Step 4: memory isolation with EPT

Author: equation314

hypervisor/src/hv/gconfig.rs

@@ -0,0 +1,9 @@
+use rvm::GuestPhysAddr;
+
+pub const GUEST_PHYS_MEMORY_BASE: GuestPhysAddr = 0;
+pub const GUEST_PHYS_MEMORY_SIZE: usize = 0x100_0000; // 16M
+
+pub const GUEST_PT1: GuestPhysAddr = 0x1000;
+pub const GUEST_PT2: GuestPhysAddr = 0x2000;
+pub const GUEST_ENTRY: GuestPhysAddr = 0x8000;
+pub const GUEST_STACK_TOP: GuestPhysAddr = 0x7000;

hypervisor/src/hv/gpm.rs

@@ -0,0 +1,171 @@
+use alloc::collections::BTreeMap;
+use core::fmt::{Debug, Formatter, Result};
+
+use rvm::{GuestPhysAddr, HostPhysAddr, MemFlags, NestedPageTable, RvmError, RvmResult};
+
+use super::hal::RvmHalImpl;
+use crate::mm::{address::is_aligned, PAGE_SIZE};
+
+#[derive(Debug)]
+enum Mapper {
+    Offset(usize),
+}
+
+#[derive(Debug)]
+pub struct GuestMemoryRegion {
+    pub gpa: GuestPhysAddr,
+    pub hpa: HostPhysAddr,
+    pub size: usize,
+    pub flags: MemFlags,
+}
+
+pub struct MapRegion {
+    pub start: GuestPhysAddr,
+    pub size: usize,
+    pub flags: MemFlags,
+    mapper: Mapper,
+}
+
+impl MapRegion {
+    pub fn new_offset(
+        start_gpa: GuestPhysAddr,
+        start_hpa: HostPhysAddr,
+        size: usize,
+        flags: MemFlags,
+    ) -> Self {
+        assert!(is_aligned(start_gpa));
+        assert!(is_aligned(start_hpa));
+        assert!(is_aligned(size));
+        let offset = start_gpa - start_hpa;
+        Self {
+            start: start_gpa,
+            size,
+            flags,
+            mapper: Mapper::Offset(offset),
+        }
+    }
+
+    fn is_overlap_with(&self, other: &Self) -> bool {
+        let s0 = self.start;
+        let e0 = s0 + self.size;
+        let s1 = other.start;
+        let e1 = s1 + other.size;
+        !(e0 <= s1 || e1 <= s0)
+    }
+
+    fn target(&self, gpa: GuestPhysAddr) -> HostPhysAddr {
+        match self.mapper {
+            Mapper::Offset(off) => gpa.wrapping_sub(off),
+        }
+    }
+
+    fn map_to(&self, npt: &mut NestedPageTable<RvmHalImpl>) -> RvmResult {
+        let mut start = self.start;
+        let end = start + self.size;
+        while start < end {
+            let target = self.target(start);
+            npt.map(start, target, self.flags)?;
+            start += PAGE_SIZE;
+        }
+        Ok(())
+    }
+
+    fn unmap_to(&self, npt: &mut NestedPageTable<RvmHalImpl>) -> RvmResult {
+        let mut start = self.start;
+        let end = start + self.size;
+        while start < end {
+            npt.unmap(start)?;
+            start += PAGE_SIZE;
+        }
+        Ok(())
+    }
+}
+
+impl Debug for MapRegion {
+    fn fmt(&self, f: &mut Formatter) -> Result {
+        f.debug_struct("MapRegion")
+            .field("range", &(self.start..self.start + self.size))
+            .field("size", &self.size)
+            .field("flags", &self.flags)
+            .field("mapper", &self.mapper)
+            .finish()
+    }
+}
+
+impl From<GuestMemoryRegion> for MapRegion {
+    fn from(r: GuestMemoryRegion) -> Self {
+        Self::new_offset(r.gpa, r.hpa, r.size, r.flags)
+    }
+}
+
+pub struct GuestPhysMemorySet {
+    regions: BTreeMap<GuestPhysAddr, MapRegion>,
+    npt: NestedPageTable<RvmHalImpl>,
+}
+
+impl GuestPhysMemorySet {
+    pub fn new() -> RvmResult<Self> {
+        Ok(Self {
+            npt: NestedPageTable::new()?,
+            regions: BTreeMap::new(),
+        })
+    }
+
+    pub fn nest_page_table_root(&self) -> HostPhysAddr {
+        self.npt.root_paddr()
+    }
+
+    fn test_free_area(&self, other: &MapRegion) -> bool {
+        if let Some((_, before)) = self.regions.range(..other.start).last() {
+            if before.is_overlap_with(other) {
+                return false;
+            }
+        }
+        if let Some((_, after)) = self.regions.range(other.start..).next() {
+            if after.is_overlap_with(other) {
+                return false;
+            }
+        }
+        true
+    }
+
+    pub fn map_region(&mut self, region: MapRegion) -> RvmResult {
+        if region.size == 0 {
+            return Ok(());
+        }
+        if !self.test_free_area(&region) {
+            warn!(
+                "MapRegion({:#x}..{:#x}) overlapped in:\n{:#x?}",
+                region.start,
+                region.start + region.size,
+                self
+            );
+            return Err(RvmError::InvalidParam);
+        }
+        region.map_to(&mut self.npt)?;
+        self.regions.insert(region.start, region);
+        Ok(())
+    }
+
+    pub fn clear(&mut self) {
+        for region in self.regions.values() {
+            region.unmap_to(&mut self.npt).unwrap();
+        }
+        self.regions.clear();
+    }
+}
+
+impl Drop for GuestPhysMemorySet {
+    fn drop(&mut self) {
+        self.clear();
+    }
+}
+
+impl Debug for GuestPhysMemorySet {
+    fn fmt(&self, f: &mut Formatter) -> Result {
+        f.debug_struct("GuestPhysMemorySet")
+            .field("page_table_root", &self.nest_page_table_root())
+            .field("regions", &self.regions)
+            .finish()
+    }
+}

