MSR

Signed-off-by: Ludvig Liljenberg <[email protected]>

Author: ludfjig

Cargo.lock

@@ -75,8 +75,8 @@ windows-version = "0.1"
 lazy_static = "1.4.0"
 
 [target.'cfg(unix)'.dependencies]
-kvm-bindings = { version = "0.14", features = ["fam-wrappers"], optional = true }
-kvm-ioctls = { version = "0.24", optional = true }
+kvm-bindings = { path = "../../../kvm/kvm-bindings", features = ["fam-wrappers"], optional = true }
+kvm-ioctls = { path = "../../../kvm/kvm-ioctls", optional = true }
 mshv-bindings = { version = "0.6", optional = true }
 mshv-ioctls = { version = "0.6", optional = true}
 

src/hyperlight_host/Cargo.toml

@@ -144,6 +144,14 @@ pub enum HyperlightError {
     #[error("Memory Allocation Failed with OS Error {0:?}.")]
     MemoryAllocationFailed(Option<i32>),
 
+    /// MSR Read Violation - Guest attempted to read from a Model-Specific Register
+    #[error("Guest attempted to read from MSR {0:#x} which is not allowed")]
+    MsrReadViolation(u32),
+
+    /// MSR Write Violation - Guest attempted to write to a Model-Specific Register
+    #[error("Guest attempted to write {1:#x} to MSR {0:#x} which is not allowed")]
+    MsrWriteViolation(u32, u64),
+
     /// Memory Protection Failed
     #[error("Memory Protection Failed with OS Error {0:?}.")]
     MemoryProtectionFailed(Option<i32>),
@@ -322,7 +330,9 @@ impl HyperlightError {
             | HyperlightError::PoisonedSandbox
             | HyperlightError::ExecutionAccessViolation(_)
             | HyperlightError::StackOverflow()
-            | HyperlightError::MemoryAccessViolation(_, _, _) => true,
+            | HyperlightError::MemoryAccessViolation(_, _, _)
+            | HyperlightError::MsrReadViolation(_)
+            | HyperlightError::MsrWriteViolation(_, _) => true,
 
             // All other errors do not poison the sandbox.
             HyperlightError::AnyhowError(_)

src/hyperlight_host/src/error.rs

@@ -46,7 +46,7 @@ use crate::hypervisor::hyperv_linux::MshvVm;
 use crate::hypervisor::hyperv_windows::WhpVm;
 #[cfg(kvm)]
 use crate::hypervisor::kvm::KvmVm;
-use crate::hypervisor::regs::CommonSpecialRegisters;
+use crate::hypervisor::regs::{CommonDebugRegs, CommonSpecialRegisters};
 use crate::hypervisor::vm::{Vm, VmExit};
 #[cfg(target_os = "windows")]
 use crate::hypervisor::wrappers::HandleWrapper;
@@ -116,6 +116,8 @@ impl HyperlightVm {
             None => return Err(NoHypervisorFound()),
         };
 
+        vm.enable_msr_intercept()?;
+
         for (i, region) in mem_regions.iter().enumerate() {
             // Safety: slots are unique and region points to valid memory since we created the regions
             unsafe { vm.map_memory((i as u32, region))? };
@@ -532,6 +534,12 @@ impl HyperlightVm {
                         }
                     }
                 }
+                Ok(VmExit::MsrRead(msr_index)) => {
+                    break Err(HyperlightError::MsrReadViolation(msr_index));
+                }
+                Ok(VmExit::MsrWrite { msr_index, value }) => {
+                    break Err(HyperlightError::MsrWriteViolation(msr_index, value));
+                }
                 Ok(VmExit::Cancelled()) => {
                     // If cancellation was not requested for this specific guest function call,
                     // the vcpu was interrupted by a stale cancellation from a previous call
@@ -592,6 +600,16 @@ impl HyperlightVm {
         self.interrupt_handle.clone()
     }
 
+    pub(crate) fn reset_vcpu(&self) -> Result<()> {
+        self.vm.set_regs(&CommonRegisters::default())?;
+        self.vm.set_sregs(&CommonSpecialRegisters::default())?;
+        self.vm.set_fpu(&CommonFpu::default())?;
+        self.vm.set_xsave(&[0; 1024])?;
+        self.vm.set_debug_regs(&CommonDebugRegs::default())?;
+        // TODO reset MSRs
+        Ok(())
+    }
+
     #[cfg(gdb)]
     fn handle_debug(
         &mut self,

