Merge pull request #95 from sruffell/config-file-for-default-vm

Use config file for default VM

Author: ALSchwalm

.gitignore

@@ -2,10 +2,11 @@
 /target
 mythril/target
 mythril/src/blob/bios.bin
+mythril/.cargo
 _boot.img
 **/*.rs.bk
 debug.log
 os.iso
 _isofiles
 scripts/initramfs
-scripts/vmlinuz
+scripts/vmlinuz

Makefile

@@ -7,6 +7,9 @@ TEST_IMAGE_REPO=https://github.com/mythril-hypervisor/build
 TEST_INITRAMFS_URL=$(TEST_IMAGE_REPO)/releases/download/$(BUILD_REPO_TAG)/test-initramfs.img
 TEST_KERNEL_URL=$(TEST_IMAGE_REPO)/releases/download/$(BUILD_REPO_TAG)/test-bzImage
 
+CARGO_BUILD_JOBS?=$(shell grep -c '^processor' /proc/cpuinfo)
+KVM_GROUP_ID?=$(shell grep kvm /etc/group | cut -f 3 -d:)
+
 mythril_binary = mythril/target/mythril_target/$(BUILD_TYPE)/mythril
 mythril_src = $(shell find mythril* -type f -name '*.rs' -or -name '*.S' -or -name '*.ld' \
 	                   -name 'Cargo.toml')
@@ -48,13 +51,16 @@ $(guest_initramfs):
 	curl -L $(TEST_INITRAMFS_URL) -o $(guest_initramfs)
 
 docker-%:
-	docker run --privileged -it --rm -w $(CURDIR) -v $(CURDIR):$(CURDIR) \
-	   -u $(shell id -u):$(shell id -g) $(DOCKER_IMAGE) \
-	   /bin/bash -c '$(MAKE) $*'
+	docker run --privileged -ti --rm -w $(CURDIR) -v $(CURDIR):$(CURDIR) \
+	   -u $(shell id -u):$(shell id -g) \
+	   --group-add=$(KVM_GROUP_ID) \
+	   -e CARGO_HOME=$(CURDIR)/mythril/.cargo \
+	   -e CARGO_BUILD_JOBS=$(CARGO_BUILD_JOBS) \
+	   $(DOCKER_IMAGE) /bin/bash -c '$(MAKE) $*'
 
 $(seabios):
 	cp scripts/seabios.config seabios/.config
-	make -C seabios
+	make -j $(CARGO_BUILD_JOBS) -C seabios
 
 $(seabios_blob): $(seabios)
 	cp $(seabios) $(seabios_blob)

mythril/Cargo.lock

@@ -23,6 +23,8 @@ multiboot = "0.3.0"
 multiboot2 = "0.9.0"
 raw-cpuid = "8.1.1"
 rlibc = "1.0.0"
+serde = {version = "^1", default-features = false, features = ["alloc", "derive"] }
+serde_json = {version = "^1", default-features = false, features = ["alloc"] }
 spin = "0.5"
 ux = { version = "0.1.3", default-features = false }
 managed = { version = "0.8.0", features = ["map", "alloc"], default-features = false }

mythril/Cargo.toml

@@ -0,0 +1,66 @@
+#![deny(missing_docs)]
+
+use crate::percore;
+
+use alloc::string::String;
+use core::fmt;
+use serde::de::{self, Visitor};
+use serde::export::Vec;
+use serde::{Deserialize, Deserializer};
+
+/// A description of a single virtual machine configuration
+#[derive(Deserialize, Debug)]
+pub struct UserVmConfig {
+    /// Memory in MB available to the virtual machine
+    pub memory: u64,
+
+    /// The multiboot identifier for the kernel this virtual machine will use
+    pub kernel: String,
+
+    /// The multiboot identifier for the initramfs this virtual machine will use
+    pub initramfs: String,
+
+    /// The kernel commandline for this virtual machine
+    pub cmdline: String,
+
+    /// A list of core ID's (starting from 0) used by this machine
+    pub cpus: Vec<percore::CoreId>,
+}
+
+/// The top level Mythril configuration
+#[derive(Deserialize, Debug)]
+pub struct UserConfig {
+    /// Version number for this configuration
+    pub version: u64,
+
+    /// A list of virtual machine configurations
+    pub vms: Vec<UserVmConfig>,
+}
+
+struct CoreIdVisitor;
+
+impl<'de> Visitor<'de> for CoreIdVisitor {
+    type Value = percore::CoreId;
+
+    fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result {
+        write!(formatter, "a core id")
+    }
+
+    fn visit_u64<E>(self, value: u64) -> core::result::Result<Self::Value, E>
+    where
+        E: de::Error,
+    {
+        Ok((value as u32).into())
+    }
+}
+
+impl<'de> Deserialize<'de> for percore::CoreId {
+    fn deserialize<D>(
+        deserializer: D,
+    ) -> core::result::Result<percore::CoreId, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        deserializer.deserialize_u64(CoreIdVisitor)
+    }
+}

