More plumbing

Author: romank-msft

Cargo.lock

@@ -9501,6 +9501,7 @@ dependencies = [
  "arbitrary",
  "bitfield-struct 0.10.1",
  "open_enum",
+ "static_assertions",
  "zerocopy 0.8.23",
 ]
 

openhcl/hcl/src/ioctl.rs

@@ -20,7 +20,8 @@ use crate::protocol::EnterModes;
 use crate::protocol::HCL_REG_PAGE_OFFSET;
 use crate::protocol::HCL_VMSA_GUEST_VSM_PAGE_OFFSET;
 use crate::protocol::HCL_VMSA_PAGE_OFFSET;
-use crate::protocol::MSHV_APIC_PAGE_OFFSET;
+use crate::protocol::MSHV_SEV_AVIC_PAGE_OFFSET;
+use crate::protocol::MSHV_TDX_APIC_PAGE_OFFSET;
 use crate::protocol::hcl_intr_offload_flags;
 use crate::protocol::hcl_run;
 use deferred::RegisteredDeferredActions;
@@ -77,9 +78,10 @@ use std::sync::atomic::Ordering;
 use thiserror::Error;
 use user_driver::DmaClient;
 use user_driver::memory::MemoryBlock;
+use x86defs::snp::SevAvicPage;
 use x86defs::snp::SevVmsa;
 use x86defs::tdx::TdCallResultCode;
-use x86defs::vmx::ApicPage;
+use x86defs::vmx::VmxApicPage;
 use zerocopy::FromBytes;
 use zerocopy::FromZeros;
 use zerocopy::Immutable;
@@ -1548,9 +1550,11 @@ enum BackingState {
     },
     Snp {
         vmsa: VtlArray<MappedPage<SevVmsa>, 2>,
+        vtl0_apic_page: MappedPage<SevAvicPage>,
+        vtl1_apic_page: MemoryBlock,
     },
     Tdx {
-        vtl0_apic_page: MappedPage<ApicPage>,
+        vtl0_apic_page: MappedPage<VmxApicPage>,
         vtl1_apic_page: MemoryBlock,
     },
 }
@@ -1602,10 +1606,16 @@ impl HclVp {
                     .map_err(|e| Error::MmapVp(e, Some(Vtl::Vtl1)))?;
                 BackingState::Snp {
                     vmsa: [vmsa_vtl0, vmsa_vtl1].into(),
+                    vtl0_apic_page: MappedPage::new(fd, MSHV_SEV_AVIC_PAGE_OFFSET | vp as i64)
+                        .map_err(|e| Error::MmapVp(e, Some(Vtl::Vtl0)))?,
+                    vtl1_apic_page: private_dma_client
+                        .ok_or(Error::MissingPrivateMemory)?
+                        .allocate_dma_buffer(HV_PAGE_SIZE as usize)
+                        .map_err(Error::AllocVp)?,
                 }
             }
             IsolationType::Tdx => BackingState::Tdx {
-                vtl0_apic_page: MappedPage::new(fd, MSHV_APIC_PAGE_OFFSET | vp as i64)
+                vtl0_apic_page: MappedPage::new(fd, MSHV_TDX_APIC_PAGE_OFFSET | vp as i64)
                     .map_err(|e| Error::MmapVp(e, Some(Vtl::Vtl0)))?,
                 vtl1_apic_page: private_dma_client
                     .ok_or(Error::MissingPrivateMemory)?

openhcl/hcl/src/ioctl/snp.rs

@@ -25,12 +25,14 @@ use sidecar_client::SidecarVp;
 use std::cell::UnsafeCell;
 use std::os::fd::AsRawFd;
 use thiserror::Error;
+use x86defs::snp::SevAvicPage;
 use x86defs::snp::SevRmpAdjust;
 use x86defs::snp::SevVmsa;
 
