diff --git a/Cargo.lock b/Cargo.lock index c64e7049c..a9cf7f206 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2340,6 +2340,7 @@ dependencies = [ "bitflags 2.3.3", "block", "blocking", + "cfg-if", "devices", "epoll", "event_monitor", diff --git a/hypervisor/src/hypervisor.rs b/hypervisor/src/hypervisor.rs index 1905b85f0..0f35e559b 100644 --- a/hypervisor/src/hypervisor.rs +++ b/hypervisor/src/hypervisor.rs @@ -84,6 +84,11 @@ pub enum HypervisorError { /// #[error("Unsupported CPU:{0}")] UnsupportedCpu(#[source] anyhow::Error), + /// + /// Launching a VM with unsupported VM Type + /// + #[error("Unsupported VmType")] + UnsupportedVmType(), } /// diff --git a/hypervisor/src/mshv/mod.rs b/hypervisor/src/mshv/mod.rs index fd5e66cf4..0772bc0fd 100644 --- a/hypervisor/src/mshv/mod.rs +++ b/hypervisor/src/mshv/mod.rs @@ -14,7 +14,7 @@ use crate::vec_with_array_field; use crate::vm::{self, InterruptSourceConfig, VmOps}; use crate::HypervisorType; pub use mshv_bindings::*; -use mshv_ioctls::{set_registers_64, Mshv, NoDatamatch, VcpuFd, VmFd}; +use mshv_ioctls::{set_registers_64, Mshv, NoDatamatch, VcpuFd, VmFd, VmType}; use std::any::Any; use std::collections::HashMap; use std::sync::{Arc, RwLock}; @@ -210,21 +210,15 @@ impl hypervisor::Hypervisor for MshvHypervisor { fn hypervisor_type(&self) -> HypervisorType { HypervisorType::Mshv } - /// Create a mshv vm object and return the object as Vm trait object - /// - /// # Examples - /// - /// ``` - /// # extern crate hypervisor; - /// # use hypervisor::mshv::MshvHypervisor; - /// use hypervisor::mshv::MshvVm; - /// let hypervisor = MshvHypervisor::new().unwrap(); - /// let vm = hypervisor.create_vm().unwrap(); - /// ``` - fn create_vm(&self) -> hypervisor::Result> { + + fn create_vm_with_type(&self, vm_type: u64) -> hypervisor::Result> { + let mshv_vm_type: VmType = match VmType::try_from(vm_type) { + Ok(vm_type) => vm_type, + Err(_) => return Err(hypervisor::HypervisorError::UnsupportedVmType()), + }; let fd: VmFd; loop { - match self.mshv.create_vm() { + match self.mshv.create_vm_with_type(mshv_vm_type) { Ok(res) => fd = res, Err(e) => { if e.errno() == libc::EINTR { @@ -271,6 +265,22 @@ impl hypervisor::Hypervisor for MshvHypervisor { dirty_log_slots: Arc::new(RwLock::new(HashMap::new())), })) } + + /// Create a mshv vm object and return the object as Vm trait object + /// + /// # Examples + /// + /// ``` + /// # extern crate hypervisor; + /// # use hypervisor::mshv::MshvHypervisor; + /// use hypervisor::mshv::MshvVm; + /// let hypervisor = MshvHypervisor::new().unwrap(); + /// let vm = hypervisor.create_vm().unwrap(); + /// ``` + fn create_vm(&self) -> hypervisor::Result> { + let vm_type = 0; + self.create_vm_with_type(vm_type) + } /// /// Get the supported CpuID /// diff --git a/vmm/Cargo.toml b/vmm/Cargo.toml index 449994117..5594f8418 100644 --- a/vmm/Cargo.toml +++ b/vmm/Cargo.toml @@ -23,6 +23,7 @@ arch = { path = "../arch" } bitflags = "2.3.3" block = { path = "../block" } blocking = { version = "1.3.0", optional = true } +cfg-if = "1.0.0" devices = { path = "../devices" } epoll = "4.3.3" event_monitor = { path = "../event_monitor" } diff --git a/vmm/src/lib.rs b/vmm/src/lib.rs index 23c9298f4..02ee347e4 100644 --- a/vmm/src/lib.rs +++ b/vmm/src/lib.rs @@ -1312,6 +1312,8 @@ impl Vmm { &self.hypervisor, #[cfg(feature = "tdx")] false, + #[cfg(feature = "sev_snp")] + false, ) .map_err(|e| { MigratableError::MigrateReceive(anyhow!( diff --git a/vmm/src/vm.rs b/vmm/src/vm.rs index 078bdd8a4..15cf9896b 100644 --- a/vmm/src/vm.rs +++ b/vmm/src/vm.rs @@ -759,10 +759,19 @@ impl Vm { vm_config.lock().unwrap().is_tdx_enabled() }; + #[cfg(feature = "sev_snp")] + let sev_snp_enabled = if snapshot.is_some() { + false + } else { + vm_config.lock().unwrap().is_sev_snp_enabled() + }; + let vm = Self::create_hypervisor_vm( &hypervisor, #[cfg(feature = "tdx")] tdx_enabled, + #[cfg(feature = "sev_snp")] + sev_snp_enabled, )?; let phys_bits = physical_bits(&hypervisor, vm_config.lock().unwrap().cpus.max_phys_bits); @@ -821,17 +830,31 @@ impl Vm { pub fn create_hypervisor_vm( hypervisor: &Arc, #[cfg(feature = "tdx")] tdx_enabled: bool, + #[cfg(feature = "sev_snp")] sev_snp_enabled: bool, ) -> Result> { hypervisor.check_required_extensions().unwrap(); - // 0 for KVM_X86_LEGACY_VM - // 1 for KVM_X86_TDX_VM - #[cfg(feature = "tdx")] - let vm = hypervisor - .create_vm_with_type(u64::from(tdx_enabled)) - .unwrap(); - #[cfg(not(feature = "tdx"))] - let vm = hypervisor.create_vm().unwrap(); + cfg_if::cfg_if! { + if #[cfg(feature = "tdx")] { + let vm = hypervisor + .create_vm_with_type(if tdx_enabled { + 1 // KVM_X86_TDX_VM + } else { + 0 // KVM_X86_LEGACY_VM + }) + .unwrap(); + } else if #[cfg(feature = "sev_snp")] { + let vm = hypervisor + .create_vm_with_type(if sev_snp_enabled { + 1 // SEV_SNP_ENABLED + } else { + 0 // SEV_SNP_DISABLED + }) + .unwrap(); + } else { + let vm = hypervisor.create_vm().unwrap(); + } + } #[cfg(target_arch = "x86_64")] {