Add basic support for ticking time in guest context

This requires an extensive set of changes. We must add support
for a timer wheel that is serviced by the local apic timer. This
requires support for per-core variables so we have a practical way
of accessing the lapic and wheel from a variety of locations.

We must also add a much more functional PIT implementation, so the
guest can setup one-shot or periodic timers. However this change does
_not_ add additional PIC support. Therefore, we just hard code the
linux timer interrupt vector, as it will not be remapped in practice.

The current intended functionality is that the hypervisor will mask
interrupts and always service interrupts by handling the vmexit
caused by any external interrupt. However, this may not work in
practice, so this change adds better interrupt handling support.

Author: ALSchwalm

Makefile

@@ -44,7 +44,7 @@ qemu: multiboot2 $(seabios)
 
 .PHONY: qemu-debug
 qemu-debug: multiboot2-debug $(seabios)
-	./scripts/mythril-run.sh $(multiboot2_debug_binary) \
+	./scripts/mythril-run.sh $(multiboot2_binary) \
 	    -gdb tcp::1234 -S $(QEMU_EXTRA)
 
 $(multiboot2_binary): $(mythril_src)

mythril_core/src/ap.rs

@@ -0,0 +1,7 @@
+/// A structure representing the data passed from the BSP to the AP
+/// through the ap_startup logic.
+#[repr(packed)]
+pub struct ApData {
+    /// This AP's index in the sequential list of all AP's
+    pub idx: u64,
+}

mythril_core/src/ap_startup.S

@@ -88,6 +88,18 @@ ap_startup_64:
     ; Load the stack provided by the bsp
     mov rsp, [AP_STACK_ADDR]
 
+    ; Initialize FS with our per-core index, this will be used for the
+    ; fast per-core access later
+    mov rdx, [AP_IDX]
+    shl rdx, 3          ; Shift the AP_IDX to allow the RPL and TI bits to be 0
+    mov fs, rdx
+
+    ; See ap::ApData
+    push qword [AP_IDX]
+
+    ; Pass the info we've been given by the BSP up to the rust code
+    mov rdi, rsp
+
     ; Acknowledge that the stack has been used
     mov byte [AP_READY], 1
 
@@ -99,6 +111,10 @@ global AP_STACK_ADDR
 AP_STACK_ADDR:
     dq 0
 
+global AP_IDX
+AP_IDX:
+    dq 0
+
 global AP_READY
 AP_READY:
     db 0

mythril_core/src/apic.rs

@@ -1,6 +1,8 @@
 #![deny(missing_docs)]
 
 use crate::error::{Error, Result};
+use crate::time;
+use crate::{declare_per_core, get_per_core, get_per_core_mut};
 use raw_cpuid::CpuId;
 use x86::msr;
 
@@ -79,11 +81,35 @@ pub enum DeliveryMode {
     _Reserved2 = 0x07,
 }
 
+declare_per_core! {
+    static mut LOCAL_APIC: Option<LocalApic> = None;
+}
+
+/// Obtain a reference to the current core's LocalApic
+pub fn get_local_apic() -> &'static LocalApic {
+    get_per_core!(LOCAL_APIC)
+        .as_ref()
+        .expect("Attempt to get local APIC before initialization")
+}
+
+/// Obtain a mutable reference to the current core's LocalApic
+///
+/// The caller must ensure that calling this function does not
+/// cause soundness violations such as holding two mutable
+/// references or a mutable and immutable reference.
+pub unsafe fn get_local_apic_mut() -> &'static mut LocalApic {
+    get_per_core_mut!(LOCAL_APIC)
+        .as_mut()
+        .expect("Attempt to get local APIC before initialization")
+}
+
 /// Structure defining the interface for a local x2APIC
 #[derive(Debug)]
 pub struct LocalApic {
     /// The raw value of the `IA32_APIC_BASE_MSR`
     base_reg: u64,
+
+    ticks_per_ms: u64,
 }
 
 impl LocalApic {
@@ -93,7 +119,7 @@ impl LocalApic {
     ///
     ///  - The CPU does not support X2APIC
     ///  - Unable to get the `cpuid`
-    pub fn init() -> Result<LocalApic> {
+    pub fn init() -> Result<&'static mut Self> {
         // Ensure the CPU supports x2apic
         let cpuid = CpuId::new();
         match cpuid.get_feature_info() {
@@ -123,7 +149,10 @@ impl LocalApic {
         // Fetch the new value of the APIC BASE MSR
         let base_reg = unsafe { msr::rdmsr(msr::IA32_APIC_BASE) };
 
