MSR

Signed-off-by: Ludvig Liljenberg <[email protected]>

Author: ludfjig

src/hyperlight_host/src/hypervisor/hyperlight_vm.rs

@@ -46,7 +46,7 @@ use crate::hypervisor::hyperv_linux::MshvVm;
 use crate::hypervisor::hyperv_windows::WhpVm;
 #[cfg(kvm)]
 use crate::hypervisor::kvm::KvmVm;
-use crate::hypervisor::regs::CommonSpecialRegisters;
+use crate::hypervisor::regs::{CommonDebugRegs, CommonSpecialRegisters};
 use crate::hypervisor::vm::{Vm, VmExit};
 #[cfg(target_os = "windows")]
 use crate::hypervisor::wrappers::HandleWrapper;
@@ -592,6 +592,16 @@ impl HyperlightVm {
         self.interrupt_handle.clone()
     }
 
+    pub(crate) fn reset_vcpu(&self) -> Result<()> {
+        self.vm.set_regs(&CommonRegisters::default())?;
+        self.vm.set_sregs(&CommonSpecialRegisters::default())?;
+        self.vm.set_fpu(&CommonFpu::default())?;
+        self.vm.set_xsave(&[0; 1024])?;
+        self.vm.set_debug_regs(&CommonDebugRegs::default())?;
+        // TODO reset MSRs
+        Ok(())
+    }
+
     #[cfg(gdb)]
     fn handle_debug(
         &mut self,

src/hyperlight_host/src/hypervisor/hyperv_linux.rs

@@ -22,8 +22,11 @@ use std::sync::LazyLock;
 use mshv_bindings::DebugRegisters;
 #[cfg(gdb)]
 use mshv_bindings::hv_message_type_HVMSG_X64_EXCEPTION_INTERCEPT;
+use mshv_bindings::hv_message_type_HVMSG_X64_MSR_INTERCEPT;
+use mshv_bindings::{XSave, mshv_install_intercept};
 use mshv_bindings::{
-    hv_message_type, hv_message_type_HVMSG_GPA_INTERCEPT, hv_message_type_HVMSG_UNMAPPED_GPA,
+    hv_intercept_parameters, hv_intercept_type_HV_INTERCEPT_TYPE_X64_MSR_INDEX, hv_message_type,
+    hv_message_type_HVMSG_GPA_INTERCEPT, hv_message_type_HVMSG_UNMAPPED_GPA,
     hv_message_type_HVMSG_X64_HALT, hv_message_type_HVMSG_X64_IO_PORT_INTERCEPT,
     hv_partition_property_code_HV_PARTITION_PROPERTY_SYNTHETIC_PROC_FEATURES,
     hv_partition_synthetic_processor_features, hv_register_assoc,
@@ -32,7 +35,9 @@ use mshv_bindings::{
 use mshv_ioctls::{Mshv, VcpuFd, VmFd};
 use tracing::{Span, instrument};
 
-use crate::hypervisor::regs::{CommonFpu, CommonRegisters, CommonSpecialRegisters};
+use crate::hypervisor::regs::{
+    CommonDebugRegs, CommonFpu, CommonRegisters, CommonSpecialRegisters,
+};
 use crate::hypervisor::vm::{Vm, VmExit};
 use crate::mem::memory_region::{MemoryRegion, MemoryRegionFlags};
 use crate::{Result, new_error};
@@ -83,8 +88,21 @@ impl MshvVm {
             vm_fd
         };
 
-        let vcpu_fd = vm_fd.create_vcpu(0)?;
+        let intercept = mshv_install_intercept {
+            access_type_mask: mshv_bindings::HV_INTERCEPT_ACCESS_MASK_WRITE, // | mshv_bindings::HV_INTERCEPT_ACCESS_MASK_READ to work
+            intercept_type: mshv_bindings::hv_intercept_type_HV_INTERCEPT_TYPE_X64_MSR,
+            intercept_parameter: Default::default(),
+        };
+        vm_fd.install_intercept(intercept)?;
+
+        // let intercept = mshv_install_intercept {
+        //     access_type_mask: mshv_bindings::HV_INTERCEPT_ACCESS_MASK_NONE,
+        //     intercept_type: mshv_bindings::hv_intercept_type_HV_INTERCEPT_TYPE_X64_MSR,
+        //     intercept_parameter: Default::default(),
+        // };
+        // vm_fd.install_intercept(intercept)?;
 
+        let vcpu_fd = vm_fd.create_vcpu(0)?;
         Ok(Self { vm_fd, vcpu_fd })
     }
 }
@@ -116,12 +134,32 @@ impl Vm for MshvVm {
         Ok(())
     }
 
-    #[cfg(crashdump)]
     fn xsave(&self) -> Result<Vec<u8>> {
         let xsave = self.vcpu_fd.get_xsave()?;
         Ok(xsave.buffer.to_vec())
     }
 
