(struct sock *sk,
struct sk_buff *skb)
@@ -1369,7 +1450,8 @@ virtio_transport_recv_listen(struct sock *sk, struct sk_buff *skb,
@@ -1595,7 +1660,8 @@ virtio_transport_recv_listen(struct sock *sk, struct sk_buff *skb,
static bool virtio_transport_valid_type(u16 type)
{
return (type == VIRTIO_VSOCK_TYPE_STREAM) ||
@ -616,7 +551,7 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
}
/* We are under the virtio-vsock's vsock->rx_lock or vhost-vsock's vq->mutex
@@ -1383,40 +1465,52 @@ void virtio_transport_recv_pkt(struct virtio_transport *t,
@@ -1609,40 +1675,52 @@ void virtio_transport_recv_pkt(struct virtio_transport *t,
struct vsock_sock *vsk;
struct sock *sk;
bool space_available;
@ -679,10 +614,10 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
sock_put(sk);
goto free_pkt;
}
@@ -1432,12 +1526,18 @@ void virtio_transport_recv_pkt(struct virtio_transport *t,
/* Check if sk has been closed before lock_sock */
if (sock_flag(sk, SOCK_DONE)) {
@@ -1661,12 +1739,18 @@ void virtio_transport_recv_pkt(struct virtio_transport *t,
*/
if (sock_flag(sk, SOCK_DONE) ||
(sk->sk_state != TCP_LISTEN && vsk->transport != &t->transport)) {
- (void)virtio_transport_reset_no_sock(t, skb);
+ if (type != VIRTIO_VSOCK_TYPE_DGRAM)
+ (void)virtio_transport_reset_no_sock(t, skb);
@ -699,7 +634,7 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
space_available = virtio_transport_space_update(sk, skb);
/* Update CID in case it has changed after a transport reset event */
@@ -1469,6 +1569,7 @@ void virtio_transport_recv_pkt(struct virtio_transport *t,
@@ -1698,6 +1782,7 @@ void virtio_transport_recv_pkt(struct virtio_transport *t,
break;
}
@ -708,7 +643,7 @@ index 0b2f6c211544..7ff2d3a44dc2 100644
/* Release refcnt obtained when we fetched this socket out of the
diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c
index 21a4debde550..20f5b123bde5 100644
index 9e9e124f8d2b..b3066c854bb9 100644
--- a/net/vmw_vsock/vsock_loopback.c
+++ b/net/vmw_vsock/vsock_loopback.c
@@ -46,6 +46,7 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *vsk)
@ -717,9 +652,9 @@ index 21a4debde550..20f5b123bde5 100644
+static bool vsock_loopback_dgram_allow(u32 cid, u32 port);
static bool vsock_loopback_seqpacket_allow(u32 remote_cid);
static struct virtio_transport loopback_transport = {
@@ -62,7 +63,7 @@ static struct virtio_transport loopback_transport = {
static bool vsock_loopback_msgzerocopy_allow(void)
{
@@ -66,7 +67,7 @@ static struct virtio_transport loopback_transport = {
.cancel_pkt = vsock_loopback_cancel_pkt,
.dgram_enqueue = virtio_transport_dgram_enqueue,
@ -728,7 +663,7 @@ index 21a4debde550..20f5b123bde5 100644
.dgram_get_cid = virtio_transport_dgram_get_cid,
.dgram_get_port = virtio_transport_dgram_get_port,
.dgram_get_length = virtio_transport_dgram_get_length,
@@ -99,6 +100,11 @@ static struct virtio_transport loopback_transport = {
@@ -107,6 +108,11 @@ static struct virtio_transport loopback_transport = {
.send_pkt = vsock_loopback_send_pkt,
};
@ -741,5 +676,5 @@ index 21a4debde550..20f5b123bde5 100644
{
return true;
--
2.46.0
2.49.0

71
patches/0010-Transparent-Socket-Impersonation-implementation.patch → patches/0009-Transparent-Socket-Impersonation-implementation.patch
View File

@ -1,7 +1,7 @@
From b4ce449d32a4a9c71041052c1e4599f3a01eccfa Mon Sep 17 00:00:00 2001
From e65e052341afe0e53a64e380cf48fd51ee061053 Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Thu, 19 May 2022 22:38:26 +0200
Subject: [PATCH 10/21] Transparent Socket Impersonation implementation
Subject: [PATCH 09/21] Transparent Socket Impersonation implementation
Transparent Socket Impersonation (AF_TSI) is an address family that
provides sockets presenting two simultaneous personalities, AF_INET
@ -31,18 +31,18 @@ Signed-off-by: Sergio Lopez <slp@redhat.com>
net/tsi/af_tsi.c | 1280 +++++++++++++++++++++++++++
net/tsi/af_tsi.h | 100 +++
security/selinux/hooks.c | 4 +-
security/selinux/include/classmap.h | 4 +-
10 files changed, 1403 insertions(+), 3 deletions(-)
security/selinux/include/classmap.h | 3 +-
10 files changed, 1402 insertions(+), 3 deletions(-)
create mode 100644 net/tsi/Kconfig
create mode 100644 net/tsi/Makefile
create mode 100644 net/tsi/af_tsi.c
create mode 100644 net/tsi/af_tsi.h
diff --git a/include/linux/socket.h b/include/linux/socket.h
index cfcb7e2c3813..b5891faf7996 100644
index c3322eb3d686..77b7e8246102 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -239,8 +239,9 @@ struct ucred {
@@ -240,8 +240,9 @@ struct ucred {
#define AF_MCTP 45 /* Management component
* transport protocol
*/
@ -53,7 +53,7 @@ index cfcb7e2c3813..b5891faf7996 100644
/* Protocol families, same as address families. */
#define PF_UNSPEC AF_UNSPEC
@@ -291,6 +292,7 @@ struct ucred {
@@ -292,6 +293,7 @@ struct ucred {
#define PF_SMC AF_SMC
#define PF_XDP AF_XDP
#define PF_MCTP AF_MCTP
@ -62,10 +62,10 @@ index cfcb7e2c3813..b5891faf7996 100644
/* Maximum queue length specifiable by listen. */
diff --git a/net/Kconfig b/net/Kconfig
index d532ec33f1fe..cce74ff2a107 100644
index a629f92dc86b..91dfb9152b5b 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -267,6 +267,7 @@ source "net/switchdev/Kconfig"
@@ -274,6 +274,7 @@ source "net/switchdev/Kconfig"
source "net/l3mdev/Kconfig"
source "net/qrtr/Kconfig"
source "net/ncsi/Kconfig"
@ -74,19 +74,19 @@ index d532ec33f1fe..cce74ff2a107 100644
config PCPU_DEV_REFCNT
bool "Use percpu variables to maintain network device refcount"
diff --git a/net/Makefile b/net/Makefile
index 4c4dc535453d..b07f65c0ef56 100644
index 65bb8c72a35e..c1db937f3212 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -80,3 +80,4 @@ obj-$(CONFIG_XDP_SOCKETS) += xdp/
@@ -79,3 +79,4 @@ obj-$(CONFIG_XDP_SOCKETS) += xdp/
obj-$(CONFIG_MPTCP) += mptcp/
obj-$(CONFIG_MCTP) += mctp/
obj-$(CONFIG_NET_HANDSHAKE) += handshake/
+obj-$(CONFIG_TSI) += tsi/
diff --git a/net/socket.c b/net/socket.c
index 9db33cd4a71b..8b92dd098235 100644
index 042451f01c65..5ad75d15e1ad 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -218,6 +218,7 @@ static const char * const pf_family_names[] = {
@@ -217,6 +217,7 @@ static const char * const pf_family_names[] = {
[PF_SMC] = "PF_SMC",
[PF_XDP] = "PF_XDP",
[PF_MCTP] = "PF_MCTP",
@ -119,7 +119,7 @@ index 000000000000..8b3cf74116a5
+tsi-y := af_tsi.o
diff --git a/net/tsi/af_tsi.c b/net/tsi/af_tsi.c
new file mode 100644
index 000000000000..eda6c4ba7961
index 000000000000..f43a17cff3a3
--- /dev/null
+++ b/net/tsi/af_tsi.c
@@ -0,0 +1,1280 @@
@ -505,7 +505,7 @@ index 000000000000..eda6c4ba7961
+}
+
+static int tsi_accept_inet(struct tsi_sock *tsk, struct socket **newsock,
+ int flags, bool kern)
+ struct proto_accept_arg *arg)
+{
+ struct socket *socket = tsk->isocket;
+ struct socket *nsock;
@ -518,7 +518,7 @@ index 000000000000..eda6c4ba7961
+ nsock->type = socket->type;
+ nsock->ops = socket->ops;
+
+ err = socket->ops->accept(socket, nsock, flags, kern);
+ err = socket->ops->accept(socket, nsock, arg);
+
+ if (err < 0) {
+ pr_debug("%s: inet accept failed: %d\n", __func__, err);
@ -532,7 +532,7 @@ index 000000000000..eda6c4ba7961
+}
+
+static int tsi_accept_vsock(struct tsi_sock *tsk, struct socket **newsock,
+ int flags, bool kern)
+ struct proto_accept_arg *arg)
+{
+ struct socket *socket = tsk->vsocket;
+ struct socket *nsock;
@ -541,7 +541,7 @@ index 000000000000..eda6c4ba7961
+ int err;
+
+ ta_req.svm_port = tsk->svm_port;
+ ta_req.flags = flags;
+ ta_req.flags = arg->flags;
+
+ pr_debug("%s: sending accept request id=%u\n", __func__,
+ ta_req.svm_port);
@ -577,7 +577,7 @@ index 000000000000..eda6c4ba7961
+ nsock->type = socket->type;
+ nsock->ops = socket->ops;
+
+ err = socket->ops->accept(socket, nsock, flags, kern);
+ err = socket->ops->accept(socket, nsock, arg);
+
+ if (err < 0) {
+ pr_debug("%s: vsock accept failed: %d\n", __func__, err);
@ -590,8 +590,8 @@ index 000000000000..eda6c4ba7961
+ return err;
+}
+
+static int tsi_accept(struct socket *sock, struct socket *newsock, int flags,
+ bool kern)
+static int tsi_accept(struct socket *sock, struct socket *newsock,
+ struct proto_accept_arg *arg)
+{
+ struct sock *listener = sock->sk;
+ struct sockaddr_vm vm_addr;
@ -621,14 +621,14 @@ index 000000000000..eda6c4ba7961
+ newtsk = tsi_sk(newsock->sk);
+
+ if (tsk->status == S_INET) {
+ err = tsi_accept_inet(tsk, &nsock, flags, kern);
+ err = tsi_accept_inet(tsk, &nsock, arg);
+ if (err < 0) {
+ goto error;
+ }
+ newtsk->status = S_INET;
+ newtsk->isocket = nsock;
+ } else {
+ err = tsi_accept_vsock(tsk, &nsock, flags, kern);
+ err = tsi_accept_vsock(tsk, &nsock, arg);
+ if (err < 0) {
+ goto error;
+ }
@ -1510,10 +1510,10 @@ index 000000000000..cf381734bebe
+
+#endif
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d4a99d98ec77..82fd1f975ef6 100644
index fc926d3cac6e..486be0734a6c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1295,7 +1295,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
@@ -1302,7 +1302,9 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
return SECCLASS_XDP_SOCKET;
case PF_MCTP:
return SECCLASS_MCTP_SOCKET;
@ -1525,26 +1525,25 @@ index d4a99d98ec77..82fd1f975ef6 100644
#endif
}
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index a3c380775d41..4640eb408c06 100644
index 7229c9bf6c27..065d9b85693f 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -248,6 +248,8 @@ const struct security_class_mapping secclass_map[] = {
{ COMMON_SOCK_PERMS, NULL } },
{ "mctp_socket",
{ COMMON_SOCK_PERMS, NULL } },
+ { "tsi_socket",
+ { COMMON_SOCK_PERMS, NULL } },
@@ -173,6 +173,7 @@ const struct security_class_mapping secclass_map[] = {
NULL } },
{ "xdp_socket", { COMMON_SOCK_PERMS, NULL } },
{ "mctp_socket", { COMMON_SOCK_PERMS, NULL } },
+ { "tsi_socket", { COMMON_SOCK_PERMS, NULL } },
{ "perf_event",
{ "open", "cpu", "kernel", "tracepoint", "read", "write", NULL } },
{ "anon_inode",
@@ -259,6 +261,6 @@ const struct security_class_mapping secclass_map[] = {
{ "anon_inode", { COMMON_FILE_PERMS, NULL } },
@@ -181,6 +182,6 @@ const struct security_class_mapping secclass_map[] = {
{ NULL }
};
};
-#if PF_MAX > 46
+#if PF_MAX > 47
#error New address family defined, please update secclass_map.
#endif
--
2.45.2
2.49.0