-        let apic = LocalApic { base_reg };
+        let mut apic = LocalApic {
+            base_reg,
+            ticks_per_ms: 0,
+        };
 
         // Enable the APIC in the Spurious Interrupt Vector Register
         unsafe {
@@ -149,7 +178,13 @@ impl LocalApic {
         // initial value of the MSR. For now we'll just stick to what the
         // spec says, but this should be investigated a bit further.
         apic.clear_esr();
-        Ok(apic)
+
+        apic.calibrate_timer()
+            .expect("Failed to calibrate APIC timer");
+
+        let lapic = get_per_core_mut!(LOCAL_APIC);
+        *lapic = Some(apic);
+        Ok(lapic.as_mut().unwrap())
     }
 
     /// The APIC ID
@@ -200,7 +235,7 @@ impl LocalApic {
     }
 
     /// Send a End Of Interrupt
-    pub fn eoi(&self) {
+    pub fn eoi(&mut self) {
         unsafe {
             msr::wrmsr(msr::IA32_X2APIC_EOI, 0x00);
         }
@@ -213,7 +248,7 @@ impl LocalApic {
 
     /// Set the Interrupt Command Register
     pub fn send_ipi(
-        &self,
+        &mut self,
         dst: u32,
         dst_short: DstShorthand,
         trigger: TriggerMode,
@@ -236,10 +271,38 @@ impl LocalApic {
     }
 
     /// Send a IPI to yourself
-    pub fn self_ipi(&self, vector: u8) {
+    pub fn self_ipi(&mut self, vector: u8) {
         // TODO(dlrobertson): Should we check for illegal vectors?
         unsafe {
             msr::wrmsr(msr::IA32_X2APIC_SELF_IPI, vector as u64);
         }
     }
+
+    fn calibrate_timer(&mut self) -> Result<()> {
+        unsafe {
+            let start_tick = 0xFFFFFFFF;
+            msr::wrmsr(msr::IA32_X2APIC_DIV_CONF, 0x3); // timer divisor = 16
+            msr::wrmsr(msr::IA32_X2APIC_INIT_COUNT, start_tick);
+            time::busy_wait(core::time::Duration::from_millis(1));
+            msr::wrmsr(msr::IA32_X2APIC_LVT_TIMER, 1 << 16); // Disable the timer
+            let curr_tick = msr::rdmsr(msr::IA32_X2APIC_CUR_COUNT);
+            self.ticks_per_ms = start_tick - curr_tick;
+        }
+        Ok(())
+    }
+
+    /// Configure the timer for this local apic to generate an interrupt with
+    /// the requested vector at the requested time. This will clear any outstanding
+    /// apic interrupt.
+    pub fn schedule_interrupt(&mut self, when: time::Instant, vector: u8) {
+        //TODO: always round _up_ here to avoid the timer not actually being
+        // expired when we receive the interrupt
+        let micros = (when - time::now()).as_micros();
+        let ticks = micros * self.ticks_per_ms as u128 / 1000;
+        unsafe {
+            msr::wrmsr(msr::IA32_X2APIC_DIV_CONF, 0x3); // timer divisor = 16
+            msr::wrmsr(msr::IA32_X2APIC_LVT_TIMER, vector as u64);
+            msr::wrmsr(msr::IA32_X2APIC_INIT_COUNT, ticks as u64);
+        }
+    }
 }

mythril_core/src/boot.S

@@ -30,14 +30,14 @@ GDT64:                           ; Global Descriptor Table (64-bit).
     dw 0                         ; Base (low).
     db 0                         ; Base (middle)
     db 10011010b                 ; Access (exec/read).
-    db 10101111b                 ; Granularity, 64 bits flag, limit19:16.
+    db 00100000b                 ; Granularity, 64 bits flag, limit19:16.
     db 0                         ; Base (high).
 .data: equ $ - GDT64         ; The data descriptor.
     dw 0                         ; Limit (low).
     dw 0                         ; Base (low).
     db 0                         ; Base (middle)
     db 10010010b                 ; Access (read/write).
-    db 00000000b                 ; Granularity.
+    db 00100000b                 ; Granularity.
     db 0                         ; Base (high).
 .pointer:                    ; The GDT-pointer.
     dw $ - GDT64 - 1             ; Limit.

