GitLab

Changed to use macro accessor in lcd_arch. I think
this is less confusing and less bug prone. So,
to access lcd's utcb, do:

struct lcd_utcb *utcb;
utcb = LCD_ARCH_GET_UTCB(vcpu);

(Code before relied on free ept to free memory. But
this could be confusing and hard to debug in the future...)

Just clears the ept entry.

arch/x86/lcd-domains/...
-- Fixed program counter and stack pointer initialization
-- Added guest virtual paging pointer modifier routine

include/lcd-domains/lcd-domains.h
-- Added the minimum amount of data for guest virtual paging
   setup

virt/lcd-domains/lcd-domains.c
-- Added general routines for lcd create / destroy.
-- Moved mm code to this file (to avoid future name clashes and
   be more self contained ... is this why kernel source files are
   so big?)
-- Added general routine for initializing an lcd's gva.
-- Re-factored blob initialization to use mm routines. Documented
   memory layout in the source code.

Problem: I'm relying heavily on the ept tear down to free any
memory mapped in there. But this is getting ugly ... Next step:
Write quick routines to properly unmap and explicitly free memory.

User code calls ioctl with LCD_RUN_BLOB ioctl number and
lcd_blob_info (containing userspace address of blob and
blob order) -- defined in public include/linux/lcd-domains.h.

The blob must be N pages, and N must be a power of 2 (for
easy driver code). blob_order = log2(N). The blob consists
of machine instructions that are loaded in the lcd and
executed. The machine instructions cannot access any memory,
including the stack (for now, until gv paging is in place).

-- Added lcd_arch_set_pc for setting the lcd's program counter.
-- Added driver code in lcd-domains.c for handling the ioctl
   request, loading the blob from user space into a fresh lcd,
   and running the lcd (in a loop).

Some data structures in struct lcd_arch are mapped in
the ept (so that the lcd has access to them). When the
ept is freed, these data structures are freed.

All tests passing now for lcd_arch_create.

Successful build and insmod on emulab, but errors when trying
to create lcd (perhaps errors mapping in ept). Regression tests
should help and save debugging time in future.

(forgot to git add utcb header)

Syscall (hypercall?) codes are in include/lcd-domains/syscall.h.

Added syscall code accessor macro to lcd-domains-arch.h.

Fixed capability register accessor macros to use %rbx.

Simple name changes and slightly different access pattern
for ipc registers. Updated headers and code. Removed ipc.h
header for now.

For portability and speed, arch-indep code should use arch-dep macros
(in lcd-domains-arch.h) for accessing message registers.

For x86, lcd does ipc by populating the appropriate message registers
and executing a vmcall. For now, we assume the only reason an lcd
would execute a vmcall is for ipc.

Set up new header files, under include/lcd-domains/
-- lcd-domains.h: main include, contains struct lcd
-- ipc.h: struct lcd_ipc_regs, for message registers

Updated virt/lcd/lcd-domains.c to use new headers.

Updated arch-dep code to use new struct lcd_ipc_regs.
struct lcd_arch contains a pointer to the allocated
page for stack / ipc registers. struct lcd (arch-indep)
contains a pointer to the same memory (so that the
arch-indep code can access the ipc regs directly if
it wishes).

Message registers should be accessed through arch-dep
macros (to be implemented next) for portability and
speed (some of the message registers will be
implemented using machine regs, so the message registers
in struct lcd_ipc_regs are `shadows').

Message register design based on seL4. See seL4 manual,
4.1.

Stack / ipc registers buffer initialized and mapped
in guest physical.

lcd_arch_ept_map_gpa_to_hpa
-- simple routine combining effects of ept walk and set
-- part of arch-dep public interface

Added mapping code to gdt init and tss init, and some
documentation for those routines.

Starting code for stack initialization (should be
simple).

vmx_pack_desc
-- load base, limit, type, etc. into a segment descriptor

vmx_init_gdt
-- loads base, limit, etc. for code, data, and tss segment
   descriptors in gdt

Address space layout includes tss, gdt, ipc registers, and small
stack. See lcd-domains-arch.h.
-- a tss may be required (not sure) while running in non-root,
   even though a stack switch does not occur
-- a gdt may also be required (even though all info is written in
   the hidden part of the segment registers); again, not sure

4 KBs is reserved for an IDT if it is needed (not mapped or
allocated).

GDT layout given in lcd-domains-arch.h. (GDT build code to
be implemented / copied over next.)

LDT is not used (so no need to load access rights, etc.). It
is marked as unusable.

Fixed segment register limit fields. These must be 32 bits and
are always byte granularity. The granularity field in the
access rights bits is confusing (see Intel SDM V3 26.3.1.2).

vmx_free_ept
-- frees all memory associated with extended
   page tables (paging structures and mapped
   physical mem)

vmx_free_ept_dir_level
-- frees all memory associated with an epte
   at a level in the hierarchy
-- uses shallow recursion to make the code
   more readable

Simple updates to some of the EPT macros.

lcd_arch_epte_t type for arch abstraction.

lcd_arch_ept_walk
-- simple lookup of ept entry
-- optionally allocate ept data structures
   along the way

lcd_arch_ept_set
-- set the host physical address in the
   (final level) ept entry, along with
   default flags

lcd_arch_ept_hpa
-- returns host physical address stored in
   an ept entry

Remaining old code will be put in arch-indep
code.

