!130 Introduce RISC-V MicroVM

From: @heruoqing 
Reviewed-by: @Jingwiw, @kevinzhu1 
Signed-off-by: @Jingwiw, @kevinzhu1

0001-Micro-fix-the-ioctl-allow-for-aarch64.patch

@@ -0,0 +1,44 @@
+diff --git a/machine/src/aarch64/micro.rs b/machine/src/aarch64/micro.rs
+index d7e1b1d..42e9171 100644
+--- a/machine/src/aarch64/micro.rs
++++ b/machine/src/aarch64/micro.rs
+@@ -235,6 +235,7 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_ONE_REG() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_DEVICE_ATTR() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_REG_LIST() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_ONE_REG() as u32)
+ }
+ 
+ pub(crate) fn arch_syscall_whitelist() -> Vec<BpfRule> {
+diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs
+index fe03164..6ae9a56 100644
+--- a/machine/src/micro_common/syscall.rs
++++ b/machine/src/micro_common/syscall.rs
+@@ -86,6 +86,7 @@ pub fn syscall_whitelist() -> Vec<BpfRule> {
+         BpfRule::new(libc::SYS_accept4),
+         BpfRule::new(libc::SYS_lseek),
+         futex_rule(),
++        BpfRule::new(libc::SYS_clone),
+         BpfRule::new(libc::SYS_exit),
+         BpfRule::new(libc::SYS_exit_group),
+         BpfRule::new(libc::SYS_rt_sigreturn),
+@@ -158,6 +159,7 @@ fn ioctl_allow_list() -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_API_VERSION() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);
+     arch_ioctl_allow_list(bpf_rule)
+ }
+diff --git a/machine/src/x86_64/micro.rs b/machine/src/x86_64/micro.rs
+index d8fb92e..7b4e08e 100644
+--- a/machine/src/x86_64/micro.rs
++++ b/machine/src/x86_64/micro.rs
+@@ -238,7 +238,6 @@ pub(crate) fn arch_ioctl_allow_list(bpf_rule: BpfRule) -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_LAPIC() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MSRS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MSRS() as u32)
+-        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CPUID2() as u32)
+ }
+ 

