firecracker-microvm · kalyazin · Aug 7, 2023 · Aug 18, 2023 · Jul 26, 2023 · Jul 26, 2023
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/resources/seccomp/aarch64-unknown-linux-musl.json b/resources/seccomp/aarch64-unknown-linux-musl.json
@@ -979,6 +979,10 @@
             {
                 "syscall": "sched_yield",
                 "comment": "Used by the rust standard library in std::sync::mpmc. Firecracker uses mpsc channels from this module for inter-thread communication"
+            },
+            {
+                "syscall": "sendmsg",
+                "comment": "Used by vhost-user frontend to communicate with the backend"
             }
         ]
     }

diff --git a/resources/seccomp/x86_64-unknown-linux-musl.json b/resources/seccomp/x86_64-unknown-linux-musl.json
@@ -1183,6 +1183,10 @@
             {
                 "syscall": "sched_yield",
                 "comment": "Used by the rust standard library in std::sync::mpmc. Firecracker uses mpsc channels from this module for inter-thread communication"
+            },
+            {
+                "syscall": "sendmsg",
+                "comment": "Used by vhost-user frontend to communicate with the backend"
             }
         ]
     }

diff --git a/src/api_server/src/request/drive.rs b/src/api_server/src/request/drive.rs
@@ -64,12 +64,19 @@
         ));
     }
 
+    // Give priority to the file configuration and fall back to the legacy parameters.
+    let (path_on_host, rate_limiter) = match &block_device_update_cfg.file {
+        Some(file) => (&file.path_on_host, file.rate_limiter),
+        None => (
+            &block_device_update_cfg.path_on_host,
+            block_device_update_cfg.rate_limiter,
+        ),
+    };
+
     // Validate request - we need to have at least one parameter set:
     // - path_on_host
     // - rate_limiter
-    if block_device_update_cfg.path_on_host.is_none()
-        && block_device_update_cfg.rate_limiter.is_none()
-    {
+    if path_on_host.is_none() && rate_limiter.is_none() {
         METRICS.patch_api_requests.drive_fails.inc();
         return Err(Error::Generic(
             StatusCode::BadRequest,

diff --git a/src/api_server/swagger/firecracker.yaml b/src/api_server/swagger/firecracker.yaml
@@ -856,9 +856,7 @@ definitions:
     type: object
     required:
       - drive_id
-      - is_read_only
       - is_root_device
-      - path_on_host
     properties:
       drive_id:
         type: string
@@ -868,8 +866,26 @@ definitions:
           Represents the caching strategy for the block device.
         enum: ["Unsafe", "Writeback"]
         default: "Unsafe"
+      file:
+        description:
+          Configuration for the host-file-backed device.
+          If provided, overrides `io_engine`, `is_read_only`, `path_on_host` and `rate_limiter`.
+        $ref: "#/definitions/FileConfig"
+      io_engine:
+        type: string
+        description:
+          Type of the IO engine used by the device. "Async" is supported on
+          host kernels newer than 5.10.51.
+          This parameter has been deprecated since v1.6.0.
+          Use parameters in `file` instead.
+        enum: ["Sync", "Async"]
+        default: "Sync"
       is_read_only:
         type: boolean
+        description:
+          The drive is read only.
+          This parameter has been deprecated since v1.6.0.
+          Use parameters in `file` instead.
       is_root_device:
         type: boolean
       partuuid:
@@ -880,17 +896,19 @@ definitions:
           field is true.
       path_on_host:
         type: string
-        description: Host level path for the guest drive
+        description:
+          Host level path for the guest drive.
+          This parameter has been deprecated since v1.6.0.
+          Use parameters in `file` instead.
       rate_limiter:
+        description:
+          This parameter has been deprecated since v1.6.0.
+          Use parameters in `file` instead.
         $ref: "#/definitions/RateLimiter"
-      io_engine:
-        type: string
+      vhost_user:
         description:
-          Type of the IO engine used by the device. "Async" is supported on
-          host kernels newer than 5.10.51.
-        enum: ["Sync", "Async"]
-        default: "Sync"
-
+          Configuration for the vhost-user-backed device.
+        $ref: "#/definitions/VhostUserConfig"
   Error:
     type: object
     properties:
@@ -899,6 +917,29 @@ definitions:
         description: A description of the error condition
         readOnly: true
 