 /// Runner backing for SNP partitions.
 pub struct Snp<'a> {
     vmsa: VtlArray<&'a UnsafeCell<SevVmsa>, 2>,
+    apic_pages: VtlArray<&'a UnsafeCell<SevAvicPage>, 2>,
 }
 
 /// Error returned by failing SNP operations.
@@ -176,11 +178,28 @@ impl MshvVtl {
 impl<'a> super::private::BackingPrivate<'a> for Snp<'a> {
     fn new(vp: &'a HclVp, sidecar: Option<&SidecarVp<'_>>, _hcl: &Hcl) -> Result<Self, NoRunner> {
         assert!(sidecar.is_none());
-        let super::BackingState::Snp { vmsa } = &vp.backing else {
+        let super::BackingState::Snp {
+            vtl0_apic_page,
+            vtl1_apic_page,
+            vmsa,
+        } = &vp.backing
+        else {
             return Err(NoRunner::MismatchedIsolation);
         };
 
+        // TODO: Register the VTL 1 AVIC page with the hypervisor.
+        // Specification: "SEV-ES Guest-Hypervisor Communication Block Standartization",
+        // 4.1.16.1 "Backing page support".
+        //
+        // The VTL 0 APIC page is registered by the kernel.
+        let vtl1_apic_page_addr = vtl1_apic_page.pfns()[0] * user_driver::memory::PAGE_SIZE64;
+
+        // SAFETY: The mapping is held for the appropriate lifetime, and the
+        // APIC page is never accessed as any other type, or by any other location.
+        let vtl1_apic_page = unsafe { &*vtl1_apic_page.base().cast() };
+
         Ok(Self {
+            apic_pages: [vtl0_apic_page.as_ref(), vtl1_apic_page].into(),
             vmsa: vmsa.each_ref().map(|mp| mp.as_ref()),
         })
     }

openhcl/hcl/src/ioctl/tdx.rs

@@ -38,12 +38,12 @@ use x86defs::tdx::TdxGlaListInfo;
 use x86defs::tdx::TdxL2Ctls;
 use x86defs::tdx::TdxL2EnterGuestState;
 use x86defs::tdx::TdxVmFlags;
-use x86defs::vmx::ApicPage;
 use x86defs::vmx::VmcsField;
+use x86defs::vmx::VmxApicPage;
 
 /// Runner backing for TDX partitions.
 pub struct Tdx<'a> {
-    apic_pages: VtlArray<&'a UnsafeCell<ApicPage>, 2>,
+    apic_pages: VtlArray<&'a UnsafeCell<VmxApicPage>, 2>,
 }
 
 impl MshvVtl {
@@ -122,14 +122,14 @@ impl<'a> ProcessorRunner<'a, Tdx<'a>> {
     }
 
     /// Gets a reference to the tdx APIC page for the given VTL.
-    pub fn tdx_apic_page(&self, vtl: GuestVtl) -> &ApicPage {
+    pub fn tdx_apic_page(&self, vtl: GuestVtl) -> &VmxApicPage {
         // SAFETY: the APIC pages will not be concurrently accessed by the processor
         // while this VP is in VTL2.
         unsafe { &*self.state.apic_pages[vtl].get() }
     }
 
     /// Gets a mutable reference to the tdx APIC page for the given VTL.
-    pub fn tdx_apic_page_mut(&mut self, vtl: GuestVtl) -> &mut ApicPage {
+    pub fn tdx_apic_page_mut(&mut self, vtl: GuestVtl) -> &mut VmxApicPage {
         // SAFETY: the APIC pages will not be concurrently accessed by the processor
         // while this VP is in VTL2.
         unsafe { &mut *self.state.apic_pages[vtl].get() }

openhcl/hcl/src/protocol.rs

@@ -175,8 +175,9 @@ pub struct hcl_hvcall {
 
 pub const HCL_REG_PAGE_OFFSET: i64 = 1 << 16;
 pub const HCL_VMSA_PAGE_OFFSET: i64 = 2 << 16;
-pub const MSHV_APIC_PAGE_OFFSET: i64 = 3 << 16;
+pub const MSHV_TDX_APIC_PAGE_OFFSET: i64 = 3 << 16;
 pub const HCL_VMSA_GUEST_VSM_PAGE_OFFSET: i64 = 4 << 16;
+pub const MSHV_SEV_AVIC_PAGE_OFFSET: i64 = 5 << 16;
 
 open_enum::open_enum! {
     /// 4 bits represent VTL0 enter mode.