671
patches/0009-tests-add-vsock-dgram-tests.patch
View File

@ -1,671 +0,0 @@
From aacd77363c0f5c8515f9ef55889cd367d42d06f9 Mon Sep 17 00:00:00 2001
From: Jiang Wang <jiang.wang@bytedance.com>
Date: Sat, 10 Jun 2023 00:58:35 +0000
Subject: [PATCH 09/17] tests: add vsock dgram tests
This patch adds tests for vsock datagram.
Signed-off-by: Bobby Eshleman <bobby.eshleman@bytedance.com>
Signed-off-by: Jiang Wang <jiang.wang@bytedance.com>
---
tools/testing/vsock/util.c | 141 +++++++++-
tools/testing/vsock/util.h | 6 +
tools/testing/vsock/vsock_test.c | 431 +++++++++++++++++++++++++++++++
3 files changed, 577 insertions(+), 1 deletion(-)
diff --git a/tools/testing/vsock/util.c b/tools/testing/vsock/util.c
index 01b636d3039a..811e70d7cf1e 100644
--- a/tools/testing/vsock/util.c
+++ b/tools/testing/vsock/util.c
@@ -99,7 +99,8 @@ static int vsock_connect(unsigned int cid, unsigned int port, int type)
int ret;
int fd;
- control_expectln("LISTENING");
+ if (type != SOCK_DGRAM)
+ control_expectln("LISTENING");
fd = socket(AF_VSOCK, type, 0);
@@ -130,6 +131,11 @@ int vsock_seqpacket_connect(unsigned int cid, unsigned int port)
return vsock_connect(cid, port, SOCK_SEQPACKET);
}
+int vsock_dgram_connect(unsigned int cid, unsigned int port)
+{
+ return vsock_connect(cid, port, SOCK_DGRAM);
+}
+
/* Listen on <cid, port> and return the first incoming connection. The remote
* address is stored to clientaddrp. clientaddrp may be NULL.
*/
@@ -211,6 +217,34 @@ int vsock_seqpacket_accept(unsigned int cid, unsigned int port,
return vsock_accept(cid, port, clientaddrp, SOCK_SEQPACKET);
}
+int vsock_dgram_bind(unsigned int cid, unsigned int port)
+{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_vm svm;
+ } addr = {
+ .svm = {
+ .svm_family = AF_VSOCK,
+ .svm_port = port,
+ .svm_cid = cid,
+ },
+ };
+ int fd;
+
+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0);
+ if (fd < 0) {
+ perror("socket");
+ exit(EXIT_FAILURE);
+ }
+
+ if (bind(fd, &addr.sa, sizeof(addr.svm)) < 0) {
+ perror("bind");
+ exit(EXIT_FAILURE);
+ }
+
+ return fd;
+}
+
/* Transmit one byte and check the return value.
*
* expected_ret:
@@ -260,6 +294,57 @@ void send_byte(int fd, int expected_ret, int flags)
}
}
+/* Transmit one byte and check the return value.
+ *
+ * expected_ret:
+ * <0 Negative errno (for testing errors)
+ * 0 End-of-file
+ * 1 Success
+ */
+void sendto_byte(int fd, const struct sockaddr *dest_addr, int len, int expected_ret,
+ int flags)
+{
+ const uint8_t byte = 'A';
+ ssize_t nwritten;
+
+ timeout_begin(TIMEOUT);
+ do {
+ nwritten = sendto(fd, &byte, sizeof(byte), flags, dest_addr,
+ len);
+ timeout_check("write");
+ } while (nwritten < 0 && errno == EINTR);
+ timeout_end();
+
+ if (expected_ret < 0) {
+ if (nwritten != -1) {
+ fprintf(stderr, "bogus sendto(2) return value %zd\n",
+ nwritten);
+ exit(EXIT_FAILURE);
+ }
+ if (errno != -expected_ret) {
+ perror("write");
+ exit(EXIT_FAILURE);
+ }
+ return;
+ }
+
+ if (nwritten < 0) {
+ perror("write");
+ exit(EXIT_FAILURE);
+ }
+ if (nwritten == 0) {
+ if (expected_ret == 0)
+ return;
+
+ fprintf(stderr, "unexpected EOF while sending byte\n");
+ exit(EXIT_FAILURE);
+ }
+ if (nwritten != sizeof(byte)) {
+ fprintf(stderr, "bogus sendto(2) return value %zd\n", nwritten);
+ exit(EXIT_FAILURE);
+ }
+}
+
/* Receive one byte and check the return value.
*
* expected_ret:
@@ -313,6 +398,60 @@ void recv_byte(int fd, int expected_ret, int flags)
}
}
+/* Receive one byte and check the return value.
+ *
+ * expected_ret:
+ * <0 Negative errno (for testing errors)
+ * 0 End-of-file
+ * 1 Success
+ */
+void recvfrom_byte(int fd, struct sockaddr *src_addr, socklen_t *addrlen,
+ int expected_ret, int flags)
+{
+ uint8_t byte;
+ ssize_t nread;
+
+ timeout_begin(TIMEOUT);
+ do {
+ nread = recvfrom(fd, &byte, sizeof(byte), flags, src_addr, addrlen);
+ timeout_check("read");
+ } while (nread < 0 && errno == EINTR);
+ timeout_end();
+
+ if (expected_ret < 0) {
+ if (nread != -1) {
+ fprintf(stderr, "bogus recvfrom(2) return value %zd\n",
+ nread);
+ exit(EXIT_FAILURE);
+ }
+ if (errno != -expected_ret) {
+ perror("read");
+ exit(EXIT_FAILURE);
+ }
+ return;
+ }
+
+ if (nread < 0) {
+ perror("read");
+ exit(EXIT_FAILURE);
+ }
+ if (nread == 0) {
+ if (expected_ret == 0)
+ return;
+
+ fprintf(stderr, "unexpected EOF while receiving byte\n");
+ exit(EXIT_FAILURE);
+ }
+ if (nread != sizeof(byte)) {
+ fprintf(stderr, "bogus recvfrom(2) return value %zd\n", nread);
+ exit(EXIT_FAILURE);
+ }
+ if (byte != 'A') {
+ fprintf(stderr, "unexpected byte read %c\n", byte);
+ exit(EXIT_FAILURE);
+ }
+}
+
/* Run test cases. The program terminates if a failure occurs. */
void run_tests(const struct test_case *test_cases,
const struct test_opts *opts)
diff --git a/tools/testing/vsock/util.h b/tools/testing/vsock/util.h
index fb99208a95ea..a69e128d120c 100644
--- a/tools/testing/vsock/util.h
+++ b/tools/testing/vsock/util.h
@@ -37,13 +37,19 @@ void init_signals(void);
unsigned int parse_cid(const char *str);
int vsock_stream_connect(unsigned int cid, unsigned int port);
int vsock_seqpacket_connect(unsigned int cid, unsigned int port);
+int vsock_dgram_connect(unsigned int cid, unsigned int port);
int vsock_stream_accept(unsigned int cid, unsigned int port,
struct sockaddr_vm *clientaddrp);
int vsock_seqpacket_accept(unsigned int cid, unsigned int port,
struct sockaddr_vm *clientaddrp);
+int vsock_dgram_bind(unsigned int cid, unsigned int port);
void vsock_wait_remote_close(int fd);
void send_byte(int fd, int expected_ret, int flags);
+void sendto_byte(int fd, const struct sockaddr *dest_addr, int len, int expected_ret,
+ int flags);
void recv_byte(int fd, int expected_ret, int flags);
+void recvfrom_byte(int fd, struct sockaddr *src_addr, socklen_t *addrlen,
+ int expected_ret, int flags);
void run_tests(const struct test_case *test_cases,
const struct test_opts *opts);
void list_tests(const struct test_case *test_cases);
diff --git a/tools/testing/vsock/vsock_test.c b/tools/testing/vsock/vsock_test.c
index 5dc7767039f6..7c66e934341a 100644
--- a/tools/testing/vsock/vsock_test.c
+++ b/tools/testing/vsock/vsock_test.c
@@ -1177,6 +1177,413 @@ static void test_seqpacket_msg_peek_server(const struct test_opts *opts)
return test_msg_peek_server(opts, true);
}
+static void test_dgram_sendto_client(const struct test_opts *opts)
+{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_vm svm;
+ } addr = {
+ .svm = {
+ .svm_family = AF_VSOCK,
+ .svm_port = 1234,
+ .svm_cid = opts->peer_cid,
+ },
+ };
+ int fd;
+
+ /* Wait for the server to be ready */
+ control_expectln("BIND");
+
+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0);
+ if (fd < 0) {
+ perror("socket");
+ exit(EXIT_FAILURE);
+ }
+
+ sendto_byte(fd, &addr.sa, sizeof(addr.svm), 1, 0);
+
+ /* Notify the server that the client has finished */
+ control_writeln("DONE");
+
+ close(fd);
+}
+
+static void test_dgram_sendto_server(const struct test_opts *opts)
+{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_vm svm;
+ } addr = {
+ .svm = {
+ .svm_family = AF_VSOCK,
+ .svm_port = 1234,
+ .svm_cid = VMADDR_CID_ANY,
+ },
+ };
+ int len = sizeof(addr.sa);
+ int fd;
+
+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0);
+ if (fd < 0) {
+ perror("socket");
+ exit(EXIT_FAILURE);
+ }
+
+ if (bind(fd, &addr.sa, sizeof(addr.svm)) < 0) {
+ perror("bind");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Notify the client that the server is ready */
+ control_writeln("BIND");
+
+ recvfrom_byte(fd, &addr.sa, &len, 1, 0);
+
+ /* Wait for the client to finish */
+ control_expectln("DONE");
+
+ close(fd);
+}
+
+static void test_dgram_connect_client(const struct test_opts *opts)
+{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_vm svm;
+ } addr = {
+ .svm = {
+ .svm_family = AF_VSOCK,
+ .svm_port = 1234,
+ .svm_cid = opts->peer_cid,
+ },
+ };
+ int ret;
+ int fd;
+
+ /* Wait for the server to be ready */
+ control_expectln("BIND");
+
+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0);
+ if (fd < 0) {
+ perror("bind");
