[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is it time to start implementing Xen bindings for rust-vmm?


  • To: Alex Bennée <alex.bennee@xxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 14 Sep 2021 19:42:34 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/jvNcSqAoSjgZPWvDVhXor5ok7D0z6pQ9NRd4aZj5tI=; b=kuz1NkkdOQf8BQGV6mjrztFNw0zX5BTeKejcw1XJeggOtUnenZazI3R0Gseo3pIgHp2bl8sAqm1bV/HsfxQHzyDl+lBfLMkN3WYh1Ym7YhCfIRgZKQRdcApUIK4qk2z3gO3qohG6xfxF4VTpW2v1L8TY90ThioxDBnr0a06VuZ2juUaexwEId8OiTEhHHBdBgfclNnm6ZKgbqFLqN2Ob7F0OevPDz+3IFyeNwdz5V6sf1O5iOkGdeSo16SJouyAtdgoU1eGDALihuMJ1vsv9CrGfotjM2Q57Y40IL029YxWFg39ugkT+gIYQAxf87a9KoT4BHiEWWUGuVuFGeMrWhA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lKeA8jGULhnI/BfzO0c5rLLIVneHty2Ep2ofAZeUBvLoEhbKvWOAOEYmiLuM7dFuzlldQtraAt5axHlKpsUaGiHRjoMT6vOCN6CAQDqcIX4HF4AzOLEpvBevC+Btrw2BusQZU5XJ6WJ38/H4mdIZCMHUC9de9m3QVQY0iP+BkVCFYq5SH1rKNlseYzkeuIpRz1S/hG7LUYQzaAbw9DUNtEdTn3wNDWf8qUJlzP1GnhYeZDRG1n2jfyjLe1yjbUhBJo7twuzAXN2M3IFG3ScWBfAJ7+W0rp3UfM4zVjnlKA/+yGsGKJBlGGjh1ZeKaMLFzLrQTdfPOKUdYg5Q/Ahbvw==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>, Viresh Kumar <viresh.kumar@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "rust-vmm@xxxxxxxxxxxxxxxxx" <rust-vmm@xxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stratos Mailing List <stratos-dev@xxxxxxxxxxxxxxxxxxx>, Oleksandr Tyshchenko <olekstysh@xxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 14 Sep 2021 18:43:03 +0000
  • Ironport-data: A9a23:pmlzuKJr0Fbgj5+4FE+R6JMlxSXFcZb7ZxGr2PjKsXjdYENS1TEAz mYcXjjQPKuPYDfxett/YY+w9xkF7JKBmtZjS1NlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokcxIn5BC5C5xZVG/fjgqoHUVaiUZ0ideSc+EH140UM6x7Zj6mJVqYPR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyB94KYkDbOwNxPFrrx8RYZWc QphIIaRpQs19z91Yj+sfy2SnkciGtY+NiDW4pZatjTLbrGvaUXe345iXMfwZ3u7hB2lgflr0 88cr6eLFwoqLLXOp+MZeiBxRnQW0a1uoNcrIFC6uM2XiUbHb2Ht07NlC0Re0Y8wo7gtRzsUr LpBdW5LPkvra+GemdpXTsFFgMg5IdatF4QYonx6lhnSDOo8QICFSKLPjTNd9Gpq2ZofTamBD yYfQRdgPCrdPxFmBlQ4IpZ9juXyo1T/cyIN/Tp5ooJoujOOnWSdyoPFL979atGMA8JPkS6wv H/d4yHnBxQyMN2E1SHD9WqhgOPCg2X8Qo16PK218LtmjUOewkQXCQYKTh2rrP+hkEm8VtlDb UsO9UIGpKw/5AqhQ9/7UhCQpH+CtwQbHd1KHIUS7QiRyqvZ/kCBAWkeTzNbQNgnssYsQnotz FDht83oHzF0sPuWVHeU7J+QrDW7Iy9TKnUNDQcPRBEJ5NTLq4gpghXCCN1kFcadgtDwGBnxx S6Ltyk0g7gPjc8N2L6/9FqBiDWpzrDMRxQw7x/aXUqk6B14f4+vY4G06Vnd4u1EJYzfRV6E1 FAfh9KX8OcVSJ2AigSKWKAJHaq1/LCBMTvVm1kpGIMunxyq/3OgZpxB+zFWK0JgM8JCcjjsC GfIpQ5f7ZlUemC2ZKV6Z4awDcUC3ankFNL1EPvTa7JzjoNZLVHduns0PAjJgj6rwBNEfbwD1 YmzXdiFF20AWL5c92S7RPUF04AswgkH7DaGLXzk9ChLwYZydVbMF+xcbQrRMb5ghE+XiF6Kq IcEbqNm3z0aCbenM3eNqeb/OHhXdSBTOHzglyBAmgdvyCJdEWc9Arf6xbo7cuSJdIwEy7+Vo hlRtqJeoWcTZEEryy3RMRiPi5u1BP6TSE7X2wR2Yz5EPFB5Pe6SAF83LcdfQFXe3LULIQRIo xw5lyOoWKUnptPvoG91UHUAhNY6KETDafymZnL4CNTAQ3KQb1OQoYK1Fuce3AIPEjC2paMDT 06Ij1iAKafvsz9KVZ6MANr2lgvZlSFExIpaAhuZSvEOKR6E2NU7dETMYgoffphkxePrnWDBi W57wH4w+IHwnmPC2IKV3PvV89jwSLIW84gzNzCz0Ita/BLypwKL6YRBTPyJbXbaUmb187+lf uJb07f3N/hvobqAm9MU/29Dwf1s6t3xiaVdywg4TnzHY07yUuFrI2Wc3NkJvapIn+cLtQyzU 0OJ299bJbTWZ5+1TA9PfFIoPraZyPUZujjO9vBpck/00zB6oeicWkJIMhjS1CEEdOlpMJkoy PsKsdIN71DtkQIjN9uL13gG92mFInEafb8gs5UWXN3ihgYxkwkQap3AEC7mppqIbowUYEUtJ zaVgovEhqhdmRWeIyZiSyCV0LME15oUuR1MwFsTHHizm4LI1q0twRlc0TUrVQAJnB9J5P1+Z zpwPEpvKKTQozox3JpfX3qhEh1qDQGC/hCj0EMAkWDUQhX6VmHJK2Fha++B8FpArjBZdzlfu rqZ1HzkQXDhe8Sohnk+XktsqvrCS91t91KdxJD7TprdR5RqMyD4hqKOZHYTr0q1CMw8s0TLu O128bsicqb8LyMR//U2BoTyOW78k/xYyLiumc1cwZ4=
