Add GitHub workflow for cross-compilation and fix build issues for macOS and FreeBSD

.cargo/config.toml

@@ -0,0 +1,2 @@
+[target.aarch64-apple-darwin]
+runner = ".cargo/macos-test-runner.sh"

.cargo/macos-test-runner.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+# Cargo target runner for macOS (aarch64-apple-darwin).
+# Codesigns the test/run binary with the Hypervisor.framework entitlement
+# before executing it, so that HVF-based tests can run without a developer
+# certificate.
+set -eu
+
+BINARY="$1"
+shift
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+codesign --entitlements "$REPO_ROOT/hvf-entitlements.plist" --force -s - "$BINARY"
+exec "$BINARY" "$@"

.github/workflows/cross-compilation.yml

@@ -0,0 +1,41 @@
+name: Cross-compilation
+on: [pull_request]
+
+jobs:
+  cross-compile-macos:
+    name: Cross-compilation (macOS)
+    runs-on: macos-latest
+    env:
+      DYLD_LIBRARY_PATH: /Library/Developer/CommandLineTools/usr/lib/
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup build environment
+        uses: ./.github/actions/setup-build-env
+
+      - name: Install cross-compilation dependencies
+        run: |
+          brew install lld xz
+
+      - name: Build libkrun on macOS (with Linux init)
+        run: make
+
+      - name: Build FreeBSD init on macOS
+        run: make BUILD_BSD_INIT=1 -- init/init-freebsd
+
+  cross-compile-linux:
+    name: Cross-compilation (Linux x86_64 -> FreeBSD)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup build environment
+        uses: ./.github/actions/setup-build-env
+
+      - name: Install cross-compilation dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends lld
+
+      - name: Build FreeBSD init on Linux
+        run: make BUILD_BSD_INIT=1 -- init/init-freebsd

Makefile

@@ -20,6 +20,8 @@ AWS_NITRO_INIT_SRC = \
 
 AWS_NITRO_INIT_LD_FLAGS = -larchive -lnsm
 
+INIT_SRC = init/init.c
+
 ifeq ($(SEV),1)
     VARIANT = -sev
     FEATURE_FLAGS := --features amd-sev
@@ -120,7 +122,7 @@ $(AWS_NITRO_INIT_BINARY): $(AWS_NITRO_INIT_SRC)
 	$(CC) -O2 -static -s -Wall $(AWS_NITRO_INIT_LD_FLAGS) -o $@ $(AWS_NITRO_INIT_SRC) $(AWS_NITRO_INIT_LD_FLAGS)
 
 ifeq ($(OS),Darwin)
-# If SYSROOT_BSD is not set and we're on macOS, generate sysroot automatically
+# macOS -> FreeBSD cross-compilation
 ifeq ($(SYSROOT_BSD),)
     SYSROOT_BSD = $(FREEBSD_ROOTFS_DIR)
     SYSROOT_BSD_TARGET = $(FREEBSD_ROOTFS_DIR)/.sysroot_ready
@@ -129,6 +131,16 @@ else
 endif
     # Cross-compile on macOS with the LLVM linker (brew install lld)
     CC_BSD=$(CLANG) -target $(ARCH)-unknown-freebsd -fuse-ld=lld -stdlib=libc++ -Wl,-strip-debug --sysroot $(SYSROOT_BSD)
+else ifeq ($(OS),Linux)
+# Linux -> FreeBSD cross-compilation
+ifeq ($(SYSROOT_BSD),)
+    SYSROOT_BSD = $(FREEBSD_ROOTFS_DIR)
+    SYSROOT_BSD_TARGET = $(FREEBSD_ROOTFS_DIR)/.sysroot_ready
+else
+    SYSROOT_BSD_TARGET =
+endif
+    # Cross-compile on Linux with clang
+    CC_BSD=$(CLANG) -target $(ARCH)-unknown-freebsd -fuse-ld=lld -Wl,-strip-debug --sysroot $(SYSROOT_BSD)
 else
     # Build on FreeBSD host
     CC_BSD=$(CC)
@@ -138,7 +150,7 @@ endif
 ifeq ($(BUILD_BSD_INIT),1)
 INIT_BINARY_BSD = init/init-freebsd
 $(INIT_BINARY_BSD): $(INIT_SRC) $(SYSROOT_BSD_TARGET)
-	$(CC_BSD) -std=c23 -O2 -static -Wall $(INIT_DEFS) -lutil -o $@ $(INIT_SRC) $(INIT_DEFS)
+	$(CC_BSD) -std=c23 -O2 -static -Wall -lutil -o $@ $(INIT_SRC)
 endif
 
