Add support for KVM_EXIT_MEMORY_FAULT

MatiasVara · tylerfanelli · commit c2b62112b50b · 2025-04-05T23:18:49.000-04:00
The KVM_EXIT_MEMORY_FAULT vmexit is triggered when guest wants to switch
a region of memory from private to shared and viceversa. To support this
when tee is enabled, add an extra thread named sender_io that gets the
parameters from the vcpu thread and triggers the
set_memory_properties(). The vcpu fd is owned only by this thread.

Signed-off-by: Matias Ezequiel Vara Larsen &lt;mvaralar@redhat.com&gt;
diff --git a/src/vmm/src/builder.rs b/src/vmm/src/builder.rs
@@ -3,6 +3,8 @@
 
 //! Enables pre-boot setup, instantiation and booting of a Firecracker VMM.
 
+#[cfg(feature = "tee")]
+use crate::vstate::MemProperties;
 #[cfg(target_os = "macos")]
 use crossbeam_channel::unbounded;
 
@@ -697,6 +699,8 @@ pub fn build_microvm(
             &guest_memory,
             payload_config.entry_addr,
             &exit_evt,
+            #[cfg(feature = "tee")]
+            io_sender,
         )
         .map_err(StartMicrovmError::Internal)?;
 
@@ -1464,13 +1468,16 @@ fn create_vcpus_aarch64(
     guest_mem: &GuestMemoryMmap,
     entry_addr: GuestAddress,
     exit_evt: &EventFd,
+    #[cfg(feature = "tee")] sender_io: Sender<MemProperties>,
 ) -> super::Result<Vec<Vcpu>> {
     let mut vcpus = Vec::with_capacity(vcpu_config.vcpu_count as usize);
     for cpu_index in 0..vcpu_config.vcpu_count {
         let mut vcpu = Vcpu::new_aarch64(
             cpu_index,
             vm.fd(),
             exit_evt.try_clone().map_err(Error::EventFd)?,
+            #[cfg(feature = "tee")]
+            sender_io.clone(),
         )
         .map_err(Error::Vcpu)?;
 
diff --git a/src/vmm/src/linux/vstate.rs b/src/vmm/src/linux/vstate.rs
@@ -13,6 +13,12 @@ use std::io;
 
 use std::os::unix::io::RawFd;
 
+#[cfg(feature = "tee")]
+use kvm_ioctls::VcpuExit::Unsupported;
+
+use std::sync::Arc;
+use std::sync::Mutex;
+
 use std::result;
 use std::sync::atomic::{fence, Ordering};
 #[cfg(not(test))]
@@ -39,14 +45,14 @@ use kvm_bindings::{
     KVM_CLOCK_TSC_STABLE, KVM_IRQCHIP_IOAPIC, KVM_IRQCHIP_PIC_MASTER, KVM_IRQCHIP_PIC_SLAVE,
     KVM_MAX_CPUID_ENTRIES,
 };
+#[cfg(feature = "tee")]
 use kvm_bindings::{
-    kvm_create_guest_memfd, kvm_memory_attributes, kvm_userspace_memory_region,
-    kvm_userspace_memory_region2, KVM_API_VERSION, KVM_MEMORY_ATTRIBUTE_PRIVATE,
-    KVM_MEM_GUEST_MEMFD,
+    kvm_create_guest_memfd, kvm_memory_attributes, kvm_userspace_memory_region2, KVM_API_VERSION,
+    KVM_MEMORY_ATTRIBUTE_PRIVATE, KVM_MEMORY_EXIT_FLAG_PRIVATE, KVM_MEM_GUEST_MEMFD, KVM_EXIT_MEMORY_FAULT
 };
-#[cfg(feature = "tee")]
-use kvm_bindings::{kvm_enable_cap, KVM_CAP_EXIT_HYPERCALL};
-use kvm_ioctls::{Cap::*, *};
+#[cfg(not(feature = "tee"))]
+use kvm_bindings::{kvm_userspace_memory_region, KVM_API_VERSION};
+use kvm_ioctls::*;
 use utils::eventfd::EventFd;
 use utils::signal::{register_signal_handler, sigrtmin, Killable};
 use utils::sm::StateMachine;
@@ -771,6 +777,13 @@ pub struct VcpuConfig {
     pub cpu_template: Option<CpuFeaturesTemplate>,
 }
 