mythril_core/src/device/ignore.rs

@@ -26,6 +26,8 @@ impl EmulatedDevice for IgnoredDevice {
             DeviceRegion::PortIo(240..=240),
             // IO delay port
             DeviceRegion::PortIo(128..=128),
+            //TODO: don't know what this is yet
+            DeviceRegion::PortIo(135..=135),
         ]
     }
 

mythril_core/src/device/mod.rs

@@ -353,12 +353,12 @@ impl<'a> TryFrom<&'a [u8]> for PortWriteRequest<'a> {
     }
 }
 
-impl<'a> TryInto<u8> for PortWriteRequest<'a> {
+impl<'a> TryFrom<PortWriteRequest<'a>> for u8 {
     type Error = Error;
 
-    fn try_into(self) -> Result<u8> {
-        match self {
-            Self::OneByte(val) => Ok(val[0]),
+    fn try_from(value: PortWriteRequest<'a>) -> Result<Self> {
+        match value {
+            PortWriteRequest::OneByte(val) => Ok(val[0]),
             val => Err(Error::InvalidValue(format!(
                 "Value {} cannot be converted to u8",
                 val
@@ -367,12 +367,12 @@ impl<'a> TryInto<u8> for PortWriteRequest<'a> {
     }
 }
 
-impl<'a> TryInto<u16> for PortWriteRequest<'a> {
+impl<'a> TryFrom<PortWriteRequest<'a>> for u16 {
     type Error = Error;
 
-    fn try_into(self) -> Result<u16> {
-        match self {
-            Self::TwoBytes(val) => Ok(u16::from_be_bytes(*val)),
+    fn try_from(value: PortWriteRequest<'a>) -> Result<Self> {
+        match value {
+            PortWriteRequest::TwoBytes(val) => Ok(u16::from_be_bytes(*val)),
             val => Err(Error::InvalidValue(format!(
                 "Value {} cannot be converted to u16",
                 val
@@ -381,12 +381,12 @@ impl<'a> TryInto<u16> for PortWriteRequest<'a> {
     }
 }
 
-impl<'a> TryInto<u32> for PortWriteRequest<'a> {
+impl<'a> TryFrom<PortWriteRequest<'a>> for u32 {
     type Error = Error;
 
-    fn try_into(self) -> Result<u32> {
-        match self {
-            Self::FourBytes(val) => Ok(u32::from_be_bytes(*val)),
+    fn try_from(value: PortWriteRequest<'a>) -> Result<Self> {
+        match value {
+            PortWriteRequest::FourBytes(val) => Ok(u32::from_be_bytes(*val)),
             val => Err(Error::InvalidValue(format!(
                 "Value {} cannot be converted to u32",
                 val

mythril_core/src/device/pci.rs

@@ -152,6 +152,7 @@ pub struct PciRootComplex {
 
 impl PciRootComplex {
     const PCI_CONFIG_ADDRESS: Port = 0xcf8;
+    const PCI_CONFIG_TYPE: Port = 0xcfb;
     const PCI_CONFIG_DATA: Port = 0xcfc;
     const PCI_CONFIG_DATA_MAX: Port = Self::PCI_CONFIG_DATA + 3;
 
@@ -198,6 +199,7 @@ impl EmulatedDevice for PciRootComplex {
             DeviceRegion::PortIo(
                 Self::PCI_CONFIG_DATA..=Self::PCI_CONFIG_DATA_MAX,
             ),
+            DeviceRegion::PortIo(Self::PCI_CONFIG_TYPE..=Self::PCI_CONFIG_TYPE),
         ]
     }
     fn on_port_read(

mythril_core/src/device/pic.rs

@@ -54,7 +54,6 @@ impl EmulatedDevice for Pic8259 {
             Self::PIC_MASTER_DATA => self.master_state.imr,
             Self::PIC_SLAVE_DATA => self.master_state.imr,
             _ => {
-                info!("Read of PIC command port not yet supported");
                 return Ok(());
             }
         };
@@ -70,19 +69,12 @@ impl EmulatedDevice for Pic8259 {
     ) -> Result<()> {
         match port {
             Self::PIC_MASTER_DATA => {
-                info!("Set master PIC data: {}", val);
                 self.master_state.imr = val.try_into()?;
             }
             Self::PIC_SLAVE_DATA => {
-                info!("Set slave PIC data: {}", val);
                 self.master_state.imr = val.try_into()?;
             }
-            port => {
-                info!(
-                    "Write to PIC command port not yet supported (port 0x{:x} = {})",
-                    port, val
-                );
-            }
+            _ => (),
         }
         Ok(())
     }