diff --git a/0001-docs-update-the-document-remove-the-other-features-t.patch b/0001-docs-update-the-document-remove-the-other-features-t.patch new file mode 100644 index 0000000000000000000000000000000000000000..926005e6e1200e247890306829d3cff0ca020324 --- /dev/null +++ b/0001-docs-update-the-document-remove-the-other-features-t.patch @@ -0,0 +1,297 @@ +From d9ca9f3eeab0381b28248f3a823eb8e46056f520 Mon Sep 17 00:00:00 2001 +From: zhouli57 +Date: Tue, 15 Feb 2022 17:12:35 +0800 +Subject: [PATCH 1/5] docs: update the document, remove the other features + title. + +Signed-off-by: zhouli57 +--- + docs/config_guidebook.md | 110 +++++++++++++-------------- + docs/interconnect_with_libvirt.ch.md | 2 +- + docs/interconnect_with_libvirt.md | 2 +- + docs/qmp.md | 16 ++-- + docs/quickstart.ch.md | 2 +- + docs/quickstart.md | 2 +- + docs/snapshot.md | 2 +- + 7 files changed, 68 insertions(+), 68 deletions(-) + +diff --git a/docs/config_guidebook.md b/docs/config_guidebook.md +index e0b8bdc..7594dfe 100644 +--- a/docs/config_guidebook.md ++++ b/docs/config_guidebook.md +@@ -131,6 +131,52 @@ If you want to use initrd as rootfs, `root=/dev/ram` and `rdinit=/bin/sh` must b + -initrd /path/to/initrd + ``` + ++### 1.7 Global config ++ ++Users can set the global configuration using the -global parameter. ++ ++One property can be set: ++ ++* pcie-root-port.fast-unplug: the fast unplug feature switch, only Kata is supported. ++ ++```shell ++-global pcie-root-port.fast-unplug=1 ++``` ++ ++### 1.8 Logging ++ ++StratoVirt supports to output log to stderr and log file. ++ ++You can enable StratoVirt's logging by: ++ ++```shell ++# Output log to stderr ++-D ++# Output log to log file ++-D /path/to/log/file ++``` ++ ++StratoVirt's log-level depends on env `STRATOVIRT_LOG_LEVEL`. ++StratoVirt supports five log-levels: `trace`, `debug`, `info`, `warn`, `error`. The default level is `error`. ++ ++### 1.9 Daemonize ++ ++StratoVirt supports to run as a daemon. ++ ++```shell ++# cmdline ++-daemonize ++``` ++ ++**When run StratoVirt as a daemon, you are not allowed to bind serial with stdio or output log to stdio.** ++ ++And you can also restore StratoVirt's **pid number** to a file by: ++ ++```shell ++# cmdline ++-pidfile /path/to/pidfile ++``` ++ + ## 2. Device Configuration + + For machine type "microvm", only virtio-mmio and legacy devices are supported. +@@ -492,7 +538,8 @@ Five properties can be set for chardev. + -chardev file,id=chardev_id,path=file_path + ``` + +-### 2.13 Trace ++## 3. Trace ++ + Users can specify the configuration file which lists events to trace. + + One property can be set: +@@ -503,38 +550,7 @@ One property can be set: + -trace events= + ``` + +-### 2.14 Global config +-Users can set the global configuration using the -global parameter. +- +-One property can be set: +- +-* pcie-root-port.fast-unplug: the fast unplug feature switch, only Kata is supported. +- +-```shell +--global pcie-root-port.fast-unplug=1 +-``` +- +-## 3. Other Features +- +-### 3.1 Daemonize +- +-StratoVirt supports to run as a daemon. +- +-```shell +-# cmdline +--daemonize +-``` +- +-**When run StratoVirt as a daemon, you are not allowed to bind serial with stdio or output log to stdio.