+#[cfg(feature = "tee")]
+pub struct MemProperties {
+    pub addr: u64,
+    pub size: u64,
+    pub attributes: u32,
+}
+
 // Using this for easier explicit type-casting to help IDEs interpret the code.
 type VcpuCell = Cell<Option<*mut Vcpu>>;
 
@@ -793,6 +806,10 @@ pub struct Vcpu {
     #[cfg(target_arch = "aarch64")]
     mpidr: u64,
 
+    // The transmitting end of the events channel which will be given to the vcpu side
+    #[cfg(feature = "tee")]
+    sender_io: Sender<MemProperties>,
+
     // The receiving end of events channel owned by the vcpu side.
     event_receiver: Receiver<VcpuEvent>,
     // The transmitting end of the events channel which will be given to the handler.
@@ -940,7 +957,12 @@ impl Vcpu {
     /// * `exit_evt` - An `EventFd` that will be written into when this vcpu exits.
     /// * `create_ts` - A timestamp used by the vcpu to calculate its lifetime.
     #[cfg(target_arch = "aarch64")]
-    pub fn new_aarch64(id: u8, vm_fd: &VmFd, exit_evt: EventFd) -> Result<Self> {
+    pub fn new_aarch64(
+        id: u8,
+        vm_fd: &VmFd,
+        exit_evt: EventFd,
+        #[cfg(feature = "tee")] sender_io: Sender<MemProperties>,
+    ) -> Result<Self> {
         let kvm_vcpu = vm_fd.create_vcpu(id as u64).map_err(Error::VcpuFd)?;
         let (event_sender, event_receiver) = unbounded();
         let (response_sender, response_receiver) = unbounded();
@@ -955,6 +977,8 @@ impl Vcpu {
             event_sender: Some(event_sender),
             response_receiver: Some(response_receiver),
             response_sender,
+            #[cfg(feature = "tee")]
+            sender_io,
         })
     }
 
@@ -1266,16 +1290,44 @@ impl Vcpu {
                     info!("Received KVM_EXIT_SHUTDOWN signal");
                     Ok(VcpuEmulation::Stopped)
                 }
+                #[cfg(feature = "tee")]
+                VcpuExit::MemoryFault { flags, gpa, size } => {
+                    if flags & !KVM_MEMORY_EXIT_FLAG_PRIVATE as u64 != 0 {
+                        error!("KVM_EXIT_MEMORY_FAULT: Unknown flag {}", flags);
+                        Err(Error::VcpuUnhandledKvmExit)
+                    } else {
+                        // from private to shared
+                        let mut attr = 0;
+                        // from shared to private
+                        if flags & KVM_MEMORY_EXIT_FLAG_PRIVATE as u64
+                            == KVM_MEMORY_EXIT_FLAG_PRIVATE as u64
+                        {
+                            attr = KVM_MEMORY_ATTRIBUTE_PRIVATE;
+                        };
+
+                        let _ = self.sender_io.try_send(MemProperties {
+                            addr: gpa,
+                            size,
+                            attributes: attr,
+                        });
+                        Ok(VcpuEmulation::Handled)
+                    }
+                }
+                // Documentation specifices that when KVM exists with KVM_EXIT_MEMORY_FAULT,
+                // userspace should assume kvm_run.exit_reason is stale/undefined for error numbers
+                // different than EFAULT or EHWPOISON
+                #[cfg(feature = "tee")]
+                Unsupported(KVM_EXIT_MEMORY_FAULT) => Ok(VcpuEmulation::Handled),
+                VcpuExit::InternalError => {
+                    error!("Received KVM_EXIT_INTERNAL_ERROR signal");
+                    Err(Error::VcpuUnhandledKvmExit)
+                }
                 // Documentation specifies that below kvm exits are considered
                 // errors.
                 VcpuExit::FailEntry(reason, vcpu) => {
                     error!("Received KVM_EXIT_FAIL_ENTRY signal: reason={reason}, vcpu={vcpu}");
                     Err(Error::VcpuUnhandledKvmExit)
                 }
-                VcpuExit::InternalError => {
-                    error!("Received KVM_EXIT_INTERNAL_ERROR signal");
-                    Err(Error::VcpuUnhandledKvmExit)
-                }
                 r => {
                     // TODO: Are we sure we want to finish running a vcpu upon
                     // receiving a vm exit that is not necessarily an error?