+ exit(EXIT_FAILURE);
+ }
+
+ ret = connect(fd, &addr.sa, sizeof(addr.svm));
+ if (ret < 0) {
+ perror("connect");
+ exit(EXIT_FAILURE);
+ }
+
+ send_byte(fd, 1, 0);
+
+ /* Notify the server that the client has finished */
+ control_writeln("DONE");
+
+ close(fd);
+}
+
+static void test_dgram_connect_server(const struct test_opts *opts)
+{
+ test_dgram_sendto_server(opts);
+}
+
+static void test_dgram_multiconn_sendto_client(const struct test_opts *opts)
+{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_vm svm;
+ } addr = {
+ .svm = {
+ .svm_family = AF_VSOCK,
+ .svm_port = 1234,
+ .svm_cid = opts->peer_cid,
+ },
+ };
+ int fds[MULTICONN_NFDS];
+ int i;
+
+ /* Wait for the server to be ready */
+ control_expectln("BIND");
+
+ for (i = 0; i < MULTICONN_NFDS; i++) {
+ fds[i] = socket(AF_VSOCK, SOCK_DGRAM, 0);
+ if (fds[i] < 0) {
+ perror("socket");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ for (i = 0; i < MULTICONN_NFDS; i++)
+ sendto_byte(fds[i], &addr.sa, sizeof(addr.svm), 1, 0);
+
+ /* Notify the server that the client has finished */
+ control_writeln("DONE");
+
+ for (i = 0; i < MULTICONN_NFDS; i++)
+ close(fds[i]);
+}
+
+static void test_dgram_multiconn_sendto_server(const struct test_opts *opts)
+{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_vm svm;
+ } addr = {
+ .svm = {
+ .svm_family = AF_VSOCK,
+ .svm_port = 1234,
+ .svm_cid = VMADDR_CID_ANY,
+ },
+ };
+ int len = sizeof(addr.sa);
+ int fd;
+ int i;
+
+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0);
+ if (fd < 0) {
+ perror("socket");
+ exit(EXIT_FAILURE);
+ }
+
+ if (bind(fd, &addr.sa, sizeof(addr.svm)) < 0) {
+ perror("bind");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Notify the client that the server is ready */
+ control_writeln("BIND");
+
+ for (i = 0; i < MULTICONN_NFDS; i++)
+ recvfrom_byte(fd, &addr.sa, &len, 1, 0);
+
+ /* Wait for the client to finish */
+ control_expectln("DONE");
+
+ close(fd);
+}
+
+static void test_dgram_multiconn_send_client(const struct test_opts *opts)
+{
+ int fds[MULTICONN_NFDS];
+ int i;
+
+ /* Wait for the server to be ready */
+ control_expectln("BIND");
+
+ for (i = 0; i < MULTICONN_NFDS; i++) {
+ fds[i] = vsock_dgram_connect(opts->peer_cid, 1234);
+ if (fds[i] < 0) {
+ perror("socket");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ for (i = 0; i < MULTICONN_NFDS; i++)
+ send_byte(fds[i], 1, 0);
+
+ /* Notify the server that the client has finished */
+ control_writeln("DONE");
+
+ for (i = 0; i < MULTICONN_NFDS; i++)
+ close(fds[i]);
+}
+
+static void test_dgram_multiconn_send_server(const struct test_opts *opts)
+{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_vm svm;
+ } addr = {
+ .svm = {
+ .svm_family = AF_VSOCK,
+ .svm_port = 1234,
+ .svm_cid = VMADDR_CID_ANY,
+ },
+ };
+ int fd;
+ int i;
+
+ fd = socket(AF_VSOCK, SOCK_DGRAM, 0);
+ if (fd < 0) {
+ perror("socket");
+ exit(EXIT_FAILURE);
+ }
+
+ if (bind(fd, &addr.sa, sizeof(addr.svm)) < 0) {
+ perror("bind");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Notify the client that the server is ready */
+ control_writeln("BIND");
+
+ for (i = 0; i < MULTICONN_NFDS; i++)
+ recv_byte(fd, 1, 0);
+
+ /* Wait for the client to finish */
+ control_expectln("DONE");
+
+ close(fd);
+}
+
+static void test_dgram_msg_bounds_client(const struct test_opts *opts)
+{
+ unsigned long recv_buf_size;
+ int page_size;
+ int msg_cnt;
+ int fd;
+
+ fd = vsock_dgram_connect(opts->peer_cid, 1234);
+ if (fd < 0) {
+ perror("connect");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Let the server know the client is ready */
+ control_writeln("CLNTREADY");
+
+ msg_cnt = control_readulong();
+ recv_buf_size = control_readulong();
+
+ /* Wait, until receiver sets buffer size. */
+ control_expectln("SRVREADY");
+
+ page_size = getpagesize();
+
+ for (int i = 0; i < msg_cnt; i++) {
+ unsigned long curr_hash;
+ ssize_t send_size;
+ size_t buf_size;
+ void *buf;
+
+ /* Use "small" buffers and "big" buffers. */
+ if (i & 1)
+ buf_size = page_size +
+ (rand() % (MAX_MSG_SIZE - page_size));
+ else
+ buf_size = 1 + (rand() % page_size);
+
+ buf_size = min(buf_size, recv_buf_size);
+
+ buf = malloc(buf_size);
+
+ if (!buf) {
+ perror("malloc");
+ exit(EXIT_FAILURE);
+ }
+
+ memset(buf, rand() & 0xff, buf_size);
+ /* Set at least one MSG_EOR + some random. */
+
+ send_size = send(fd, buf, buf_size, 0);
+
+ if (send_size < 0) {
+ perror("send");
+ exit(EXIT_FAILURE);
+ }
+
+ if (send_size != buf_size) {
+ fprintf(stderr, "Invalid send size\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /* In theory the implementation isn't required to transmit
+ * these packets in order, so we use this SYNC control message
+ * so that server and client coordinate sending and receiving
+ * one packet at a time. The client sends a packet and waits
+ * until it has been received before sending another.
+ */
+ control_writeln("PKTSENT");
+ control_expectln("PKTRECV");
+
+ /* Send the server a hash of the packet */
+ curr_hash = hash_djb2(buf, buf_size);
+ control_writeulong(curr_hash);
+ free(buf);
+ }
+
+ control_writeln("SENDDONE");
+ close(fd);
+}
+
+static void test_dgram_msg_bounds_server(const struct test_opts *opts)
+{
+ const unsigned long msg_cnt = 16;
+ unsigned long sock_buf_size;
+ struct msghdr msg = {0};
+ struct iovec iov = {0};
+ char buf[MAX_MSG_SIZE];
+ socklen_t len;
+ int fd;
+ int i;
+
+ fd = vsock_dgram_bind(VMADDR_CID_ANY, 1234);
+
+ if (fd < 0) {
+ perror("bind");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Set receive buffer to maximum */
+ sock_buf_size = -1;
+ if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF,
+ &sock_buf_size, sizeof(sock_buf_size))) {
+ perror("setsockopt(SO_RECVBUF)");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Retrieve the receive buffer size */
+ len = sizeof(sock_buf_size);
+ if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF,
+ &sock_buf_size, &len)) {
+ perror("getsockopt(SO_RECVBUF)");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Client ready to receive parameters */
+ control_expectln("CLNTREADY");
+
+ control_writeulong(msg_cnt);
+ control_writeulong(sock_buf_size);
+
+ /* Ready to receive data. */
+ control_writeln("SRVREADY");
+
+ iov.iov_base = buf;
+ iov.iov_len = sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+
+ for (i = 0; i < msg_cnt; i++) {
+ unsigned long remote_hash;
+ unsigned long curr_hash;
+ ssize_t recv_size;
+
+ control_expectln("PKTSENT");
+ recv_size = recvmsg(fd, &msg, 0);
+ control_writeln("PKTRECV");
+
+ if (!recv_size)
+ break;
+
+ if (recv_size < 0) {
+ perror("recvmsg");
+ exit(EXIT_FAILURE);
+ }
+
+ curr_hash = hash_djb2(msg.msg_iov[0].iov_base, recv_size);
+ remote_hash = control_readulong();
+
+ if (curr_hash != remote_hash) {
+ fprintf(stderr, "Message bounds broken\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ close(fd);
+}
+
static struct test_case test_cases[] = {
{
.name = "SOCK_STREAM connection reset",
@@ -1256,6 +1663,30 @@ static struct test_case test_cases[] = {
.name = "SOCK_SEQPACKET MSG_PEEK",
.run_client = test_seqpacket_msg_peek_client,
.run_server = test_seqpacket_msg_peek_server,
+ },
+ .name = "SOCK_DGRAM client sendto",
+ .run_client = test_dgram_sendto_client,
+ .run_server = test_dgram_sendto_server,
+ },
+ {
+ .name = "SOCK_DGRAM client connect",
+ .run_client = test_dgram_connect_client,
+ .run_server = test_dgram_connect_server,
+ },
+ {
+ .name = "SOCK_DGRAM multiple connections using sendto",
+ .run_client = test_dgram_multiconn_sendto_client,
+ .run_server = test_dgram_multiconn_sendto_server,
+ },
+ {
+ .name = "SOCK_DGRAM multiple connections using send",
+ .run_client = test_dgram_multiconn_send_client,
+ .run_server = test_dgram_multiconn_send_server,
+ },
+ {
+ .name = "SOCK_DGRAM msg bounds",
+ .run_client = test_dgram_msg_bounds_client,
+ .run_server = test_dgram_msg_bounds_server,
},
{},
};
--
2.46.0

16
patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch → patches/0010-tsi-allow-hijacking-sockets-tsi_hijack.patch
View File