** +- +-And you can also restore StratoVirt's **pid number** to a file by: +- +-```shell +-# cmdline +--pidfile /path/to/pidfile +-``` +- +-### 3.2 Seccomp ++## 4. Seccomp + + StratoVirt use [seccomp(2)](https://man7.org/linux/man-pages/man2/seccomp.2.html) to limit the syscalls + in StratoVirt process by default. It will make a slight influence on performance to StratoVirt. +@@ -558,27 +574,11 @@ If you want to disable seccomp, you can run StratoVirt with `-disable-seccomp`. + -disable-seccomp + ``` + +-### 3.3 Logging +- +-StratoVirt supports to output log to stderr and log file. +- +-You can enable StratoVirt's logging by: +- +-```shell +-# Output log to stderr +--D +-# Output log to log file +--D /path/to/log/file +-``` +- +-StratoVirt's log-level depends on env `STRATOVIRT_LOG_LEVEL`. +-StratoVirt supports five log-levels: `trace`, `debug`, `info`, `warn`, `error`. The default level is `error`. +- +-### 3.4 Snapshot and Restore ++## 5. Snapshot and Restore + + StratoVirt supports to take a snapshot of a paused VM as VM template. This template can be used to warm start a new VM. Warm start skips the kernel boot stage and userspace initialization stage to boot VM in a very short time. + +-#### 3.4.1 Restore from VM template ++### 5.1 Restore from VM template + + Restore from VM template with below command: + ```shell +@@ -597,11 +597,11 @@ $ ./stratovirt \ + + See [Snapshot and Restore](./snapshot.md) for details. + +-## 4. Ozone ++## 6. Ozone + Ozone is a lightweight secure sandbox for StratoVirt, it provides secure environment for StratoVirt + by limiting resources of StratoVirt using 'namespace'. Please run ozone with root permission. + +-### 4.1 Usage ++### 6.1 Usage + Ozone can be launched by the following commands: + ```shell + $ ./ozone \ +@@ -632,7 +632,7 @@ About the arguments: + * `cgroup` : set cgroup controller value. supported controller: `cpuset.cpus` and `memory.limit_in_bytes`. + * `--` : these two dashes are used to splite args, the args followed are used to launched StratoVirt. + +-### 4.2 Example ++### 6.2 Example + As ozone uses a directory to mount as a root directory, after ozone is launched, the directory "/srv/zozne/{exec_file}/{name}" will be created. (Where, `exec_file` is the executable binary file, usually it is `stratovirt`, while `name` is the name of ozone, it is given by users, but the length of it should be no more than 255 bytes.) In order to run ozone normally, please make sure that the directory "/srv/zozne/{exec_file}/{name}" does not exists before launching ozone. + + On top of that, the path-related arguments are different. They are all in the current(`./`) directory. +@@ -677,7 +677,7 @@ $ ./ozone \ + -clean-resource + ``` + +-## 5. Libvirt ++## 7. Libvirt + Libvirt launches StratoVirt by creating cmdlines. But some of these commands + such as: cpu, overcommit, uuid, no-user-config, nodefaults, sandbox, msg, rtc, no-shutdown, + nographic, realtime, display, usb, mem-prealloc and boot, are not supported by StratoVirt. +diff --git a/docs/interconnect_with_libvirt.ch.md b/docs/interconnect_with_libvirt.ch.md +index be5313c..d0323e2 100644 +--- a/docs/interconnect_with_libvirt.ch.md ++++ b/docs/interconnect_with_libvirt.ch.md +@@ -1,5 +1,5 @@ + # libvirt +-Libvirt是StratoVirt的管理软件,它是通过创建命令行来运行StratoVirt和发送qmp命令来管理StratoVirt。目前,支持五个virsh命令来管理StratoVirt: ++Libvirt是StratoVirt的管理软件,它是通过创建命令行来运行StratoVirt和发送QMP命令来管理StratoVirt。目前,支持五个virsh命令来管理StratoVirt: + `virsh create`, `virsh destroy`, `virsh suspend`, `virsh resume` 和 `virsh console`. + + +diff --git a/docs/interconnect_with_libvirt.md b/docs/interconnect_with_libvirt.md +index 787afae..88ec77f 100644 +--- a/docs/interconnect_with_libvirt.md ++++ b/docs/interconnect_with_libvirt.md +@@ -1,6 +1,6 @@ + # libvirt + Libvirt is one of manager for StratoVirt, it manages StratoVirt by creating cmdlines to launch StratoVirt +-and giving commands via qmp. Currently, five virsh commands are supported to manage StratoVirt: ++and giving commands via QMP. Currently, five virsh commands