0002-snapshot-bugfix-VM-run-failed-from-memory-snapshot.patch

@@ -0,0 +1,302 @@
+From 3a5ef152b5e803998e6ec5a1e7172c01fcce8bcf Mon Sep 17 00:00:00 2001
+From: l00484210 <l00484210@notesmail.huawei.com/>
+Date: Wed, 11 Dec 2024 20:23:47 +0800
+Subject: [PATCH] snapshot: bugfix VM run failed from memory snapshot
+
+The kernel does not need to be loaded for snapshot restoration.
+
+Signed-off-by: Mingwang Li <limingwang@huawei.com>
+---
+ cpu/src/lib.rs                     | 22 ++++++++-------
+ cpu/src/x86_64/mod.rs              |  2 +-
+ devices/src/acpi/cpu_controller.rs |  4 +--
+ machine/src/aarch64/micro.rs       | 40 +++++++++++++++------------
+ machine/src/aarch64/standard.rs    | 44 ++++++++++++++++++------------
+ machine/src/lib.rs                 |  2 +-
+ machine/src/x86_64/micro.rs        |  9 ++++--
+ machine/src/x86_64/standard.rs     | 13 +++++++--
+ 8 files changed, 83 insertions(+), 53 deletions(-)
+
+diff --git a/cpu/src/lib.rs b/cpu/src/lib.rs
+index 7a11629..7698132 100644
+--- a/cpu/src/lib.rs
++++ b/cpu/src/lib.rs
+@@ -118,7 +118,7 @@ pub trait CPUInterface {
+     /// Realize `CPU` structure, set registers value for `CPU`.
+     fn realize(
+         &self,
+-        boot: &CPUBootConfig,
++        boot: &Option<CPUBootConfig>,
+         topology: &CPUTopology,
+         #[cfg(target_arch = "aarch64")] features: &CPUFeatures,
+     ) -> Result<()>;
+@@ -310,7 +310,7 @@ impl CPU {
+ impl CPUInterface for CPU {
+     fn realize(
+         &self,
+-        boot: &CPUBootConfig,
++        boot: &Option<CPUBootConfig>,
+         topology: &CPUTopology,
+         #[cfg(target_arch = "aarch64")] config: &CPUFeatures,
+     ) -> Result<()> {
+@@ -323,14 +323,16 @@ impl CPUInterface for CPU {
+             ))));
+         }
+
+-        self.hypervisor_cpu
+-            .set_boot_config(
+-                self.arch_cpu.clone(),
+-                boot,
+-                #[cfg(target_arch = "aarch64")]
+-                config,
+-            )
+-            .with_context(|| "Failed to realize arch cpu")?;
++        if let Some(boot) = boot {
++            self.hypervisor_cpu
++                .set_boot_config(
++                    self.arch_cpu.clone(),
++                    boot,
++                    #[cfg(target_arch = "aarch64")]
++                    config,
++                )
++                .with_context(|| "Failed to realize arch cpu")?;
++        }
+
+         self.arch_cpu
+             .lock()
+diff --git a/cpu/src/x86_64/mod.rs b/cpu/src/x86_64/mod.rs
+index 0a8ad16..acb6fb2 100644
+--- a/cpu/src/x86_64/mod.rs
++++ b/cpu/src/x86_64/mod.rs
+@@ -75,7 +75,7 @@ pub enum X86RegsIndex {
+
+ /// X86 CPU booting configure information
+ #[allow(clippy::upper_case_acronyms)]
+-#[derive(Default, Clone, Debug)]
++#[derive(Default, Clone, Debug, Copy)]
+ pub struct X86CPUBootConfig {
+     pub prot64_mode: bool,
+     /// Register %rip value
+diff --git a/devices/src/acpi/cpu_controller.rs b/devices/src/acpi/cpu_controller.rs
+index 1259e8d..73f2601 100644
+--- a/devices/src/acpi/cpu_controller.rs
