Step 2: add struct Vcpu and setup VMCS

Author: equation314

hypervisor/src/hv/mod.rs

@@ -9,6 +9,9 @@ pub fn run() {
     println!("Hardware support: {:?}", rvm::has_hardware_support());
 
     let mut percpu = RvmPerCpu::<RvmHalImpl>::new(0);
-    let res = percpu.hardware_enable();
-    println!("Hardware enable: {:?}", res);
+    percpu.hardware_enable().unwrap();
+
+    let mut vcpu = percpu.create_vcpu().unwrap();
+    info!("{:#x?}", vcpu);
+    vcpu.run();
 }

rvm/src/arch/x86_64/mod.rs

@@ -1,4 +1,5 @@
 pub(crate) mod msr;
+pub(crate) mod regs;
 
 cfg_if::cfg_if! {
     if #[cfg(feature = "vmx")] {
@@ -7,4 +8,4 @@ cfg_if::cfg_if! {
     }
 }
 
-pub use vender::{has_hardware_support, ArchPerCpuState};
+pub use vender::{has_hardware_support, ArchPerCpuState, RvmVcpu};

rvm/src/arch/x86_64/msr.rs

@@ -3,15 +3,38 @@ use x86::msr::{rdmsr, wrmsr};
 /// X86 model-specific registers. (SDM Vol. 4)
 #[repr(u32)]
 #[derive(Debug, Copy, Clone)]
-#[allow(non_camel_case_types)]
+#[allow(non_camel_case_types, dead_code)]
 pub enum Msr {
     IA32_FEATURE_CONTROL = 0x3a,
-    IA32_VMX_BASIC = 0x480,
 
+    IA32_PAT = 0x277,
+
+    IA32_VMX_BASIC = 0x480,
+    IA32_VMX_PINBASED_CTLS = 0x481,
+    IA32_VMX_PROCBASED_CTLS = 0x482,
+    IA32_VMX_EXIT_CTLS = 0x483,
+    IA32_VMX_ENTRY_CTLS = 0x484,
+    IA32_VMX_MISC = 0x485,
     IA32_VMX_CR0_FIXED0 = 0x486,
     IA32_VMX_CR0_FIXED1 = 0x487,
     IA32_VMX_CR4_FIXED0 = 0x488,
     IA32_VMX_CR4_FIXED1 = 0x489,
+    IA32_VMX_PROCBASED_CTLS2 = 0x48b,
+    IA32_VMX_EPT_VPID_CAP = 0x48c,
+    IA32_VMX_TRUE_PINBASED_CTLS = 0x48d,
+    IA32_VMX_TRUE_PROCBASED_CTLS = 0x48e,
+    IA32_VMX_TRUE_EXIT_CTLS = 0x48f,
+    IA32_VMX_TRUE_ENTRY_CTLS = 0x490,
+
+    IA32_EFER = 0xc000_0080,
+    IA32_STAR = 0xc000_0081,
+    IA32_LSTAR = 0xc000_0082,
+    IA32_CSTAR = 0xc000_0083,
+    IA32_FMASK = 0xc000_0084,
+
+    IA32_FS_BASE = 0xc000_0100,
+    IA32_GS_BASE = 0xc000_0101,
+    IA32_KERNEL_GSBASE = 0xc000_0102,
 }
 
 impl Msr {

rvm/src/arch/x86_64/regs.rs

@@ -0,0 +1,21 @@
+/// General-Purpose Registers for 64-bit x86 architecture.
+#[repr(C)]
+#[derive(Debug, Default, Clone)]
+pub struct GeneralRegisters {
+    pub rax: u64,
+    pub rcx: u64,
+    pub rdx: u64,
+    pub rbx: u64,
+    _unused_rsp: u64,
+    pub rbp: u64,
+    pub rsi: u64,
+    pub rdi: u64,
+    pub r8: u64,
+    pub r9: u64,
+    pub r10: u64,
+    pub r11: u64,
+    pub r12: u64,
+    pub r13: u64,
+    pub r14: u64,
+    pub r15: u64,
+}

