Perform MSR writes in assembly

Author: fwsGonzo

lib/tinykvm/amd64/builtin/interrupts.asm

@@ -238,6 +238,22 @@ ALIGN 0x10
 
 .vm64_remote_disconnect:
 	out 0, eax
+	;; RAX contains the original FSBASE of this VM
+	stac
+	;; Write to FSBASE MSR
+	push rcx
+	push rdx
+	mov ecx, 0xC0000100  ;; FSBASE
+	mov rdx, rax
+	shr rdx, 32
+	wrmsr
+	pop rdx
+	pop rcx
+	clac
+	;; Reset pagetables
+	mov rax, cr3
+	mov cr3, rax
+	o64 sysret
 
 .vm64_entrycall:
 	;; Reset pagetables
@@ -263,15 +279,16 @@ ALIGN 0x10
 	iretq
 
 .vm64_remote_page_fault:
-	;; 1. We need to save current usermode state
-	;; 2. Switch to the remote VMs FSBASE
-	;; 4. Set up a usermode stack/function call
-	;; with the faulting address as the function address
-	;; 5. Exit kernel mode to usermode in a way that 
-	;; returns to the remote VM, performing the function call
-	;; 6. When the remote VM is done, it should somehow enter
-	;; kernel mode again, and we should restore our state
-	;; 7. Return from the page fault
+	;; RAX: Remote FSBASE
+	;; Write to FSBASE MSR
+	push rcx
+	push rdx
+	mov ecx, 0xC0000100  ;; FSBASE
+	mov rdx, rax
+	shr rdx, 32
+	wrmsr
+	pop rdx
+	pop rcx
 
 	;; Make the next function call return to a custom system call location
 	push rbx