openhcl/virt_mshv_vtl/src/processor/tdx/mod.rs

@@ -75,6 +75,7 @@ use virt_support_x86emu::emulate::emulate_io;
 use virt_support_x86emu::emulate::emulate_translate_gva;
 use virt_support_x86emu::translate::TranslationRegisters;
 use vmcore::vmtime::VmTimeAccess;
+use x86defs::ApicRegister;
 use x86defs::RFlags;
 use x86defs::X64_CR0_ET;
 use x86defs::X64_CR0_NE;
@@ -95,8 +96,6 @@ use x86defs::tdx::TdxGp;
 use x86defs::tdx::TdxInstructionInfo;
 use x86defs::tdx::TdxL2Ctls;
 use x86defs::tdx::TdxVpEnterRaxResult;
-use x86defs::vmx::ApicPage;
-use x86defs::vmx::ApicRegister;
 use x86defs::vmx::CR_ACCESS_TYPE_LMSW;
 use x86defs::vmx::CR_ACCESS_TYPE_MOV_TO_CR;
 use x86defs::vmx::CrAccessQualification;
@@ -114,6 +113,7 @@ use x86defs::vmx::SecondaryProcessorControls;
 use x86defs::vmx::VMX_ENTRY_CONTROL_LONG_MODE_GUEST;
 use x86defs::vmx::VMX_FEATURE_CONTROL_LOCKED;
 use x86defs::vmx::VmcsField;
+use x86defs::vmx::VmxApicPage;
 use x86defs::vmx::VmxEptExitQualification;
 use x86defs::vmx::VmxExit;
 use x86defs::vmx::VmxExitBasic;
@@ -2915,7 +2915,7 @@ impl UhProcessor<'_, TdxBacked> {
 
 struct TdxApicClient<'a, T> {
     partition: &'a UhPartitionInner,
-    apic_page: &'a mut ApicPage,
+    apic_page: &'a mut VmxApicPage,
     dev: &'a T,
     vmtime: &'a VmTimeAccess,
     vtl: GuestVtl,
@@ -2952,7 +2952,7 @@ impl<T: CpuIo> ApicClient for TdxApicClient<'_, T> {
     }
 }
 
-fn pull_apic_offload(page: &mut ApicPage) -> ([u32; 8], [u32; 8]) {
+fn pull_apic_offload(page: &mut VmxApicPage) -> ([u32; 8], [u32; 8]) {
     let mut irr = [0; 8];
     let mut isr = [0; 8];
     for (((irr, page_irr), isr), page_isr) in irr

vm/x86/x86defs/Cargo.toml

@@ -11,6 +11,7 @@ open_enum.workspace = true
 
 arbitrary = { workspace = true, optional = true }
 bitfield-struct.workspace = true
+static_assertions.workspace = true
 zerocopy.workspace = true
 [lints]
 workspace = true

vm/x86/x86defs/src/lib.rs

@@ -482,3 +482,10 @@ pub struct X86xMcgStatusRegister {
     #[bits(61)]
     pub reserved0: u64,
 }
+
+#[repr(C)]
+#[derive(Debug, Copy, Clone, IntoBytes, Immutable, KnownLayout, FromBytes)]
+pub struct ApicRegister {
+    pub value: u32,
+    _reserved: [u32; 3],
+}

vm/x86/x86defs/src/snp.rs

@@ -3,7 +3,9 @@
 
 //! AMD SEV-SNP specific definitions.
 