+  FileConfig:
+    type: object
+    required:
+     - is_read_only
+     - path_on_host
+    properties:
+      is_read_only:
+        description:
+          The drive is read only.
+        type: boolean
+      io_engine:
+        type: string
+        description:
+          Type of the IO engine used by the device. "Async" is supported on
+          host kernels newer than 5.10.51.
+        enum: ["Sync", "Async"]
+        default: "Sync"
+      path_on_host:
+        type: string
+        description: Host level path for the guest drive
+      rate_limiter:
+        $ref: "#/definitions/RateLimiter"
+
   FullVmConfiguration:
     type: object
     properties:
@@ -1121,6 +1162,26 @@ definitions:
     properties:
       drive_id:
         type: string
+      file:
+        description:
+          Configuration for the host-file-backed device.
+          If provided, overrides `path_on_host`, `rate_limiter`.
+        $ref: "#/definitions/PartialFileConfig"
+      path_on_host:
+        type: string
+        description:
+          Host level path for the guest drive
+          This parameter has been deprecated since v1.6.0.
+          Use parameters in `file` instead.
+      rate_limiter:
+        description:
+          This parameter has been deprecated since v1.6.0.
+          Use parameters in `file` instead.
+        $ref: "#/definitions/RateLimiter"
+
+  PartialFileConfig:
+    type: object
+    properties:
       path_on_host:
         type: string
         description: Host level path for the guest drive
@@ -1244,6 +1305,15 @@ definitions:
         description: The total number of tokens this bucket can hold.
         minimum: 0
 
+  VhostUserConfig:
+    type: object
+    required:
+     - socket
+    properties:
+      socket:
+        type: string
+        description: Socket path for vhost-user backend.
+
   Vm:
     type: object
     description:

diff --git a/src/utils/src/vm_memory.rs b/src/utils/src/vm_memory.rs
@@ -101,11 +101,15 @@ fn build_guarded_region(
 
     // SAFETY: Safe because the parameters are valid.
     unsafe {
-        MmapRegionBuilder::new_with_bitmap(size, bitmap)
+        let builder = MmapRegionBuilder::new_with_bitmap(size, bitmap)
             .with_raw_mmap_pointer(region_addr.cast::<u8>())
             .with_mmap_prot(prot)
-            .with_mmap_flags(flags)
-            .build()
+            .with_mmap_flags(flags);
+
+        match maybe_file_offset {
+            Some(file_offset) => builder.with_file_offset(file_offset).build(),
+            None => builder.build(),
+        }
     }
 }
 
@@ -120,7 +124,7 @@ pub fn create_guest_memory(
     for region in regions {
         let flags = match region.0 {
             None => libc::MAP_NORESERVE | libc::MAP_PRIVATE | libc::MAP_ANONYMOUS,
-            Some(_) => libc::MAP_NORESERVE | libc::MAP_PRIVATE,
+            Some(_) => libc::MAP_NORESERVE | libc::MAP_SHARED,
         };
 
         let mmap_region =

diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml
@@ -18,6 +18,7 @@ kvm-ioctls = "0.15.0"
 lazy_static = "1.4.0"
 libc = "0.2.117"
 linux-loader = "0.9.0"
+memfd = "0.6.3"
 serde = { version = "1.0.136", features = ["derive"] }
 semver = { version = "1.0.17", features = ["serde"] }
 serde_json = "1.0.78"
@@ -27,6 +28,7 @@ displaydoc = "0.2.4"
 userfaultfd = "0.6.0"
 versionize = "0.1.10"
 versionize_derive = "0.1.5"
+vhost = { version = "0.8.1", features = ["vhost-user-master"] }
 vm-allocator = "0.1.0"
 vm-fdt = "0.2.0"
 vm-superio = "0.7.0"

diff --git a/src/vmm/src/arch/aarch64/fdt.rs b/src/vmm/src/arch/aarch64/fdt.rs
@@ -14,7 +14,7 @@ use utils::vm_memory::{
 };
 use vm_fdt::{Error as VmFdtError, FdtWriter, FdtWriterNode};
 
-use super::super::{DeviceType, InitrdConfig};
+use super::super::{DeviceSubtype, DeviceType, InitrdConfig};
 use super::cache_info::{read_cache_config, CacheEntry};
 use super::get_fdt_addr;
 use super::gic::GICDevice;
@@ -67,7 +67,7 @@ pub fn create_fdt<T: DeviceInfoForFDT + Clone + Debug, S: std::hash::BuildHasher
     guest_mem: &GuestMemoryMmap,
     vcpu_mpidr: Vec<u64>,
     cmdline: CString,
-    device_info: &HashMap<(DeviceType, String), T, S>,
+    device_info: &HashMap<(DeviceType, DeviceSubtype, String), T, S>,
     gic_device: &GICDevice,
     initrd: &Option<InitrdConfig>,
 ) -> Result<Vec<u8>, FdtError> {
@@ -390,12 +390,12 @@ fn create_rtc_node<T: DeviceInfoForFDT + Clone + Debug>(
 
 fn create_devices_node<T: DeviceInfoForFDT + Clone + Debug, S: std::hash::BuildHasher>(
     fdt: &mut FdtWriter,
-    dev_info: &HashMap<(DeviceType, String), T, S>,
+    dev_info: &HashMap<(DeviceType, DeviceSubtype, String), T, S>,
 ) -> Result<(), FdtError> {
     // Create one temp Vec to store all virtio devices
     let mut ordered_virtio_device: Vec<&T> = Vec::new();
 