  • Ironport-hdrordr: A9a23:VHadHaHOfrlqKWIlpLqFeJHXdLJyesId70hD6qkvc3Nom52j+/ xGws536faVslcssHFJo6HkBEDyewKiyXcT2/hsAV7CZniahILMFu9fBOTZskXd8kHFh4lgPO JbAtJD4b7LfChHZKTBkXCF+r8bqbHtmsDY5pas854ud3APV0gJ1XYJNu/xKDwReOApP+taKH PR3Ls9m9L2Ek5nEPhTS0N1EtTrlpnurtbLcBQGDxko5E2nii6p0qfzF1y90g0FWz1C7L8++S yd+jaJqZmLgrWe8FvxxmXT55NZlJ/IzcZCPtWFjowwJi/3ggilSYx9U/mpvSwzosuo9FE2+e O87ysIDoBW0Tf8b2u1qRzi103J1ysv0WbrzRuijX7qsaXCNXoHIvsEobgcXgrS6kImst05+r lMxXilu51eCg6FtDjh5vDTPisa1nackD4Hq6o+nnZfWYwRZPt6tooE5n5YF58GAWbT9J0nKu 9zF8vRjcwmMG9yV0qp/FWH/ebcG0jaRny9Mww/U42uonZrdUlCvgglLJd1pAZGyHo/I6M0rt gsfJ4Y0o2mdfVmGJ6VMt1xN/dfOla9My4kD1jiVWgPNJt3cE4l+KSHqonc2omRCes1Jd0J6c 38bG8=
  • Ironport-sdr: 6sjF8AzFtevgUfDVSvNxXKIcVYvBzHgsclBvj4RQ0Jde8Q0e5GotGtXyX7k431i++OzU76r2Og Rq5lfb9fuPdR7V5bIUtimGn2P3FKRcPoY5ocU7Yb2EYzUwR9H4JSBjXtV1BTv6SPY8hvz9wbxj hFzqnH3n0TdyLNFLVsF0aLC+chjizymVYKVcVN3iYJihImHsZxUsNHtn+hiBdxvfQJmtis7S29 WdUatjU5y7TaQLUHMPf5JLtIh4rRz02SCTZJoq8QOc2cdsGG8G7/RxiG/xR3XjTlqiC84d4MV8 Q0R/gaFmP8xE3KDPMYiStYqd
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14/09/2021 15:44, Alex Bennée wrote:
> Andrew Cooper <andrew.cooper3@xxxxxxxxxx> writes:
>
>> On 13/09/2021 13:44, Alex Bennée wrote:
>>> Hi,
>>>
>>> As we consider the next cycle for Project Stratos I would like to make
>>> some more progress on hypervisor agnosticism for our virtio backends.
>>> While we have implemented a number of virtio vhost-user backends using C
>>> we've rapidly switched to using rust-vmm based ones for virtio-i2c,
>>> virtio-rng and virtio-gpio. Given the interest in Rust for implementing
>>> backends does it make sense to do some enabling work in rust-vmm to
>>> support Xen?
>>>
>>> There are two chunks of work I can think of:
>>>
>>>   1. Enough of libxl/hypervisor interface to implement an IOREQ end point.
>> No libxl here at all.
>>
>> As of Xen 4.15, there are enough stable interfaces to implement simple
>> IOERQ servers.
>>
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fxapi-project%2Fvarstored%2Fcommit%2Ffde707c59f7a189e1d4e97c1a4ee1a2d0c378ad1&amp;data=04%7C01%7CAndrew.Cooper3%40citrix.com%7C08a3fe14704a4d6888cf08d9778ee5b2%7C335836de42ef43a2b145348c2ee9ca5b%7C0%7C0%7C637672277905441489%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=%2B1pKhIuqzCGkgYD4snd6jnxjoEJzrCgUdol%2FfA2kwOk%3D&amp;reserved=0
>> was the commit where I removed the final unstable interface from
>> varstored (terrible name) which is a dom0 backend for UEFI secure
>> variable handling.  As such, it also serves as a (not totally simple)
>> reference of an IOERQ server.
>>
>>
>> There are a few bits and pieces of rust going on within Xen, and a whole
>> load of plans.  Also, there is a lot of interest from other downstreams
>> in being able to write Rust backends.
>>
>> We've got a placeholder xen and xen-sys crates, and placeholder work for
>> supporting cross-compile as x86 PV and PVH stubdomains.
> Are these in the rust-vmm project is elsewhere?