+    fn set_xsave(&self, xsave: &[u32; 1024]) -> Result<()> {
+        let mut buf = XSave::default();
+        let (prefix, bytes, suffix) = unsafe { xsave.align_to() };
+        assert!(prefix.is_empty());
+        assert!(suffix.is_empty());
+        buf.buffer.copy_from_slice(bytes);
+        self.vcpu_fd.set_xsave(&buf)?;
+        Ok(())
+    }
+
+    fn debug_regs(&self) -> Result<CommonDebugRegs> {
+        let debug_regs = self.vcpu_fd.get_debug_regs()?;
+        Ok(debug_regs.into())
+    }
+
+    fn set_debug_regs(&self, drs: &CommonDebugRegs) -> Result<()> {
+        let mshv_debug_regs = drs.into();
+        self.vcpu_fd.set_debug_regs(&mshv_debug_regs)?;
+        Ok(())
+    }
+
     /// # Safety
     /// The caller must ensure that the memory region is valid and points to valid memory,
     /// and lives long enough for the VM to use it.
@@ -142,6 +180,7 @@ impl Vm for MshvVm {
         const IO_PORT: hv_message_type = hv_message_type_HVMSG_X64_IO_PORT_INTERCEPT;
         const UNMAPPED_GPA: hv_message_type = hv_message_type_HVMSG_UNMAPPED_GPA;
         const INVALID_GPA: hv_message_type = hv_message_type_HVMSG_GPA_INTERCEPT;
+        const MSR: hv_message_type = hv_message_type_HVMSG_X64_MSR_INTERCEPT;
         #[cfg(gdb)]
         const EXCEPTION_INTERCEPT: hv_message_type = hv_message_type_HVMSG_X64_EXCEPTION_INTERCEPT;
 
@@ -183,6 +222,17 @@ impl Vm for MshvVm {
                         _ => VmExit::Unknown("Unknown MMIO access".to_string()),
                     }
                 }
+                MSR => {
+                    let msr_message = m.to_msr_info().map_err(mshv_ioctls::MshvError::from)?;
+                    let read = msr_message.header.intercept_access_type;
+                    let msr_number = msr_message.msr_number;
+                    let rdx = msr_message.rdx;
+                    let rax = msr_message.rax;
+                    panic!(
+                        "MSR access: msr_number=0x{:X}, read={}, rdx=0x{:X}, rax=0x{:X}",
+                        msr_number, read, rdx, rax
+                    );
+                }
                 #[cfg(gdb)]
                 EXCEPTION_INTERCEPT => {
                     let exception_message = m

src/hyperlight_host/src/hypervisor/kvm.rs

@@ -18,12 +18,14 @@ use std::sync::LazyLock;
 
 #[cfg(gdb)]
 use kvm_bindings::kvm_guest_debug;
-use kvm_bindings::kvm_userspace_memory_region;
-use kvm_ioctls::Cap::UserMemory;
+use kvm_bindings::{kvm_debugregs, kvm_userspace_memory_region, kvm_xsave};
+use kvm_ioctls::Cap::{self, UserMemory};
 use kvm_ioctls::{Kvm, VcpuExit, VcpuFd, VmFd};
 use tracing::{Span, instrument};
 
-use crate::hypervisor::regs::{CommonFpu, CommonRegisters, CommonSpecialRegisters};
+use crate::hypervisor::regs::{
+    CommonDebugRegs, CommonFpu, CommonRegisters, CommonSpecialRegisters,
+};
 use crate::hypervisor::vm::{Vm, VmExit};
 use crate::mem::memory_region::MemoryRegion;
 use crate::{Result, new_error};
@@ -107,7 +109,6 @@ impl Vm for KvmVm {
         Ok(self.vcpu_fd.set_fpu(&fpu.into())?)
     }
 
-    #[cfg(crashdump)]
     fn xsave(&self) -> Result<Vec<u8>> {
         let xsave = self.vcpu_fd.get_xsave()?;
         Ok(xsave
@@ -117,6 +118,34 @@ impl Vm for KvmVm {
             .collect())
     }
 
+    fn set_xsave(&self, xsave: &[u32; 1024]) -> Result<()> {
+        if self.vm_fd.check_extension_int(Cap::Xsave2) as usize != xsave.len() * size_of::<u32>() {
+            return Err(new_error!(
+                "KVM_CAP_XSAVE2 not supported: {}",
+                self.vm_fd.check_extension_int(Cap::Xsave2)
+            ));
+        }
+        let xsave = kvm_xsave {
+            region: *xsave,
+            ..Default::default()
+        };
+        // we made sure above that SET_XSAVE only copies 4096 bytes
+        unsafe { self.vcpu_fd.set_xsave(&xsave)? };
+
+        Ok(())
+    }
+
+    fn debug_regs(&self) -> Result<CommonDebugRegs> {
+        let kvm_debug_regs = self.vcpu_fd.get_debug_regs()?;
+        Ok(kvm_debug_regs.into())
+    }
+
+    fn set_debug_regs(&self, drs: &CommonDebugRegs) -> Result<()> {
+        let kvm_debug_regs: kvm_debugregs = drs.into();
+        self.vcpu_fd.set_debug_regs(&kvm_debug_regs)?;
+        Ok(())
+    }
+
     unsafe fn map_memory(&mut self, (slot, region): (u32, &MemoryRegion)) -> Result<()> {
         let mut kvm_region: kvm_userspace_memory_region = region.into();
         kvm_region.slot = slot;
@@ -258,3 +287,16 @@ impl Vm for KvmVm {
         Ok(())
     }
 }
+
+#[test]
+fn test() {
+    let msr_feature_index_list = KVM.as_ref().unwrap().get_msr_index_list().unwrap();
+    msr_feature_index_list.as_slice().iter().for_each(|msr| {
+        println!("Writable MSR: 0x{:08X}", msr);
+    });
+    println!(
+        "Total Writable MSRs: {}",
+        msr_feature_index_list.as_slice().len()
+    );
+    // println!("msr_feature_index_list: {:?}", msr_feature_index_list);
+}