src/hyperlight_host/src/hypervisor/hyperlight_vm.rs

@@ -21,16 +21,22 @@ use std::sync::LazyLock;
 #[cfg(gdb)]
 use mshv_bindings::{DebugRegisters, hv_message_type_HVMSG_X64_EXCEPTION_INTERCEPT};
 use mshv_bindings::{
-    hv_message_type, hv_message_type_HVMSG_GPA_INTERCEPT, hv_message_type_HVMSG_UNMAPPED_GPA,
+    HV_INTERCEPT_ACCESS_MASK_READ, HV_INTERCEPT_ACCESS_MASK_WRITE, HV_INTERCEPT_ACCESS_READ,
+    HV_INTERCEPT_ACCESS_WRITE, XSave, hv_intercept_type_HV_INTERCEPT_TYPE_X64_MSR, hv_message_type,
+    hv_message_type_HVMSG_GPA_INTERCEPT, hv_message_type_HVMSG_UNMAPPED_GPA,
     hv_message_type_HVMSG_X64_HALT, hv_message_type_HVMSG_X64_IO_PORT_INTERCEPT,
+    hv_message_type_HVMSG_X64_MSR_INTERCEPT,
     hv_partition_property_code_HV_PARTITION_PROPERTY_SYNTHETIC_PROC_FEATURES,
     hv_partition_synthetic_processor_features, hv_register_assoc,
-    hv_register_name_HV_X64_REGISTER_RIP, hv_register_value, mshv_user_mem_region,
+    hv_register_name_HV_X64_REGISTER_RIP, hv_register_value, mshv_install_intercept,
+    mshv_user_mem_region,
 };
 use mshv_ioctls::{Mshv, VcpuFd, VmFd};
 use tracing::{Span, instrument};
 
-use crate::hypervisor::regs::{CommonFpu, CommonRegisters, CommonSpecialRegisters};
+use crate::hypervisor::regs::{
+    CommonDebugRegs, CommonFpu, CommonRegisters, CommonSpecialRegisters,
+};
 use crate::hypervisor::vm::{Vm, VmExit};
 use crate::mem::memory_region::{MemoryRegion, MemoryRegionFlags};
 use crate::{Result, new_error};
@@ -82,7 +88,6 @@ impl MshvVm {
         };
 
         let vcpu_fd = vm_fd.create_vcpu(0)?;
-
         Ok(Self { vm_fd, vcpu_fd })
     }
 }
@@ -114,12 +119,32 @@ impl Vm for MshvVm {
         Ok(())
     }
 
-    #[cfg(crashdump)]
     fn xsave(&self) -> Result<Vec<u8>> {
         let xsave = self.vcpu_fd.get_xsave()?;
         Ok(xsave.buffer.to_vec())
     }
 
+    fn set_xsave(&self, xsave: &[u32; 1024]) -> Result<()> {
+        let mut buf = XSave::default();
+        let (prefix, bytes, suffix) = unsafe { xsave.align_to() };
+        assert!(prefix.is_empty());
+        assert!(suffix.is_empty());
+        buf.buffer.copy_from_slice(bytes);
+        self.vcpu_fd.set_xsave(&buf)?;
+        Ok(())
+    }
+
+    fn debug_regs(&self) -> Result<CommonDebugRegs> {
+        let debug_regs = self.vcpu_fd.get_debug_regs()?;
+        Ok(debug_regs.into())
+    }
+
+    fn set_debug_regs(&self, drs: &CommonDebugRegs) -> Result<()> {
+        let mshv_debug_regs = drs.into();
+        self.vcpu_fd.set_debug_regs(&mshv_debug_regs)?;
+        Ok(())
+    }
+
     /// # Safety
     /// The caller must ensure that the memory region is valid and points to valid memory,
     /// and lives long enough for the VM to use it.
@@ -140,6 +165,7 @@ impl Vm for MshvVm {
         const IO_PORT: hv_message_type = hv_message_type_HVMSG_X64_IO_PORT_INTERCEPT;
         const UNMAPPED_GPA: hv_message_type = hv_message_type_HVMSG_UNMAPPED_GPA;
         const INVALID_GPA: hv_message_type = hv_message_type_HVMSG_GPA_INTERCEPT;
+        const MSR: hv_message_type = hv_message_type_HVMSG_X64_MSR_INTERCEPT;
         #[cfg(gdb)]
         const EXCEPTION_INTERCEPT: hv_message_type = hv_message_type_HVMSG_X64_EXCEPTION_INTERCEPT;
 
@@ -181,6 +207,21 @@ impl Vm for MshvVm {
                         _ => VmExit::Unknown("Unknown MMIO access".to_string()),
                     }
                 }
+                MSR => {
+                    let msr_message = m.to_msr_info().map_err(mshv_ioctls::MshvError::from)?;
+                    let edx = msr_message.rdx;
+                    let eax = msr_message.rax;
+                    let written_value = (edx << 32) | eax;
+                    let access = msr_message.header.intercept_access_type as u32;
+                    match access {
+                        HV_INTERCEPT_ACCESS_READ => VmExit::MsrRead(msr_message.msr_number),
+                        HV_INTERCEPT_ACCESS_WRITE => VmExit::MsrWrite {
+                            msr_index: msr_message.msr_number,
+                            value: written_value,
+                        },
+                        _ => VmExit::Unknown(format!("Unknown MSR access type={}", access)),
+                    }
+                }
                 #[cfg(gdb)]
                 EXCEPTION_INTERCEPT => {
                     let exception_message = m
@@ -203,6 +244,17 @@ impl Vm for MshvVm {
         Ok(result)
     }
 
