Windows

Signed-off-by: Ludvig Liljenberg <[email protected]>

Author: ludfjig

src/hyperlight_host/src/hypervisor/hyperv_windows.rs

@@ -18,30 +18,32 @@ use core::ffi::c_void;
 use std::fmt;
 use std::fmt::{Debug, Formatter};
 use std::string::String;
+use std::sync::atomic::{AtomicBool, Ordering};
+use std::sync::Arc;
 
 use hyperlight_common::mem::PAGE_SIZE_USIZE;
 use log::LevelFilter;
 use tracing::{instrument, Span};
 use windows::Win32::System::Hypervisor::{
-    WHvX64RegisterCr0, WHvX64RegisterCr3, WHvX64RegisterCr4, WHvX64RegisterCs, WHvX64RegisterEfer,
-    WHV_MEMORY_ACCESS_TYPE, WHV_PARTITION_HANDLE, WHV_REGISTER_VALUE, WHV_RUN_VP_EXIT_CONTEXT,
-    WHV_RUN_VP_EXIT_REASON, WHV_X64_SEGMENT_REGISTER, WHV_X64_SEGMENT_REGISTER_0,
+    WHvCancelRunVirtualProcessor, WHvX64RegisterCr0, WHvX64RegisterCr3, WHvX64RegisterCr4,
+    WHvX64RegisterCs, WHvX64RegisterEfer, WHV_MEMORY_ACCESS_TYPE, WHV_PARTITION_HANDLE,
+    WHV_REGISTER_VALUE, WHV_RUN_VP_EXIT_CONTEXT, WHV_RUN_VP_EXIT_REASON, WHV_X64_SEGMENT_REGISTER,
+    WHV_X64_SEGMENT_REGISTER_0,
 };
 
 use super::fpu::{FP_TAG_WORD_DEFAULT, MXCSR_DEFAULT};
 #[cfg(gdb)]
 use super::handlers::DbgMemAccessHandlerWrapper;
 use super::handlers::{MemAccessHandlerWrapper, OutBHandlerWrapper};
 use super::surrogate_process::SurrogateProcess;
-use super::surrogate_process_manager::*;
 use super::windows_hypervisor_platform::{VMPartition, VMProcessor};
 use super::wrappers::{HandleWrapper, WHvFPURegisters};
+use super::{surrogate_process_manager::*, InterruptHandle};
 use super::{
     HyperlightExit, Hypervisor, VirtualCPU, CR0_AM, CR0_ET, CR0_MP, CR0_NE, CR0_PE, CR0_PG, CR0_WP,
     CR4_OSFXSR, CR4_OSXMMEXCPT, CR4_PAE, EFER_LMA, EFER_LME, EFER_NX, EFER_SCE,
 };
 use crate::hypervisor::fpu::FP_CONTROL_WORD_DEFAULT;
-use crate::hypervisor::hypervisor_handler::HypervisorHandler;
 use crate::hypervisor::wrappers::WHvGeneralRegisters;
 use crate::mem::memory_region::{MemoryRegion, MemoryRegionFlags};
 use crate::mem::ptr::{GuestPtr, RawPtr};
@@ -56,6 +58,7 @@ pub(crate) struct HypervWindowsDriver {
     entrypoint: u64,
     orig_rsp: GuestPtr,
     mem_regions: Vec<MemoryRegion>,
+    interrupt_handle: Arc<WindowsInterruptHandle>,
 }
 /* This does not automatically impl Send/Sync because the host
  * address of the shared memory region is a raw pointer, which are
@@ -90,6 +93,7 @@ impl HypervWindowsDriver {
 
         let mut proc = VMProcessor::new(partition)?;
         Self::setup_initial_sregs(&mut proc, pml4_address)?;
+        let partition_handle = proc.get_partition_hdl();
 
         // subtract 2 pages for the guard pages, since when we copy memory to and from surrogate process,
         // we don't want to copy the guard pages themselves (that would cause access violation)
@@ -102,6 +106,11 @@ impl HypervWindowsDriver {
             entrypoint,
             orig_rsp: GuestPtr::try_from(RawPtr::from(rsp))?,
             mem_regions,
+            interrupt_handle: Arc::new(WindowsInterruptHandle {
+                running: AtomicBool::new(false),
+                parition_handle: partition_handle,
+                dropped: AtomicBool::new(false),
+            }),
         })
     }
 
