aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Percival <cperciva@FreeBSD.org>2022-09-22 22:54:09 +0000
committerColin Percival <cperciva@FreeBSD.org>2022-10-18 06:02:22 +0000
commit469ad8603127bf8fea094d47223ccb3d0a3481cd (patch)
treefcc11d581cf404067e6586cba58e9bbab92e8fd2
parent13f34e211b5c8311ea751704a0e7fc26e1b53537 (diff)
downloadsrc-469ad8603127.tar.gz
src-469ad8603127.zip
amd64: Add FIRECRACKER kernel configuration
This kernel configuration supports the Firecracker VMM environment. Relnotes: FreeBSD can now run inside the Firecracker VMM via the amd64 FIRECRACKER kernel configuration. Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D36672
-rw-r--r--sys/amd64/conf/FIRECRACKER197
1 files changed, 197 insertions, 0 deletions
diff --git a/sys/amd64/conf/FIRECRACKER b/sys/amd64/conf/FIRECRACKER
new file mode 100644
index 000000000000..0ee5c93fe458
--- /dev/null
+++ b/sys/amd64/conf/FIRECRACKER
@@ -0,0 +1,197 @@
+#
+# FIRECRACKER -- kernel configuration file for Firecracker VM
+#
+# This is largely a stripped-down version of the GENERIC kernel configuration
+# file, without drivers for hardware which will never appear inside the
+# Firecracker VM environment. It adds support for the Virtio MMIO bus,
+# which Firecracker uses for exposing devices, and legacy mptable, which
+# Firecracker uses for exposing information about CPUs (since it doesn't
+# support ACPI).
+#
+# Since Firecracker loads the kernel directly via the PVH boot protocol,
+# it bypasses the boot loader; some environment variables are hard-coded
+# here which would normally be provided via device hints or loader.conf.
+#
+# For more information about the Firecracker VM, see:
+#
+# https://firecracker-microvm.github.io/
+
+cpu HAMMER
+ident FIRECRACKER
+
+makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
+makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support
+
+options SCHED_ULE # ULE scheduler
+options NUMA # Non-Uniform Memory Architecture support
+options PREEMPTION # Enable kernel thread preemption
+options VIMAGE # Subsystem virtualization, e.g. VNET
+options INET # InterNETworking
+options INET6 # IPv6 communications protocols
+options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5
+options ROUTE_MPATH # Multipath routing support
+options FIB_ALGO # Modular fib lookups
+options TCP_OFFLOAD # TCP offload
+options TCP_BLACKBOX # Enhanced TCP event logging
+options TCP_HHOOK # hhook(9) framework for TCP
+options TCP_RFC7413 # TCP Fast Open
+options SCTP_SUPPORT # Allow kldload of SCTP
+options KERN_TLS # TLS transmit & receive offload
+options FFS # Berkeley Fast Filesystem
+options SOFTUPDATES # Enable FFS soft updates support
+options UFS_ACL # Support for access control lists
+options UFS_DIRHASH # Improve performance on big directories
+options UFS_GJOURNAL # Enable gjournal-based UFS journaling
+options QUOTA # Enable disk quotas for UFS
+options MD_ROOT # MD is a potential root device
+options NFSCL # Network Filesystem Client
+options NFSD # Network Filesystem Server
+options NFSLOCKD # Network Lock Manager
+options NFS_ROOT # NFS usable as /, requires NFSCL
+options MSDOSFS # MSDOS Filesystem
+options CD9660 # ISO 9660 Filesystem
+options PROCFS # Process filesystem (requires PSEUDOFS)
+options PSEUDOFS # Pseudo-filesystem framework
+options TMPFS # Efficient memory filesystem
+options GEOM_RAID # Soft RAID functionality.
+options GEOM_LABEL # Provides labelization
+options EFIRT # EFI Runtime Services support
+options COMPAT_FREEBSD32 # Compatible with i386 binaries
+options COMPAT_FREEBSD4 # Compatible with FreeBSD4
+options COMPAT_FREEBSD5 # Compatible with FreeBSD5
+options COMPAT_FREEBSD6 # Compatible with FreeBSD6
+options COMPAT_FREEBSD7 # Compatible with FreeBSD7
+options COMPAT_FREEBSD9 # Compatible with FreeBSD9
+options COMPAT_FREEBSD10 # Compatible with FreeBSD10
+options COMPAT_FREEBSD11 # Compatible with FreeBSD11
+options COMPAT_FREEBSD12 # Compatible with FreeBSD12
+options COMPAT_FREEBSD13 # Compatible with FreeBSD13
+options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
+options KTRACE # ktrace(1) support
+options STACK # stack(9) support
+options SYSVSHM # SYSV-style shared memory
+options SYSVMSG # SYSV-style message queues
+options SYSVSEM # SYSV-style semaphores
+options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
+options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
+options KBD_INSTALL_CDEV # install a CDEV entry in /dev
+options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
+options AUDIT # Security event auditing
+options CAPABILITY_MODE # Capsicum capability mode
+options CAPABILITIES # Capsicum capabilities
+options MAC # TrustedBSD MAC Framework
+options KDTRACE_FRAME # Ensure frames are compiled in
+options KDTRACE_HOOKS # Kernel DTrace hooks
+options DDB_CTF # Kernel ELF linker loads CTF data
+options INCLUDE_CONFIG_FILE # Include this file in kernel
+options RACCT # Resource accounting framework
+options RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default
+options RCTL # Resource limits
+
+# Debugging support. Always need this:
+options KDB # Enable kernel debugger support.
