From nobody Tue Oct 18 06:03:18 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ms3FM1ZqHz4g8HZ; Tue, 18 Oct 2022 06:03:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ms3FM0x24z3cRt; Tue, 18 Oct 2022 06:03:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666072999; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b8by88GD/n2EiW4idd6vIrXpmDlXZ1H0CUVRQXIlEVU=; b=eVEZEZ6FqL1PhITnEwBtFLVom2rE0lSnoPNcm/8mp6ntQWr//Dk4IuVZ3LNFPc819v8a9t votRUfnGBKmmRr4o8aDLfFVNUhcDJu37BTQ8D3pZLxhVVYGzPuoka9YuQvu0D3TZgosj6F tyb5Mv6LkR+NjfRWZzFMRn4bf3H3Lr8tEPNuSIarACMrxlWtW07dlmMRez4eY8WbveBc8J wov5Sk6mhDYc6gRzwppp6yDrJy5a+XwapbZun9U18XQ6sspUe0/idyKhP5gzVpK6f2dxrb GN3EWUx0APe5hR2F2sbP7MsUYQSijtHrqKi7Q/017PlUHJuCjHA8CG470WYvlg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ms3FL6wx0z1533; Tue, 18 Oct 2022 06:03:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 29I63IZ9097591; Tue, 18 Oct 2022 06:03:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 29I63ITF097590; Tue, 18 Oct 2022 06:03:18 GMT (envelope-from git) Date: Tue, 18 Oct 2022 06:03:18 GMT Message-Id: <202210180603.29I63ITF097590@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Colin Percival Subject: git: 469ad8603127 - main - amd64: Add FIRECRACKER kernel configuration List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 469ad8603127bf8fea094d47223ccb3d0a3481cd Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666072999; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b8by88GD/n2EiW4idd6vIrXpmDlXZ1H0CUVRQXIlEVU=; b=vxF5fa3n0m6rGCNikqvgmXap38T4q94fSO1UV6tpknuIEXY1zeWYwXALaHygiBe59/YkQF 3KBSwxQUblH15hhPoNZcFRiggPFT8VtMoV4L2TuMONeeXfVEI2j0uaim5q0oA72bTi++Yf phLZbagUmAI0gQ6+14z3G0NeN9EwrGVTgYtVtDLc8J84NETUtOegDp6xmvEfdCEOoMFnWW cmVqUywHEx29waon0x4IL9g1EFBA2tXFU+P6srxwIIPxkDcVBfrVlFo1KSB1dCXNTKnw1a RADunX5ybgxBTB5ctfs+dwEo4e88mPRXWP2cmvocgs5I3Yp+fWuRtx8Dt7G4wg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1666072999; a=rsa-sha256; cv=none; b=iA1vORWePWi9g7Yeo3DDkEJGR94HZ0XDOiuizOxI2EvbidUhKn823To43LYSUC7NkjcEG2 RC+fz3rt9ktpfNg9JcfToA7h97fTJSiUQn3TFMWaP5KzqmD35VtqgS486gFXD5J0hhqOjV +kEFxffftSGwTL1s/PWgCW/b73E6upFY/gyC8HWkKl/3OT3SXESN19C8qzG7B9L0lvVk/Z sZYmyHYUUa0zH2Ba7qaSsS+CYtBJn+adqobgzr7xTLZy/Cbe2IvDAy25YMbkGXZYZ4cPPn KaG9FlUgTCNu87eiPMHpDdhLRdWgqXOv4QUt0M4/ujBcq/BUfmEga4y/wMjWZg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=469ad8603127bf8fea094d47223ccb3d0a3481cd commit 469ad8603127bf8fea094d47223ccb3d0a3481cd Author: Colin Percival AuthorDate: 2022-09-22 22:54:09 +0000 Commit: Colin Percival CommitDate: 2022-10-18 06:02:22 +0000 amd64: Add FIRECRACKER kernel configuration This kernel configuration supports the Firecracker VMM environment. Relnotes: FreeBSD can now run inside the Firecracker VMM via the amd64 FIRECRACKER kernel configuration. Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D36672 --- sys/amd64/conf/FIRECRACKER | 197 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 197 insertions(+) diff --git a/sys/amd64/conf/FIRECRACKER b/sys/amd64/conf/FIRECRACKER new file mode 100644 index 000000000000..0ee5c93fe458 --- /dev/null +++ b/sys/amd64/conf/FIRECRACKER @@ -0,0 +1,197 @@ +# +# FIRECRACKER -- kernel configuration file for Firecracker VM +# +# This is largely a stripped-down version of the GENERIC kernel configuration +# file, without drivers for hardware which will never appear inside the +# Firecracker VM environment. It adds support for the Virtio MMIO bus, +# which Firecracker uses for exposing devices, and legacy mptable, which +# Firecracker uses for exposing information about CPUs (since it doesn't +# support ACPI). +# +# Since Firecracker loads the kernel directly via