 # Sysroot preparation rules for cross-compilation on macOS
@@ -179,10 +191,12 @@ $(FREEBSD_ROOTFS_DIR)/.sysroot_ready: $(FREEBSD_BASE_TXZ)
 	@cd $(FREEBSD_ROOTFS_DIR) && tar xJf base.txz 2>/dev/null || true
 	@touch $@
 
+BSD_ARCH=$(subst x86_64,amd64,$(ARCH))
+
 $(FREEBSD_BASE_TXZ):
-	@echo "Downloading FreeBSD $(FREEBSD_VERSION) base for $(ARCH)..."
+	@echo "Downloading FreeBSD $(FREEBSD_VERSION) base for $(BSD_ARCH)..."
 	@mkdir -p $(FREEBSD_ROOTFS_DIR)
-	@curl -fL -o $@ https://download.freebsd.org/releases/$(ARCH)/$(FREEBSD_VERSION)/base.txz
+	@curl -fL -o $@ https://download.freebsd.org/releases/$(BSD_ARCH)/$(FREEBSD_VERSION)/base.txz
 
 clean-sysroot:
 	rm -rf $(ROOTFS_DIR)

hvf-entitlements.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.hypervisor</key>
+    <true/>
+</dict>
+</plist>

src/libkrun/build.rs

@@ -10,6 +10,4 @@ fn main() {
         std::env::var("CARGO_PKG_VERSION_MAJOR").unwrap(), std::env::var("CARGO_PKG_VERSION_MAJOR").unwrap(),
         std::env::var("CARGO_PKG_VERSION_MAJOR").unwrap(), std::env::var("CARGO_PKG_VERSION_MINOR").unwrap()
     );
-    #[cfg(target_os = "macos")]
-    println!("cargo:rustc-link-lib=framework=Hypervisor");
 }

src/vmm/build.rs

@@ -9,4 +9,8 @@ fn main() {
         println!("cargo:rustc-env=KRUN_EDK2_BINARY_PATH={edk2_binary_path}");
         println!("cargo:rerun-if-env-changed=KRUN_EDK2_BINARY_PATH");
     }
+
+    if std::env::var("CARGO_CFG_TARGET_OS").as_deref() == Ok("macos") {
+        println!("cargo:rustc-link-lib=framework=Hypervisor");
+    }
 }

src/vmm/src/builder.rs

@@ -2343,6 +2343,7 @@ pub mod tests {
     use super::*;
     use crate::vmm_config::kernel_bundle::KernelBundle;
 
+    #[allow(unused)]
     fn default_guest_memory(
         mem_size_mib: usize,
     ) -> std::result::Result<

src/vmm/src/device_manager/hvf/mmio.rs

@@ -324,7 +324,6 @@ impl DeviceInfoForFDT for MMIODeviceInfo {
 
 #[cfg(test)]
 mod tests {
-    use super::super::super::builder;
     use super::*;
     use arch;
     use devices::legacy::DummyIrqChip;
@@ -339,7 +338,6 @@ mod tests {
     impl MMIODeviceManager {
         fn register_virtio_device(
             &mut self,
-            _vm: &Vm,
             guest_mem: GuestMemoryMmap,
             device: Arc<Mutex<dyn devices::virtio::VirtioDevice>>,
             _cmdline: &mut kernel_cmdline::Cmdline,
@@ -423,19 +421,14 @@ mod tests {
         let start_addr2 = GuestAddress(0x1000);
         let guest_mem =
             GuestMemoryMmap::from_ranges(&[(start_addr1, 0x1000), (start_addr2, 0x1000)]).unwrap();
-        let mut vm = builder::setup_kvm_vm(&guest_mem).unwrap();
         let mut device_manager =
             MMIODeviceManager::new(&mut 0xd000_0000, (arch::IRQ_BASE, arch::IRQ_MAX));
 