+options KDB_TRACE # Print a stack trace for a panic.
+# For full debugger support use (turn off in stable branch):
+options BUF_TRACKING # Track buffer history
+options DDB # Support DDB.
+options FULL_BUF_TRACKING # Track more buffer history
+options GDB # Support remote GDB.
+options DEADLKRES # Enable the deadlock resolver
+options INVARIANTS # Enable calls of extra sanity checking
+options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS
+options QUEUE_MACRO_DEBUG_TRASH # Trash queue(2) internal pointers on invalidation
+options WITNESS # Enable checks to detect deadlocks and cycles
+options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed
+options MALLOC_DEBUG_MAXZONES=8 # Separate malloc(9) zones
+options VERBOSE_SYSINIT=0 # Support debug.verbose_sysinit, off by default
+
+# Kernel dump features.
+options EKCD # Support for encrypted kernel dumps
+options GZIO # gzip-compressed kernel and user dumps
+options ZSTDIO # zstd-compressed kernel and user dumps
+options DEBUGNET # debugnet networking
+options NETDUMP # netdump(4) client support
+options NETGDB # netgdb(4) client support
+
+# Make an SMP-capable kernel by default
+options SMP # Symmetric MultiProcessor Kernel
+options EARLY_AP_STARTUP
+
+# Pseudo devices.
+device crypto # core crypto support
+device aesni # AES-NI OpenCrypto module
+device loop # Network loopback
+device rdrand_rng # Intel Bull Mountain RNG
+device ether # Ethernet support
+device vlan # 802.1Q VLAN support
+device tuntap # Packet tunnel.
+device md # Memory "disks"
+device gif # IPv6 and IPv4 tunneling
+device firmware # firmware assist module
+device xz # lzma decompression
+device bpf # Berkeley packet filter
+
+# Serial (COM) ports
+device uart # Generic UART driver
+
+# VirtIO support
+device virtio # Generic VirtIO bus (required)
+device virtio_mmio # VirtIO MMIO bus
+device vtnet # VirtIO Ethernet device
+device virtio_blk # VirtIO Block device
+
+# Linux KVM paravirtualization support
+device kvm_clock # KVM paravirtual clock driver
+
+# Netmap provides direct access to TX/RX rings on supported NICs
+device netmap # netmap(4) support
+
+# Firecracker exposes information via the legacy MP Table mechanism
+# rather than via ACPI (which it does not implement).
+device mptable
+
+# Firecracker launches the FreeBSD kernel directly, via the PVH boot
+# protocol, rather than via the boot loader; as such, we need to bake
+# device hints into the kernel configuration rather than relying on
+# device.hints being loaded, and likewise have no loader.conf to place
+# other settings into.
+envvar hint.uart.0.at="isa"
+envvar hint.uart.0.port="0x3F8"
+envvar hint.uart.0.flags="0x10"
+envvar hint.uart.0.irq="0x4"
+envvar hint.acpi.0.disabled="1"
+
+# Inside a VM, "power off" doesn't really yank the AC power, so there's
+# no need to worry about disks flushing caches before losing power.
+envvar kern.shutdown.poweroff_delay="0"
+
+# Firecracker seems to have a bug in its UART emulation. This works
+# around the problem.
+envvar hw.broken_txfifo="1"
+
+# We don't have an early timecounter to calibrate the TSC against, so
+# skip that; later in the boot process we have other timecounters.
+envvar machdep.disable_tsc_calibration="1"
+
+# Provide bug-for-bug compatiblity with Linux in MP Table searching
+# and parsing. Firecracker relies on these bugs.
+options MPTABLE_LINUX_BUG_COMPAT
+
+# Disable the automatic registration of a PCI bridge; we do in fact
+# not have one.
+options NO_LEGACY_PCIB
+
+# Bus support.
+# Note that Firecracker provides neither ACPI nor PCI; but removing these
+# devices currently (2022-07-09) prevents the kernel from building.
+device acpi
+device pci
+
+# Xen HVM Guest Optimizations
+# NOTE: XENHVM depends on xenpci and xentimer.
+# They must be added or removed together.
+# NOTE: These are present in FIRECRACKER because the PVH boot method
+# originates from Xen; once that code is untangled these can be removed.
+options XENHVM # Xen HVM kernel infrastructure
+device xenpci # Xen HVM Hypervisor services driver
+device xentimer # Xen x86 PV timer device