@ -1,7 +1,7 @@
From 38643ecb3d75f3c156249b6488b76ef608e990cb Mon Sep 17 00:00:00 2001
From 522e468a0680c0242172ccb1dd336224b5391594 Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Thu, 19 May 2022 22:42:01 +0200
Subject: [PATCH 11/17] tsi: allow hijacking sockets (tsi_hijack)
Subject: [PATCH 10/21] tsi: allow hijacking sockets (tsi_hijack)
Add a kernel command line option (tsi_hijack) enabling users to
request the kernel to hijack AF_INET(SOCK_STREAM || SOCK_DGRAM)
@ -14,7 +14,7 @@ Signed-off-by: Sergio Lopez <slp@redhat.com>
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/net/socket.c b/net/socket.c
index 8b92dd098235..ab2bd178bcc7 100644
index 5ad75d15e1ad..bf8818423454 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -115,6 +115,10 @@ unsigned int sysctl_net_busy_read __read_mostly;
@ -28,7 +28,7 @@ index 8b92dd098235..ab2bd178bcc7 100644
static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
static int sock_mmap(struct file *file, struct vm_area_struct *vma);
@@ -1483,6 +1487,10 @@ int sock_wake_async(struct socket_wq *wq, int how, int band)
@@ -1488,6 +1492,10 @@ int sock_wake_async(struct socket_wq *wq, int how, int band)
}
EXPORT_SYMBOL(sock_wake_async);
@ -39,7 +39,7 @@ index 8b92dd098235..ab2bd178bcc7 100644
/**
* __sock_create - creates a socket
* @net: net namespace
@@ -1553,6 +1561,15 @@ int __sock_create(struct net *net, int family, int type, int protocol,
@@ -1558,6 +1566,15 @@ int __sock_create(struct net *net, int family, int type, int protocol,
request_module("net-pf-%d", family);
#endif
@ -56,10 +56,10 @@ index 8b92dd098235..ab2bd178bcc7 100644
pf = rcu_dereference(net_families[family]);
err = -EAFNOSUPPORT;
diff --git a/net/tsi/af_tsi.c b/net/tsi/af_tsi.c
index eda6c4ba7961..6cf01d7ce8f5 100644
index f43a17cff3a3..ef1552862253 100644
--- a/net/tsi/af_tsi.c
+++ b/net/tsi/af_tsi.c
@@ -474,7 +474,7 @@ static int tsi_accept(struct socket *sock, struct socket *newsock, int flags,
@@ -474,7 +474,7 @@ static int tsi_accept(struct socket *sock, struct socket *newsock,
struct socket *csocket;
struct tsi_sock *tsk;
struct tsi_sock *newtsk;
@ -69,5 +69,5 @@ index eda6c4ba7961..6cf01d7ce8f5 100644
int err;
--
2.46.0
2.49.0

12
patches/0012-arm64-cpufeature-Unify-SCOPE_LOCAL_CPU-early-late-be.patch → patches/0011-arm64-cpufeature-Unify-SCOPE_LOCAL_CPU-early-late-be.patch
View File

@ -1,7 +1,7 @@
From d5eb37359e9bf9c208f252ac01c345fb6947d74b Mon Sep 17 00:00:00 2001
From 6cd6813018d12ecf1da19b5101c041ea7d1cab34 Mon Sep 17 00:00:00 2001
From: Asahi Lina <lina@asahilina.net>
Date: Wed, 25 Sep 2024 16:35:34 +0200
Subject: [PATCH 12/17] arm64: cpufeature: Unify SCOPE_LOCAL_CPU early & late
Subject: [PATCH 11/21] arm64: cpufeature: Unify SCOPE_LOCAL_CPU early & late
behavior
SCOPE_LOCAL_CPU is mostly used for CPU errata. The early feature logic
@ -35,10 +35,10 @@ Signed-off-by: Asahi Lina <lina@asahilina.net>
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 7e9660455900..6802a8eeb6a6 100644
index 05ccf4ec278f..ab0b8ab2e72b 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2986,10 +2986,38 @@ static void update_cpu_capabilities(u16 scope_mask)
@@ -3176,10 +3176,38 @@ static void update_cpu_capabilities(u16 scope_mask)
scope_mask &= ARM64_CPUCAP_SCOPE_MASK;
for (i = 0; i < ARM64_NCAPS; i++) {
@ -79,7 +79,7 @@ index 7e9660455900..6802a8eeb6a6 100644
+ */
continue;
if (caps->desc)
if (caps->desc && !caps->cpus)
--
2.46.0
2.49.0

24
patches/0013-prctl-Introduce-PR_-SET-GET-_MEM_MODEL.patch → patches/0012-prctl-Introduce-PR_-SET-GET-_MEM_MODEL.patch
View File

@ -1,7 +1,7 @@
From eda97730a842489f539f86f74f07495645a7c972 Mon Sep 17 00:00:00 2001
From 0ee81bb453100f4d329846ef3205c7256da0fd1d Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Thu, 11 Apr 2024 09:51:20 +0900
Subject: [PATCH 13/17] prctl: Introduce PR_{SET,GET}_MEM_MODEL
Subject: [PATCH 12/21] prctl: Introduce PR_{SET,GET}_MEM_MODEL
On some architectures, it is possible to query and/or change the CPU
memory model. This allows userspace to switch to a stricter memory model
@ -59,12 +59,12 @@ index 000000000000..267a12ca6630
+
+#endif
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 370ed14b1ae0..961216093f11 100644
index 35791791a879..36c278683cd6 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -306,4 +306,9 @@ struct prctl_mm_map {
# define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc
# define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f
@@ -328,4 +328,9 @@ struct prctl_mm_map {
# define PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC 0x10 /* Clear the aspect on exec */
# define PR_PPC_DEXCR_CTRL_MASK 0x1f
+#define PR_GET_MEM_MODEL 0x6d4d444c
+#define PR_SET_MEM_MODEL 0x4d4d444c
@ -73,7 +73,7 @@ index 370ed14b1ae0..961216093f11 100644
+
#endif /* _LINUX_PRCTL_H */
diff --git a/kernel/sys.c b/kernel/sys.c
index 44b575990333..2db751ce25a2 100644
index 4da31f28fda8..83da58930513 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -45,6 +45,7 @@
@ -84,7 +84,7 @@ index 44b575990333..2db751ce25a2 100644
#include <linux/compat.h>
#include <linux/syscalls.h>
@@ -2432,6 +2433,16 @@ static int prctl_get_auxv(void __user *addr, unsigned long len)
@@ -2454,6 +2455,16 @@ static int prctl_get_auxv(void __user *addr, unsigned long len)
return sizeof(mm->saved_auxv);
}
@ -101,9 +101,9 @@ index 44b575990333..2db751ce25a2 100644
SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
unsigned long, arg4, unsigned long, arg5)
{
@@ -2747,6 +2758,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
case PR_RISCV_V_GET_CONTROL:
error = RISCV_V_GET_CONTROL();
@@ -2784,6 +2795,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
case PR_RISCV_SET_ICACHE_FLUSH_CTX:
error = RISCV_SET_ICACHE_FLUSH_CTX(arg2, arg3);
break;
+ case PR_GET_MEM_MODEL:
+ if (arg2 || arg3 || arg4 || arg5)
@ -119,5 +119,5 @@ index 44b575990333..2db751ce25a2 100644
error = -EINVAL;
break;
--
2.46.0
2.49.0

77
patches/0014-arm64-Implement-PR_-GET-SET-_MEM_MODEL-for-always-TS.patch → patches/0013-arm64-Implement-PR_-GET-SET-_MEM_MODEL-for-always-TS.patch
View File

@ -1,7 +1,7 @@
From 55e5da0ad8c673f5f8e07524210bba70b5714ff3 Mon Sep 17 00:00:00 2001
From 8d3fb19fd331e7d6032eedf3aea6f50ae145c253 Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Mon, 6 May 2024 16:47:51 +0200
Subject: [PATCH 14/17] arm64: Implement PR_{GET,SET}_MEM_MODEL for always-TSO
Date: Thu, 11 Apr 2024 09:51:21 +0900
Subject: [PATCH 13/21] arm64: Implement PR_{GET,SET}_MEM_MODEL for always-TSO
CPUs
Some ARM64 implementations are known to always use the TSO memory model.
@ -18,19 +18,19 @@ Reviewed-by: Neal Gompa <neal@gompa.dev>
---
arch/arm64/Kconfig | 9 +++++++
arch/arm64/include/asm/cpufeature.h | 4 +++
arch/arm64/kernel/Makefile | 2 +-
arch/arm64/kernel/Makefile | 3 ++-
arch/arm64/kernel/cpufeature.c | 11 ++++----
arch/arm64/kernel/cpufeature_impdef.c | 38 +++++++++++++++++++++++++++
arch/arm64/kernel/process.c | 24 +++++++++++++++++
arch/arm64/tools/cpucaps | 1 +
7 files changed, 83 insertions(+), 6 deletions(-)
7 files changed, 84 insertions(+), 6 deletions(-)
create mode 100644 arch/arm64/kernel/cpufeature_impdef.c
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 9e0c1ac3d13e..741833d2f1a0 100644
index 7887d18cce3e..ab6ecb52a73d 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -2198,6 +2198,15 @@ config ARM64_DEBUG_PRIORITY_MASKING
@@ -2261,6 +2261,15 @@ config ARM64_DEBUG_PRIORITY_MASKING
If unsure, say N
endif # ARM64_PSEUDO_NMI
@ -47,12 +47,12 @@ index 9e0c1ac3d13e..741833d2f1a0 100644
bool "Build a relocatable kernel image" if EXPERT
select ARCH_HAS_RELR
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 5bba39376055..f83f951bec94 100644
index 3d261cc123c1..c4379bde9a26 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -924,6 +924,10 @@ extern struct arm64_ftr_override arm64_sw_feature_override;
u32 get_kvm_ipa_limit(void);
void dump_cpu_features(void);
@@ -1038,6 +1038,10 @@ static inline bool cpu_has_lpa2(void)
#endif
}
+void __init init_cpucap_indirect_list_impdef(void);
+void __init init_cpucap_indirect_list_from_array(const struct arm64_cpu_capabilities *caps);
@ -62,23 +62,24 @@ index 5bba39376055..f83f951bec94 100644
#endif
diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
index d95b3d6b471a..2a86fc69ccea 100644
index 2b112f3b7510..2a11cdefbe04 100644
--- a/arch/arm64/kernel/Makefile
+++ b/arch/arm64/kernel/Makefile
@@ -34,7 +34,7 @@ obj-y := debug-monitors.o entry.o irq.o fpsimd.o \
@@ -33,7 +33,8 @@ obj-y := debug-monitors.o entry.o irq.o fpsimd.o \
return_address.o cpuinfo.o cpu_errata.o \
cpufeature.o alternative.o cacheinfo.o \
smp.o smp_spin_table.o topology.o smccc-call.o \
syscall.o proton-pack.o idreg-override.o idle.o \
- patching.o
+ patching.o cpufeature_impdef.o
- syscall.o proton-pack.o idle.o patching.o pi/
+ syscall.o proton-pack.o idle.o patching.o \
+ cpufeature_impdef.o pi/
obj-$(CONFIG_COMPAT) += sys32.o signal32.o \
sys_compat.o
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 6802a8eeb6a6..ceebd3ccbe4a 100644
index ab0b8ab2e72b..4bd0c9641f3a 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -965,7 +965,7 @@ static void init_cpu_ftr_reg(u32 sys_reg, u64 new)
@@ -1039,7 +1039,7 @@ static void init_cpu_ftr_reg(u32 sys_reg, u64 new)
extern const struct arm64_cpu_capabilities arm64_errata[];
static const struct arm64_cpu_capabilities arm64_features[];
@ -87,15 +88,7 @@ index 6802a8eeb6a6..ceebd3ccbe4a 100644
init_cpucap_indirect_list_from_array(const struct arm64_cpu_capabilities *caps)
{
for (; caps->matches; caps++) {
@@ -1066,6 +1066,7 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
* handle the boot CPU below.
*/
init_cpucap_indirect_list();
+ init_cpucap_indirect_list_impdef();
/*
* Detect and enable early CPU capabilities based on the boot CPU,
@@ -1437,8 +1438,8 @@ has_always(const struct arm64_cpu_capabilities *entry, int scope)
@@ -1538,8 +1538,8 @@ has_always(const struct arm64_cpu_capabilities *entry, int scope)
return true;
}
@ -104,9 +97,9 @@ index 6802a8eeb6a6..ceebd3ccbe4a 100644
+bool
+cpufeature_matches(u64 reg, const struct arm64_cpu_capabilities *entry)
{
int val = cpuid_feature_extract_field_width(reg, entry->field_pos,
entry->field_width,
@@ -1474,14 +1475,14 @@ has_user_cpuid_feature(const struct arm64_cpu_capabilities *entry, int scope)
int val, min, max;
u64 tmp;
@@ -1592,14 +1592,14 @@ has_user_cpuid_feature(const struct arm64_cpu_capabilities *entry, int scope)
if (!mask)
return false;
@ -123,6 +116,14 @@ index 6802a8eeb6a6..ceebd3ccbe4a 100644
}
const struct cpumask *system_32bit_el0_cpumask(void)
@@ -3555,6 +3555,7 @@ void __init setup_boot_cpu_features(void)
* handle the boot CPU.
*/
init_cpucap_indirect_list();
+ init_cpucap_indirect_list_impdef();
/*
* Detect broken pseudo-NMI. Must be called _before_ the call to
diff --git a/arch/arm64/kernel/cpufeature_impdef.c b/arch/arm64/kernel/cpufeature_impdef.c
new file mode 100644
index 000000000000..de784a1fb49b
@ -168,7 +169,7 @@ index 000000000000..de784a1fb49b
+ init_cpucap_indirect_list_from_array(arm64_impdef_features);
+}
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 0fcc4eb1a7ab..2f37a56a4a4b 100644
index 2bbcbb11d844..20434392a222 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -41,6 +41,7 @@
@ -178,8 +179,8 @@ index 0fcc4eb1a7ab..2f37a56a4a4b 100644
+#include <linux/memory_ordering_model.h>
#include <asm/alternative.h>
#include <asm/compat.h>
@@ -516,6 +517,25 @@ void update_sctlr_el1(u64 sctlr)
#include <asm/arch_timer.h>
@@ -565,6 +566,25 @@ void update_sctlr_el1(u64 sctlr)
isb();
}
@ -205,7 +206,7 @@ index 0fcc4eb1a7ab..2f37a56a4a4b 100644
/*
* Thread switching.
*/
@@ -654,6 +674,10 @@ void arch_setup_new_exec(void)
@@ -704,6 +724,10 @@ void arch_setup_new_exec(void)
arch_prctl_spec_ctrl_set(current, PR_SPEC_STORE_BYPASS,
PR_SPEC_ENABLE);
}
@ -217,17 +218,17 @@ index 0fcc4eb1a7ab..2f37a56a4a4b 100644
#ifdef CONFIG_ARM64_TAGGED_ADDR_ABI
diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps
index c251ef3caae5..cedae062dbdd 100644
index eedb5acc21ed..bca63481e0cf 100644
--- a/arch/arm64/tools/cpucaps
+++ b/arch/arm64/tools/cpucaps
@@ -50,6 +50,7 @@ HAS_STAGE2_FWB
@@ -53,6 +53,7 @@ HAS_STAGE2_FWB
HAS_TCR2
HAS_TIDCP1
HAS_TLB_RANGE
+HAS_TSO_FIXED
HAS_VA52
HAS_VIRT_HOST_EXTN
HAS_WFXT
HW_DBM
--
2.46.0
2.49.0