https://crates.io/crates/xen-sys

When I say placeholder, I really do mean placeholder.

To start this work meaningfully, we'd want to make a repo (or several)
in the xen-project organisation on github or gitlab (we have both, for
reasons), and set these as the upstream of the xen and xen-sys crates.

>> The want to have a simple IOREQ server compiled either as a dom0
>> backend, or as a PV or PVH stubdomains influences some of the design
>> decisions early on, but they're all no-brainers for the longevity of the
>> work.
> Just to clarify nomenclature is a PVH stubdomain what I'm referring to
> as a bare metal backend, i.e: a unikernel or RTOS image that implements
> the backend without having to transition between some sort of userspace
> and it's supporting kernel?

I think so, yes, although calling it "bare metal" seems misleading for
something which is a VM targetted at a specific hypervisor...


>> I started work on trying to reimplement varstored entirely in Rust as a
>> hackathon project, although ran out of time trying to make hypercall
>> buffers work (there is a bug with Box and non-global allocators causing
>> rustc to hit an assert().  In the short term, we'll have to implement
>> hypercall buffers in a slightly more irritating way).
>>
>> Furthermore, stick to the stable hypercalls only.  Xen's C libraries are
>> disaster for cross-version compatibility, and you absolutely do not want
>> to recompile your rust program just to run it against a different
>> version of the hypervisor.  The plan is to start with simple IOREQ
>> servers, which are on fully stable interfaces, then stabilise further
>> hypercalls as necessary to expand functionality.
> Are the hypercalls mediated by a kernel layer or are you making direct
> HVC calls (on ARM) to the hypervisor from userspace?

For a dom0 backends irrespective of architecture, you need to issue
ioctl()'s on the appropriate kernel device.

For a PV/PVH stubdom, you should make a call into the hypercall_page
https://xenbits.xen.org/docs/latest/guest-guide/x86/hypercall-abi.html
because Intel and AMD used different instructions for their equivalent
of HVC.

ARM doesn't have the hypercall page ABI, so I'd expect the hypercall
implementation to expand to HVC directly.


In terms of rust APIs, we'd want a crate which has target-specific
implementations so the caller need not worry about the implementation
details in the common case.

>
> Where would I look in the Xen code to find the hypercalls that are
> considered stable and won't change between versions?

I'm afraid that's mostly in developers heads right now.

For a first pass, you can look for __XEN_TOOLS__  (This is mis-named,
and ought to be called __XEN_UNSTABLE_INTERFACE__, because...) but be
aware that some things currently tagged __XEN_TOOLS__ are incorrect and
are in fact stable.

As a first pass, assume everything is unstable.  The things contained
within libxendevicemodel and libxenforeignmem are stable and were
specifically made so to try and get simple IOREQ server functionality
done and stable.

Almost everything else, particularly concerning the toolstack
operations, is unstable.  There is 15 years of organic growth and
dubious decisions here, and they need unpicking carefully.  We've got
some hypercalls which look like they're unstable, but are actually
stable (as they were exposed to guests), and therefore have ridiculous
interfaces.

The "ABI v2" work is massive and complicated, and picking at some of the
corners based on "what is needed to make new $FOO work" is a good way to
make some inroads.

>> It's high time the Xen Rust working group (which has been talked about
>> for several years now) actually forms...
> Indeed part of the purpose of this email was to smoke out those who are
> interested in the intersection of Xen, Rust and VirtIO ;-)

The conversation has come up quite a few times in the past, but mostly
by people who are also busy with other things.

~Andrew




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.