src/hyperlight_host/src/hypervisor/regs.rs

@@ -14,13 +14,15 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+mod debug_regs;
 mod fpu;
 mod special_regs;
 mod standard_regs;
 
 #[cfg(target_os = "windows")]
 use std::collections::HashSet;
 
+pub(crate) use debug_regs::*;
 pub(crate) use fpu::*;
 pub(crate) use special_regs::*;
 pub(crate) use standard_regs::*;

src/hyperlight_host/src/hypervisor/regs/debug_regs.rs

@@ -0,0 +1,86 @@
+/*
+Copyright 2025  The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#[cfg(kvm)]
+use kvm_bindings::kvm_debugregs;
+#[cfg(mshv3)]
+use mshv_bindings::DebugRegisters;
+
+#[derive(Debug, Default, Copy, Clone, PartialEq)]
+pub(crate) struct CommonDebugRegs {
+    pub dr0: u64,
+    pub dr1: u64,
+    pub dr2: u64,
+    pub dr3: u64,
+    pub dr6: u64,
+    pub dr7: u64,
+}
+
+#[cfg(kvm)]
+impl From<kvm_debugregs> for CommonDebugRegs {
+    fn from(kvm_regs: kvm_debugregs) -> Self {
+        Self {
+            dr0: kvm_regs.db[0],
+            dr1: kvm_regs.db[1],
+            dr2: kvm_regs.db[2],
+            dr3: kvm_regs.db[3],
+            dr6: kvm_regs.dr6,
+            dr7: kvm_regs.dr7,
+        }
+    }
+}
+#[cfg(kvm)]
+impl From<&CommonDebugRegs> for kvm_debugregs {
+    fn from(common_regs: &CommonDebugRegs) -> Self {
+        kvm_debugregs {
+            db: [
+                common_regs.dr0,
+                common_regs.dr1,
+                common_regs.dr2,
+                common_regs.dr3,
+            ],
+            dr6: common_regs.dr6,
+            dr7: common_regs.dr7,
+            ..Default::default()
+        }
+    }
+}
+#[cfg(mshv3)]
+impl From<DebugRegisters> for CommonDebugRegs {
+    fn from(mshv_regs: DebugRegisters) -> Self {
+        Self {
+            dr0: mshv_regs.dr0,
+            dr1: mshv_regs.dr1,
+            dr2: mshv_regs.dr2,
+            dr3: mshv_regs.dr3,
+            dr6: mshv_regs.dr6,
+            dr7: mshv_regs.dr7,
+        }
+    }
+}
+#[cfg(mshv3)]
+impl From<&CommonDebugRegs> for DebugRegisters {
+    fn from(common_regs: &CommonDebugRegs) -> Self {
+        DebugRegisters {
+            dr0: common_regs.dr0,
+            dr1: common_regs.dr1,
+            dr2: common_regs.dr2,
+            dr3: common_regs.dr3,
+            dr6: common_regs.dr6,
+            dr7: common_regs.dr7,
+        }
+    }
+}

src/hyperlight_host/src/hypervisor/vm.rs

@@ -18,6 +18,7 @@ use std::fmt::Debug;
 
 use super::regs::{CommonFpu, CommonRegisters, CommonSpecialRegisters};
 use crate::Result;
+use crate::hypervisor::regs::CommonDebugRegs;
 use crate::mem::memory_region::MemoryRegion;
 
 /// Trait for single-vCPU VMs. Provides a common interface for basic VM operations.
@@ -40,9 +41,18 @@ pub(crate) trait Vm: Send + Sync + Debug {
     fn fpu(&self) -> Result<CommonFpu>;
     /// Set the FPU registers of the vCPU
     fn set_fpu(&self, fpu: &CommonFpu) -> Result<()>;
-    /// xsave
-    #[cfg(crashdump)]
+
+    /// Get xsave
+    #[allow(dead_code)]
     fn xsave(&self) -> Result<Vec<u8>>;
+    /// Set xsave
+    fn set_xsave(&self, xsave: &[u32; 1024]) -> Result<()>;
+
+    /// Get the debug registers of the vCPU
+    #[allow(dead_code)]
+    fn debug_regs(&self) -> Result<CommonDebugRegs>;
+    /// Set the debug registers of the vCPU
+    fn set_debug_regs(&self, drs: &CommonDebugRegs) -> Result<()>;
 
     /// Map memory region into this VM
     ///