are supported to manage StratoVirt: + `virsh create`, `virsh destroy`, `virsh suspend`, `virsh resume` and `virsh console`. + + +diff --git a/docs/qmp.md b/docs/qmp.md +index 215cb57..be933fa 100644 +--- a/docs/qmp.md ++++ b/docs/qmp.md +@@ -3,13 +3,13 @@ + ## Introduction + + StratoVirt controls VM's lifecycle and external api interface with [QMP](https://wiki.qemu.org/Documentation/QMP) +- in current version. ++ in the current version. + +-## qmp Creation ++## QMP Creation + +-When running StratoVirt, you must create qmp in cmdline arguments as a management interface. ++When running StratoVirt, you must create QMP in cmdline arguments as a management interface. + +-StratoVirt supports UnixSocket-type qmp, you can set it by: ++StratoVirt supports UnixSocket-type QMP, you can set it by: + + ```shell + # cmdline +@@ -17,7 +17,7 @@ StratoVirt supports UnixSocket-type qmp, you can set it by: + ``` + Where, the information about 'server' and 'nowait' can be found in [section 2.12 Chardev](#212-chardev) + +-On top of that, monitor can be used to create qmp connection as well. ++On top of that, monitor can be used to create QMP connection as well. + The following commands can be used to create a monitor. + + Three properties can be set for monitor. +@@ -33,11 +33,11 @@ Three properties can be set for monitor. + -mon chardev=chardev_id,id=monitor_id,mode=control + ``` + +-## qmp Connection ++## QMP Connection + +-After StratoVirt started, you can connect to StratoVirt's qmp and manage it by QMP. ++After StratoVirt started, you can connect to StratoVirt's QMP and manage it by QMP. + +-Several steps to connect qmp are showed as following: ++Several steps to connect QMP are showed as following: + + ```shell + # Start with UnixSocket +diff --git a/docs/quickstart.ch.md b/docs/quickstart.ch.md +index 02a3ea5..29e1496 100644 +--- a/docs/quickstart.ch.md ++++ b/docs/quickstart.ch.md +@@ -72,7 +72,7 @@ socket_path=`pwd`"/stratovirt.sock" + kernel_path=`pwd`"/vmlinux.bin" + rootfs_path=`pwd`"/rootfs.ext4" + +-# 保证qmp通信socket文件路径可以被创建。 ++# 保证QMP通信socket文件路径可以被创建。 + rm -f ${socket_path} + + # 通过StratoVirt启动轻量化机型的Linux客户机。 +diff --git a/docs/quickstart.md b/docs/quickstart.md +index ce9af50..add534c 100644 +--- a/docs/quickstart.md ++++ b/docs/quickstart.md +@@ -75,7 +75,7 @@ socket_path=`pwd`"/stratovirt.sock" + kernel_path=`pwd`"/vmlinux.bin" + rootfs_path=`pwd`"/rootfs.ext4" + +-# Make sure qmp can be created. ++# Make sure QMP can be created. + rm -f ${socket_path} + + # Start linux VM with machine type "microvm" by StratoVirt. +diff --git a/docs/snapshot.md b/docs/snapshot.md +index dbecc7f..a8ebffd 100644 +--- a/docs/snapshot.md ++++ b/docs/snapshot.md +@@ -59,7 +59,7 @@ The device configuration must be the same with template VM. Its cpu number, gues + + ## Snapshot state check + +-Use qmp command `query-migrate` to check snapshot state: ++Use QMP command `query-migrate` to check snapshot state: + ```shell + $ ncat -U path/to/socket + {"QMP":{"version":{"StratoVirt":{"micro":1,"minor":0,"major":0},"package":""},"capabilities":[]}} +-- +2.25.1 + diff --git a/0002-legacy-fwcfg-fix-bug-of-wrong-size-judgment.patch b/0002-legacy-fwcfg-fix-bug-of-wrong-size-judgment.patch new file mode 100644 index 0000000000000000000000000000000000000000..9dc23b929196f2d16fe43746c9fc47d807626e99 --- /dev/null +++ b/0002-legacy-fwcfg-fix-bug-of-wrong-size-judgment.patch @@ -0,0 +1,29 @@ +From 048b51010d25187799632082917b8b883df98df7 Mon Sep 17 00:00:00 2001 +From: Jiajie Li +Date: Thu, 17 Feb 2022 18:11:07 +0800 +Subject: [PATCH 2/5] legacy/fwcfg: fix bug of wrong size judgment + +When call `read_data_reg`, the size should be in (0,8], not (0,8). +Fix it. + +Signed-off-by: Jiajie Li +--- + devices/src/legacy/fwcfg.