diff options
author | Zach Reizner <zachr@google.com> | 2018-02-05 16:00:14 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-02-06 21:32:39 -0800 |
commit | e0e8e56732801c63f5c836827e473665e1e12c29 (patch) | |
tree | 348f2cc5569501c2e789b5b3f17a9ebf02c77609 | |
parent | a912b2cf76a78d3331e32679d474e621622e5060 (diff) | |
download | crosvm-e0e8e56732801c63f5c836827e473665e1e12c29.tar crosvm-e0e8e56732801c63f5c836827e473665e1e12c29.tar.gz crosvm-e0e8e56732801c63f5c836827e473665e1e12c29.tar.bz2 crosvm-e0e8e56732801c63f5c836827e473665e1e12c29.tar.lz crosvm-e0e8e56732801c63f5c836827e473665e1e12c29.tar.xz crosvm-e0e8e56732801c63f5c836827e473665e1e12c29.tar.zst crosvm-e0e8e56732801c63f5c836827e473665e1e12c29.zip |
kvm: support adding read only memory to VMs
Read only memory is useful for triggering VM exits when the VM writes to memory while allowing reads transparently and quickly. For example, a virtual device implementation might not care if the VM reads a memory mapped device register, but a exit would be required if the VM wrote to the same register. TEST=cargo test -p kvm; ./build_test BUG=chromium:800626 Change-Id: Ic605b2cfc2a1e44941d91945f9390b9abb820040 Reviewed-on: https://chromium-review.googlesource.com/903075 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org>
-rw-r--r-- | kvm/src/lib.rs | 34 | ||||
-rw-r--r-- | kvm/tests/dirty_log.rs | 1 | ||||
-rw-r--r-- | kvm/tests/read_only_memory.rs | 98 | ||||
-rw-r--r-- | vm_control/src/lib.rs | 2 |
4 files changed, 126 insertions, 9 deletions
diff --git a/kvm/src/lib.rs b/kvm/src/lib.rs index 2b12261..d6dbea8 100644 --- a/kvm/src/lib.rs +++ b/kvm/src/lib.rs @@ -35,16 +35,20 @@ fn errno_result<T>() -> Result<T> { unsafe fn set_user_memory_region<F: AsRawFd>(fd: &F, slot: u32, + read_only: bool, log_dirty_pages: bool, guest_addr: u64, memory_size: u64, userspace_addr: u64) -> Result<()> { - let flags = if log_dirty_pages { - KVM_MEM_LOG_DIRTY_PAGES + let mut flags = if read_only { + KVM_MEM_READONLY } else { 0 }; + if log_dirty_pages { + flags |= KVM_MEM_LOG_DIRTY_PAGES; + } let region = kvm_userspace_memory_region { slot: slot, flags, @@ -201,7 +205,7 @@ impl Vm { guest_mem.with_regions(|index, guest_addr, size, host_addr| { unsafe { // Safe because the guest regions are guaranteed not to overlap. - set_user_memory_region(&vm_file, index as u32, false, + set_user_memory_region(&vm_file, index as u32, false, false, guest_addr.offset() as u64, size as u64, host_addr as u64) @@ -228,11 +232,15 @@ impl Vm { /// Note that memory inserted into the VM's address space must not overlap with any other memory /// slot's region. /// + /// If `read_only` is true, the guest will be able to read the memory as normal, but attempts to + /// write will trigger a mmio VM exit, leaving the memory untouched. + /// /// If `log_dirty_pages` is true, the slot number can be used to retrieve the pages written to /// by the guest with `get_dirty_log`. pub fn add_device_memory(&mut self, guest_addr: GuestAddress, mem: MemoryMapping, + read_only: bool, log_dirty_pages: bool) -> Result<u32> { if guest_addr < self.guest_mem.end_addr() { @@ -254,7 +262,7 @@ impl Vm { // this. We take ownership of the memory mapping so that it won't be unmapped until the slot // is removed. unsafe { - set_user_memory_region(&self.vm, slot, log_dirty_pages, + set_user_memory_region(&self.vm, slot, read_only, log_dirty_pages, guest_addr.offset() as u64, mem.size() as u64, mem.as_ptr() as u64)?; @@ -272,7 +280,7 @@ impl Vm { Entry::Occupied(entry) => { // Safe because the slot is checked against the list of device memory slots. unsafe { - set_user_memory_region(&self.vm, slot, false, 0, 0, 0)?; + set_user_memory_region(&self.vm, slot, false, false, 0, 0, 0)?; } // Because `mem_slot_gaps` is a max-heap, but we want to pop the min slots, we // negate the slot value before insertion. @@ -937,7 +945,17 @@ mod tests { let mut vm = Vm::new(&kvm, gm).unwrap(); let mem_size = 0x1000; let mem = MemoryMapping::new(mem_size).unwrap(); - vm.add_device_memory(GuestAddress(0x1000), mem, false).unwrap(); + vm.add_device_memory(GuestAddress(0x1000), mem, false, false).unwrap(); + } + + #[test] + fn add_memory_ro() { + let kvm = Kvm::new().unwrap(); + let gm = GuestMemory::new(&vec![(GuestAddress(0), 0x1000)]).unwrap(); + let mut vm = Vm::new(&kvm, gm).unwrap(); + let mem_size = 0x1000; + let mem = MemoryMapping::new(mem_size).unwrap(); + vm.add_device_memory(GuestAddress(0x1000), mem, true, false).unwrap(); } #[test] @@ -948,7 +966,7 @@ mod tests { let mem_size = 0x1000; let mem = MemoryMapping::new(mem_size).unwrap(); let mem_ptr = mem.as_ptr(); - let slot = vm.add_device_memory(GuestAddress(0x1000), mem, false).unwrap(); + let slot = vm.add_device_memory(GuestAddress(0x1000), mem, false, false).unwrap(); let mem = vm.remove_device_memory(slot).unwrap(); assert_eq!(mem.size(), mem_size); assert_eq!(mem.as_ptr(), mem_ptr); @@ -969,7 +987,7 @@ mod tests { let mut vm = Vm::new(&kvm, gm).unwrap(); let mem_size = 0x2000; let mem = MemoryMapping::new(mem_size).unwrap(); - assert!(vm.add_device_memory(GuestAddress(0x2000), mem, false).is_err()); + assert!(vm.add_device_memory(GuestAddress(0x2000), mem, false, false).is_err()); } #[test] diff --git a/kvm/tests/dirty_log.rs b/kvm/tests/dirty_log.rs index 4ec7295..7226220 100644 --- a/kvm/tests/dirty_log.rs +++ b/kvm/tests/dirty_log.rs @@ -49,6 +49,7 @@ fn test_run() { let slot = vm.add_device_memory(GuestAddress(0), MemoryMapping::from_fd(&mem, mem_size as usize) .expect("failed to create memory mapping"), + false, true) .expect("failed to register memory"); diff --git a/kvm/tests/read_only_memory.rs b/kvm/tests/read_only_memory.rs new file mode 100644 index 0000000..50f76f0 --- /dev/null +++ b/kvm/tests/read_only_memory.rs @@ -0,0 +1,98 @@ +// Copyright 2017 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#![cfg(any(target_arch = "x86", target_arch = "x86_64"))] + +extern crate sys_util; +extern crate kvm_sys; +extern crate kvm; + +use kvm::*; +use kvm_sys::kvm_regs; +use sys_util::{GuestAddress, GuestMemory, SharedMemory, MemoryMapping}; + +#[test] +fn test_run() { + /* + 0000 268A07 mov al,[es:bx] + 0003 0401 add al,0x1 + 0005 268807 mov [es:bx],al + 0008 F4 hlt + */ + let code = [0x26, 0x8a, 0x07, 