@@ -151,11 +160,6 @@ impl HypervWindowsDriver {
         error.push_str(&format!("Registers: \n{:#?}", self.processor.get_regs()?));
         Ok(error)
     }
-
-    #[instrument(skip_all, parent = Span::current(), level = "Trace")]
-    pub(crate) fn get_partition_hdl(&self) -> WHV_PARTITION_HANDLE {
-        self.processor.get_partition_hdl()
-    }
 }
 
 impl Debug for HypervWindowsDriver {
@@ -307,7 +311,6 @@ impl Hypervisor for HypervWindowsDriver {
         page_size: u32,
         outb_hdl: OutBHandlerWrapper,
         mem_access_hdl: MemAccessHandlerWrapper,
-        hv_handler: Option<HypervisorHandler>,
         max_guest_log_level: Option<LevelFilter>,
         #[cfg(gdb)] dbg_mem_access_hdl: DbgMemAccessHandlerWrapper,
     ) -> Result<()> {
@@ -333,7 +336,6 @@ impl Hypervisor for HypervWindowsDriver {
 
         VirtualCPU::run(
             self.as_mut_hypervisor(),
-            hv_handler,
             outb_hdl,
             mem_access_hdl,
             #[cfg(gdb)]
@@ -349,7 +351,6 @@ impl Hypervisor for HypervWindowsDriver {
         dispatch_func_addr: RawPtr,
         outb_hdl: OutBHandlerWrapper,
         mem_access_hdl: MemAccessHandlerWrapper,
-        hv_handler: Option<HypervisorHandler>,
         #[cfg(gdb)] dbg_mem_access_hdl: DbgMemAccessHandlerWrapper,
     ) -> Result<()> {
         // Reset general purpose registers, then set RIP and RSP
@@ -371,7 +372,6 @@ impl Hypervisor for HypervWindowsDriver {
 
         VirtualCPU::run(
             self.as_mut_hypervisor(),
-            hv_handler,
             outb_hdl,
             mem_access_hdl,
             #[cfg(gdb)]
@@ -407,7 +407,11 @@ impl Hypervisor for HypervWindowsDriver {
 
     #[instrument(err(Debug), skip_all, parent = Span::current(), level = "Trace")]
     fn run(&mut self) -> Result<super::HyperlightExit> {
+        self.interrupt_handle.running.store(true, Ordering::Relaxed);
         let exit_context: WHV_RUN_VP_EXIT_CONTEXT = self.processor.run()?;
+        self.interrupt_handle
+            .running
+            .store(false, Ordering::Relaxed);
 
         let result = match exit_context.ExitReason {
             // WHvRunVpExitReasonX64IoPortAccess
@@ -481,8 +485,8 @@ impl Hypervisor for HypervWindowsDriver {
         Ok(result)
     }
 
-    fn get_partition_handle(&self) -> WHV_PARTITION_HANDLE {
-        self.processor.get_partition_hdl()
+    fn interrupt_handle(&self) -> Arc<dyn InterruptHandle> {
+        self.interrupt_handle.clone()
     }
 
     #[instrument(skip_all, parent = Span::current(), level = "Trace")]
@@ -496,28 +500,24 @@ impl Hypervisor for HypervWindowsDriver {
     }
 }
 
-#[cfg(test)]
-pub mod tests {
-    use std::sync::{Arc, Mutex};
+impl Drop for HypervWindowsDriver {
+    fn drop(&mut self) {}
+}
 
-    use serial_test::serial;
+pub struct WindowsInterruptHandle {
+    // `WHvCancelRunVirtualProcessor()` will return Ok even if the vcpu is not running, which is the reason we need this flag.
+    running: AtomicBool,
+    parition_handle: WHV_PARTITION_HANDLE,
+    dropped: AtomicBool,
+}
 
-    use crate::hypervisor::handlers::{MemAccessHandler, OutBHandler};
-    use crate::hypervisor::tests::test_initialise;
-    use crate::Result;
+impl InterruptHandle for WindowsInterruptHandle {
+    fn kill(&self) -> bool {
+        self.running.load(Ordering::Relaxed)
+            && unsafe { WHvCancelRunVirtualProcessor(self.parition_handle, 0, 0).is_ok() }
+    }
 