40
patches/0015-arm64-Introduce-scaffolding-to-add-ACTLR_EL1-to-thre.patch → patches/0014-arm64-Introduce-scaffolding-to-add-ACTLR_EL1-to-thre.patch
View File

@ -1,7 +1,7 @@
From 0f5f434bc794b2a46105b8ae9aed8b99c7f9dea4 Mon Sep 17 00:00:00 2001
From 53a222e5421780174a29fe6cb18d78e3a959d5d6 Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Thu, 11 Apr 2024 09:51:22 +0900
Subject: [PATCH 15/17] arm64: Introduce scaffolding to add ACTLR_EL1 to thread
Subject: [PATCH 14/21] arm64: Introduce scaffolding to add ACTLR_EL1 to thread
state
Some CPUs expose IMPDEF features in ACTLR_EL1 that can be meaningfully
@ -24,10 +24,10 @@ Reviewed-by: Neal Gompa <neal@gompa.dev>
5 files changed, 44 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 741833d2f1a0..cefb705dc3c7 100644
index ab6ecb52a73d..a30f30fd7e67 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -409,6 +409,9 @@ config KASAN_SHADOW_OFFSET
@@ -428,6 +428,9 @@ config KASAN_SHADOW_OFFSET
config UNWIND_TABLES
bool
@ -38,10 +38,10 @@ index 741833d2f1a0..cefb705dc3c7 100644
menu "Kernel Features"
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index f83f951bec94..8c5d5a03b2af 100644
index c4379bde9a26..1775e210f04f 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -908,6 +908,11 @@ static inline unsigned int get_vmid_bits(u64 mmfr1)
@@ -915,6 +915,11 @@ static inline unsigned int get_vmid_bits(u64 mmfr1)
return 8;
}
@ -54,13 +54,13 @@ index f83f951bec94..8c5d5a03b2af 100644
struct arm64_ftr_reg *get_arm64_ftr_reg(u32 sys_id);
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index e5bc54522e71..e1ca89202619 100644
index 1438424f0064..ea4e32467068 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -179,6 +179,9 @@ struct thread_struct {
u64 sctlr_user;
@@ -185,6 +185,9 @@ struct thread_struct {
u64 svcr;
u64 tpidr2_el0;
u64 por_el0;
+#ifdef CONFIG_ARM64_ACTLR_STATE
+ u64 actlr;
+#endif
@ -68,12 +68,12 @@ index e5bc54522e71..e1ca89202619 100644
static inline unsigned int thread_get_vl(struct thread_struct *thread,
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 2f37a56a4a4b..235c965ebbc3 100644
index 20434392a222..357e5dbf38cd 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -375,6 +375,11 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args)
if (system_supports_tpidr2())
p->thread.tpidr2_el0 = read_sysreg_s(SYS_TPIDR2_EL0);
@@ -385,6 +385,11 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args)
if (system_supports_poe())
p->thread.por_el0 = read_sysreg_s(SYS_POR_EL0);
+#ifdef CONFIG_ARM64_ACTLR_STATE
+ if (system_has_actlr_state())
@ -83,7 +83,7 @@ index 2f37a56a4a4b..235c965ebbc3 100644
if (stack_start) {
if (is_compat_thread(task_thread_info(p)))
childregs->compat_sp = stack_start;
@@ -536,6 +541,25 @@ int arch_prctl_mem_model_set(struct task_struct *t, unsigned long val)
@@ -585,6 +590,25 @@ int arch_prctl_mem_model_set(struct task_struct *t, unsigned long val)
}
#endif
@ -109,19 +109,19 @@ index 2f37a56a4a4b..235c965ebbc3 100644
/*
* Thread switching.
*/
@@ -553,6 +577,7 @@ struct task_struct *__switch_to(struct task_struct *prev,
ssbs_thread_switch(next);
erratum_1418040_thread_switch(next);
@@ -603,6 +627,7 @@ struct task_struct *__switch_to(struct task_struct *prev,
cntkctl_thread_switch(prev, next);
ptrauth_thread_switch_user(next);
permission_overlay_switch(next);
+ actlr_thread_switch(next);
/*
* Complete any pending TLB or cache maintenance on this CPU in case
diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c
index c583d1f335f8..86e0631df0c1 100644
index 87f61fd6783c..8fb0c20959bf 100644
--- a/arch/arm64/kernel/setup.c
+++ b/arch/arm64/kernel/setup.c
@@ -379,6 +379,14 @@ void __init __no_sanitize_address setup_arch(char **cmdline_p)
@@ -367,6 +367,14 @@ void __init __no_sanitize_address setup_arch(char **cmdline_p)
*/
init_task.thread_info.ttbr0 = phys_to_ttbr(__pa_symbol(reserved_pg_dir));
#endif
@ -137,5 +137,5 @@ index c583d1f335f8..86e0631df0c1 100644
if (boot_args[1] || boot_args[2] || boot_args[3]) {
pr_err("WARNING: x1-x3 nonzero in violation of boot protocol:\n"
--
2.46.0
2.49.0

37
patches/0016-arm64-Implement-Apple-IMPDEF-TSO-memory-model-contro.patch → patches/0015-arm64-Implement-Apple-IMPDEF-TSO-memory-model-contro.patch
View File