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/devices/src/legacy/fwcfg.rs b/devices/src/legacy/fwcfg.rs +index 7e9e73f..866bab2 100644 +--- a/devices/src/legacy/fwcfg.rs ++++ b/devices/src/legacy/fwcfg.rs +@@ -688,7 +688,7 @@ impl FwCfgCommon { + /// Return the value of the register + /// + fn read_data_reg(&mut self, _addr: u64, mut size: u32) -> Result { +- if size == 0 || size >= std::mem::size_of::() as u32 { ++ if size == 0 || size > std::mem::size_of::() as u32 { + bail!( + "Failed to read from FWcfg data register, size {} overflows", + size +-- +2.25.1 + diff --git a/0003-standard_vm-add-FACS-acpi-table-on-x86-plantform.patch b/0003-standard_vm-add-FACS-acpi-table-on-x86-plantform.patch new file mode 100644 index 0000000000000000000000000000000000000000..8394c56d0806509a50cf035ad35ac49d5738c6a9 --- /dev/null +++ b/0003-standard_vm-add-FACS-acpi-table-on-x86-plantform.patch @@ -0,0 +1,77 @@ +From d3f8796887051e3975bed57bd7bc3c3def392841 Mon Sep 17 00:00:00 2001 +From: Jiajie Li +Date: Thu, 17 Feb 2022 18:12:47 +0800 +Subject: [PATCH 3/5] standard_vm: add FACS acpi table on x86 plantform + +When a standard vm starts, the hardware reduced feature needs to +be turned off, so an additional FACS acpi table needs to be added + +Signed-off-by: Jiajie Li +--- + machine/src/standard_vm/mod.rs | 43 ++++++++++++++++++++++++++++++++++ + 1 file changed, 43 insertions(+) + +diff --git a/machine/src/standard_vm/mod.rs b/machine/src/standard_vm/mod.rs +index fe7435a..1fca3bf 100644 +--- a/machine/src/standard_vm/mod.rs ++++ b/machine/src/standard_vm/mod.rs +@@ -111,6 +111,13 @@ trait StdMachineOps: AcpiBuilder { + + let mut xsdt_entries = Vec::new(); + ++ #[cfg(target_arch = "x86_64")] ++ { ++ let facs_addr = Self::build_facs_table(&acpi_tables, &mut loader) ++ .chain_err(|| "Failed to build ACPI FACS table")?; ++ xsdt_entries.push(facs_addr); ++ } ++ + let dsdt_addr = self + .build_dsdt_table(&acpi_tables, &mut loader) + .chain_err(|| "Failed to build ACPI DSDT table")?; +@@ -394,6 +401,42 @@ trait AcpiBuilder { + Ok(fadt_begin as u64) + } + ++ /// Build ACPI FACS table, returns the offset of ACPI FACS table in `acpi_data`. ++ /// ++ /// # Arguments ++ /// ++ /// `acpi_data` - Bytes streams that ACPI tables converts to. ++ /// `loader` - ACPI table loader. ++ #[cfg(target_arch = "x86_64")] ++ fn build_facs_table(acpi_data: &Arc>>, loader: &mut TableLoader) -> Result ++ where ++ Self: Sized, ++ { ++ let mut facs_data = vec![0_u8; 0x40]; ++ // FACS table signature. ++ facs_data[0] = b'F'; ++ facs_data[1] = b'A'; ++ facs_data[2] = b'C'; ++ facs_data[3] = b'S'; ++ // FACS table length. ++ facs_data[4] = 0x40; ++ ++ let mut locked_acpi_data = acpi_data.lock().unwrap(); ++ let facs_begin = locked_acpi_data.len() as u32; ++ locked_acpi_data.extend(facs_data); ++ let facs_end = locked_acpi_data.len() as u32; ++ drop(locked_acpi_data); ++ ++ loader.add_cksum_entry( ++ ACPI_TABLE_FILE, ++ facs_begin + TABLE_CHECKSUM_OFFSET, ++ facs_begin, ++ facs_end - facs_begin, ++ )?; ++ ++ Ok(facs_begin as u64) ++ } ++ + /// Build ACPI XSDT table, returns the offset of ACPI XSDT table in `acpi_data`. + /// + /// # Arguments +-- +2.25.1 + diff --git a/0004-docs-build_guide-Update-suggested-rustc-version.patch b/0004-docs-build_guide-Update-suggested-rustc-version.patch new file mode 100644 index 0000000000000000000000000000000000000000..7a69e4aeea462e3bc0788c55b6aef38fd3270eb0 --- /dev/null +++ b/0004-docs-build_guide-Update-suggested-rustc-version.patch @@ -0,0 +1,59 @@ +From 54f5311907d66a4c35ea5d250714973a04a7fd30 Mon Sep 17 00:00:00 2001 +From: Jie Yang +Date: Thu, 17 Feb 2022 21:59:29 +0800 +Subject: [PATCH 4/5] docs/build_guide: Update suggested rustc version + +Signed-off-by: Jie Yang +--- + docs/build_guide.ch.md | 4 ++-- + docs/build_guide.md | 6 +++--- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/docs/build_guide.ch.md b/docs/build_guide.ch.md +index c4eba88..ac9d466 100644 +--- a/docs/build_guide.ch.md ++++ b/docs/build_guide.ch.md +@@ -4,11 +4,11 @@ + ## 1. 