Add new Machine::vmresume() that handles resets properly

Author: fwsGonzo

lib/tinykvm/amd64/builtin/usercode.asm

@@ -2,6 +2,8 @@
 
 dw .vm64_entry
 dw .vm64_rexit
+dw .vm64_preserving_entry
+dw 0
 dd .vm64_cpuid
 
 ALIGN 0x10
@@ -23,6 +25,22 @@ ALIGN 0x10
 	mov eax, 0xFFFF
 	out 0, eax
 	jmp .vm64_rexit_retry
+.vm64_preserving_entry:
+	;; This is the entry point for a paused VM where
+	;; its in the middle of a user program, so every
+	;; register must be preserved. We need to flush
+	;; the pagetables to ensure the guest can see the
+	;; correct memory. Since the guest is potentially
+	;; blind here, the host has pushed the registers
+	;; necessary to perform the syscall safely.
+	mov rax, 0x1F777
+	syscall
+	pop r11 ;; used by syscall for rflags
+	pop rcx ;; used by syscall for rip
+	pop rax
+	;; With the registers restored, we can now
+	;; return to the guest program.
+	ret
 
 
 %macro  vcputable 1 

lib/tinykvm/amd64/usercode.cpp

@@ -4,33 +4,34 @@
 namespace tinykvm {
 
 static const unsigned char usercode[] = {
-	0x10, 0x00, 0x20, 0x00, 0x30, 0x00, 0x00, 0x00, 0x90, 0x90, 0x90, 0x90,
+	0x10, 0x00, 0x20, 0x00, 0x2c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
 	0x90, 0x90, 0x90, 0x90, 0x49, 0x89, 0xcd, 0xb8, 0x77, 0xf7, 0x01, 0x00,
 	0x0f, 0x05, 0x4c, 0x89, 0xe9, 0x41, 0xff, 0xe7, 0x48, 0x89, 0xc7, 0xb8,
-	0xff, 0xff, 0x00, 0x00, 0xe7, 0x00, 0xeb, 0xf7, 0x90, 0x90, 0x90, 0x90,
+	0xff, 0xff, 0x00, 0x00, 0xe7, 0x00, 0xeb, 0xf7, 0xb8, 0x77, 0xf7, 0x01,
+	0x00, 0x0f, 0x05, 0x41, 0x5b, 0x59, 0x58, 0xc3, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+	0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+	0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+	0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
+	0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+	0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00
 };
 
 const user_asm_header &usercode_header()

lib/tinykvm/amd64/usercode.hpp

@@ -7,6 +7,8 @@ namespace tinykvm {
 struct user_asm_header {
 	uint16_t vm64_entry;
 	uint16_t vm64_rexit;
+	uint16_t vm64_preserving_entry;
+	uint16_t vm64_unused;
 	uint32_t vm64_cpuid;
 
 	uint64_t translated_vm_entry(const vMemory& memory) const noexcept {
@@ -15,6 +17,9 @@ struct user_asm_header {
 	uint64_t translated_vm_rexit(const vMemory& memory) const noexcept {
 		return memory.physbase + USER_ASM_ADDR + vm64_rexit;
 	}
+	uint64_t translated_vm_preserving_entry(const vMemory& memory) const noexcept {
+		return memory.physbase + USER_ASM_ADDR + vm64_preserving_entry;
+	}
 	uint64_t translated_vm_cpuid(const vMemory& memory) const noexcept {
 		return memory.physbase + USER_ASM_ADDR + vm64_cpuid;
 	}

lib/tinykvm/machine.hpp

@@ -42,6 +42,8 @@ struct Machine
 	void timed_vmcall_stack(address_t, address_t stk, float timeout, Args&&...);
 	/* Retrieve optional return value from a vmcall */
 	long return_value() const;
+	/* Resume the VM from a paused state */
+	void vmresume(float timeout_secs = 0.f);
 
 	auto& cpu() noexcept { return this->vcpu; }
 	const auto& cpu() const noexcept { return this->vcpu; }
@@ -138,6 +140,7 @@ struct Machine
 	address_t stack_address() const noexcept { return this->m_stack_address; }
 	address_t heap_address() const noexcept { return this->m_heap_address; }
 	address_t entry_address() const noexcept;
+	address_t preserving_entry_address() const noexcept;
 	address_t exit_address() const noexcept;
 	void set_stack_address(address_t addr) { this->m_stack_address = addr; }
 	address_t kernel_end_address() const noexcept { return m_kernel_end; }

lib/tinykvm/machine_inline.hpp

@@ -105,6 +105,39 @@ void Machine::setup_call(tinykvm_x86regs& regs,
 	this->enter_usermode();
 }
 
+inline void Machine::vmresume(float timeout)
+{
+	auto& regs = vcpu.registers();
+	if (this->m_just_reset) {
+		this->m_just_reset = false;
+		// We have to go the long way around using the preserving entry
+		// point, because the guest cannot see the correct memory now.
+		// Carefully push RAX, RCX and R11 (used by SYSCALL instruction)
+		// which will be popped by the preserving entry point. And finally,
+		// push the old RIP which will be used by the RET instruction.
+		struct PreservedRegisters {
+			uint64_t r11;
+			uint64_t rcx;
+			uint64_t rax;
+			uint64_t rip; // for the RET instruction
+		} pvs;
+		regs.rsp -= sizeof(pvs);
+		pvs.rip = regs.rip;
+		pvs.rax = regs.rax;
+		pvs.rcx = regs.rcx;
+		pvs.r11 = regs.r11;
+		// Push the registers
+		this->copy_to_guest(regs.rsp, &pvs, sizeof(pvs));
+		// Set the new registers
+		regs.rip = this->preserving_entry_address();
+		vcpu.set_registers(regs);
+	} else {
+		// Nothing to do as the registers are already set
+		// and the guest can see the memory.
+	}
+	this->run_in_usermode(timeout);
+}
+
 inline void Machine::setup_clone(tinykvm_x86regs& regs, address_t stack)
 {
 	/* Set IOPL=3 to allow I/O instructions */

lib/tinykvm/vcpu.cpp

@@ -495,6 +495,9 @@ void Machine::enter_usermode()
 Machine::address_t Machine::entry_address() const noexcept {
 	return usercode_header().translated_vm_entry(memory);
 }
+Machine::address_t Machine::preserving_entry_address() const noexcept {
+	return usercode_header().translated_vm_preserving_entry(memory);
+}
 Machine::address_t Machine::exit_address() const noexcept {
 	return usercode_header().translated_vm_rexit(memory);
 }