Add support for --no-shutdown Knob. This allows us to
shutdown the VM without quitting QEMU.
Note: Also fix the comment around --no-reboot to be
more accurate.
Signed-off-by: Manohar Castelino <mcastelino@apple.com>
Update the govmm code in order to support "sandbox" feature on qemu,
which can introduce another protect layer on the host,
to make the secure container more secure.
Fixes: #185
Signed-off-by: Liang Zhou <zhoul110@chinatelecom.cn>
Append `readonly=on` to a `memory-backend-file` object and
`unarmed=on` to a `nvdimm` device when `ReadOnly` is set to `true`
Signed-off-by: Julio Montes <julio.montes@intel.com>
Always join by ",", do not put commas in the parameter slices. Always
use the variable name `deviceParams`.
Fixes: #180
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Adding the support for Protected Execution Facility(PEF) is
which is the confidential computing technology on ppc64le.
Fixes: #174
Signed-off-by: Amulyam24 <amulmek1@in.ibm.com>
Secure Execution, also known as Protected Virtualization in QEMU, is a
confidential computing technology for s390x (IBM Z & LinuxONE). Allow
the respective object.
Fixes: #172
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Add CCW (s390x) device numbers to VhostUserDevices, as is with other
device types. Add them to VhostUserFS devices (the only type currently
supported on s390x) when building QEMU parameters.
Fixes: #170
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
by splitting out the respective functionality to QemuNetParams,
QemuSCSIParams, QemuBlkParams, and QemuFSParams. This allows adding
functionality to these functions without going beyond the cyclomatic
complexity of 15 mandated by the lint checks.
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Currently, if romfile field is empty, the commandline will
shows like below:
-device driver=virtio-net-pci,...,mq=on,vectors=4,romfile=
This does not make sense, just remove this field in commandline
Add unittest support.
Signed-off-by: Michael Qiu <qiudayu@huayun.com>
Some architectures and setups do not support DIMM/NUMA. However, they
can still use memory backends, provided a memory backend of the same ID
is specified under -machine. This was introduced in QEMU 5.0. Enable
this functionality in appendMemoryKnobs.
Fixes: #160
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
Listening to the events channel from QEMU and a guest
panic event issued, then we can get the event and do some
work for the special event.
Fixes: #152
Signed-off-by: bin liu <bin@hyper.sh>
Add ExecuteAPVFIOMediatedDeviceAdd to qmp.go, which executes a hotplug
for an IBM Adjunct processor (AP) VFIO device (see also
https://www.kernel.org/doc/html/latest/s390/vfio-ap.html )
Also includes the respective unittest and adds the VfioAP DeviceDriver
constant to qemu.go.
Pushing again due to incidental CI failure
Fixes: #133
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Reviewed-by: alicefr <afrosi@redhat.com>
The Kata architecture does not support rebooting VMs (the lifecycle
being start/exec/kill) and if a VM is killed (e.g. using sysrq-trigger),
the VM does not exit fully and other layers do not notice the state change.
Kata needs a way to tell QEMU to run with the '--no-reboot' option
so that the guest VM exits and does not attempt to reboot.
Add a NoReboot boolean Knob so when Knobs.NoReboot is set, the '--no-reboot'
command-line option will be passed to QEMU on startup.
Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
multidevs specifies how to deal with multiple devices being shared with a 9p
export. `multidevs=remap` fixes the following warning:
```
9p: Multiple devices detected in same VirtFS export, which might lead to file
ID collisions and severe misbehaviours on guest!
You should either use a separate export for each device shared from host or
use virtfs option 'multidevs=remap'!
```
Signed-off-by: Julio Montes <julio.montes@intel.com>
The following options can be provided
Intremap: activates interrupt remapping
DeviceIotlb: enables device IOTLB support for the vIOMMU
CachingMode: enables Cahing Mode
See: https://wiki.qemu.org/Features/VT-d
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
There are three different types for the RTC clock: host, rt and vm.
Add `rt` to the list of RTC clocks.
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Allow API consumers to change the maximum number of ports in the virtio-serial
devices, setting a lower number of ports can improve the boot time and
reduce the attack surface.
fixes#120
Signed-off-by: Julio Montes <julio.montes@intel.com>
Following on from #111 which added support for multiple virtio transports,
add code to use virtio-mmio as the transport when booting a guest with
the microvm machine type and add a microvm case when checking for
NUMA support. Also add a test case for machine string parsing.
Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Currently, virtio transports for each device are determined with
architecture dependent build time conditionals. This isn't the ideal
solution, as virtio transports aren't exactly tied to the host's
architecture.
For example, aarch64 VMs do support both PCI and MMIO devices, and
after the recent introduction of the microvm machine type, that's also
the case for x86_64.
This patch extends each device that supports multiple transports with
a VirtioTransport field, so users of the library can manually specify
a transport for each device. To avoid breaking the compatibility, if
VirtioTransport is empty a behavior equivalent to the legacy one is
achieved by checking runtime.GOARCH and Config.Machine.Type.
Keeping support for isVirtioPCI/isVirtioCCW in qmp.go is a bit
tricky. Eventually, the hot-plug API should be extended so callers
must manually specify the transport for the device.
Signed-off-by: Sergio Lopez <slp@redhat.com>
As there's no guarantee that ".cache-size" is a supported QEMU property,
let's not add it to the QEMU command line when the user explicitly set
virtio_fs_cache_size to zero.
By not always setting ".cache-size" property we avoid errors like:
```
$ sudo podman --runtime=/usr/bin/kata-runtime run --security-opt label=disable -it fedora:31 /bin/bash
Error: failed to launch qemu: exit status 1, error messages from qemu log: qemu-kvm: -device vhost-user-fs-pci,chardev=char-88c350403e95d3db,tag=kataShared,cache-size=0M: Property '.cache-size' not found: OCI runtime error
```
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Memory preallocation is just a property of different memory backends.
We should treat it similar to memory sharing property. Also rename
FileBackedMemShared to MemShared as it is just another memory backend
property that works with different memory backends not just file backed
memory.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
since some vendor id like 1ded can not be identified by virtio-pci
driver, so upper level need to pass a specified vendor id to qemu.
the upper level will change unavailable id and pass it to qemu.
Signed-off-by: Ace-Tang <aceapril@126.com>