++++ b/devices/src/acpi/cpu_controller.rs
+@@ -157,8 +157,8 @@ impl CpuController {
+         None
+     }
+
+-    pub fn get_boot_config(&self) -> &CPUBootConfig {
+-        &self.cpu_config.as_ref().unwrap().boot_config
++    pub fn get_boot_config(&self) -> CPUBootConfig {
++        self.cpu_config.as_ref().unwrap().boot_config
+     }
+
+     pub fn get_hotplug_cpu_info(&self) -> (String, u8) {
+diff --git a/machine/src/aarch64/micro.rs b/machine/src/aarch64/micro.rs
+index 42e9171..3e7cf38 100644
+--- a/machine/src/aarch64/micro.rs
++++ b/machine/src/aarch64/micro.rs
+@@ -20,7 +20,7 @@ use address_space::{AddressSpace, GuestAddress, Region};
+ use cpu::CPUTopology;
+ use devices::{legacy::PL031, ICGICConfig, ICGICv2Config, ICGICv3Config, GIC_IRQ_MAX};
+ use hypervisor::kvm::aarch64::*;
+-use machine_manager::config::{SerialConfig, VmConfig};
++use machine_manager::config::{MigrateMode, SerialConfig, VmConfig};
+ use migration::{MigrationManager, MigrationStatus};
+ use util::{
+     device_tree::{self, CompileFDT, FdtBuilder},
+@@ -160,8 +160,12 @@ impl MachineOps for LightMachine {
+             vm_config.machine_config.nr_cpus,
+         )?;
+
+-        let boot_config =
+-            locked_vm.load_boot_source(None, MEM_LAYOUT[LayoutEntryType::Mem as usize].0)?;
++        let migrate_info = locked_vm.get_migrate_info();
++        let boot_config = if migrate_info.0 == MigrateMode::Unknown {
++            Some(locked_vm.load_boot_source(None, MEM_LAYOUT[LayoutEntryType::Mem as usize].0)?)
++        } else {
++            None
++        };
+         let cpu_config = locked_vm.load_cpu_features(vm_config)?;
+
+         let hypervisor = locked_vm.base.hypervisor.clone();
+@@ -186,20 +190,22 @@ impl MachineOps for LightMachine {
+         locked_vm.add_devices(vm_config)?;
+         trace::replaceable_info(&locked_vm.replaceable_info);
+
+-        let mut fdt_helper = FdtBuilder::new();
+-        locked_vm
+-            .generate_fdt_node(&mut fdt_helper)
+-            .with_context(|| MachineError::GenFdtErr)?;
+-        let fdt_vec = fdt_helper.finish()?;
+-        locked_vm
+-            .base
+-            .sys_mem
+-            .write(
+-                &mut fdt_vec.as_slice(),
+-                GuestAddress(boot_config.fdt_addr),
+-                fdt_vec.len() as u64,
+-            )
+-            .with_context(|| MachineError::WrtFdtErr(boot_config.fdt_addr, fdt_vec.len()))?;
++        if let Some(boot_cfg) = boot_config {
++            let mut fdt_helper = FdtBuilder::new();
++            locked_vm
++                .generate_fdt_node(&mut fdt_helper)
++                .with_context(|| MachineError::GenFdtErr)?;
++            let fdt_vec = fdt_helper.finish()?;
++            locked_vm
++                .base
++                .sys_mem
++                .write(
++                    &mut fdt_vec.as_slice(),
++                    GuestAddress(boot_cfg.fdt_addr),
++                    fdt_vec.len() as u64,
++                )
++                .with_context(|| MachineError::WrtFdtErr(boot_cfg.fdt_addr, fdt_vec.len()))?;