mythril/src/config.rs

@@ -616,26 +616,26 @@ impl TryFrom<u64> for IoRedTblEntry {
     }
 }
 
-impl Into<u64> for IoRedTblEntry {
-    fn into(self) -> u64 {
-        let mut bits = self.vector as u64;
+impl From<IoRedTblEntry> for u64 {
+    fn from(entry: IoRedTblEntry) -> u64 {
+        let mut bits = entry.vector as u64;
 
-        bits |= (self.delivery_mode as u64) << 8;
-        bits |= (self.destination_mode as u64) << 11;
-        bits |= (self.delivery_status as u64) << 12;
-        bits |= (self.pin_polarity as u64) << 13;
+        bits |= (entry.delivery_mode as u64) << 8;
+        bits |= (entry.destination_mode as u64) << 11;
+        bits |= (entry.delivery_status as u64) << 12;
+        bits |= (entry.pin_polarity as u64) << 13;
 
-        if self.remote_irr {
+        if entry.remote_irr {
             bits |= 1 << 14;
         }
 
-        bits |= (self.trigger_mode as u64) << 15;
+        bits |= (entry.trigger_mode as u64) << 15;
 
-        if self.interrupt_mask {
+        if entry.interrupt_mask {
             bits |= 1 << 16;
         }
 
-        bits |= (self.destination as u64) << 56;
+        bits |= (entry.destination as u64) << 56;
         bits
     }
 }
@@ -657,16 +657,19 @@ mod test {
     #[test]
     fn ioredtblentry_roundtrip() {
         let all_edge = IOREDTBL_KNOWN_BITS_MASK ^ (1 << 15);
-        assert_eq!(all_edge, IoRedTblEntry::try_from(all_edge).unwrap().into());
+        assert_eq!(
+            all_edge,
+            u64::from(IoRedTblEntry::try_from(all_edge).unwrap())
+        );
 
         let all_level = IOREDTBL_KNOWN_BITS_MASK ^ 0x700;
         assert_eq!(
             all_level,
-            IoRedTblEntry::try_from(all_level).unwrap().into()
+            u64::from(IoRedTblEntry::try_from(all_level).unwrap())
         );
 
         let none = 0x00000000_00000000;
-        assert_eq!(none, IoRedTblEntry::try_from(none).unwrap().into());
+        assert_eq!(none, u64::from(IoRedTblEntry::try_from(none).unwrap()));
     }
 
     #[test]

mythril/src/ioapic.rs

@@ -2,6 +2,7 @@ use crate::acpi;
 use crate::ap;
 use crate::apic;
 use crate::boot_info::BootInfo;
+use crate::config;
 use crate::interrupt;
 use crate::ioapic;
 use crate::linux;
@@ -33,10 +34,9 @@ extern "C" {
     static IS_MULTIBOOT2_BOOT: u8;
 }
 
-// Temporary helper function to create a vm for a single core
-fn default_vm(
-    core: percore::CoreId,
-    mem: u64,
+// Temporary helper function to create a vm
+fn build_vm(
+    cfg: &config::UserVmConfig,
     info: &BootInfo,
     add_uart: bool,
 ) -> Arc<RwLock<vm::VirtualMachine>> {
@@ -52,8 +52,11 @@ fn default_vm(
         }
     };
 