+    fn enable_msr_intercept(&mut self) -> Result<()> {
+        // Install MSR intercepts, will interrupt on all MSR accesses (READ & WRITE)
+        let intercept = mshv_install_intercept {
+            access_type_mask: HV_INTERCEPT_ACCESS_MASK_WRITE | HV_INTERCEPT_ACCESS_MASK_READ,
+            intercept_type: hv_intercept_type_HV_INTERCEPT_TYPE_X64_MSR,
+            intercept_parameter: Default::default(),
+        };
+        self.vm_fd.install_intercept(intercept)?;
+        Ok(())
+    }
+
     // -- DEBUGGING RELATED BELOW ---
 
     #[cfg(gdb)]

src/hyperlight_host/src/hypervisor/hyperv_linux.rs

@@ -34,7 +34,9 @@ use super::vm::{Vm, VmExit};
 #[cfg(not(gdb))]
 use super::vm::{Vm, VmExit};
 use super::wrappers::HandleWrapper;
-use crate::hypervisor::regs::{CommonFpu, CommonRegisters, CommonSpecialRegisters};
+use crate::hypervisor::regs::{
+    CommonDebugRegs, CommonFpu, CommonRegisters, CommonSpecialRegisters,
+};
 use crate::mem::memory_region::{MemoryRegion, MemoryRegionFlags};
 use crate::{Result, log_then_return, new_error};
 
@@ -104,6 +106,7 @@ impl WhpVm {
                 &NUM_CPU as *const _ as *const _,
                 std::mem::size_of_val(&NUM_CPU) as _,
             )?;
+
             WHvSetupPartition(partition)?;
             WHvCreateVirtualProcessor(partition, 0, 0)?;
             partition
@@ -392,6 +395,22 @@ impl Vm for WhpVm {
         log_then_return!("Mapping host memory into the guest not yet supported on this platform");
     }
 
+    fn xsave(&self) -> Result<Vec<u8>> {
+        todo!()
+    }
+
+    fn set_xsave(&self, xsave: &[u32; 1024]) -> Result<()> {
+        todo!()
+    }
+
+    fn debug_regs(&self) -> Result<CommonDebugRegs> {
+        todo!()
+    }
+
+    fn set_debug_regs(&self, drs: &CommonDebugRegs) -> Result<()> {
+        todo!()
+    }
+
     #[expect(non_upper_case_globals, reason = "Windows API constant are lower case")]
     fn run_vcpu(&mut self) -> Result<VmExit> {
         let mut exit_context: WHV_RUN_VP_EXIT_CONTEXT = Default::default();
@@ -438,6 +457,23 @@ impl Vm for WhpVm {
             }
             // Execution was cancelled by the host.
             WHvRunVpExitReasonCanceled => VmExit::Cancelled(),
+            // MSR access (read or write) - we configured all MSR writes to cause exits
+            WHvRunVpExitReasonX64MsrAccess => {
+                let msr_access = unsafe { exit_context.Anonymous.MsrAccess };
+                let eax = msr_access.Rax;
+                let edx = msr_access.Rdx;
+                let written_value = (edx << 32) | eax;
+                let access = unsafe { msr_access.AccessInfo.AsUINT32 } as u32;
+                // Missing from rust bindings for some reason, see https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/265f685159dfd3b2fae8d1dcf1b7d206c31ee880/virtualization/api/hypervisor-platform/headers/WinHvPlatformDefs.h#L3020
+                match access {
+                    0 => VmExit::MsrRead(msr_access.MsrNumber),
+                    1 => VmExit::MsrWrite {
+                        msr_index: msr_access.MsrNumber,
+                        value: written_value,
+                    },
+                    _ => VmExit::Unknown(format!("Unknown MSR access type={}", access)),
+                }
+            }
             #[cfg(gdb)]
             WHvRunVpExitReasonException => {
                 let exception = unsafe { exit_context.Anonymous.VpException };
@@ -471,6 +507,26 @@ impl Vm for WhpVm {
         Ok(result)
     }
 
+    fn enable_msr_intercept(&mut self) -> Result<()> {
+        // Enable MSR exits through Extended VM Exits
+        // Note: This must be set BEFORE WHvSetupPartition for WHP, so this implementation
+        // is a no-op since the setup is already done in the constructor.
+        // For WHP, MSR intercepts must be enabled during partition creation.
+        // X64MsrExit bit position, missing from rust bindings for some reason.
+        // See https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/265f685159dfd3b2fae8d1dcf1b7d206c31ee880/virtualization/api/hypervisor-platform/headers/WinHvPlatformDefs.h#L1495
+        let mut extended_exits_property = WHV_PARTITION_PROPERTY::default();
+        extended_exits_property.ExtendedVmExits.AsUINT64 = 1 << 1;
+        unsafe {
+            WHvSetPartitionProperty(
+                self.partition,
+                WHvPartitionPropertyCodeExtendedVmExits,
+                &extended_exits_property as *const _ as *const _,
+                std::mem::size_of::<WHV_PARTITION_PROPERTY>() as _,
+            )?;
+        }
+        Ok(())
+    }
+
     #[cfg(gdb)]
     fn translate_gva(&self, gva: u64) -> Result<u64> {
         let mut gpa = 0;