++        }
+
+         MigrationManager::register_vm_instance(vm.clone());
+         MigrationManager::register_migration_instance(locked_vm.base.migration_hypervisor.clone());
+diff --git a/machine/src/aarch64/standard.rs b/machine/src/aarch64/standard.rs
+index 8544a2b..416298a 100644
+--- a/machine/src/aarch64/standard.rs
++++ b/machine/src/aarch64/standard.rs
+@@ -606,8 +606,16 @@ impl MachineOps for StdMachine {
+             .with_context(|| MachineError::InitPCIeHostErr)?;
+         let fwcfg = locked_vm.add_fwcfg_device(nr_cpus)?;
+
+-        let boot_config = locked_vm
+-            .load_boot_source(fwcfg.as_ref(), MEM_LAYOUT[LayoutEntryType::Mem as usize].0)?;
++        let migrate = locked_vm.get_migrate_info();
++        let boot_config =
++            if migrate.0 == MigrateMode::Unknown {
++                Some(locked_vm.load_boot_source(
++                    fwcfg.as_ref(),
++                    MEM_LAYOUT[LayoutEntryType::Mem as usize].0,
++                )?)
++            } else {
++                None
++            };
+         let cpu_config = locked_vm.load_cpu_features(vm_config)?;
+
+         let hypervisor = locked_vm.base.hypervisor.clone();
+@@ -632,21 +640,23 @@ impl MachineOps for StdMachine {
+             .add_devices(vm_config)
+             .with_context(|| "Failed to add devices")?;
+
+-        let mut fdt_helper = FdtBuilder::new();
+-        locked_vm
+-            .generate_fdt_node(&mut fdt_helper)
+-            .with_context(|| MachineError::GenFdtErr)?;
+-        let fdt_vec = fdt_helper.finish()?;
+-        locked_vm.dtb_vec = fdt_vec.clone();
+-        locked_vm
+-            .base
+-            .sys_mem
+-            .write(
+-                &mut fdt_vec.as_slice(),
+-                GuestAddress(boot_config.fdt_addr),
+-                fdt_vec.len() as u64,
+-            )
+-            .with_context(|| MachineError::WrtFdtErr(boot_config.fdt_addr, fdt_vec.len()))?;
++        if let Some(boot_cfg) = boot_config {
++            let mut fdt_helper = FdtBuilder::new();
++            locked_vm
++                .generate_fdt_node(&mut fdt_helper)
++                .with_context(|| MachineError::GenFdtErr)?;
++            let fdt_vec = fdt_helper.finish()?;
++            locked_vm.dtb_vec = fdt_vec.clone();
++            locked_vm
++                .base
++                .sys_mem
++                .write(
++                    &mut fdt_vec.as_slice(),
++                    GuestAddress(boot_cfg.fdt_addr),
++                    fdt_vec.len() as u64,
++                )
++                .with_context(|| MachineError::WrtFdtErr(boot_cfg.fdt_addr, fdt_vec.len()))?;
++        }
+
+         // If it is direct kernel boot mode, the ACPI can not be enabled.
+         if let Some(fw_cfg) = fwcfg {
+diff --git a/machine/src/lib.rs b/machine/src/lib.rs
+index 6c13c03..c1c0c22 100644
+--- a/machine/src/lib.rs
++++ b/machine/src/lib.rs
+@@ -465,7 +465,7 @@ pub trait MachineOps {
+         nr_cpus: u8,
+         #[cfg(target_arch = "x86_64")] max_cpus: u8,
+         topology: &CPUTopology,