@ -1,7 +1,7 @@
From a32ac5f90f7acfa73651a6fa726d05a207333e3a Mon Sep 17 00:00:00 2001
From 0516cf426ccdb7529eb1365ae6a4bad639ca10bf Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Thu, 11 Apr 2024 09:51:23 +0900
Subject: [PATCH 16/17] arm64: Implement Apple IMPDEF TSO memory model control
Subject: [PATCH 15/21] arm64: Implement Apple IMPDEF TSO memory model control
Apple CPUs may implement the TSO memory model as an optional
configurable mode. This allows x86 emulators to simplify their
@ -20,17 +20,17 @@ Reviewed-by: Neal Gompa <neal@gompa.dev>
arch/arm64/Kconfig | 2 +
arch/arm64/include/asm/apple_cpufeature.h | 15 +++++++
arch/arm64/include/asm/cpufeature.h | 3 +-
arch/arm64/kernel/cpufeature_impdef.c | 52 +++++++++++++++++++++++
arch/arm64/kernel/cpufeature_impdef.c | 53 +++++++++++++++++++++++
arch/arm64/kernel/process.c | 22 ++++++++++
arch/arm64/tools/cpucaps | 1 +
6 files changed, 94 insertions(+), 1 deletion(-)
6 files changed, 95 insertions(+), 1 deletion(-)
create mode 100644 arch/arm64/include/asm/apple_cpufeature.h
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index cefb705dc3c7..8302d602a6f9 100644
index a30f30fd7e67..01a421166a0c 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -2203,6 +2203,8 @@ endif # ARM64_PSEUDO_NMI
@@ -2266,6 +2266,8 @@ endif # ARM64_PSEUDO_NMI
config ARM64_MEMORY_MODEL_CONTROL
bool "Runtime memory model control"
@ -61,10 +61,10 @@ index 000000000000..4370d91ffa3e
+
+#endif
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 8c5d5a03b2af..fb2e732c407f 100644
index 1775e210f04f..6343a192aba1 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -910,7 +910,8 @@ static inline unsigned int get_vmid_bits(u64 mmfr1)
@@ -917,7 +917,8 @@ static inline unsigned int get_vmid_bits(u64 mmfr1)
static __always_inline bool system_has_actlr_state(void)
{
@ -75,7 +75,7 @@ index 8c5d5a03b2af..fb2e732c407f 100644
s64 arm64_ftr_safe_value(const struct arm64_ftr_bits *ftrp, s64 new, s64 cur);
diff --git a/arch/arm64/kernel/cpufeature_impdef.c b/arch/arm64/kernel/cpufeature_impdef.c
index de784a1fb49b..d82ff2e80426 100644
index de784a1fb49b..3b0807bf90cd 100644
--- a/arch/arm64/kernel/cpufeature_impdef.c
+++ b/arch/arm64/kernel/cpufeature_impdef.c
@@ -3,9 +3,51 @@
@ -130,7 +130,7 @@ index de784a1fb49b..d82ff2e80426 100644
static bool has_tso_fixed(const struct arm64_cpu_capabilities *entry, int scope)
{
/* List of CPUs that always use the TSO memory model */
@@ -22,6 +64,16 @@ static bool has_tso_fixed(const struct arm64_cpu_capabilities *entry, int scope)
@@ -22,6 +64,17 @@ static bool has_tso_fixed(const struct arm64_cpu_capabilities *entry, int scope)
static const struct arm64_cpu_capabilities arm64_impdef_features[] = {
#ifdef CONFIG_ARM64_MEMORY_MODEL_CONTROL
@ -143,12 +143,13 @@ index de784a1fb49b..d82ff2e80426 100644
+ .field_width = 1,
+ .sign = FTR_UNSIGNED,
+ .min_field_value = 1,
+ .max_field_value = 1,
+ },
{
.desc = "TSO memory model (Fixed)",
.capability = ARM64_HAS_TSO_FIXED,
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 235c965ebbc3..9cb54aa3b731 100644
index 357e5dbf38cd..9bdf9ca9051e 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -44,6 +44,7 @@
@ -156,10 +157,10 @@ index 235c965ebbc3..9cb54aa3b731 100644
#include <asm/alternative.h>
+#include <asm/apple_cpufeature.h>
#include <asm/arch_timer.h>
#include <asm/compat.h>
#include <asm/cpufeature.h>
#include <asm/cacheflush.h>
@@ -525,6 +526,10 @@ void update_sctlr_el1(u64 sctlr)
@@ -574,6 +575,10 @@ void update_sctlr_el1(u64 sctlr)
#ifdef CONFIG_ARM64_MEMORY_MODEL_CONTROL
int arch_prctl_mem_model_get(struct task_struct *t)
{
@ -170,7 +171,7 @@ index 235c965ebbc3..9cb54aa3b731 100644
return PR_SET_MEM_MODEL_DEFAULT;
}
@@ -534,6 +539,23 @@ int arch_prctl_mem_model_set(struct task_struct *t, unsigned long val)
@@ -583,6 +588,23 @@ int arch_prctl_mem_model_set(struct task_struct *t, unsigned long val)
val == PR_SET_MEM_MODEL_TSO)
return 0;
@ -195,17 +196,17 @@ index 235c965ebbc3..9cb54aa3b731 100644
return 0;
diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps
index cedae062dbdd..cee02bfc4633 100644
index bca63481e0cf..8b809992a9ee 100644
--- a/arch/arm64/tools/cpucaps
+++ b/arch/arm64/tools/cpucaps
@@ -50,6 +50,7 @@ HAS_STAGE2_FWB
@@ -53,6 +53,7 @@ HAS_STAGE2_FWB
HAS_TCR2
HAS_TIDCP1
HAS_TLB_RANGE
+HAS_TSO_APPLE
HAS_TSO_FIXED
HAS_VA52
HAS_VIRT_HOST_EXTN
HAS_WFXT
--
2.46.0
2.49.0

58
patches/0017-drm-virtio-Support-fence-passing-feature.patch → patches/0016-drm-virtio-Support-fence-passing-feature.patch
View File

@ -1,7 +1,7 @@
From 81c1338fa3e17c7fd327224ea2466a517a92d914 Mon Sep 17 00:00:00 2001
From a109de3759b7d022692cc05b80cca896a463db62 Mon Sep 17 00:00:00 2001
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Date: Sat, 7 Oct 2023 22:47:47 +0300
Subject: [PATCH 17/17] drm/virtio: Support fence-passing feature
Subject: [PATCH 16/21] drm/virtio: Support fence-passing feature
Support extended version of VIRTIO_GPU_CMD_SUBMIT_3D command that allows
passing in-fence IDs to host for waiting, removing need to do expensive
@ -36,7 +36,7 @@ Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
9 files changed, 152 insertions(+), 14 deletions(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.c b/drivers/gpu/drm/virtio/virtgpu_drv.c
index c5716fd0aed3..450ce481b1f8 100644
index e5a2665e50ea..33b471dfe098 100644
--- a/drivers/gpu/drm/virtio/virtgpu_drv.c
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.c
@@ -149,6 +149,7 @@ static unsigned int features[] = {
@ -48,10 +48,10 @@ index c5716fd0aed3..450ce481b1f8 100644
static struct virtio_driver virtio_gpu_driver = {
.feature_table = features,
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.h b/drivers/gpu/drm/virtio/virtgpu_drv.h
index 4126c384286b..13507700e6da 100644
index 5dc8eeaf7123..50d8bbd01bc4 100644
--- a/drivers/gpu/drm/virtio/virtgpu_drv.h
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.h
@@ -149,6 +149,7 @@ struct virtio_gpu_fence {
@@ -152,6 +152,7 @@ struct virtio_gpu_fence {
struct virtio_gpu_fence_event *e;
struct virtio_gpu_fence_driver *drv;
struct list_head node;
@ -59,7 +59,7 @@ index 4126c384286b..13507700e6da 100644
};
struct virtio_gpu_vbuffer {
@@ -246,6 +247,7 @@ struct virtio_gpu_device {
@@ -256,6 +257,7 @@ struct virtio_gpu_device {
bool has_resource_blob;
bool has_host_visible;
bool has_context_init;
@ -67,15 +67,15 @@ index 4126c384286b..13507700e6da 100644
struct virtio_shm_region host_visible_region;
struct drm_mm host_visible_mm;
@@ -273,6 +275,7 @@ struct virtio_gpu_fpriv {
@@ -283,6 +285,7 @@ struct virtio_gpu_fpriv {
uint32_t num_rings;
uint64_t base_fence_ctx;
uint64_t ring_idx_mask;
+ bool fence_passing_enabled;
struct mutex context_lock;
};
@@ -369,7 +372,9 @@ void virtio_gpu_cmd_submit(struct virtio_gpu_device *vgdev,
char debug_name[DEBUG_NAME_MAX_LEN];
bool explicit_debug_name;
@@ -379,7 +382,9 @@ void virtio_gpu_cmd_submit(struct virtio_gpu_device *vgdev,
void *data, uint32_t data_size,
uint32_t ctx_id,
struct virtio_gpu_object_array *objs,
@ -86,7 +86,7 @@ index 4126c384286b..13507700e6da 100644
void virtio_gpu_cmd_transfer_from_host_3d(struct virtio_gpu_device *vgdev,
uint32_t ctx_id,
uint64_t offset, uint32_t level,
@@ -425,6 +430,9 @@ virtio_gpu_cmd_set_scanout_blob(struct virtio_gpu_device *vgdev,
@@ -432,6 +437,9 @@ virtio_gpu_cmd_set_scanout_blob(struct virtio_gpu_device *vgdev,
uint32_t width, uint32_t height,
uint32_t x, uint32_t y);
@ -96,7 +96,7 @@ index 4126c384286b..13507700e6da 100644
/* virtgpu_display.c */
int virtio_gpu_modeset_init(struct virtio_gpu_device *vgdev);
void virtio_gpu_modeset_fini(struct virtio_gpu_device *vgdev);
@@ -444,6 +452,7 @@ void virtio_gpu_fence_emit(struct virtio_gpu_device *vgdev,
@@ -451,6 +459,7 @@ void virtio_gpu_fence_emit(struct virtio_gpu_device *vgdev,
struct virtio_gpu_fence *fence);
void virtio_gpu_fence_event_process(struct virtio_gpu_device *vdev,
u64 fence_id);
@ -145,10 +145,10 @@ index f28357dbde35..1fd3cfeca2f5 100644
void virtio_gpu_fence_event_process(struct virtio_gpu_device *vgdev,
diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index b24b11f25197..3028786c59cd 100644
index e4f76f315550..894f3fd14c51 100644
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -514,7 +514,8 @@ static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev,
@@ -524,7 +524,8 @@ static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev,
return PTR_ERR(buf);
virtio_gpu_cmd_submit(vgdev, buf, rc_blob->cmd_size,
@ -158,9 +158,9 @@ index b24b11f25197..3028786c59cd 100644
}
if (guest_blob)
@@ -642,6 +643,14 @@ static int virtio_gpu_context_init_ioctl(struct drm_device *dev,
vfpriv->ring_idx_mask = value;
@@ -667,6 +668,14 @@ static int virtio_gpu_context_init_ioctl(struct drm_device *dev,
vfpriv->explicit_debug_name = true;
ret = 0;
break;
+ case VIRTGPU_CONTEXT_PARAM_FENCE_PASSING:
+ if (!vgdev->has_fence_passing && value) {
@ -174,10 +174,10 @@ index b24b11f25197..3028786c59cd 100644
ret = -EINVAL;
goto out_unlock;
diff --git a/drivers/gpu/drm/virtio/virtgpu_kms.c b/drivers/gpu/drm/virtio/virtgpu_kms.c
index 5a3b5aaed1f3..9f4617a75edd 100644
index 7dfb2006c561..fa4e5542fe5b 100644
--- a/drivers/gpu/drm/virtio/virtgpu_kms.c
+++ b/drivers/gpu/drm/virtio/virtgpu_kms.c
@@ -197,12 +197,16 @@ int virtio_gpu_init(struct virtio_device *vdev, struct drm_device *dev)
@@ -196,12 +196,16 @@ int virtio_gpu_init(struct virtio_device *vdev, struct drm_device *dev)
if (virtio_has_feature(vgdev->vdev, VIRTIO_GPU_F_CONTEXT_INIT)) {
vgdev->has_context_init = true;
}
@ -197,7 +197,7 @@ index 5a3b5aaed1f3..9f4617a75edd 100644
DRM_INFO("features: %ccontext_init\n",
vgdev->has_context_init ? '+' : '-');
diff --git a/drivers/gpu/drm/virtio/virtgpu_submit.c b/drivers/gpu/drm/virtio/virtgpu_submit.c
index d530c058f53e..5274035425df 100644
index 7d34cf83f5f2..136ca6238ab0 100644
--- a/drivers/gpu/drm/virtio/virtgpu_submit.c
+++ b/drivers/gpu/drm/virtio/virtgpu_submit.c
@@ -25,6 +25,11 @@ struct virtio_gpu_submit_post_dep {
@ -301,7 +301,7 @@ index d530c058f53e..5274035425df 100644
+ if (new_data_size < submit->data_size)
+ return -EINVAL;
+
+ buf = kvrealloc(buf, submit->data_size, new_data_size, GFP_KERNEL);
+ buf = kvrealloc(buf, new_data_size, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
@ -362,9 +362,9 @@ index d530c058f53e..5274035425df 100644
+ goto cleanup;
/*
* Set up usr-out data after submitting the job to optimize
* Set up user-out data after submitting the job to optimize
diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c
index b1a00c0c25a7..29d462b69bad 100644
index 0d3d0d09f39b..96f0a42d313c 100644
--- a/drivers/gpu/drm/virtio/virtgpu_vq.c
+++ b/drivers/gpu/drm/virtio/virtgpu_vq.c
@@ -1079,7 +1079,9 @@ void virtio_gpu_cmd_submit(struct virtio_gpu_device *vgdev,
@ -389,7 +389,7 @@ index b1a00c0c25a7..29d462b69bad 100644
virtio_gpu_queue_fenced_ctrl_buffer(vgdev, vbuf, fence);
}
diff --git a/include/uapi/drm/virtgpu_drm.h b/include/uapi/drm/virtgpu_drm.h
index b1d0e56565bc..fd486fdf0441 100644
index c2ce71987e9b..2bb2d3a0c7bd 100644
--- a/include/uapi/drm/virtgpu_drm.h
+++ b/include/uapi/drm/virtgpu_drm.h
@@ -52,10 +52,12 @@ extern "C" {
@ -405,16 +405,16 @@ index b1d0e56565bc..fd486fdf0441 100644
0)
struct drm_virtgpu_map {
@@ -198,6 +200,7 @@ struct drm_virtgpu_resource_create_blob {
#define VIRTGPU_CONTEXT_PARAM_CAPSET_ID 0x0001
@@ -200,6 +202,7 @@ struct drm_virtgpu_resource_create_blob {
#define VIRTGPU_CONTEXT_PARAM_NUM_RINGS 0x0002
#define VIRTGPU_CONTEXT_PARAM_POLL_RINGS_MASK 0x0003
+#define VIRTGPU_CONTEXT_PARAM_FENCE_PASSING 0x0004
#define VIRTGPU_CONTEXT_PARAM_DEBUG_NAME 0x0004
+#define VIRTGPU_CONTEXT_PARAM_FENCE_PASSING 0x0005
struct drm_virtgpu_context_set_param {
__u64 param;
__u64 value;
diff --git a/include/uapi/linux/virtio_gpu.h b/include/uapi/linux/virtio_gpu.h
index f556fde07b76..c3182c8255cf 100644
index bf2c9cabd207..ceb656264aa0 100644
--- a/include/uapi/linux/virtio_gpu.h
+++ b/include/uapi/linux/virtio_gpu.h
@@ -65,6 +65,11 @@
@ -450,5 +450,5 @@ index f556fde07b76..c3182c8255cf 100644
#define VIRTIO_GPU_CAPSET_VIRGL 1
--
2.46.0
2.49.0