hypervisor/src/hv/mod.rs

@@ -1,9 +1,68 @@
+mod gconfig;
+mod gpm;
 mod hal;
 mod vmexit;
 
-use rvm::RvmPerCpu;
+use rvm::{GuestPhysAddr, HostVirtAddr, MemFlags, RvmPerCpu, RvmResult};
 
+use self::gconfig::*;
+use self::gpm::{GuestMemoryRegion, GuestPhysMemorySet};
 use self::hal::RvmHalImpl;
+use crate::mm::address::virt_to_phys;
+
+#[repr(align(4096))]
+struct AlignedMemory<const LEN: usize>([u8; LEN]);
+
+static mut GUEST_PHYS_MEMORY: AlignedMemory<GUEST_PHYS_MEMORY_SIZE> =
+    AlignedMemory([0; GUEST_PHYS_MEMORY_SIZE]);
+
+fn gpa_as_mut_ptr(guest_paddr: GuestPhysAddr) -> *mut u8 {
+    let offset = unsafe { &GUEST_PHYS_MEMORY as *const _ as usize };
+    let host_vaddr = guest_paddr + offset;
+    host_vaddr as *mut u8
+}
+
+fn setup_guest_page_table() {
+    use x86_64::structures::paging::{PageTable, PageTableFlags as PTF};
+    let pt1 = unsafe { &mut *(gpa_as_mut_ptr(GUEST_PT1) as *mut PageTable) };
+    let pt2 = unsafe { &mut *(gpa_as_mut_ptr(GUEST_PT2) as *mut PageTable) };
+    // identity mapping
+    pt1[0].set_addr(
+        x86_64::PhysAddr::new(GUEST_PT2 as _),
+        PTF::PRESENT | PTF::WRITABLE,
+    );
+    pt2[0].set_addr(
+        x86_64::PhysAddr::new(0),
+        PTF::PRESENT | PTF::WRITABLE | PTF::HUGE_PAGE,
+    );
+}
+
+fn setup_gpm() -> RvmResult<GuestPhysMemorySet> {
+    setup_guest_page_table();
+
+    // copy guest code
+    unsafe {
+        core::ptr::copy_nonoverlapping(
+            test_guest as usize as *const u8,
+            gpa_as_mut_ptr(GUEST_ENTRY),
+            0x100,
+        );
+    }
+
+    // create nested page table and add mapping
+    let mut gpm = GuestPhysMemorySet::new()?;
+    let guest_memory_regions = [GuestMemoryRegion {
+        // RAM
+        gpa: GUEST_PHYS_MEMORY_BASE,
+        hpa: virt_to_phys(gpa_as_mut_ptr(GUEST_PHYS_MEMORY_BASE) as HostVirtAddr),
+        size: GUEST_PHYS_MEMORY_SIZE,
+        flags: MemFlags::READ | MemFlags::WRITE | MemFlags::EXECUTE,
+    }];
+    for r in guest_memory_regions.into_iter() {
+        gpm.map_region(r.into())?;
+    }
+    Ok(gpm)
+}
 
 pub fn run() -> ! {
     println!("Starting virtualization...");
@@ -12,25 +71,31 @@ pub fn run() -> ! {
     let mut percpu = RvmPerCpu::<RvmHalImpl>::new(0);
     percpu.hardware_enable().unwrap();
 