+-        boot_cfg: &CPUBootConfig,
++        boot_cfg: &Option<CPUBootConfig>,
+         #[cfg(target_arch = "aarch64")] vcpu_cfg: &CPUFeatures,
+     ) -> Result<Vec<Arc<CPU>>>
+     where
+diff --git a/machine/src/x86_64/micro.rs b/machine/src/x86_64/micro.rs
+index 7b4e08e..77ea440 100644
+--- a/machine/src/x86_64/micro.rs
++++ b/machine/src/x86_64/micro.rs
+@@ -22,7 +22,7 @@ use cpu::{CPUBootConfig, CPUTopology};
+ use devices::legacy::FwCfgOps;
+ use hypervisor::kvm::x86_64::*;
+ use hypervisor::kvm::*;
+-use machine_manager::config::{SerialConfig, VmConfig};
++use machine_manager::config::{MigrateMode, SerialConfig, VmConfig};
+ use migration::{MigrationManager, MigrationStatus};
+ use util::seccomp::{BpfRule, SeccompCmpOpt};
+ use virtio::VirtioMmioDevice;
+@@ -174,7 +174,12 @@ impl MachineOps for LightMachine {
+         locked_vm.add_devices(vm_config)?;
+         trace::replaceable_info(&locked_vm.replaceable_info);
+
+-        let boot_config = locked_vm.load_boot_source(None)?;
++        let migrate_info = locked_vm.get_migrate_info();
++        let boot_config = if migrate_info.0 == MigrateMode::Unknown {
++            Some(locked_vm.load_boot_source(None)?)
++        } else {
++            None
++        };
+         let hypervisor = locked_vm.base.hypervisor.clone();
+         locked_vm.base.cpus.extend(<Self as MachineOps>::init_vcpu(
+             vm.clone(),
+diff --git a/machine/src/x86_64/standard.rs b/machine/src/x86_64/standard.rs
+index 790e542..3aac836 100644
+--- a/machine/src/x86_64/standard.rs
++++ b/machine/src/x86_64/standard.rs
+@@ -371,7 +371,7 @@ impl StdMachineOps for StdMachine {
+                 hypervisor,
+                 self.base.cpu_topo.max_cpus,
+             )?;
+-            vcpu.realize(boot_cfg, topology).with_context(|| {
++            vcpu.realize(&Some(boot_cfg), topology).with_context(|| {
+                 format!(
+                     "Failed to realize arch cpu register/features for CPU {}",
+                     vcpu_id
+@@ -559,7 +559,12 @@ impl MachineOps for StdMachine {
+         locked_vm.add_devices(vm_config)?;
+
+         let fwcfg = locked_vm.add_fwcfg_device(nr_cpus, max_cpus)?;
+-        let boot_config = locked_vm.load_boot_source(fwcfg.as_ref())?;
++        let migrate = locked_vm.get_migrate_info();
++        let boot_config = if migrate.0 == MigrateMode::Unknown {
++            Some(locked_vm.load_boot_source(fwcfg.as_ref())?)
++        } else {
++            None
++        };
+         let topology = CPUTopology::new().set_topology((
+             vm_config.machine_config.nr_threads,
+             vm_config.machine_config.nr_cores,
+@@ -575,7 +580,9 @@ impl MachineOps for StdMachine {
+             &boot_config,
+         )?);
+
+-        locked_vm.init_cpu_controller(boot_config, topology, vm.clone())?;
++        if migrate.0 == MigrateMode::Unknown {
++            locked_vm.init_cpu_controller(boot_config.unwrap(), topology, vm.clone())?;
++        }
+
+         if let Some(fw_cfg) = fwcfg {
+             locked_vm
+--
+2.33.0
+