rvm/src/arch/x86_64/vmx/mod.rs

@@ -1,4 +1,6 @@
 mod structs;
+mod vcpu;
+mod vmcs;
 
 use raw_cpuid::CpuId;
 use x86::{bits64::vmx, vmx::VmFail};
@@ -9,6 +11,7 @@ use crate::arch::msr::Msr;
 use crate::error::{RvmError, RvmResult};
 use crate::hal::RvmHal;
 
+pub use self::vcpu::VmxVcpu as RvmVcpu;
 pub use self::VmxPerCpuState as ArchPerCpuState;
 
 pub fn has_hardware_support() -> bool {

rvm/src/arch/x86_64/vmx/vcpu.rs

@@ -0,0 +1,267 @@
+use core::fmt::{Debug, Formatter, Result};
+
+use bit_field::BitField;
+use x86::bits64::vmx;
+use x86::dtables::{self, DescriptorTablePointer};
+use x86::segmentation::SegmentSelector;
+use x86_64::registers::control::{Cr0, Cr0Flags, Cr3, Cr4, Cr4Flags};
+
+use super::structs::VmxRegion;
+use super::vmcs::{
+    self, VmcsControl32, VmcsControl64, VmcsControlNW, VmcsGuest16, VmcsGuest32, VmcsGuest64,
+    VmcsGuestNW, VmcsHost16, VmcsHost32, VmcsHost64, VmcsHostNW,
+};
+use super::VmxPerCpuState;
+use crate::arch::{msr::Msr, regs::GeneralRegisters};
+use crate::{RvmHal, RvmResult};
+
+/// A virtual CPU within a guest.
+#[repr(C)]
+pub struct VmxVcpu<H: RvmHal> {
+    guest_regs: GeneralRegisters,
+    vmcs: VmxRegion<H>,
+}
+
+impl<H: RvmHal> VmxVcpu<H> {
+    pub(crate) fn new(percpu: &VmxPerCpuState<H>) -> RvmResult<Self> {
+        let mut vcpu = Self {
+            guest_regs: GeneralRegisters::default(),
+            vmcs: VmxRegion::new(percpu.vmcs_revision_id, false)?,
+        };
+        vcpu.setup_vmcs()?;
+        info!("[RVM] created VmxVcpu(vmcs: {:#x})", vcpu.vmcs.phys_addr());
+        Ok(vcpu)
+    }
+
+    pub fn run(&mut self) {}
+}
+
+// Implementation of private methods
+impl<H: RvmHal> VmxVcpu<H> {
+    fn setup_vmcs(&mut self) -> RvmResult {
+        let paddr = self.vmcs.phys_addr() as u64;
+        unsafe {
+            vmx::vmclear(paddr)?;
+            vmx::vmptrld(paddr)?;
+        }
+        self.setup_vmcs_host()?;
+        self.setup_vmcs_guest()?;
+        self.setup_vmcs_control()?;
+        Ok(())
+    }
+
+    fn setup_vmcs_host(&mut self) -> RvmResult {
+        VmcsHost64::IA32_PAT.write(Msr::IA32_PAT.read())?;
+        VmcsHost64::IA32_EFER.write(Msr::IA32_EFER.read())?;
+
+        VmcsHostNW::CR0.write(Cr0::read_raw() as _)?;
+        VmcsHostNW::CR3.write(Cr3::read_raw().0.start_address().as_u64() as _)?;
+        VmcsHostNW::CR4.write(Cr4::read_raw() as _)?;
+
+        VmcsHost16::ES_SELECTOR.write(x86::segmentation::es().bits())?;
+        VmcsHost16::CS_SELECTOR.write(x86::segmentation::cs().bits())?;
+        VmcsHost16::SS_SELECTOR.write(x86::segmentation::ss().bits())?;
+        VmcsHost16::DS_SELECTOR.write(x86::segmentation::ds().bits())?;
+        VmcsHost16::FS_SELECTOR.write(x86::segmentation::fs().bits())?;
