[Draft] cc rebase #1310
Open
[Draft] cc rebase #1310
Commits on Jun 11, 2024
-
cc: start of CC(Confidential Computing) support
This series of changes aim to create a common base for running different CC architectures, and the updates will involve: 1)private and shared memory isolation. 2)hypercalls update for using shared memory. 3)vm initialization flow update. 4)use one more vcpu to handle io and scheduling inside kernel.
-
Now cc_all and cc_debug can compile with cc feature.
-
-
cc: memory isolation implementation
In normal vm, there is the common heap and an additional IO heap if enabled EnableIOBuf config. In cc, there are 4 heaps: 1)shared heap: qkernel stores in it the shared data(IObuffer, sharedspace etc.), then qvisor uses it after vm is launched. 2)IO heap: considered as shared heap here, used if enabled EnableIOBuf config. 3)guest private heap: qvisor stores necessary data during initialization (initial pagetable, gdt, kernel etc.) then qkernel uses it as the default heap. 4)host init heap: an additional heap is used by the qvisor for storing data before launching vm. It will not be used after vm launched. -
cc: update initialization flow for qvisor and qkernel
Now qvisor will switch to different vm creation flow based on the CCMode config. If any cc mode is enabled, sharedspace will be initialized after vm is launched. Additionally, map the host initial heap to kvm if cc is compiled but not enabled.
-
Instead of setting registers to pass parameters, in cc mode, a sharapara page is used. This method only works when feature cc is compiled and CCMode config is not None.
-
cc: copy executable into private memory
Add a data structure p2pmap in the mappable which stores the mapping of private and shared memory, writeback if map shared and not readonly when unmapping the data. Besides, need to sync updates when fsync and writing with fd.
-
Instead of using cstring for passing parameters in call, in cc, sharestring is used to allocate string in shared memory directly.
-
-
-
-
-
-
-
-
-
Add a struct taskWrapper, has minimal host required data(ready, queueid and taskAddr), which should be allocated in the shared memory and read by the host.
-
-
-
cc: move timer related struct into shared memory
1)Store Timer in shared heap, since the value of the btree in timestore is a reference 2)Make timekeepr shared, the timekeeper is initialized and stored in the sharespace, and cloned when the guest creates a TimeKeeperClock. The internal timekeeper is used by host. ProcessOnce() ->TIMER_STORE.Trigger() -> get the timer by GetFirst() then timer.Fire() ->Timeout() -> Now() 3)In the same Timeout function, the listener of the Timer is triggered to update the vdso, the update by host is banned now. 4)Store FdWaitInfo in shared heap, it may be set by the kernel and check by host in ProcessOnce() -> FD_NOTIFIER.HostEpollWait() -> FdNotify()
-
-
-
Now CCMode::NormalEmu can be set in the config to enable unidentical mapping. Private memory is mapped 30gb higher on the host.
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.