0003-hypervisor-kvm-Fix-setting-core-reg-error-when-resto.patch

@@ -0,0 +1,135 @@
+From 5551d6b5abaf9d5241904425e3991c256b30d22f Mon Sep 17 00:00:00 2001
+From: frankyj915 <yangjieyj.yang@huawei.com>
+Date: Sun, 15 Dec 2024 09:31:20 +0800
+Subject: [PATCH 1/2] hypervisor/kvm: Fix setting core reg error when restoring
+ VM
+
+vcpu_init() should be called before setting vcpu regs.
+
+Fix 5edbafc(migration: bugfix for mgiration)
+
+Signed-off-by: frankyj915 <yangjieyj.yang@huawei.com>
+---
+ cpu/src/lib.rs                    | 20 +++++++++-----------
+ hypervisor/src/kvm/aarch64/mod.rs |  6 ++++--
+ hypervisor/src/kvm/mod.rs         |  4 ++--
+ hypervisor/src/kvm/x86_64/mod.rs  |  8 +++++---
+ 4 files changed, 20 insertions(+), 18 deletions(-)
+
+diff --git a/cpu/src/lib.rs b/cpu/src/lib.rs
+index 7698132..873cb49 100644
+--- a/cpu/src/lib.rs
++++ b/cpu/src/lib.rs
+@@ -160,7 +160,7 @@ pub trait CPUHypervisorOps: Send + Sync {
+     fn set_boot_config(
+         &self,
+         arch_cpu: Arc<Mutex<ArchCPU>>,
+-        boot_config: &CPUBootConfig,
++        boot_config: &Option<CPUBootConfig>,
+         #[cfg(target_arch = "aarch64")] vcpu_config: &CPUFeatures,
+     ) -> Result<()>;
+ 
+@@ -323,16 +323,14 @@ impl CPUInterface for CPU {
+             ))));
+         }
+ 
+-        if let Some(boot) = boot {
+-            self.hypervisor_cpu
+-                .set_boot_config(
+-                    self.arch_cpu.clone(),
+-                    boot,
+-                    #[cfg(target_arch = "aarch64")]
+-                    config,
+-                )
+-                .with_context(|| "Failed to realize arch cpu")?;
+-        }
++        self.hypervisor_cpu
++            .set_boot_config(
++                self.arch_cpu.clone(),
++                boot,
++                #[cfg(target_arch = "aarch64")]
++                config,
++            )
++            .with_context(|| "Failed to realize arch cpu")?;
+ 
+         self.arch_cpu
+             .lock()
+diff --git a/hypervisor/src/kvm/aarch64/mod.rs b/hypervisor/src/kvm/aarch64/mod.rs
+index 0721236..5d2a938 100644
+--- a/hypervisor/src/kvm/aarch64/mod.rs
++++ b/hypervisor/src/kvm/aarch64/mod.rs
+@@ -135,7 +135,7 @@ impl KvmCpu {
+     pub fn arch_set_boot_config(
+         &self,
+         arch_cpu: Arc<Mutex<ArchCPU>>,
+-        boot_config: &CPUBootConfig,
++        boot_config: &Option<CPUBootConfig>,
+         vcpu_config: &CPUFeatures,
+     ) -> Result<()> {
+         let mut kvi = self.kvi.lock().unwrap();
+@@ -169,7 +169,9 @@ impl KvmCpu {
+         }
+         drop(kvi);
+ 
+-        arch_cpu.lock().unwrap().set_core_reg(boot_config);
++        if let Some(cfg) = boot_config {
++            arch_cpu.lock().unwrap().set_core_reg(cfg);
++        }
+ 
+         self.arch_vcpu_init()?;
+ 
+diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs
+index 671eb54..e20f102 100644
+--- a/hypervisor/src/kvm/mod.rs
++++ b/hypervisor/src/kvm/mod.rs
+@@ -544,7 +544,7 @@ impl CPUHypervisorOps for KvmCpu {
+     fn set_boot_config(
+         &self,
+         arch_cpu: Arc<Mutex<ArchCPU>>,
+-        boot_config: &CPUBootConfig,
++        boot_config: &Option<CPUBootConfig>,
+         #[cfg(target_arch = "aarch64")] vcpu_config: &CPUFeatures,
+     ) -> Result<()> {
+         #[cfg(target_arch = "aarch64")]
+@@ -1067,7 +1067,7 @@ mod test {
+         let cpu = CPU::new(hypervisor_cpu.clone(), 0, x86_cpu, vm.clone());
+         // test `set_boot_config` function
+         assert!(hypervisor_cpu
+-            .set_boot_config(cpu.arch().clone(), &cpu_config)
++            .set_boot_config(cpu.arch().clone(), &Some(cpu_config))
+             .is_ok());
+ 
+         // test setup special registers
+diff --git a/hypervisor/src/kvm/x86_64/mod.rs b/hypervisor/src/kvm/x86_64/mod.rs
+index 7d7e7b5..e7d08ef 100644
+--- a/hypervisor/src/kvm/x86_64/mod.rs
++++ b/hypervisor/src/kvm/x86_64/mod.rs
+@@ -84,7 +84,7 @@ impl KvmCpu {
+     pub fn arch_set_boot_config(
+         &self,
+         arch_cpu: Arc<Mutex<ArchCPU>>,
+-        boot_config: &CPUBootConfig,
++        boot_config: &Option<CPUBootConfig>,
+     ) -> Result<()> {
+         let mut locked_arch_cpu = arch_cpu.lock().unwrap();
+         let apic_id = locked_arch_cpu.apic_id;
+@@ -93,12 +93,14 @@ impl KvmCpu {
+             .get_lapic()
+             .with_context(|| format!("Failed to get lapic for CPU {}/KVM", apic_id))?;
+         locked_arch_cpu.setup_lapic(lapic)?;
+-        locked_arch_cpu.setup_regs(boot_config);
+         let sregs = self
+             .fd
+             .get_sregs()
+             .with_context(|| format!("Failed to get sregs for CPU {}/KVM", apic_id))?;
+-        locked_arch_cpu.setup_sregs(sregs, boot_config)?;
++        if let Some(cfg) = boot_config {
++            locked_arch_cpu.setup_regs(cfg);
++            locked_arch_cpu.setup_sregs(sregs, cfg)?;
++        }
+         locked_arch_cpu.setup_fpu();
+         locked_arch_cpu.setup_msrs();
+ 
+-- 
+2.34.1
+