+use crate::ApicRegister;
 use bitfield_struct::bitfield;
+use static_assertions::const_assert_eq;
 use zerocopy::FromBytes;
 use zerocopy::Immutable;
 use zerocopy::IntoBytes;
@@ -414,6 +416,52 @@ pub struct SevVmsa {
     pub ymm_registers: [SevXmmRegister; 16],
 }
 
+#[repr(C)]
+#[derive(Debug, Clone, IntoBytes, Immutable, KnownLayout, FromBytes)]
+/// Structure representing the SEV-ES AVIC backing page.
+/// Specification: "AMD64 PPR Vol3 System Programming", 15.29.3  AVIC Backing Page.
+pub struct SevAvicPage {
+    pub reserved_0: [ApicRegister; 2],
+    pub id: ApicRegister,
+    pub version: ApicRegister,
+    pub reserved_4: [ApicRegister; 4],
+    pub tpr: ApicRegister,
+    pub apr: ApicRegister,
+    pub ppr: ApicRegister,
+    pub eoi: ApicRegister,
+    pub rrd: ApicRegister,
+    pub ldr: ApicRegister,
+    pub dfr: ApicRegister,
+    pub svr: ApicRegister,
+    pub isr: [ApicRegister; 8],
+    pub tmr: [ApicRegister; 8],
+    pub irr: [ApicRegister; 8],
+    pub esr: ApicRegister,
+    pub reserved_29: [ApicRegister; 6],
+    pub lvt_cmci: ApicRegister,
+    pub icr: [ApicRegister; 2],
+    pub lvt_timer: ApicRegister,
+    pub lvt_thermal: ApicRegister,
+    pub lvt_pmc: ApicRegister,
+    pub lvt_lint0: ApicRegister,
+    pub lvt_lint1: ApicRegister,
+    pub lvt_error: ApicRegister,
+    pub timer_icr: ApicRegister,
+    pub timer_ccr: ApicRegister,
+    pub reserved_3a: [ApicRegister; 4],
+    pub timer_dcr: ApicRegister,
+    pub self_ipi: ApicRegister,
+    pub eafr: ApicRegister,
+    pub eacr: ApicRegister,
+    pub seoi: ApicRegister,
+    pub reserved_44: [ApicRegister; 0x5],
+    pub ier: [ApicRegister; 8],
+    pub ei_lv_tr: [ApicRegister; 3],
+    pub reserved_54: [ApicRegister; 0xad],
+}
+
+const_assert_eq!(size_of::<SevAvicPage>(), 4096);
+
 // Info codes for the GHCB MSR protocol.
 open_enum::open_enum! {
     pub enum GhcbInfo: u64 {

vm/x86/x86defs/src/vmx.rs

@@ -5,8 +5,10 @@
 
 // TODO: move VMX defs somewhere?
 
+use crate::ApicRegister;
 use bitfield_struct::bitfield;
 use open_enum::open_enum;
+use static_assertions::const_assert_eq;
 use zerocopy::FromBytes;
 use zerocopy::Immutable;
 use zerocopy::IntoBytes;
@@ -379,16 +381,9 @@ pub struct SecondaryProcessorControls {
     pub instruction_timeout: bool,
 }
 
-#[repr(C)]
-#[derive(Debug, Copy, Clone, IntoBytes, Immutable, KnownLayout, FromBytes)]
-pub struct ApicRegister {
-    pub value: u32,
-    _reserved: [u32; 3],
-}
-
 #[repr(C)]
 #[derive(Debug, Clone, IntoBytes, Immutable, KnownLayout, FromBytes)]
-pub struct ApicPage {
+pub struct VmxApicPage {
     pub reserved_0: [ApicRegister; 2],
     pub id: ApicRegister,
     pub version: ApicRegister,
@@ -421,3 +416,5 @@ pub struct ApicPage {
     pub reserved_3f: ApicRegister,
     pub reserved_40: [ApicRegister; 0xc0],
 }
+
+const_assert_eq!(size_of::<VmxApicPage>(), 4096);