-    #[test]
-    #[serial]
-    fn test_init() {
-        let outb_handler = {
-            let func: Box<dyn FnMut(u16, u32) -> Result<()> + Send> =
-                Box::new(|_, _| -> Result<()> { Ok(()) });
-            Arc::new(Mutex::new(OutBHandler::from(func)))
-        };
-        let mem_access_handler = {
-            let func: Box<dyn FnMut() -> Result<()> + Send> = Box::new(|| -> Result<()> { Ok(()) });
-            Arc::new(Mutex::new(MemAccessHandler::from(func)))
-        };
-        test_initialise(outb_handler, mem_access_handler).unwrap();
+    fn dropped(&self) -> bool {
+        self.dropped.load(Ordering::Relaxed)
     }
 }

src/hyperlight_host/src/hypervisor/mod.rs

@@ -59,6 +59,7 @@ pub(crate) mod crashdump;
 
 use std::fmt::Debug;
 use std::str::FromStr;
+#[cfg(any(kvm, mshv))]
 use std::sync::atomic::{AtomicBool, AtomicU64, Ordering};
 use std::sync::{Arc, Mutex};
 
@@ -227,10 +228,6 @@ pub(crate) trait Hypervisor: Debug + Sync + Send {
     /// get a mutable trait object from self
     fn as_mut_hypervisor(&mut self) -> &mut dyn Hypervisor;
 
-    /// Get the partition handle for WHP
-    #[cfg(target_os = "windows")]
-    fn get_partition_handle(&self) -> windows::Win32::System::Hypervisor::WHV_PARTITION_HANDLE;
-
     #[cfg(crashdump)]
     fn get_memory_regions(&self) -> &[MemoryRegion];
 
@@ -337,6 +334,7 @@ pub trait InterruptHandle: Send + Sync {
     fn dropped(&self) -> bool;
 }
 
+#[cfg(any(kvm, mshv))]
 #[derive(Debug)]
 pub(super) struct LinuxInterruptHandle {
     /// True when the vcpu is currently running and blocking the thread
@@ -347,6 +345,7 @@ pub(super) struct LinuxInterruptHandle {
     dropped: AtomicBool,
 }
 
+#[cfg(any(kvm, mshv))]
 impl InterruptHandle for LinuxInterruptHandle {
     fn kill(&self) -> bool {
         let sigrtmin = libc::SIGRTMIN();

src/hyperlight_host/src/sandbox/initialized_multi_use.rs

@@ -201,6 +201,7 @@ impl MultiUseSandbox {
             self.dispatch_ptr.clone(),
             self.out_hdl.clone(),
             self.mem_hdl.clone(),
+            #[cfg(gdb)]
             self.dbg_mem_access_fn.clone(),
         )?;
 

src/hyperlight_host/src/sandbox/uninitialized_evolve.rs

@@ -16,6 +16,7 @@ limitations under the License.
 
 use crate::hypervisor::handlers::{MemAccessHandlerCaller, OutBHandlerCaller};
 use crate::hypervisor::Hypervisor;
+#[cfg(target_os = "linux")]
 use crate::signal_handlers::setup_signal_handlers;
 use crate::HyperlightError::NoHypervisorFound;
 use std::sync::{Arc, Mutex};
@@ -89,6 +90,7 @@ where
     #[cfg(gdb)]
     let dbg_mem_access_hdl = dbg_mem_access_handler_wrapper(hshm.clone());
 
+    #[cfg(target_os = "linux")]
     setup_signal_handlers()?;
 
     vm.initialise(
@@ -225,6 +227,9 @@ fn set_up_hypervisor_partition(
 
         #[cfg(target_os = "windows")]
         Some(HypervisorType::Whp) => {
+            use crate::hypervisor::wrappers::HandleWrapper;
+            use std::ffi::c_void;
+
             let mmap_file_handle = mgr
                 .shared_mem
                 .with_exclusivity(|e| e.get_mmap_file_handle())?;

src/hyperlight_host/tests/integration_test.rs

@@ -33,11 +33,11 @@ use crate::common::{new_uninit, new_uninit_rust};
 
 #[test]
 fn kill_running_vm() {
-    // this test is rust-guest only
     let mut sbox1: MultiUseSandbox = new_uninit().unwrap().evolve(Noop::default()).unwrap();
 
     let interrupt_handle = sbox1.interrupt_handle();
-    assert!(!interrupt_handle.dropped());
+    assert!(!interrupt_handle.dropped()); // not yet dropped
+    assert!(!interrupt_handle.kill()); // nothing to kill since vcpu is not running
 
     // kill vm after 1 second
     thread::spawn(move || {