+        VmcsHost16::GS_SELECTOR.write(x86::segmentation::gs().bits())?;
+        VmcsHostNW::FS_BASE.write(Msr::IA32_FS_BASE.read() as _)?;
+        VmcsHostNW::GS_BASE.write(Msr::IA32_GS_BASE.read() as _)?;
+
+        let tr = unsafe { x86::task::tr() };
+        let mut gdtp = DescriptorTablePointer::<u64>::default();
+        let mut idtp = DescriptorTablePointer::<u64>::default();
+        unsafe {
+            dtables::sgdt(&mut gdtp);
+            dtables::sidt(&mut idtp);
+        }
+        VmcsHost16::TR_SELECTOR.write(tr.bits())?;
+        VmcsHostNW::TR_BASE.write(get_tr_base(tr, &gdtp) as _)?;
+        VmcsHostNW::GDTR_BASE.write(gdtp.base as _)?;
+        VmcsHostNW::IDTR_BASE.write(idtp.base as _)?;
+
+        VmcsHostNW::IA32_SYSENTER_ESP.write(0)?;
+        VmcsHostNW::IA32_SYSENTER_EIP.write(0)?;
+        VmcsHost32::IA32_SYSENTER_CS.write(0)?;
+
+        VmcsHostNW::RSP.write(0)?; // TODO
+        VmcsHostNW::RIP.write(0)?; // TODO
+        Ok(())
+    }
+
+    fn setup_vmcs_guest(&mut self) -> RvmResult {
+        let cr0_guest = Cr0Flags::EXTENSION_TYPE | Cr0Flags::NUMERIC_ERROR;
+        let cr0_host_owned =
+            Cr0Flags::NUMERIC_ERROR | Cr0Flags::NOT_WRITE_THROUGH | Cr0Flags::CACHE_DISABLE;
+        let cr0_read_shadow = Cr0Flags::NUMERIC_ERROR;
+        VmcsGuestNW::CR0.write(cr0_guest.bits() as _)?;
+        VmcsControlNW::CR0_GUEST_HOST_MASK.write(cr0_host_owned.bits() as _)?;
+        VmcsControlNW::CR0_READ_SHADOW.write(cr0_read_shadow.bits() as _)?;
+
+        let cr4_guest = Cr4Flags::VIRTUAL_MACHINE_EXTENSIONS;
+        let cr4_host_owned = Cr4Flags::VIRTUAL_MACHINE_EXTENSIONS;
+        let cr4_read_shadow = 0;
+        VmcsGuestNW::CR4.write(cr4_guest.bits() as _)?;
+        VmcsControlNW::CR4_GUEST_HOST_MASK.write(cr4_host_owned.bits() as _)?;
+        VmcsControlNW::CR4_READ_SHADOW.write(cr4_read_shadow)?;
+
+        macro_rules! set_guest_segment {
+            ($seg: ident, $access_rights: expr) => {{
+                use VmcsGuest16::*;
+                use VmcsGuest32::*;
+                use VmcsGuestNW::*;
+                concat_idents!($seg, _SELECTOR).write(0)?;
+                concat_idents!($seg, _BASE).write(0)?;
+                concat_idents!($seg, _LIMIT).write(0xffff)?;
+                concat_idents!($seg, _ACCESS_RIGHTS).write($access_rights)?;
+            }};
+        }
+
+        set_guest_segment!(ES, 0x93); // 16-bit, present, data, read/write, accessed
+        set_guest_segment!(CS, 0x9b); // 16-bit, present, code, exec/read, accessed
+        set_guest_segment!(SS, 0x93);
+        set_guest_segment!(DS, 0x93);
+        set_guest_segment!(FS, 0x93);
+        set_guest_segment!(GS, 0x93);
+        set_guest_segment!(TR, 0x8b); // present, system, 32-bit TSS busy