-    for ((device_type, _device_id), info) in dev_info {
+    for ((device_type, _device_subtype, _device_id), info) in dev_info {
         match device_type {
             DeviceType::BootTimer => (), // since it's not a real device
             DeviceType::Rtc => create_rtc_node(fdt, info)?,
@@ -424,6 +424,7 @@ mod tests {
     use super::*;
     use crate::arch::aarch64::gic::create_gic;
     use crate::arch::aarch64::{arch_memory_regions, layout};
+    use crate::devices::virtio::SUBTYPE_NON_VIRTIO;
 
     const LEN: u64 = 4096;
 
@@ -459,17 +460,25 @@ mod tests {
         let mem = utils::vm_memory::test_utils::create_anon_guest_memory(&regions, false)
             .expect("Cannot initialize memory");
 
-        let dev_info: HashMap<(DeviceType, std::string::String), MMIODeviceInfo> = [
+        let dev_info: HashMap<(DeviceType, DeviceSubtype, std::string::String), MMIODeviceInfo> = [
             (
-                (DeviceType::Serial, DeviceType::Serial.to_string()),
+                (
+                    DeviceType::Serial,
+                    SUBTYPE_NON_VIRTIO,
+                    DeviceType::Serial.to_string(),
+                ),
                 MMIODeviceInfo { addr: 0x00, irq: 1 },
             ),
             (
-                (DeviceType::Virtio(1), "virtio".to_string()),
+                (
+                    DeviceType::Virtio(1),
+                    SUBTYPE_NON_VIRTIO,
+                    "virtio".to_string(),
+                ),
                 MMIODeviceInfo { addr: LEN, irq: 2 },
             ),
             (
-                (DeviceType::Rtc, "rtc".to_string()),
+                (DeviceType::Rtc, SUBTYPE_NON_VIRTIO, "rtc".to_string()),
                 MMIODeviceInfo {
                     addr: 2 * LEN,
                     irq: 3,
@@ -512,7 +521,7 @@ mod tests {
             &mem,
             vec![0],
             CString::new("console=tty0").unwrap(),
-            &HashMap::<(DeviceType, std::string::String), MMIODeviceInfo>::new(),
+            &HashMap::<(DeviceType, DeviceSubtype, std::string::String), MMIODeviceInfo>::new(),
             &gic,
             &None,
         )
@@ -575,7 +584,7 @@ mod tests {
             &mem,
             vec![0],
             CString::new("console=tty0").unwrap(),
-            &HashMap::<(DeviceType, std::string::String), MMIODeviceInfo>::new(),
+            &HashMap::<(DeviceType, DeviceSubtype, std::string::String), MMIODeviceInfo>::new(),
             &gic,
             &Some(initrd),
         )

diff --git a/src/vmm/src/arch/aarch64/mod.rs b/src/vmm/src/arch/aarch64/mod.rs
@@ -21,7 +21,7 @@ use utils::vm_memory::{Address, GuestAddress, GuestMemory, GuestMemoryMmap};
 
 pub use self::fdt::DeviceInfoForFDT;
 use self::gic::GICDevice;
-use crate::arch::DeviceType;
+use crate::arch::{DeviceSubtype, DeviceType};
 
 /// Errors thrown while configuring aarch64 system.
 #[derive(Debug, derive_more::From)]
@@ -59,7 +59,7 @@ pub fn configure_system<T: DeviceInfoForFDT + Clone + Debug, S: std::hash::Build
     guest_mem: &GuestMemoryMmap,
     cmdline_cstring: CString,
     vcpu_mpidr: Vec<u64>,
-    device_info: &HashMap<(DeviceType, String), T, S>,
+    device_info: &HashMap<(DeviceType, DeviceSubtype, String), T, S>,
     gic_device: &GICDevice,
     initrd: &Option<super::InitrdConfig>,
 ) -> Result<(), ConfigurationError> {

diff --git a/src/vmm/src/arch/mod.rs b/src/vmm/src/arch/mod.rs
@@ -43,6 +43,9 @@ pub enum DeviceType {
     BootTimer,
 }
 
+/// Subtypes for devices that can get attached to this platform.
+pub type DeviceSubtype = u32;
+
 /// Type for passing information about the initrd in the guest memory.
 #[derive(Debug)]
 pub struct InitrdConfig {