124
patches/0017-Enable-64-bit-processes-to-use-compat-input-syscalls.patch Normal file
View File

@ -0,0 +1,124 @@
From 7c3e268f22043f1a672f3964781c75acd56b816d Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Tue, 8 Oct 2024 11:24:25 +0200
Subject: [PATCH 17/21] Enable 64 bit processes to use compat input syscalls
The compat variant of input syscalls is only enabled for 32 bit
tasks, but in some cases, such as userspace emulation, it's useful to
enable that variant for 64 bit processes.
Here we introduce the PR_[GET|SET]_COMPAT_INPUT prctl to allow 64 bit
tasks to opt-in for compat input syscalls.
Signed-off-by: Sergio Lopez <slp@redhat.com>
---
drivers/input/input-compat.c | 6 +++---
drivers/input/input-compat.h | 2 +-
include/linux/sched.h | 5 +++++
include/uapi/linux/prctl.h | 5 +++++
kernel/sys.c | 15 +++++++++++++++
5 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/drivers/input/input-compat.c b/drivers/input/input-compat.c
index 2ccd3eedbd67..abb8cfb99d6c 100644
--- a/drivers/input/input-compat.c
+++ b/drivers/input/input-compat.c
@@ -14,7 +14,7 @@
int input_event_from_user(const char __user *buffer,
struct input_event *event)
{
- if (in_compat_syscall() && !COMPAT_USE_64BIT_TIME) {
+ if (current->compat_input || (in_compat_syscall() && !COMPAT_USE_64BIT_TIME)) {
struct input_event_compat compat_event;
if (copy_from_user(&compat_event, buffer,
@@ -38,7 +38,7 @@ int input_event_from_user(const char __user *buffer,
int input_event_to_user(char __user *buffer,
const struct input_event *event)
{
- if (in_compat_syscall() && !COMPAT_USE_64BIT_TIME) {
+ if (current->compat_input || (in_compat_syscall() && !COMPAT_USE_64BIT_TIME)) {
struct input_event_compat compat_event;
compat_event.sec = event->input_event_sec;
@@ -62,7 +62,7 @@ int input_event_to_user(char __user *buffer,
int input_ff_effect_from_user(const char __user *buffer, size_t size,
struct ff_effect *effect)
{
- if (in_compat_syscall()) {
+ if (current->compat_input || (in_compat_syscall() && !COMPAT_USE_64BIT_TIME)) {
struct ff_effect_compat *compat_effect;
if (size != sizeof(struct ff_effect_compat))
diff --git a/drivers/input/input-compat.h b/drivers/input/input-compat.h
index 3b7bb12b023b..e78c0492ce0d 100644
--- a/drivers/input/input-compat.h
+++ b/drivers/input/input-compat.h
@@ -53,7 +53,7 @@ struct ff_effect_compat {
static inline size_t input_event_size(void)
{
- return (in_compat_syscall() && !COMPAT_USE_64BIT_TIME) ?
+ return (current->compat_input || (in_compat_syscall() && !COMPAT_USE_64BIT_TIME)) ?
sizeof(struct input_event_compat) : sizeof(struct input_event);
}
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 0d1d70aded38..eb86e4778b27 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1599,6 +1599,11 @@ struct task_struct {
#ifdef CONFIG_USER_EVENTS
struct user_event_mm *user_event_mm;
#endif
+ /*
+ * Whether the task wants to use compat input syscalls even if it's
+ * a 64-bit process.
+ */
+ bool compat_input;
/*
* New fields for task_struct should be added above here, so that
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 36c278683cd6..c2027aa99409 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -333,4 +333,9 @@ struct prctl_mm_map {
# define PR_SET_MEM_MODEL_DEFAULT 0
# define PR_SET_MEM_MODEL_TSO 1
+#define PR_GET_COMPAT_INPUT 0x63494e50
+#define PR_SET_COMPAT_INPUT 0x43494e50
+# define PR_SET_COMPAT_INPUT_DISABLE 0
+# define PR_SET_COMPAT_INPUT_ENABLE 1
+
#endif /* _LINUX_PRCTL_H */
diff --git a/kernel/sys.c b/kernel/sys.c
index 83da58930513..24dd021a1592 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2805,6 +2805,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
return -EINVAL;
error = arch_prctl_mem_model_set(me, arg2);
break;
+ case PR_GET_COMPAT_INPUT:
+ if (arg2 || arg3 || arg4 || arg5)
+ return -EINVAL;
+ error = current->compat_input;
+ break;
+ case PR_SET_COMPAT_INPUT:
+ if (arg3 || arg4 || arg5)
+ return -EINVAL;
+ if (arg2 == PR_SET_COMPAT_INPUT_DISABLE)
+ current->compat_input = false;
+ else if (arg2 == PR_SET_COMPAT_INPUT_ENABLE)
+ current->compat_input = true;
+ else
+ return -EINVAL;
+ break;
default:
error = -EINVAL;
break;
--
2.49.0

39
patches/0018-dax-Allow-block-size-PAGE_SIZE.patch Normal file
View File

@ -0,0 +1,39 @@
From 618802e746e0fcec7295bb499562e6182202cfe8 Mon Sep 17 00:00:00 2001
From: Asahi Lina <lina@asahilina.net>
Date: Sun, 20 Oct 2024 01:23:41 +0900
Subject: [PATCH 18/21] dax: Allow block size > PAGE_SIZE
For virtio-dax, the file/FS blocksize is irrelevant. FUSE always uses
large DAX blocks (2MiB), which will work with all host page sizes. Since
we are mapping files into the DAX window on the host, the underlying
block size of the filesystem and its block device (if any) are
meaningless.
For real devices with DAX, the only requirement should be that the FS
block size is *at least* as large as PAGE_SIZE, to ensure that at least
whole pages can be mapped out of the device contiguously.
Fixes warning when using virtio-dax on a 4K guest with a 16K host,
backed by tmpfs (which sets blksz == PAGE_SIZE on the host).
Signed-off-by: Asahi Lina <lina@asahilina.net>
---
fs/dax.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/dax.c b/fs/dax.c
index 21b47402b3dc..b0950164d8ee 100644
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -1032,7 +1032,7 @@ int dax_writeback_mapping_range(struct address_space *mapping,
int ret = 0;
unsigned int scanned = 0;
- if (WARN_ON_ONCE(inode->i_blkbits != PAGE_SHIFT))
+ if (WARN_ON_ONCE(inode->i_blkbits < PAGE_SHIFT))
return -EIO;
if (mapping_empty(mapping) || wbc->sync_mode != WB_SYNC_ALL)
--
2.49.0

86
patches/0019-mm-Fix-__wp_page_copy_user-fallback-path-for-remote-.patch Normal file
View File