lib/tinykvm/amd64/builtin/kernel_assembly.h

@@ -1,5 +1,5 @@
 unsigned char interrupts[] = {
-  0x50, 0x01, 0xc2, 0x02, 0x18, 0x03, 0x08, 0x00, 0xca, 0x02, 0x00, 0x00,
+  0x50, 0x01, 0xc2, 0x02, 0x50, 0x03, 0x08, 0x00, 0xca, 0x02, 0x00, 0x00,
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x00, 0x00, 0x00, 0x00,
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -29,9 +29,9 @@ unsigned char interrupts[] = {
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   0x66, 0x3d, 0x9e, 0x00, 0x74, 0x39, 0x66, 0x3d, 0xe4, 0x00, 0x0f, 0x84,
   0xee, 0x00, 0x00, 0x00, 0x83, 0xf8, 0x09, 0x0f, 0x84, 0x40, 0x01, 0x00,
-  0x00, 0x3d, 0x77, 0xf7, 0x01, 0x00, 0x0f, 0x84, 0x5e, 0x01, 0x00, 0x00,
+  0x00, 0x3d, 0x77, 0xf7, 0x01, 0x00, 0x0f, 0x84, 0x7f, 0x01, 0x00, 0x00,
   0x3d, 0x78, 0xf7, 0x01, 0x00, 0x0f, 0x84, 0x51, 0x01, 0x00, 0x00, 0x3d,
-  0x07, 0xf7, 0x01, 0x00, 0x0f, 0x84, 0x51, 0x01, 0x00, 0x00, 0xe7, 0x00,
+  0x07, 0xf7, 0x01, 0x00, 0x0f, 0x84, 0x72, 0x01, 0x00, 0x00, 0xe7, 0x00,
   0x48, 0x0f, 0x07, 0x0f, 0x01, 0xcb, 0x56, 0x51, 0x52, 0x48, 0x81, 0xff,
   0x02, 0x10, 0x00, 0x00, 0x75, 0x1b, 0xb9, 0x00, 0x01, 0x00, 0xc0, 0x89,
   0xf0, 0x48, 0xc1, 0xee, 0x20, 0x89, 0xf2, 0x0f, 0x30, 0x48, 0x31, 0xc0,
@@ -59,26 +59,31 @@ unsigned char interrupts[] = {
   0x83, 0xf8, 0xff, 0x74, 0x0e, 0x0f, 0x01, 0xcb, 0x50, 0x0f, 0x20, 0xd8,
   0x0f, 0x22, 0xd8, 0x58, 0x0f, 0x01, 0xca, 0x48, 0x0f, 0x07, 0xb8, 0x60,
   0x00, 0x00, 0x00, 0xe7, 0x00, 0xc3, 0xb8, 0xc2, 0x02, 0x00, 0x00, 0xc3,
-  0xe7, 0x00, 0x0f, 0x20, 0xd8, 0x0f, 0x22, 0xd8, 0x48, 0x0f, 0x07, 0x48,
-  0x0f, 0x07, 0x50, 0x57, 0x0f, 0x20, 0xd7, 0xe7, 0x8e, 0x0f, 0x01, 0x3f,
-  0x5f, 0x85, 0xc0, 0x75, 0x07, 0x58, 0x48, 0x83, 0xc4, 0x08, 0x48, 0xcf,
-  0x53, 0x48, 0x8b, 0x04, 0x25, 0x0a, 0x20, 0x00, 0x00, 0x48, 0x8b, 0x5c,
-  0x24, 0x30, 0x0f, 0x01, 0xcb, 0x48, 0x89, 0x03, 0x0f, 0x01, 0xca, 0x5b,
-  0x58, 0x48, 0x83, 0xc4, 0x08, 0x48, 0xcf, 0xe7, 0xa1, 0x48, 0xcf, 0x90,
-  0xe7, 0x80, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x81, 0x48, 0xcf,
-  0x90, 0x90, 0x90, 0x90, 0xe7, 0x82, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90,
-  0xe7, 0x83, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x84, 0x48, 0xcf,
-  0x90, 0x90, 0x90, 0x90, 0xe7, 0x85, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90,
-  0xe7, 0x86, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x87, 0x48, 0xcf,
-  0x90, 0x90, 0x90, 0x90, 0xe7, 0x88, 0xeb, 0x92, 0x90, 0x90, 0x90, 0x90,
-  0xe7, 0x89, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x8a, 0xeb, 0x82,
-  0x90, 0x90, 0x90, 0x90, 0xe7, 0x8b, 0xe9, 0x77, 0xff, 0xff, 0xff, 0x90,
-  0xe7, 0x8c, 0xe9, 0x6f, 0xff, 0xff, 0xff, 0x90, 0xe7, 0x8d, 0xe9, 0x67,
-  0xff, 0xff, 0xff, 0x90, 0xe9, 0x51, 0xff, 0xff, 0xff, 0x90, 0x90, 0x90,
-  0xe7, 0x8f, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x90, 0x48, 0xcf,
-  0x90, 0x90, 0x90, 0x90, 0xe7, 0x91, 0xe9, 0x47, 0xff, 0xff, 0xff, 0x90,
-  0xe7, 0x92, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x93, 0x48, 0xcf,
-  0x90, 0x90, 0x90, 0x90, 0xe7, 0x94, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90,
-  0xe9, 0x4e, 0xff, 0xff, 0xff
+  0xe7, 0x00, 0x0f, 0x01, 0xcb, 0x51, 0x52, 0xb9, 0x00, 0x01, 0x00, 0xc0,
+  0x48, 0x89, 0xc2, 0x48, 0xc1, 0xea, 0x20, 0x0f, 0x30, 0x5a, 0x59, 0x0f,
+  0x01, 0xca, 0x0f, 0x20, 0xd8, 0x0f, 0x22, 0xd8, 0x48, 0x0f, 0x07, 0x0f,
+  0x20, 0xd8, 0x0f, 0x22, 0xd8, 0x48, 0x0f, 0x07, 0x48, 0x0f, 0x07, 0x50,
+  0x57, 0x0f, 0x20, 0xd7, 0xe7, 0x8e, 0x0f, 0x01, 0x3f, 0x5f, 0x85, 0xc0,
+  0x75, 0x07, 0x58, 0x48, 0x83, 0xc4, 0x08, 0x48, 0xcf, 0x51, 0x52, 0xb9,
+  0x00, 0x01, 0x00, 0xc0, 0x48, 0x89, 0xc2, 0x48, 0xc1, 0xea, 0x20, 0x0f,
+  0x30, 0x5a, 0x59, 0x53, 0x48, 0x8b, 0x04, 0x25, 0x0a, 0x20, 0x00, 0x00,
+  0x48, 0x8b, 0x5c, 0x24, 0x30, 0x0f, 0x01, 0xcb, 0x48, 0x89, 0x03, 0x0f,
+  0x01, 0xca, 0x5b, 0x58, 0x48, 0x83, 0xc4, 0x08, 0x48, 0xcf, 0xe7, 0xa1,
+  0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x80, 0x48, 0xcf,
+  0x90, 0x90, 0x90, 0x90, 0xe7, 0x81, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90,
+  0xe7, 0x82, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x83, 0x48, 0xcf,
+  0x90, 0x90, 0x90, 0x90, 0xe7, 0x84, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90,
+  0xe7, 0x85, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe7, 0x86, 0x48, 0xcf,
+  0x90, 0x90, 0x90, 0x90, 0xe7, 0x87, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90,
+  0xe7, 0x88, 0xe9, 0x78, 0xff, 0xff, 0xff, 0x90, 0xe7, 0x89, 0x48, 0xcf,
+  0x90, 0x90, 0x90, 0x90, 0xe7, 0x8a, 0xe9, 0x68, 0xff, 0xff, 0xff, 0x90,
+  0xe7, 0x8b, 0xe9, 0x60, 0xff, 0xff, 0xff, 0x90, 0xe7, 0x8c, 0xe9, 0x58,
+  0xff, 0xff, 0xff, 0x90, 0xe7, 0x8d, 0xe9, 0x50, 0xff, 0xff, 0xff, 0x90,
+  0xe9, 0x3a, 0xff, 0xff, 0xff, 0x90, 0x90, 0x90, 0xe7, 0x8f, 0x48, 0xcf,
+  0x90, 0x90, 0x90, 0x90, 0xe7, 0x90, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90,
+  0xe7, 0x91, 0xe9, 0x30, 0xff, 0xff, 0xff, 0x90, 0xe7, 0x92, 0x48, 0xcf,
+  0x90, 0x90, 0x90, 0x90, 0xe7, 0x93, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90,
+  0xe7, 0x94, 0x48, 0xcf, 0x90, 0x90, 0x90, 0x90, 0xe9, 0x49, 0xff, 0xff,
+  0xff
 };
-unsigned int interrupts_len = 965;
+unsigned int interrupts_len = 1021;