This is necessary for e.g. the emulab machines (loads /
stores to cr3 are not allowed in non-root, so must be
handled by hypervisor). Code simply copies values between
fields in lcd data structure.

Removed the `auto' memory alloc and map from the
original handler. The new handler is simple for now;
it just reads the guest virtual and physical addresses
involved in the fault. The arch-indepent code will be
responsible for deciding what to do.

vmx_handle_external_intr
-- pretty much a straight copy over of the old code,
   but with comments
-- one big difference: interrupts are assumed to be
   enabled when this routine is called (I can't see
   how kvm is allowing the handling of external interrupts
   because it disables them when it enters vmx non-root.
   See the kvm code in x86.c:vcpu_enter_guest.)

lcd_arch_run:
-- disables kernel preemption while lcd is running
-- simple switch on vmx exit conditions

vmx_handle_exception_nmi
-- for nmi's and exceptions generated by lcd

vmx_handle_hard_exception
-- for `hardware exceptions': page faults, traps,
   machine checks

-- Moved some vmx-specific data structures into implementation file.
-- lcd_vmx_* => lcd_arch_*
-- updated virt/lcd/lcd-domains.c

lcd_destroy => lcd_vmx_destroy. Pretty much a straight
copy over, but removed some unneeded code.

Conditional compilation on number of autoload msr's.

Untested.

vmx_setup_vmcs ==> vmx_setup_vmcs_guest_settings and
vmx_setup_vmcs_host.

vmx_setup_vmcs_guest_settings
-- execution control (e.g., interrupt handling)
-- ept pointer
-- %cr0 and %cr4 access control

vmx_setup_vmcs_guest_regs
-- initial %cr0, %cr4
-- segmentation--bases, limits, selectors
-- guest EFER (long mode enabled, no syscall/sysret)
-- initial activity and interrupt state

vmx_setup_vmcs_host
-- control and segmentation regs
-- host EFER
-- no saving of syscall/sysret msrs since these are
   disabled in guest
-- no page attribute table

lcd_create --> lcd_vmx_create, with a lot of code
re-factored or removed for now, to keep it simple
(no gdt, idt, isr, paging bitmap, address space
init, etc.).
-- basic ept initialization
-- vmcs loading on a cpu
   -- re-factored __vmx_setup_cpu to use built-in
      segment descriptor access functions in desc.h
   -- removed host sys_enter storage, since this
      msr is disabled right now anyway
   -- more doc to understand vmcs load process

Added straight copy from old code of lcd_vmx_exit.

Shifted lcd_vmx_init and lcd_vmx_exit to
arch/x86/include/asm/lcd-vmx.h. Ideally, if we want
this to be arch-independent, probably want to change
header to asm/lcd.h, and routines to lcd_arch_init
and lcd_arch_exit, or something similar.

Two components to the lcd build now:
-- arch/x86/lcd/Makefile: for building x86 lcd code
-- virt/lcd/Makefile: for building arch-indep lcd code

Modified the build system just slightly for a cleaner
build:
-- virt/ directory treated like ipc/, usr/, etc. directories
-- added Kconfig and Makefile to virt/, mirroring drivers/
-- updated top-level Makefile to include virt/ as vmlinux
   directory / dependency, so build system will recur into
   virt/
-- updated arch/x86/Kconfig to include virt/Kconfig, so it
   will be included as a menu item
-- updated arch/x86/Kbuild to include arch/x86/lcd/

Removed old capabilities code in cap/.

Removed lcd syscall.

Temporarily turned off build for drivers/lcd.

Fixed most bugs in lcd-vmx (still need to do lcd_vmx_exit).
-- minor naming issues in lcd-vmx.h
-- straight copy over of vmx_disable_intercepts_for_msr,
   but with more doc
-- removed VMX_EPT_INDIVIDUAL_ADDR macro from vmx.h (where
   did this come from? it's not documented in the intel manual,
   nor is it used in kvm)

Added a few missing macros to arch/x86/include/vmx.h,
and RESERVED masks for easily determining which bits
in a vmx control are reserved (needed in adjust_vmx_controls).

Re-factored setup_vmcs_config and adjust_vmx_controls.
setup_vmcs_config does pretty much the same thing, but it
fails immediately if a control isn't available --
adjust_vmx_controls confirms that the exact desired
controls are available, and sets the reserved bits to
1 or 0 as needed. Cleaner comments and organization.
Re-factored the vmx basic settings to
vmcs_config_basic_settings.

Removed some of the vmx feature check code that was in
the original lcd_vmx_init, as setup_vmcs_config now does
that.

Essentially a straight copy over of:

-- __vmx_enable
-- vmx_enable
-- vmx_disable
-- vmx_free_vmxon_areas
-- __vmxon
-- __vmxoff

The only difference is I shifted tbl and cache
invalidation to vmx_enable (originally in __vmx_enable)
and added some comments.

Straight copy over of
-- vmx_alloc_vmcs
-- vmx_free_vmcs
-- invvpid, invept code, with slight renaming

Arch-dependent code will go in arch/x86/lcd, and the
header(s) will reside in arch/x86/include/asm.

For now, I have only moved some of the arch-dependent
junk that was in include/lcd/lcd.h into
arch/x86/include/asm/lcd-vmx.h.