Add support for VFIO passthrough to the base oak_launcher_utils.

This will be useful when, say, one wants to expose a GPU to the VM.

(And while I'm in there, use `value_name` to clean up what `--help`
prints.)

Change-Id: Ieacca8e3a818c730c39f33e160eb1e5bb3a17760

oak_containers_launcher/src/qemu.rs

@@ -32,19 +32,19 @@ use crate::path_exists;
 #[derive(Parser, Clone, Debug, PartialEq)]
 pub struct Params {
     /// Path to the VMM binary to execute.
-    #[arg(long, value_parser = path_exists)]
+    #[arg(long, value_parser = path_exists, value_name = "FILE")]
     pub vmm_binary: PathBuf,
 
     /// Path to the stage0 image to use.
-    #[arg(long, value_parser = path_exists)]
+    #[arg(long, value_parser = path_exists, value_name = "FILE")]
     pub stage0_binary: PathBuf,
 
     /// Path to the Linux kernel file to use.
-    #[arg(long, value_parser = path_exists)]
+    #[arg(long, value_parser = path_exists, value_name = "FILE")]
     pub kernel: PathBuf,
 
     /// Path to the initrd image to use.
-    #[arg(long, value_parser = path_exists)]
+    #[arg(long, value_parser = path_exists, value_name = "FILE")]
     pub initrd: PathBuf,
 
     /// How much memory to give to the enclave binary, e.g., 256M (M stands for
@@ -62,13 +62,18 @@ pub struct Params {
 
     /// Optional port where QEMU will start a telnet server for the serial
     /// console; useful for interactive debugging.
-    #[arg(long)]
+    #[arg(long, value_name = "PORT")]
     pub telnet_console: Option<u16>,
 
     /// Optional virtio guest CID for virtio-vsock.
     /// Warning: This CID needs to be globally unique on the whole host!
     #[arg(long)]
     pub virtio_guest_cid: Option<u32>,
+
+    /// Pass the specified host PCI device through to the virtual machine using
+    /// VFIO.
+    #[arg(long, value_name = "ADDRESS")]
+    pub pci_passthrough: Option<String>,
 }
 
 impl Params {
@@ -88,6 +93,7 @@ impl Params {
             ramdrive_size: 3_000_000,
             telnet_console: None,
             virtio_guest_cid: None,
+            pci_passthrough: None,
         }
     }
 }
@@ -171,6 +177,9 @@ impl Qemu {
                 &format!("vhost-vsock-pci,guest-cid={virtio_guest_cid},rombar=0"),
             ]);
         }
+        if let Some(pci_passthrough) = params.pci_passthrough {
+            cmd.args(["-device", format!("vfio-pci,host={pci_passthrough}").as_str()]);
+        }
         // And yes, use stage0 as the BIOS.
         cmd.args(["-bios", params.stage0_binary.into_os_string().into_string().unwrap().as_str()]);
         // stage0 accoutrements: the kernel, initrd and inital kernel cmdline.

oak_functions_launcher/benches/integration_benches.rs

@@ -73,6 +73,7 @@ fn run_bench(b: &mut Bencher, config: &OakFunctionsTestConfig) {
         gdb: None,
         initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
+        pci_passthrough: None,
     };
     log::debug!("launcher params: {:?}", params);
 

oak_functions_launcher/tests/integration_test.rs

@@ -153,6 +153,7 @@ async fn test_load_large_lookup_data() {
         gdb: None,
         initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
+        pci_passthrough: None,
     };
     log::debug!("launcher params: {:?}", params);
 
@@ -236,6 +237,7 @@ async fn test_load_two_gib_lookup_data() {
         gdb: None,
         initrd: oak_restricted_kernel_orchestrator_app_path.into(),
         memory_size: Some("256M".to_string()),
+        pci_passthrough: None,
     };
     log::debug!("launcher params: {:?}", params);
 

oak_launcher_utils/src/launcher.rs

@@ -38,24 +38,24 @@ use crate::channel::{Connector, ConnectorHandle};
 #[derive(Parser, Clone, Debug, PartialEq)]
 pub struct Params {
     /// Path to the VMM binary to execute.
-    #[arg(long, value_parser = path_exists)]
+    #[arg(long, value_parser = path_exists, value_name = "FILE")]
     pub vmm_binary: PathBuf,
 
     /// Path to the enclave binary to load into the VM.
-    #[arg(long, value_parser = path_exists)]
+    #[arg(long, value_parser = path_exists, value_name = "FILE")]
     pub kernel: PathBuf,
 
     /// Path to the Oak Functions application binary to be loaded into the
     /// enclave.
-    #[arg(long, value_parser = path_exists)]
+    #[arg(long, value_parser = path_exists, value_name = "FILE")]
     pub app_binary: Option<PathBuf>,
 
     /// Path to the BIOS image to use.
-    #[arg(long, value_parser = path_exists)]
+    #[arg(long, value_parser = path_exists, value_name = "FILE")]
     pub bios_binary: PathBuf,
 
     /// Port to use for debugging with gdb
-    #[arg(long = "gdb")]
+    #[arg(long, value_name = "PORT")]
     pub gdb: Option<u16>,
 
     /// How much memory to give to the enclave binary, e.g., 256M (M stands for
@@ -64,8 +64,13 @@ pub struct Params {
     pub memory_size: Option<String>,
 
     /// Path to the initrd image to use.
-    #[arg(long, value_parser = path_exists, requires_all = &["kernel"])]
+    #[arg(long, value_parser = path_exists, requires_all = &["kernel"], value_name = "FILE")]
     pub initrd: PathBuf,
+
+    /// Pass the specified host PCI device through to the virtual machine using
+    /// VFIO.
+    #[arg(long, value_name = "ADDRESS")]
+    pub pci_passthrough: Option<String>,
 }
 
 /// Checks if file with a given path exists.
@@ -144,6 +149,9 @@ impl Instance {
         cmd.args(["-chardev", format!("socket,id=commsock,fd={guest_socket_fd}").as_str()]);
         cmd.args(["-device", "virtio-serial-device,max_ports=1"]);
         cmd.args(["-device", "virtconsole,chardev=commsock"]);
+        if let Some(pci_passthrough) = params.pci_passthrough {
+            cmd.args(["-device", format!("vfio-pci,host={pci_passthrough}").as_str()]);
+        }
         // Use stage0 as the BIOS.
         cmd.args(["-bios", params.bios_binary.into_os_string().into_string().unwrap().as_str()]);
         // stage0 accoutrements: kernel that's compatible with the linux boot protocol