fix(vcpu): Don't treat KVM_EXIT_{SHUTDOWN,HLT} as successful termination

This is almost a pure revert of commit 3a9a1ac ("exit with success
code on certain KVM_EXIT events") which added code that treats
KVM_EXIT_SHUTDOWN and KVM_EXIT_HLT as successful VM terminations.

KVM_EXIT_SHUTDOWN is an exit code that KVM uses when an x86 CPU triple
faults.

KVM_EXIT_HLT is the exit code that KVM uses when the guest executes a
HALT x86 instruction and KVM doesn't emulate the irqchip. Since we're
using the in-kernel irqchip we should never see a KVM_EXIT_HLT exit, as
HALT instructions are emulated by KVM and do not cause userspace exits.

Do not return Ok(VcpuEmulation::Stopped) for these exit types since that
ends up propagating an FcExitCode::Ok code to the main thread, even
though these are abnormal terminations (especially the triple-fault
one).

Remove special handling for these x86-specific exit reasons and treat
them as any other unexpected exit reason.

Also, replace an incorrect comment that says that vCPUs exit with
KVM_EXIT_SHUTDOWN or KVM_EXIT_HLT when the guest issues a reboot. On x86
the guest asks for a CPU reset via the i8042 controller which
Firecracker intercepts and kills the VM. On ARM KVM exits to userspace
with the reason KVM_EXIT_SYSTEM_EVENT (which we already handle
correctly).

Fixes: 3a9a1ac ("exit with success code on certain KVM_EXIT events")
Signed-off-by: Ilias Stamatis <[email protected]>

Author: ilstam

src/vmm/src/vstate/vcpu.rs

@@ -226,10 +226,9 @@ impl Vcpu {
                 Ok(VcpuEmulation::Handled) => (),
                 // Emulation was interrupted, check external events.
                 Ok(VcpuEmulation::Interrupted) => break,
-                // If the guest was rebooted or halted:
-                // - vCPU0 will always exit out of `KVM_RUN` with KVM_EXIT_SHUTDOWN or KVM_EXIT_HLT.
-                // - the other vCPUs won't ever exit out of `KVM_RUN`, but they won't consume CPU.
-                // So we pause vCPU0 and send a signal to the emulation thread to stop the VMM.
+                // The guest requested a SHUTDOWN or RESET. This is ARM
+                // specific. On x86 the i8042 emulation signals the main thread
+                // directly without calling Vcpu::exit().
                 Ok(VcpuEmulation::Stopped) => return self.exit(FcExitCode::Ok),
                 // If the emulation requests a pause lets do this
                 #[cfg(feature = "gdb")]
@@ -440,14 +439,6 @@ fn handle_kvm_exit(
                 }
                 Ok(VcpuEmulation::Handled)
             }
-            VcpuExit::Hlt => {
-                info!("Received KVM_EXIT_HLT signal");
-                Ok(VcpuEmulation::Stopped)
-            }
-            VcpuExit::Shutdown => {
-                info!("Received KVM_EXIT_SHUTDOWN signal");
-                Ok(VcpuEmulation::Stopped)
-            }
             // Documentation specifies that below kvm exits are considered
             // errors.
             VcpuExit::FailEntry(hardware_entry_failure_reason, cpu) => {
@@ -697,10 +688,19 @@ pub(crate) mod tests {
     fn test_handle_kvm_exit() {
         let (_, _, mut vcpu) = setup_vcpu(0x1000);
         let res = handle_kvm_exit(&mut vcpu.kvm_vcpu.peripherals, Ok(VcpuExit::Hlt));
-        assert_eq!(res.unwrap(), VcpuEmulation::Stopped);
+        assert_eq!(
+            format!("{:?}", res.unwrap_err()),
+            format!("{:?}", EmulationError::UnhandledKvmExit("Hlt".to_string()))
+        );
 
         let res = handle_kvm_exit(&mut vcpu.kvm_vcpu.peripherals, Ok(VcpuExit::Shutdown));
-        assert_eq!(res.unwrap(), VcpuEmulation::Stopped);
+        assert_eq!(
+            format!("{:?}", res.unwrap_err()),
+            format!(
+                "{:?}",
+                EmulationError::UnhandledKvmExit("Shutdown".to_string())
+            )
+        );
 
         let res = handle_kvm_exit(
             &mut vcpu.kvm_vcpu.peripherals,