@ -0,0 +1,86 @@
From e328dffff1c65e4483453e0300375a334f4a6f9c Mon Sep 17 00:00:00 2001
From: Asahi Lina <lina@asahilina.net>
Date: Mon, 21 Oct 2024 23:21:16 +0900
Subject: [PATCH 19/21] mm: Fix __wp_page_copy_user fallback path for remote mm
If the source page is a PFN mapping, we copy back from userspace.
However, if this fault is a remote access, we cannot use
__copy_from_user_inatomic. Instead, use access_remote_vm() in this case.
Fixes WARN when writing to CoW mappings into a remote process, such as
when using gdb on a binary present on a DAX filesystem.
[ 143.683782] ------------[ cut here ]------------
[ 143.683784] WARNING: CPU: 1 PID: 350 at mm/memory.c:2904 __wp_page_copy_user+0x120/0x2bc
[ 143.683793] CPU: 1 PID: 350 Comm: gdb Not tainted 6.6.52 #1
[ 143.683794] Hardware name: linux,dummy-virt (DT)
[ 143.683795] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 143.683796] pc : __wp_page_copy_user+0x120/0x2bc
[ 143.683798] lr : __wp_page_copy_user+0x254/0x2bc
[ 143.683799] sp : ffff80008272b8b0
[ 143.683799] x29: ffff80008272b8b0 x28: 0000000000000000 x27: ffff000083bad580
[ 143.683801] x26: 0000000000000000 x25: 0000fffff7fd5000 x24: ffff000081db04c0
[ 143.683802] x23: ffff00014f24b000 x22: fffffc00053c92c0 x21: ffff000083502150
[ 143.683803] x20: 0000fffff7fd5000 x19: ffff80008272b9d0 x18: 0000000000000000
[ 143.683804] x17: ffff000081db0500 x16: ffff800080fe52a0 x15: 0000fffff7fd5000
[ 143.683804] x14: 0000000000bb1845 x13: 0000000000000080 x12: ffff80008272b880
[ 143.683805] x11: ffff000081d13600 x10: ffff000081d13608 x9 : ffff000081d1360c
[ 143.683806] x8 : ffff000083a16f00 x7 : 0000000000000010 x6 : ffff00014f24b000
[ 143.683807] x5 : ffff00014f24c000 x4 : 0000000000000000 x3 : ffff000083582000
[ 143.683807] x2 : 0000000000000f80 x1 : 0000fffff7fd5000 x0 : 0000000000001000
[ 143.683808] Call trace:
[ 143.683809] __wp_page_copy_user+0x120/0x2bc
[ 143.683810] wp_page_copy+0x98/0x5c0
[ 143.683813] do_wp_page+0x250/0x530
[ 143.683814] __handle_mm_fault+0x278/0x284
[ 143.683817] handle_mm_fault+0x64/0x1e8
[ 143.683819] faultin_page+0x5c/0x110
[ 143.683820] __get_user_pages+0xc8/0x2f4
[ 143.683821] get_user_pages_remote+0xac/0x30c
[ 143.683823] __access_remote_vm+0xb4/0x368
[ 143.683824] access_remote_vm+0x10/0x1c
[ 143.683826] mem_rw.isra.0+0xc4/0x218
[ 143.683831] mem_write+0x18/0x24
[ 143.683831] vfs_write+0xa0/0x37c
[ 143.683834] ksys_pwrite64+0x7c/0xc0
[ 143.683834] __arm64_sys_pwrite64+0x20/0x2c
[ 143.683835] invoke_syscall+0x48/0x10c
[ 143.683837] el0_svc_common.constprop.0+0x40/0xe0
[ 143.683839] do_el0_svc+0x1c/0x28
[ 143.683841] el0_svc+0x3c/0xdc
[ 143.683846] el0t_64_sync_handler+0x120/0x12c
[ 143.683848] el0t_64_sync+0x194/0x198
[ 143.683849] ---[ end trace 0000000000000000 ]---
Signed-off-by: Asahi Lina <lina@asahilina.net>
---
mm/memory.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/mm/memory.c b/mm/memory.c
index b6daa0e673a5..52ce79cc238d 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3080,13 +3080,18 @@ static inline int __wp_page_copy_user(struct page *dst, struct page *src,
update_mmu_cache_range(vmf, vma, addr, vmf->pte, 1);
}
+ /* If the mm is a remote mm, copy in the page using access_remote_vm() */
+ if (current->mm != mm) {
+ if (access_remote_vm(mm, (unsigned long)uaddr, kaddr, PAGE_SIZE, 0) != PAGE_SIZE)
+ goto warn;
+ }
/*
* This really shouldn't fail, because the page is there
* in the page tables. But it might just be unreadable,
* in which case we just give up and fill the result with
* zeroes.
*/
- if (__copy_from_user_inatomic(kaddr, uaddr, PAGE_SIZE)) {
+ else if (__copy_from_user_inatomic(kaddr, uaddr, PAGE_SIZE)) {
if (vmf->pte)
goto warn;
--
2.49.0

34
patches/0020-virtgpu-gem-partial-map.patch Normal file
View File

@ -0,0 +1,34 @@
From c83a0290dee16856d070084d9a1026fe0881bb1d Mon Sep 17 00:00:00 2001
From: Sasha Finkelstein <fnkl.kernel@gmail.com>
Date: Fri, 17 Jan 2025 12:34:23 +0100
Subject: [PATCH 20/21] virtgpu: gem partial map
Those are useful to implement coherent cross-vm mmap.
Signed-off-by: Sasha Finkelstein <fnkl.kernel@gmail.com>
---
drivers/gpu/drm/virtio/virtgpu_vram.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_vram.c b/drivers/gpu/drm/virtio/virtgpu_vram.c
index 25df81c02783..64e2c6dbdd67 100644
--- a/drivers/gpu/drm/virtio/virtgpu_vram.c
+++ b/drivers/gpu/drm/virtio/virtgpu_vram.c
@@ -56,12 +56,11 @@ static int virtio_gpu_vram_mmap(struct drm_gem_object *obj,
else if (vram->map_info == VIRTIO_GPU_MAP_CACHE_UNCACHED)
vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
- /* Partial mappings of GEM buffers don't happen much in practice. */
- if (vm_size != vram->vram_node.size)
+ if (vm_size > vram->vram_node.size)
return -EINVAL;
ret = io_remap_pfn_range(vma, vma->vm_start,
- vram->vram_node.start >> PAGE_SHIFT,
+ (vram->vram_node.start >> PAGE_SHIFT) + vma->vm_pgoff,
vm_size, vma->vm_page_prot);
return ret;
}
--
2.49.0

44
patches/0021-virtgpu-mixed-page-size.patch Normal file
View File

@ -0,0 +1,44 @@
From 703a11fd69a51cdc20adb2866e359c20ebcfaaaf Mon Sep 17 00:00:00 2001
From: Sasha Finkelstein <fnkl.kernel@gmail.com>
Date: Fri, 17 Jan 2025 12:34:28 +0100
Subject: [PATCH 21/21] virtgpu: mixed page size
This allows running different page sizes between host and guest on
platforms that support mixed page sizes.
Signed-off-by: Sasha Finkelstein <fnkl.kernel@gmail.com>
---
drivers/gpu/drm/virtio/virtgpu_vram.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_vram.c b/drivers/gpu/drm/virtio/virtgpu_vram.c
index 64e2c6dbdd67..cbadcba2c773 100644
--- a/drivers/gpu/drm/virtio/virtgpu_vram.c
+++ b/drivers/gpu/drm/virtio/virtgpu_vram.c
@@ -137,6 +137,12 @@ bool virtio_gpu_is_vram(struct virtio_gpu_object *bo)
return bo->base.base.funcs == &virtio_gpu_vram_funcs;
}
+#if defined(__powerpc64__) || defined(__aarch64__) || defined(__mips__) || defined(__loongarch__)
+#define MAX_PAGE_SIZE 65536
+#else
+#define MAX_PAGE_SIZE PAGE_SIZE
+#endif
+
static int virtio_gpu_vram_map(struct virtio_gpu_object *bo)
{
int ret;
@@ -149,8 +155,8 @@ static int virtio_gpu_vram_map(struct virtio_gpu_object *bo)
return -EINVAL;
spin_lock(&vgdev->host_visible_lock);
- ret = drm_mm_insert_node(&vgdev->host_visible_mm, &vram->vram_node,
- bo->base.base.size);
+ ret = drm_mm_insert_node_generic(&vgdev->host_visible_mm, &vram->vram_node,
+ bo->base.base.size, MAX_PAGE_SIZE, 0, 0);
spin_unlock(&vgdev->host_visible_lock);
if (ret)
--
2.49.0

BIN
qboot/bios.bin → qboot/sev/bios.bin
View File

Binary file not shown.

BIN
qboot/tdx/bios.bin Executable file
View File

Binary file not shown.

96
utils/kernel_size_time.sh Executable file
View File

@ -0,0 +1,96 @@
#!/bin/sh -e
#
# SPDX-License-Identifier: LGPL-2.1-only
#
# utils/kernel_size_time.sh - Check build size, and boot time for given command
#
# Copyright (c) 2025 Red Hat GmbH
# Author: Stefano Brivio <sbrivio@redhat.com>
CONFIG="${CONFIG:-config-libkrunfw_x86_64}"
RUNS=${RUNS:-10}
TIME_CMD="${TIME_CMD:-~/muvm/target/release/muvm --mem=64 --vram=0 -c 0,1 -- true}"
PREV_SIZE_FILE="prev_size"
PREV_TIME_FILE="prev_time"
LOG_FILE="log"
find_time_dash_p() {
REEXEC_BASH=n
if time -p ':'; then
TIME_DASH_P='time -p'
elif command -v /usr/bin/time; then
TIME_DASH_P='/usr/bin/time -p'
elif command -v bash; then
# Simply re-execute under bash to avoid further eval tricks
REEXEC_BASH=y
fi
}
build() {
for KERNELDIR in linux-*/; do
cp "${CONFIG}" "${KERNELDIR}/.config"
done
rm -f linux-*/vmlinux
make clean
make -j$(nproc) || make -j$(($(nproc) / 2)) || make
}
measure_runs() {
export LD_PRELOAD=$(ls $(pwd)/libkrunfw.so.*)
for i in $(seq 1 ${RUNS}); do eval ${TIME_CMD}; done
}
measure() {
NEW_SIZE=$(stat -c %s linux-*/vmlinux)
NEW_TIME="$( eval ${TIME_DASH_P} measure_runs 2>&1 | grep real | tr -dc [:digit:] )5"
}
log() {
BASE_SIZE="$(cat ${PREV_SIZE_FILE} 2>/dev/null || :)"
BASE_TIME="$(cat ${PREV_TIME_FILE} 2>/dev/null || :)"
[ -e "${PREV_SIZE_FILE}" ] || FIRST="y"
echo "$NEW_SIZE" > "${PREV_SIZE_FILE}"
echo "$NEW_TIME" > "${PREV_TIME_FILE}"
git rev-parse HEAD >> ${LOG_FILE}
if [ "${FIRST}" = "y" ]; then
NEW_TIME="$(echo 'scale=0; '$NEW_TIME' / '${RUNS} | bc -l)"
printf "Baseline:
- %i bytes in the uncompressed kernel image
- %i ms (average of ${RUNS} runs) for:
${TIME_CMD}
" $NEW_SIZE $NEW_TIME >> ${LOG_FILE}
exit 0
fi
DIFF_SIZE="$((BASE_SIZE - NEW_SIZE))"
DIFF_TIME="$((BASE_TIME - NEW_TIME))"
DIFF_TIME="$(echo 'scale=0; '$DIFF_TIME' / '${RUNS} | bc -l)"
BASE_TIME="$(echo 'scale=0; '$BASE_TIME' / '${RUNS} | bc -l)"
NEW_TIME="$(echo 'scale=0; '$NEW_TIME' / '${RUNS} | bc -l)"
printf "This saves:
- %i bytes (%i -> %i) in the uncompressed kernel image
- %i ms (%i -> %i, average of ${RUNS} runs) for:
${TIME_CMD}
" $DIFF_SIZE $BASE_SIZE $NEW_SIZE $DIFF_TIME $BASE_TIME $NEW_TIME >> ${LOG_FILE}
}
build
find_time_dash_p >/dev/null 2>&1 || { echo "No implementation of 'time -p', exiting"; exit 1; }
if [ ${REEXEC_BASH} = "y" ]; then
bash $0
else
measure
log
fi

11
utils/krunfw_measurement.c
View File

@ -301,28 +301,31 @@ int main(int argc, char **argv)
handle = dlopen(library, RTLD_NOW);
if (handle == NULL)
{
perror("Couldn't open library");
printf("Couldn't open library: %s", dlerror());
exit(-1);
}
krunfw_get_kernel = dlsym(handle, "krunfw_get_kernel");
if (krunfw_get_kernel == NULL)
{
perror("Couldn't find krunfw_get_kernel symbol");
printf("Couldn't find krunfw_get_kernel symbol: %s\n",
dlerror());
exit(-1);
}
krunfw_get_initrd = dlsym(handle, "krunfw_get_initrd");
if (krunfw_get_initrd == NULL)
{
perror("Couldn't find krunfw_get_initrd symbol");
printf("Couldn't find krunfw_get_initrd symbol: %s\n",
dlerror());
exit(-1);
}
krunfw_get_qboot = dlsym(handle, "krunfw_get_qboot");
if (krunfw_get_qboot == NULL)
{
perror("Couldn't find krunfw_get_qboot symbol");
printf("Couldn't find krunfw_get_qboot symbol: %s\n",
dlerror());
exit(-1);
}