lib/tinykvm/machine.hpp

@@ -248,8 +248,8 @@ struct Machine
 
 	/* Remote VM through address space merging */
 	void remote_connect(Machine& other, bool connect_now = true);
-	void remote_activate_now();
-	void remote_disconnect();
+	address_t remote_activate_now();
+	address_t remote_disconnect();
 	bool is_remote_connected() const noexcept { return m_remote != nullptr; };
 	address_t remote_base_address() const noexcept;
 	const Machine& remote() const;

lib/tinykvm/remote.cpp

@@ -62,18 +62,21 @@ void Machine::remote_connect(Machine& remote, bool connect_now)
 	this->m_remote = &remote;
 }
 
-void Machine::remote_activate_now()
+Machine::address_t Machine::remote_activate_now()
 {
 	this->remote_connect(*this->m_remote, true);
 
 	// Set current FSBASE to remote FSBASE
 	vcpu.remote_original_tls_base = get_fsgs().first;
-	this->set_tls_base(this->m_remote->get_fsgs().first);
+
+	// Return FSBASE of remote, which can be set more efficiently
+	// in the mini-kernel assembly
+	return this->m_remote->get_fsgs().first;
 }
-void Machine::remote_disconnect()
+Machine::address_t Machine::remote_disconnect()
 {
 	if (this->m_remote == nullptr)
-		return;
+		return 0;
 
 	// Unpresent gigabyte entries from remote VM in this VM
 	const auto remote_vmem = this->m_remote->main_memory().vmem();
@@ -91,8 +94,9 @@ void Machine::remote_disconnect()
 	}
 
 	// Restore original FSBASE
-	this->set_tls_base(vcpu.remote_original_tls_base);
+	auto result = vcpu.remote_original_tls_base;
 	vcpu.remote_original_tls_base = 0;
+	return result;
 }
 
 

lib/tinykvm/vcpu_run.cpp

@@ -225,11 +225,13 @@ long vCPU::run_once()
 					printf("Remote VM disconnect syscall, return=0x%lX\n",
 						this->remote_return_address);
 				}
-				machine().remote_disconnect();
+				const auto result = machine().remote_disconnect();
 				// Overwrite return address to return to the remote VM handler
 				machine().copy_to_guest(this->registers().rsp + 24,
 					&this->remote_return_address, 8);
 				this->remote_return_address = 0;
+				this->registers().rax = result;
+				this->set_registers(this->registers());
 				return KVM_EXIT_IO;
 			} else {
 				Machine::machine_exception("Invalid syscall number", intr);
@@ -278,8 +280,7 @@ long vCPU::run_once()
 						printf("Page fault in remote VM at 0x%lX return=0x%lX, connecting...\n", addr, retaddr);
 					}
 					this->remote_return_address = retaddr;
-					machine().remote_activate_now();
-					regs.rax = 1; /* Indicate that it was remote */
+					regs.rax = machine().remote_activate_now();
 					this->set_registers(regs);
 					return KVM_EXIT_IO;
 				} else {