0004-micro_comman-syscall-Update-ioctl-allow-list.patch

@@ -0,0 +1,50 @@
+From e9c9d3de82eb926ab6d494358c7a1891b171e190 Mon Sep 17 00:00:00 2001
+From: frankyj915 <yangjieyj.yang@huawei.com>
+Date: Sun, 15 Dec 2024 09:35:03 +0800
+Subject: [PATCH] micro_comman/syscall: Update ioctl allow list
+
+Signed-off-by: frankyj915 <yangjieyj.yang@huawei.com>
+---
+ hypervisor/src/kvm/mod.rs           | 6 ++++++
+ machine/src/micro_common/syscall.rs | 8 +++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/hypervisor/src/kvm/mod.rs b/hypervisor/src/kvm/mod.rs
+index e20f102..b88aeed 100644
+--- a/hypervisor/src/kvm/mod.rs
++++ b/hypervisor/src/kvm/mod.rs
+@@ -99,6 +99,12 @@ ioctl_iowr_nr!(KVM_GET_IRQCHIP, KVMIO, 0x62, kvm_irqchip);
+ ioctl_iow_nr!(KVM_IRQ_LINE, KVMIO, 0x61, kvm_irq_level);
+ ioctl_iow_nr!(KVM_SET_MP_STATE, KVMIO, 0x99, kvm_mp_state);
+ ioctl_iow_nr!(KVM_SET_VCPU_EVENTS, KVMIO, 0xa0, kvm_vcpu_events);
++#[cfg(target_arch = "x86_64")]
++ioctl_iow_nr!(KVM_SET_PIT2, KVMIO, 0xa0, kvm_pit_state2);
++#[cfg(target_arch = "x86_64")]
++ioctl_iow_nr!(KVM_SET_CLOCK, KVMIO, 0x7b, kvm_clock_data);
++#[cfg(target_arch = "x86_64")]
++ioctl_ior_nr!(KVM_SET_IRQCHIP, KVMIO, 0x63, kvm_irqchip);
+ 
+ #[allow(clippy::upper_case_acronyms)]
+ #[derive(Default)]
+diff --git a/machine/src/micro_common/syscall.rs b/machine/src/micro_common/syscall.rs
+index 6ae9a56..ca8327f 100644
+--- a/machine/src/micro_common/syscall.rs
++++ b/machine/src/micro_common/syscall.rs
+@@ -160,7 +160,13 @@ fn ioctl_allow_list() -> BpfRule {
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_MP_STATE() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_MP_STATE() as u32)
+         .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_VCPU_EVENTS() as u32)
+-        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32);
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_GET_VCPU_EVENTS() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_USER_MEMORY_REGION);
++    #[cfg(target_arch = "x86_64")]
++    let bpf_rule = bpf_rule
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_PIT2() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_CLOCK() as u32)
++        .add_constraint(SeccompCmpOpt::Eq, 1, KVM_SET_IRQCHIP() as u32);
+     arch_ioctl_allow_list(bpf_rule)
+ }
+ 
+-- 
+2.34.1
+

stratovirt.spec

@@ -6,15 +6,24 @@
 
 Name:           stratovirt
 Version:        2.4.0
-Release:        1
+Release:        6
 Summary:        StratoVirt is an opensource VMM(Virtual Machine Manager) which aims to perform next generation virtualization.
 
 License:        MulanPSL-2.0
 URL:            https://gitee.com/openeuler/stratovirt
 Source0:        https://gitee.com/openeuler/stratovirt/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
+Patch001:0001-Micro-fix-the-ioctl-allow-for-aarch64.patch
+Patch002:0002-snapshot-bugfix-VM-run-failed-from-memory-snapshot.patch
+Patch003:0003-hypervisor-kvm-Fix-setting-core-reg-error-when-resto.patch
+Patch004:0004-micro_comman-syscall-Update-ioctl-allow-list.patch
 
-ExclusiveArch:  x86_64 aarch64
+%ifarch riscv64
+Patch005:0005-update-Rust-VMM-dependencies-and-re-vendor.patch
+Patch006:0006-introduce-riscv64-architecture-support.patch
+%endif
+
+ExclusiveArch:  x86_64 aarch64 riscv64
 