-    let mut config =
-        vm::VirtualMachineConfig::new(vec![core], mem, physical_config);
+    let mut config = vm::VirtualMachineConfig::new(
+        cfg.cpus.clone(),
+        cfg.memory,
+        physical_config,
+    );
 
     let mut acpi = acpi::rsdp::RSDPBuilder::<[_; 1024]>::new(
         ManagedMap::Owned(BTreeMap::new()),
@@ -112,7 +115,7 @@ fn default_vm(
         .register_device(virtdev::pos::ProgrammableOptionSelect::new())
         .unwrap();
     device_map
-        .register_device(virtdev::rtc::CmosRtc::new(mem))
+        .register_device(virtdev::rtc::CmosRtc::new(cfg.memory))
         .unwrap();
 
     //TODO: this should actually be per-vcpu
@@ -141,24 +144,18 @@ fn default_vm(
         .expect("Failed to build ACPI tables");
 
     linux::load_linux(
-        "kernel",
-        "initramfs",
-        core::concat!(
-            "rodata=0 nopti disableapic ",
-            "earlyprintk=serial,0x3f8,115200 ",
-            "console=ttyS0 debug nokaslr noapic mitigations=off ",
-            "root=/dev/ram0 rdinit=/bin/sh\0"
-        )
-        .as_bytes(),
-        mem,
+        &cfg.kernel,
+        &cfg.initramfs,
+        cfg.cmdline.as_bytes(),
+        cfg.memory,
         &mut fw_cfg_builder,
         info,
     )
     .unwrap();
 
     device_map.register_device(fw_cfg_builder.build()).unwrap();
 
-    vm::VirtualMachine::new(core.raw, config, info)
+    vm::VirtualMachine::new(cfg.cpus[0].raw, config, info)
         .expect("Failed to create vm")
 }
 
@@ -254,21 +251,28 @@ unsafe fn kmain(mut boot_info: BootInfo) -> ! {
 
     let mut builder = vm::VirtualMachineBuilder::new();
 
-    for apic_id in apic_ids.iter() {
+    let raw_cfg = boot_info
+        .find_module("mythril.cfg")
+        .expect("Failed to find 'mythril.cfg' in boot information")
+        .data();
+
+    let mythril_cfg: config::UserConfig = serde_json::from_slice(&raw_cfg)
+        .expect("Failed to parse 'mythril.cfg'");
+
+    debug!("mythril.cfg: {:?}", mythril_cfg);
+
+    for (num, vm) in mythril_cfg.vms.into_iter().enumerate() {
         builder
-            .insert_machine(default_vm(
-                percore::CoreId::from(apic_id.raw),
-                256,
-                &boot_info,
-                apic_id.is_bsp(),
-            ))
+            .insert_machine(build_vm(&vm, &boot_info, num == 0))
             .expect("Failed to insert new vm");
     }
 
     vm::init_virtual_machines(builder.finalize());
 
     debug!("AP_STARTUP address: 0x{:x}", AP_STARTUP_ADDR);
 
+    //TODO(alschwalm): Only the cores that are actually associated with a VM
+    // should be started
     for (idx, apic_id) in apic_ids.into_iter().enumerate() {
         if apic_id == local_apic.id() {
             continue;

mythril/src/kmain.rs

@@ -28,7 +28,8 @@ pub mod ap;
 /// Support for the local APIC.
 pub mod apic;
 pub mod boot_info;
-
+/// User configuration format
+pub mod config;
 pub mod emulate;
 pub mod error;
 pub mod global_alloc;

mythril/src/lib.rs

@@ -5,6 +5,7 @@ menuentry 'Mythril' {
    echo	'Loading Mythril'
    acpi -2
    multiboot2 /boot/mythril.bin
+   module2 /boot/mythril.cfg mythril.cfg
    module2 /boot/vmlinuz kernel
    module2 /boot/initramfs initramfs
 }

scripts/grub.cfg

@@ -16,6 +16,7 @@ cp scripts/grub.cfg _isofiles/boot/grub/
 cp scripts/vmlinuz _isofiles/boot/vmlinuz
 cp scripts/initramfs _isofiles/boot/initramfs
 cp "$1" _isofiles/boot/mythril.bin
+cp scripts/mythril.cfg _isofiles/boot/mythril.cfg
 
 # Explicitly avoid using grub efi for now
 grub-mkrescue -d /usr/lib/grub/i386-pc -o os.iso _isofiles