the PVH boot protocol, +# it bypasses the boot loader; some environment variables are hard-coded +# here which would normally be provided via device hints or loader.conf. +# +# For more information about the Firecracker VM, see: +# +# https://firecracker-microvm.github.io/ + +cpu HAMMER +ident FIRECRACKER + +makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols +makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support + +options SCHED_ULE # ULE scheduler +options NUMA # Non-Uniform Memory Architecture support +options PREEMPTION # Enable kernel thread preemption +options VIMAGE # Subsystem virtualization, e.g. VNET +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE_MPATH # Multipath routing support +options FIB_ALGO # Modular fib lookups +options TCP_OFFLOAD # TCP offload +options TCP_BLACKBOX # Enhanced TCP event logging +options TCP_HHOOK # hhook(9) framework for TCP +options TCP_RFC7413 # TCP Fast Open +options SCTP_SUPPORT # Allow kldload of SCTP +options KERN_TLS # TLS transmit & receive offload +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options UFS_ACL # Support for access control lists +options UFS_DIRHASH # Improve performance on big directories +options UFS_GJOURNAL # Enable gjournal-based UFS journaling +options QUOTA # Enable disk quotas for UFS +options MD_ROOT # MD is a potential root device +options NFSCL # Network Filesystem Client +options NFSD # Network Filesystem Server +options NFSLOCKD # Network Lock Manager +options NFS_ROOT # NFS usable as /, requires NFSCL +options MSDOSFS # MSDOS Filesystem +options CD9660 # ISO 9660 Filesystem +options PROCFS # Process filesystem (requires PSEUDOFS) +options PSEUDOFS # Pseudo-filesystem framework +options TMPFS # Efficient memory filesystem +options GEOM_RAID # Soft RAID functionality. +options GEOM_LABEL # Provides labelization +options EFIRT # EFI Runtime Services support +options COMPAT_FREEBSD32 # Compatible with i386 binaries +options COMPAT_FREEBSD4 # Compatible with FreeBSD4 +options COMPAT_FREEBSD5 # Compatible with FreeBSD5 +options COMPAT_FREEBSD6 # Compatible with FreeBSD6 +options COMPAT_FREEBSD7 # Compatible with FreeBSD7 +options COMPAT_FREEBSD9 # Compatible with FreeBSD9 +options COMPAT_FREEBSD10 # Compatible with FreeBSD10 +options COMPAT_FREEBSD11 # Compatible with FreeBSD11 +options COMPAT_FREEBSD12 # Compatible with FreeBSD12 +options COMPAT_FREEBSD13 # Compatible with FreeBSD13 +options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI +options KTRACE # ktrace(1) support +options STACK # stack(9) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) +options AUDIT # Security event auditing +options CAPABILITY_MODE # Capsicum capability mode +options CAPABILITIES # Capsicum capabilities +options MAC # TrustedBSD MAC Framework +options KDTRACE_FRAME # Ensure frames are compiled in +options KDTRACE_HOOKS # Kernel DTrace hooks +options DDB_CTF # Kernel ELF linker loads CTF data +options INCLUDE_CONFIG_FILE # Include this file in kernel +options RACCT # Resource accounting framework +options RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default +options RCTL # Resource limits + +# Debugging support. Always need this: +options KDB # Enable kernel debugger support. +options KDB_TRACE # Print a stack trace for a panic. +# For full debugger support use (turn off in stable branch): +options BUF_TRACKING # Track buffer history +options DDB # Support DDB. +options FULL_BUF_TRACKING # Track more buffer history +options GDB # Support remote GDB. +options DEADLKRES # Enable the deadlock resolver +options INVARIANTS # Enable calls of extra sanity checking +options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS +options QUEUE_MACRO_DEBUG_TRASH # Trash queue(2) internal pointers on invalidation +options WITNESS # Enable checks to detect deadlocks and cycles +options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed +options MALLOC_DEBUG_MAXZONES=8 # Separate malloc(9) zones +options VERBOSE_SYSINIT=0 # Support debug.verbose_sysinit, off by default + +# Kernel dump features. +options EKCD # Support for encrypted kernel dumps +options GZIO # gzip-compressed kernel and user dumps +options ZSTDIO # zstd-compressed kernel and user dumps +options DEBUGNET # debugnet networking +options NETDUMP # netdump(4) client support +options NETGDB # netgdb(4) client support + +# Make an SMP-capable kernel by default +options SMP # Symmetric MultiProcessor Kernel +options EARLY_AP_STARTUP + +# Pseudo devices. +device crypto # core crypto support +device aesni # AES-NI OpenCrypto module +device loop # Network loopback +device rdrand_rng # Intel Bull Mountain RNG +device ether # Ethernet support +device vlan # 802.1Q VLAN support +device tuntap # Packet tunnel. +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +device firmware # firmware assist module +device xz # lzma decompression +device bpf # Berkeley packet filter + +# Serial (COM) ports +device uart # Generic UART driver + +# VirtIO support +device virtio # Generic VirtIO bus (required) +device virtio_mmio # VirtIO MMIO bus +device vtnet # VirtIO Ethernet device +device virtio_blk # VirtIO Block device + +# Linux KVM paravirtualization support +device kvm_clock # KVM paravirtual clock driver + +# Netmap provides direct access to TX/RX rings on supported NICs +device netmap # netmap(4) support + +# Firecracker exposes information via the legacy MP Table mechanism +# rather than via ACPI (which it does not implement). +device mptable + +# Firecracker launches the FreeBSD kernel directly, via the PVH boot +# protocol, rather than via the boot loader; as such, we need to bake +# device hints into the kernel configuration rather than relying on +# device.hints being loaded, and likewise have no loader.conf to place +# other settings into. +envvar hint.uart.0.at="isa" +envvar hint.uart.0.port="0x3F8" +envvar hint.uart.0.flags="0x10" +envvar hint.uart.0.irq="0x4" +envvar hint.acpi.0.disabled="1" + +# Inside a VM, "power off" doesn't really yank the AC power, so there's +# no need to worry about disks flushing caches before losing power. +envvar kern.shutdown.poweroff_delay="0" + +# Firecracker seems to have a bug in its UART emulation. This works +# around the problem. +envvar hw.broken_txfifo="1" + +# We don't have an early timecounter to calibrate the TSC against, so +# skip that; later in the boot process we have other timecounters. +envvar machdep.disable_tsc_calibration="1" + +# Provide bug-for-bug compatiblity with Linux in MP Table searching +# and parsing. Firecracker relies on these bugs. +options MPTABLE_LINUX_BUG_COMPAT + +# Disable the automatic registration of a PCI bridge; we do in fact +# not have one. +options NO_LEGACY_PCIB + +# Bus support. +# Note that Firecracker provides neither ACPI nor PCI; but removing these +# devices currently (2022-07-09) prevents the kernel from building. +device acpi +device pci + +# Xen HVM Guest Optimizations +# NOTE: XENHVM depends on xenpci and xentimer. +# They must be added or removed together. +# NOTE: These are present in FIRECRACKER because the PVH boot method +# originates from Xen; once that code is untangled these can be removed. +options XENHVM # Xen HVM kernel infrastructure +device xenpci # Xen HVM Hypervisor services driver +device xentimer # Xen x86 PV timer device