 Requires:       pixman
 Requires:       pixman-devel
@@ -52,6 +61,9 @@ BuildRequires:  rust-packaging
 %define rust_gnu_target aarch64-unknown-linux-gnu
 %define rust_musl_target aarch64-unknown-linux-musl
 %endif
+%ifarch riscv64
+%define rust_gnu_target riscv64gc-unknown-linux-gnu
+%endif
 
 %define _cargo /usr/bin/env CARGO_HOME=.cargo RUSTC_BOOTSTRAP=1 /usr/bin/cargo
 
@@ -63,7 +75,9 @@ Summary:        %{summary}
 %files       -n stratovirt
 %defattr(-,root,root,-)
 %{_bindir}/stratovirt
+%ifnarch riscv64
 %{_libdir}/stratovirt/static/stratovirt
+%endif
 
 %prep
 %autosetup -p1
@@ -79,27 +93,57 @@ sed -i '/\[source.local-registry\]/a directory = "vendor"' ./.cargo/config
 sed -i '/^rustflags/d' ./.cargo/config
 sed -i '/\[build\]/arustflags = \["-Copt-level=3", "-Cdebuginfo=2", "-Clink-arg=-Wl,-z,relro,-z,now", "-Ccodegen-units=1", "--cap-lints=warn", \]' ./.cargo/config
 
+sed -i '$a\[profile.release\]' ./.cargo/config
+sed -i '$adebug = true' ./.cargo/config
+
 %ifarch aarch64
 sed -i 's/rustflags = \[/&"-Clink-arg=-lgcc", /' ./.cargo/config
 %endif
 
+%ifnarch riscv64
 %{_cargo} build --release -Z avoid-dev-deps --target=%{rust_musl_target} --features "boot_time pvpanic demo_device vnc vnc_auth ramfb virtio_gpu trace_to_logger trace_to_ftrace trace_to_hitrace"
 
 sed -i 's/rustflags = \[/&"-Clink-arg=-lpixman-1", /' ./.cargo/config
 %{_cargo} build --release -Z avoid-dev-deps --target=%{rust_gnu_target} --features "boot_time pvpanic demo_device vnc vnc_auth ramfb virtio_gpu trace_to_logger trace_to_ftrace trace_to_hitrace"
+%endif
+
+%ifarch riscv64
+%{_cargo} build --release -Z avoid-dev-deps --target=%{rust_gnu_target}
+%endif
 
 %check
+%ifnarch riscv64
 RUST_BACKTRACE=1 cargo test --workspace --exclude mod_test -- --nocapture --test-threads=1
+%endif
 
 %install
 rm -rf %{buildroot}
 install -d %{buildroot}%{_bindir}
 install -D -m555 ./target/%{rust_gnu_target}/release/stratovirt %{buildroot}%{_bindir}
 
+%ifnarch riscv64
 install -d %{buildroot}%{_libdir}/stratovirt/static
 install -D -m555 ./target/%{rust_musl_target}/release/stratovirt %{buildroot}%{_libdir}/stratovirt/static
+%endif
 
 %changelog
+* Fri Dec 20 2024 heruoqing <heruoqing@iscas.ac.cn> 2.4.0-6
+- Introduce riscv64 architecture support
+
+* Tue Dec 17 2024 frankyj915 <yangjieyj.yang@huawei.com> - 2.4.0-5
+- Fix setting core reg error when restoring VM.
+- Update ioctl allow list.
+
+* Wed Dec 11 2024 Mingwang Li <limingwang@huawei.com> - 2.4.0-4
+- bugfix VM run failed from memory snapshot
+
+* Thu Nov 21 2024 jinyihua <jinyihua@huawei.com> - 2.4.0-3
+- Micro fix the ioctl allow for aarch64
+
+* Tue Jul 30 2024 xufei <xufei30@huawei.com> - 2.4.0-2
+- set debug is true for build debug package
+- add rust to BuildRequires
+
 * Fri May 10 2024 wenyuanlau <liuwenyuan9@huawei.com> 2.4.0-1
 - Update to StratoVirt 2.4.0