+        set_guest_segment!(LDTR, 0x82); // present, system, LDT
+
+        VmcsGuestNW::GDTR_BASE.write(0)?;
+        VmcsGuest32::GDTR_LIMIT.write(0xffff)?;
+        VmcsGuestNW::IDTR_BASE.write(0)?;
+        VmcsGuest32::IDTR_LIMIT.write(0xffff)?;
+
+        VmcsGuestNW::CR3.write(0)?;
+        VmcsGuestNW::DR7.write(0x400)?;
+        VmcsGuestNW::RSP.write(0)?;
+        VmcsGuestNW::RIP.write(0)?; // TODO
+        VmcsGuestNW::RFLAGS.write(0x2)?;
+        VmcsGuestNW::PENDING_DBG_EXCEPTIONS.write(0)?;
+        VmcsGuestNW::IA32_SYSENTER_ESP.write(0)?;
+        VmcsGuestNW::IA32_SYSENTER_EIP.write(0)?;
+        VmcsGuest32::IA32_SYSENTER_CS.write(0)?;
+
+        VmcsGuest32::INTERRUPTIBILITY_STATE.write(0)?;
+        VmcsGuest32::ACTIVITY_STATE.write(0)?;
+        VmcsGuest32::VMX_PREEMPTION_TIMER_VALUE.write(0)?;
+
+        VmcsGuest64::LINK_PTR.write(u64::MAX)?; // SDM Vol. 3C, Section 24.4.2
+        VmcsGuest64::IA32_DEBUGCTL.write(0)?;
+        VmcsGuest64::IA32_PAT.write(Msr::IA32_PAT.read())?;
+        VmcsGuest64::IA32_EFER.write(0)?;
+        Ok(())
+    }
+
+    fn setup_vmcs_control(&mut self) -> RvmResult {
+        // Intercept NMI, pass-through external interrupts.
+        use super::vmcs::controls::*;
+        use PinbasedControls as PinCtrl;
+        vmcs::set_control(
+            VmcsControl32::PINBASED_EXEC_CONTROLS,
+            Msr::IA32_VMX_TRUE_PINBASED_CTLS,
+            Msr::IA32_VMX_PINBASED_CTLS.read() as u32,
+            PinCtrl::NMI_EXITING.bits(),
+            0,
+        )?;
+
+        // Activate secondary controls, disable CR3 load/store interception.
+        use PrimaryControls as CpuCtrl;
+        vmcs::set_control(
+            VmcsControl32::PRIMARY_PROCBASED_EXEC_CONTROLS,
+            Msr::IA32_VMX_TRUE_PROCBASED_CTLS,
+            Msr::IA32_VMX_PROCBASED_CTLS.read() as u32,
+            CpuCtrl::SECONDARY_CONTROLS.bits(),
+            (CpuCtrl::CR3_LOAD_EXITING | CpuCtrl::CR3_STORE_EXITING).bits(),
+        )?;
+
+        // Enable RDTSCP, INVPCID.
+        use SecondaryControls as CpuCtrl2;
+        vmcs::set_control(
+            VmcsControl32::SECONDARY_PROCBASED_EXEC_CONTROLS,
+            Msr::IA32_VMX_PROCBASED_CTLS2,
+            0,
+            (CpuCtrl2::ENABLE_RDTSCP | CpuCtrl2::ENABLE_INVPCID).bits(),
+            0,
+        )?;
+
+        // Switch to 64-bit host, switch IA32_PAT/IA32_EFER on VM exit.
+        use ExitControls as ExitCtrl;
+        vmcs::set_control(
+            VmcsControl32::VMEXIT_CONTROLS,
+            Msr::IA32_VMX_TRUE_EXIT_CTLS,
+            Msr::IA32_VMX_EXIT_CTLS.read() as u32,
+            (ExitCtrl::HOST_ADDRESS_SPACE_SIZE
+                | ExitCtrl::SAVE_IA32_PAT
+                | ExitCtrl::LOAD_IA32_PAT
+                | ExitCtrl::SAVE_IA32_EFER