-    let mut vcpu = percpu.create_vcpu(test_guest as usize).unwrap();
+    let gpm = setup_gpm().unwrap();
+    info!("{:#x?}", gpm);
+
+    let mut vcpu = percpu
+        .create_vcpu(GUEST_ENTRY, gpm.nest_page_table_root())
+        .unwrap();
+    vcpu.set_page_table_root(GUEST_PT1);
+    vcpu.set_stack_pointer(GUEST_STACK_TOP);
     info!("{:#x?}", vcpu);
+
     println!("Running guest...");
     vcpu.run();
 }
 
-#[naked]
 unsafe extern "C" fn test_guest() -> ! {
-    core::arch::asm!(
-        "
-        mov     rax, 0
-        mov     rdi, 2
-        mov     rsi, 3
-        mov     rdx, 3
-        mov     rcx, 3
-    2:
-        vmcall
-        add     rax, 1
-        jmp     2b",
-        options(noreturn),
-    );
+    for i in 0..100 {
+        core::arch::asm!(
+            "vmcall",
+            inout("rax") i => _,
+            in("rdi") 2,
+            in("rsi") 3,
+            in("rdx") 3,
+            in("rcx") 3,
+        );
+    }
+    core::arch::asm!("mov qword ptr [$0xffff233], $2333"); // panic
+    loop {}
 }

hypervisor/src/hv/vmexit.rs

@@ -17,6 +17,14 @@ fn handle_hypercall(vcpu: &mut Vcpu) -> RvmResult {
     Ok(())
 }
 
+fn handle_ept_violation(vcpu: &Vcpu, guest_rip: usize) -> RvmResult {
+    let fault_info = vcpu.nested_page_fault_info()?;
+    panic!(
+        "VM exit: EPT violation @ {:#x}, fault_paddr={:#x}, access_flags=({:?})",
+        guest_rip, fault_info.fault_guest_paddr, fault_info.access_flags
+    );
+}
+
 pub fn vmexit_handler(vcpu: &mut Vcpu) -> RvmResult {
     let exit_info = vcpu.exit_info()?;
     debug!("VM exit: {:#x?}", exit_info);
@@ -27,6 +35,7 @@ pub fn vmexit_handler(vcpu: &mut Vcpu) -> RvmResult {
 
     let res = match exit_info.exit_reason {
         VmxExitReason::VMCALL => handle_hypercall(vcpu),
+        VmxExitReason::EPT_VIOLATION => handle_ept_violation(vcpu, exit_info.guest_rip),
         _ => panic!(
             "Unhandled VM-Exit reason {:?}:\n{:#x?}",
             exit_info.exit_reason, vcpu

hypervisor/src/main.rs

@@ -1,12 +1,13 @@
 #![no_std]
 #![no_main]
 #![feature(asm_const)]
-#![feature(naked_functions)]
 #![feature(panic_info_message, alloc_error_handler)]
 
 #[macro_use]
 extern crate log;
 
+extern crate alloc;
+
 #[macro_use]
 mod logging;
 

hypervisor/src/mm/address.rs

@@ -19,3 +19,7 @@ pub const fn align_down(addr: usize) -> usize {
 pub const fn align_up(addr: usize) -> usize {
     (addr + PAGE_SIZE - 1) & !(PAGE_SIZE - 1)
 }
+
+pub const fn is_aligned(addr: usize) -> bool {
+    (addr & (PAGE_SIZE - 1)) == 0
+}

rvm/src/arch/x86_64/mod.rs

@@ -14,4 +14,4 @@ cfg_if::cfg_if! {
 pub(crate) use vender::{has_hardware_support, ArchPerCpuState};
 
 pub use regs::GeneralRegisters;
-pub use vender::RvmVcpu;
+pub use vender::{NestedPageTable, RvmVcpu};