         let mut cmdline = kernel_cmdline::Cmdline::new(4096);
         let dummy = Arc::new(Mutex::new(DummyDevice::new()));
-        #[cfg(target_arch = "x86_64")]
-        assert!(builder::setup_interrupt_controller(&mut vm).is_ok());
-        #[cfg(target_arch = "aarch64")]
-        assert!(builder::setup_interrupt_controller(&mut vm, 1).is_ok());
 
         assert!(device_manager
-            .register_virtio_device(&vm, guest_mem, dummy, &mut cmdline, 0, "dummy")
+            .register_virtio_device(guest_mem, dummy, &mut cmdline, 0, "dummy")
             .is_ok());
     }
 
@@ -445,20 +438,14 @@ mod tests {
         let start_addr2 = GuestAddress(0x1000);
         let guest_mem =
             GuestMemoryMmap::from_ranges(&[(start_addr1, 0x1000), (start_addr2, 0x1000)]).unwrap();
-        let mut vm = builder::setup_kvm_vm(&guest_mem).unwrap();
         let mut device_manager =
             MMIODeviceManager::new(&mut 0xd000_0000, (arch::IRQ_BASE, arch::IRQ_MAX));
 
         let mut cmdline = kernel_cmdline::Cmdline::new(4096);
-        #[cfg(target_arch = "x86_64")]
-        assert!(builder::setup_interrupt_controller(&mut vm).is_ok());
-        #[cfg(target_arch = "aarch64")]
-        assert!(builder::setup_interrupt_controller(&mut vm, 1).is_ok());
 
         for _i in arch::IRQ_BASE..=arch::IRQ_MAX {
             device_manager
                 .register_virtio_device(
-                    &vm,
                     guest_mem.clone(),
                     Arc::new(Mutex::new(DummyDevice::new())),
                     &mut cmdline,
@@ -472,7 +459,6 @@ mod tests {
                 "{}",
                 device_manager
                     .register_virtio_device(
-                        &vm,
                         guest_mem,
                         Arc::new(Mutex::new(DummyDevice::new())),
                         &mut cmdline,
@@ -489,7 +475,7 @@ mod tests {
     fn test_dummy_device() {
         let dummy = DummyDevice::new();
         assert_eq!(dummy.device_type(), 0);
-        assert_eq!(dummy.queue_config().len(), QUEUE_CONFIG.len());
+        assert_eq!(dummy.queue_config().len(), QUEUE_SIZES.len());
     }
 
     #[test]
@@ -548,7 +534,6 @@ mod tests {
         let start_addr2 = GuestAddress(0x1000);
         let guest_mem =
             GuestMemoryMmap::from_ranges(&[(start_addr1, 0x1000), (start_addr2, 0x1000)]).unwrap();
-        let vm = builder::setup_kvm_vm(&guest_mem).unwrap();
         let mut device_manager =
             MMIODeviceManager::new(&mut 0xd000_0000, (arch::IRQ_BASE, arch::IRQ_MAX));
         let mut cmdline = kernel_cmdline::Cmdline::new(4096);
@@ -557,7 +542,7 @@ mod tests {
         let type_id = 0;
         let id = String::from("foo");
         if let Ok(addr) =
-            device_manager.register_virtio_device(&vm, guest_mem, dummy, &mut cmdline, type_id, &id)
+            device_manager.register_virtio_device(guest_mem, dummy, &mut cmdline, type_id, &id)
         {
             assert!(device_manager
                 .get_device(DeviceType::Virtio(type_id), &id)