+                | ExitCtrl::LOAD_IA32_EFER)
+                .bits(),
+            0,
+        )?;
+
+        // Load guest IA32_PAT/IA32_EFER on VM entry.
+        use EntryControls as EntryCtrl;
+        vmcs::set_control(
+            VmcsControl32::VMENTRY_CONTROLS,
+            Msr::IA32_VMX_TRUE_ENTRY_CTLS,
+            Msr::IA32_VMX_ENTRY_CTLS.read() as u32,
+            (EntryCtrl::LOAD_IA32_PAT | EntryCtrl::LOAD_IA32_EFER).bits(),
+            0,
+        )?;
+
+        // No MSR switches if hypervisor doesn't use and there is only one vCPU.
+        VmcsControl32::VMEXIT_MSR_STORE_COUNT.write(0)?;
+        VmcsControl32::VMEXIT_MSR_LOAD_COUNT.write(0)?;
+        VmcsControl32::VMENTRY_MSR_LOAD_COUNT.write(0)?;
+
+        // Pass-through exceptions, I/O instructions, and MSR read/write.
+        VmcsControl32::EXCEPTION_BITMAP.write(0)?;
+        VmcsControl64::IO_BITMAP_A_ADDR.write(0)?;
+        VmcsControl64::IO_BITMAP_B_ADDR.write(0)?;
+        VmcsControl64::MSR_BITMAPS_ADDR.write(0)?; // TODO
+        Ok(())
+    }
+}
+
+impl<H: RvmHal> Drop for VmxVcpu<H> {
+    fn drop(&mut self) {
+        unsafe { vmx::vmclear(self.vmcs.phys_addr() as u64).unwrap() };
+        info!("[RVM] dropped VmxVcpu(vmcs: {:#x})", self.vmcs.phys_addr());
+    }
+}
+
+fn get_tr_base(tr: SegmentSelector, gdt: &DescriptorTablePointer<u64>) -> u64 {
+    let index = tr.index() as usize;
+    let table_len = (gdt.limit as usize + 1) / core::mem::size_of::<u64>();
+    let table = unsafe { core::slice::from_raw_parts(gdt.base, table_len) };
+    let entry = table[index];
+    if entry & (1 << 47) != 0 {
+        // present
+        let base_low = entry.get_bits(16..40) | entry.get_bits(56..64) << 24;
+        let base_high = table[index + 1] & 0xffff_ffff;
+        base_low | base_high << 32
+    } else {
+        // no present
+        0
+    }
+}
+
+impl<H: RvmHal> Debug for VmxVcpu<H> {
+    fn fmt(&self, f: &mut Formatter) -> Result {
+        (|| -> RvmResult<Result> {
+            Ok(f.debug_struct("VmxVcpu")
+                .field("guest_regs", &self.guest_regs)
+                .field("rip", &VmcsGuestNW::RIP.read()?)
+                .field("rsp", &VmcsGuestNW::RSP.read()?)
+                .field("rflags", &VmcsGuestNW::RFLAGS.read()?)
+                .field("cr0", &VmcsGuestNW::CR0.read()?)
+                .field("cr3", &VmcsGuestNW::CR3.read()?)
+                .field("cr4", &VmcsGuestNW::CR4.read()?)
+                .field("cs", &VmcsGuest16::CS_SELECTOR.read()?)
+                .field("fs_base", &VmcsGuestNW::FS_BASE.read()?)
+                .field("gs_base", &VmcsGuestNW::GS_BASE.read()?)
+                .field("tss", &VmcsGuest16::TR_SELECTOR.read()?)
+                .finish())
+        })()
+        .unwrap()
+    }
+}