检查Rust构建环境 + + 为了构建StratoVirt,需保证已经安装了Rust语言环境和Cargo软件。 +-rustc的推荐版本为1.45.2及其之后的版本。 ++rustc的推荐版本为1.51.0及其之后的版本, 否则编译可能失败。 + + ```shell + $ rustc --version +-rustc 1.45.2 ++rustc 1.51.0 + ``` + + 如果你想部署rust环境,下面的链接可以帮助你: +diff --git a/docs/build_guide.md b/docs/build_guide.md +index fd3e3d1..3d7320e 100644 +--- a/docs/build_guide.md ++++ b/docs/build_guide.md +@@ -4,11 +4,11 @@ + ## 1. Check Rust environment + + To build StratoVirt, make sure that Rust language environment and Cargo have already been installed. +- The recommended version of rustc is 1.45.2 or later. ++The recommended version of rustc is 1.51.0 or later, otherwise compilation may be failed. + + ```shell + $ rustc --version +-rustc 1.45.2 ++rustc 1.51.0 + ``` + + If you want to deploy rust environment, the following link will help you: +@@ -32,7 +32,7 @@ Now you can find StratoVirt binary file in `target/${arch}-unknown-linux-gnu/rel + + ## 3. Build with musl-libc + +-StratoVirt can also be built using musl-libc toolchains. By this way, StratoVirt is linked statically ++StratoVirt can also be built using musl-libc toolchains. By this way, StratoVirt is linked statically + and has no library dependencies. + + ```shell +-- +2.25.1 + diff --git a/0005-standard_vm-syscall-Add-new-seccomp-rules.patch b/0005-standard_vm-syscall-Add-new-seccomp-rules.patch new file mode 100644 index 0000000000000000000000000000000000000000..34119facaa68491240ded00cb159171977fd7721 --- /dev/null +++ b/0005-standard_vm-syscall-Add-new-seccomp-rules.patch @@ -0,0 +1,101 @@ +From 4692011120135105d686a05b276926745f3328a2 Mon Sep 17 00:00:00 2001 +From: Jie Yang +Date: Thu, 17 Feb 2022 21:49:41 +0800 +Subject: [PATCH 5/5] standard_vm/syscall: Add new seccomp rules + +Fix VFIO hotplugging failure when seccomp is enabled if StratoVirt is +compiled with musl toolchain. + +Signed-off-by: Jie Yang +--- + docs/config_guidebook.md | 2 +- + docs/design.md | 2 +- + machine/src/standard_vm/aarch64/syscall.rs | 19 +++++++++++++++---- + machine/src/standard_vm/x86_64/syscall.rs | 4 +++- + 4 files changed, 20 insertions(+), 7 deletions(-) + +diff --git a/docs/config_guidebook.md b/docs/config_guidebook.md +index e0b8bdc..1764f30 100644 +--- a/docs/config_guidebook.md ++++ b/docs/config_guidebook.md +@@ -543,7 +543,7 @@ in StratoVirt process by default. It will make a slight influence on performance + | Number of Syscalls | GNU Toolchain | MUSL Toolchain | + | :----------------: | :-----------: | :------------: | + | microvm | 46 | 46 | +-| q35 | 49 | 50 | ++| q35 | 49 | 51 | + + * aarch64 + +diff --git a/docs/design.md b/docs/design.md +index 3223605..44ae335 100644 +--- a/docs/design.md ++++ b/docs/design.md +@@ -38,7 +38,7 @@ in Kubernetes ecosystem perfectly; + - Multi-platform support: Fully support for Intel and Arm platform; + - Expansibility: StratoVirt reserves interface and design for importing more features, + even expand to standard virtualization support; +-- Security: less than 51 syscalls while running; ++- Security: less than 52 syscalls while running; + + ## Implementation + +diff --git a/machine/src/standard_vm/aarch64/syscall.rs b/machine/src/standard_vm/aarch64/syscall.rs +index da663b9..e8ecdd5 100644 +--- a/machine/src/standard_vm/aarch64/syscall.rs ++++ b/machine/src/standard_vm/aarch64/syscall.rs +@@ -114,10 +114,7 @@ pub fn syscall_whitelist() -> Vec { + BpfRule::new(libc::SYS_statx), + BpfRule::new(libc::SYS_mkdirat), + BpfRule::new(libc::SYS_unlinkat), +- BpfRule::new(libc::SYS_madvise) +- .