0x04, 0x01, 0x26, 0x88, 0x07, 0xf4]; + let mem_size = 0x2000; + let load_addr = GuestAddress(0x1000); + let guest_mem = GuestMemory::new(&[]).unwrap(); + let mut mem = SharedMemory::new(None).expect("failed to create shared memory"); + mem.set_size(mem_size) + .expect("failed to set shared memory size"); + let mmap = + MemoryMapping::from_fd(&mem, mem_size as usize).expect("failed to create memory mapping"); + + mmap.write_slice(&code[..], load_addr.offset() as usize) + .expect("Writing code to memory failed."); + + let kvm = Kvm::new().expect("new kvm failed"); + let mut vm = Vm::new(&kvm, guest_mem).expect("new vm failed"); + let vcpu = Vcpu::new(0, &kvm, &vm).expect("new vcpu failed"); + let mut vcpu_sregs = vcpu.get_sregs().expect("get sregs failed"); + vcpu_sregs.cs.base = 0; + vcpu_sregs.cs.selector = 0; + vcpu_sregs.es.base = 0x3000; + vcpu_sregs.es.selector = 0; + vcpu.set_sregs(&vcpu_sregs).expect("set sregs failed"); + + let mut vcpu_regs: kvm_regs = unsafe { std::mem::zeroed() }; + vcpu_regs.rip = load_addr.offset() as u64; + vcpu_regs.rflags = 2; + vcpu_regs.rax = 0x66; + vcpu_regs.rbx = 0; + vcpu.set_regs(&vcpu_regs).expect("set regs failed"); + vm.add_device_memory(GuestAddress(0), + MemoryMapping::from_fd(&mem, mem_size as usize) + .expect("failed to create memory mapping"), + false, + false) + .expect("failed to register memory"); + + // Give some read only memory for the test code to read from and force a vcpu exit when it reads + // from it. + let mut mem_ro = SharedMemory::new(None).expect("failed to create shared memory"); + mem_ro + .set_size(0x1000) + .expect("failed to set shared memory size"); + let mmap_ro = MemoryMapping::from_fd(&mem_ro, 0x1000).expect("failed to create memory mapping"); + mmap_ro + .write_obj(vcpu_regs.rax as u8, 0) + .expect("failed writing data to ro memory"); + vm.add_device_memory(GuestAddress(vcpu_sregs.es.base), + MemoryMapping::from_fd(&mem_ro, 0x1000) + .expect("failed to create memory mapping"), + true, + false) + .expect("failed to register memory"); + + // Ensure we get exactly 1 exit from attempting to write to read only memory. + let mut exits = 0; + + loop { + match vcpu.run().expect("run failed") { + VcpuExit::Hlt => break, + VcpuExit::MmioWrite(addr, data) => { + assert_eq!(addr, vcpu_sregs.es.base); + assert_eq!(data[0] as u64, vcpu_regs.rax + 1); + exits += 1; + } + r => panic!("unexpected exit reason: {:?}", r), + } + } + + // Check that exactly 1 attempt to write to read only memory was made, and that the memory is + // unchanged after that attempt. + assert_eq!(exits, 1); + assert_eq!(mmap_ro + .read_obj::<u8>(0) + .expect("failed to read data from ro memory"), + vcpu_regs.rax as u8); +} diff --git a/vm_control/src/lib.rs b/vm_control/src/lib.rs index 6688077..dbcbece 100644 --- a/vm_control/src/lib.rs +++ b/vm_control/src/lib.rs @@ -205,7 +205,7 @@ impl VmRequest { }; let pfn = *next_mem_pfn; let slot = - match vm.add_device_memory(GuestAddress(pfn << 12), mmap, false) { + match vm.add_device_memory(GuestAddress(pfn << 12), mmap, false, false) { Ok(slot) => slot, Err(e) => return VmResponse::Err(e), }; |