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32) +- .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32) +- .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTDUMP as u32), ++ madvise_rule(), + BpfRule::new(libc::SYS_msync), + BpfRule::new(libc::SYS_readlinkat), + ] +@@ -178,3 +175,17 @@ fn ioctl_allow_list() -> BpfRule { + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_REG_LIST() as u32) + .add_constraint(SeccompCmpOpt::Eq, 1, KVM_ARM_VCPU_INIT() as u32) + } ++ ++fn madvise_rule() -> BpfRule { ++ #[cfg(target_env = "musl")] ++ return BpfRule::new(libc::SYS_madvise) ++ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_FREE as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTDUMP as u32); ++ #[cfg(target_env = "gnu")] ++ return BpfRule::new(libc::SYS_madvise) ++ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTNEED as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_WILLNEED as u32) ++ .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTDUMP as u32); ++} +diff --git a/machine/src/standard_vm/x86_64/syscall.rs b/machine/src/standard_vm/x86_64/syscall.rs +index 9836066..f39170a 100644 +--- a/machine/src/standard_vm/x86_64/syscall.rs ++++ b/machine/src/standard_vm/x86_64/syscall.rs +@@ -54,7 +54,7 @@ const KVM_RUN: u32 = 0xae80; + /// # Notes + /// This allowlist limit syscall with: + /// * x86_64-unknown-gnu: 46 syscalls +-/// * x86_64-unknown-musl: 47 syscalls ++/// * x86_64-unknown-musl: 48 syscalls + /// To reduce performance losses, the syscall rules is ordered by frequency. + pub fn syscall_whitelist() -> Vec { + vec![ +@@ -124,6 +124,8 @@ pub fn syscall_whitelist() -> Vec { + .add_constraint(SeccompCmpOpt::Eq, 2, libc::MADV_DONTDUMP as u32), + BpfRule::new(libc::SYS_msync), + BpfRule::new(libc::SYS_readlinkat), ++ #[cfg(target_env = "musl")] ++ BpfRule::new(libc::SYS_readlink), + ] + } + +-- +2.25.1 + diff --git a/stratovirt.spec b/stratovirt.spec index 2ff7ce8165c75195750c9b824b282da84e18821a..8678b7093caa74ebe93fb71149e9c54e5e81a96e 100644 --- a/stratovirt.spec +++ b/stratovirt.spec @@ -6,13 +6,20 @@ Name: stratovirt Version: 2.1.0 -Release: 1 +Release: 2 Summary: StratoVirt is an opensource VMM(Virtual Machine Manager) which aims to perform next generation virtualization. License: Mulan PSL v2 URL: https://gitee.com/openeuler/StratoVirt Source0: %{name}-%{version}.tar.gz +Patch001: 0001-docs-update-the-document-remove-the-other-features-t.patch +Patch002: 0002-legacy-fwcfg-fix-bug-of-wrong-size-judgment.patch +Patch003: 0003-standard_vm-add-FACS-acpi-table-on-x86-plantform.patch +Patch004: 0004-docs-build_guide-Update-suggested-rustc-version.patch +Patch005: 0005-standard_vm-syscall-Add-new-seccomp-rules.patch + + ExclusiveArch: x86_64 aarch64 %ifarch aarch64 @@ -66,6 +73,11 @@ chmod 555 ${RPM_BUILD_ROOT}/usr/bin/stratovirt chmod 555 ${RPM_BUILD_ROOT}/usr/bin/ozone %changelog +* Fri Feb 18 2022 Jie Yang - 2.1.0-2 +- Fix VFIO hotplugging failure caused by missing seccomp rules. +- Fix booting failure from disk image on x86_64. +- Update some documents. + * Fri Feb 11 2022 Jie Yang - 2.1.0-1 - Add support for PCIe native hotplugging. - Reduce memory consumption of reading edk2 firmware files on aarch64.