Remove per-VM lock

This drastically increases the granularity of the locking
in most aspects of the hypervisor

Author: ALSchwalm

mythril/src/emulate/memio.rs

@@ -401,19 +401,17 @@ fn process_memio_op(
         .read_field(vmcs::VmcsField::VmExitInstructionLen)?;
     let ip = vcpu.vmcs.read_field(vmcs::VmcsField::GuestRip)?;
 
-    let mut vm = vcpu.vm.write();
     let ip_addr = memory::GuestVirtAddr::new(ip, &vcpu.vmcs)?;
-    let view = memory::GuestAddressSpaceViewMut::from_vmcs(
+    let view = memory::GuestAddressSpaceView::from_vmcs(
         &vcpu.vmcs,
-        &mut vm.guest_space,
+        &vcpu.vm.guest_space,
     )?;
 
     let bytes = view.read_bytes(
         ip_addr,
         instruction_len as usize,
         memory::GuestAccess::Read(memory::PrivilegeLevel(0)),
     )?;
-    drop(vm);
 
     let efer = vcpu.vmcs.read_field(vmcs::VmcsField::GuestIa32Efer)?;
     // TODO: 16bit support
@@ -457,8 +455,7 @@ pub fn handle_ept_violation(
         event: DeviceEvent,
         responses: &mut ResponseEventArray,
     ) -> Result<()> {
-        let mut vm = vcpu.vm.write();
-        vm.dispatch_event(addr, event, vcpu, responses)
+        vcpu.vm.dispatch_event(addr, event, vcpu, responses)
     }
 
     let addr = memory::GuestPhysAddr::new(

mythril/src/emulate/portio.rs

@@ -13,8 +13,6 @@ fn emulate_outs(
     exit: vmexit::IoInstructionInformation,
     responses: &mut ResponseEventArray,
 ) -> Result<()> {
-    let mut vm = vcpu.vm.write();
-
     let linear_addr =
         vcpu.vmcs.read_field(vmcs::VmcsField::GuestLinearAddress)?;
     let guest_addr = memory::GuestVirtAddr::new(linear_addr, &vcpu.vmcs)?;
@@ -23,9 +21,9 @@ fn emulate_outs(
     //        assume that is requires supervisor
     let access = memory::GuestAccess::Read(memory::PrivilegeLevel(0));
 
-    let view = memory::GuestAddressSpaceViewMut::from_vmcs(
+    let view = memory::GuestAddressSpaceView::from_vmcs(
         &vcpu.vmcs,
-        &mut vm.guest_space,
+        &vcpu.vm.guest_space,
     )?;
 
     // FIXME: The direction we read is determined by the DF flag (I think)
@@ -39,7 +37,7 @@ fn emulate_outs(
     // FIXME: Actually test for REP
     for chunk in bytes.chunks_exact(exit.size as usize) {
         let request = PortWriteRequest::try_from(chunk)?;
-        vm.dispatch_event(
+        vcpu.vm.dispatch_event(
             port,
             DeviceEvent::PortWrite(port, request),
             vcpu,
@@ -59,8 +57,6 @@ fn emulate_ins(
     exit: vmexit::IoInstructionInformation,
     responses: &mut ResponseEventArray,
 ) -> Result<()> {
-    let mut vm = vcpu.vm.write();
-
     let linear_addr =
         vcpu.vmcs.read_field(vmcs::VmcsField::GuestLinearAddress)?;
     let guest_addr = memory::GuestVirtAddr::new(linear_addr, &vcpu.vmcs)?;
@@ -69,17 +65,17 @@ fn emulate_ins(
     let mut bytes = vec![0u8; guest_cpu.rcx as usize];
     for chunk in bytes.chunks_exact_mut(exit.size as usize) {
         let request = PortReadRequest::try_from(chunk)?;
-        vm.dispatch_event(
+        vcpu.vm.dispatch_event(
             port,
             DeviceEvent::PortRead(port, request),
             vcpu,
             responses,
         )?;
     }
 
-    let mut view = memory::GuestAddressSpaceViewMut::from_vmcs(
+    let view = memory::GuestAddressSpaceView::from_vmcs(
         &vcpu.vmcs,
-        &mut vm.guest_space,
+        &vcpu.vm.guest_space,
     )?;
     view.write_bytes(guest_addr, &bytes, access)?;
 
@@ -98,12 +94,11 @@ pub fn emulate_portio(
         (exit.port, exit.input, exit.size, exit.string);
 
     if !string {
-        let mut vm = vcpu.vm.write();
         if !input {
             let arr = (guest_cpu.rax as u32).to_be_bytes();
             let request =
                 PortWriteRequest::try_from(&arr[4 - size as usize..])?;
-            vm.dispatch_event(
+            vcpu.vm.dispatch_event(
                 port,
                 DeviceEvent::PortWrite(port, request),
                 vcpu,
@@ -113,7 +108,7 @@ pub fn emulate_portio(
             let mut arr = [0u8; 4];
             let request =
                 PortReadRequest::try_from(&mut arr[4 - size as usize..])?;
-            vm.dispatch_event(
+            vcpu.vm.dispatch_event(
                 port,
                 DeviceEvent::PortRead(port, request),
                 vcpu,

mythril/src/kmain.rs

@@ -40,16 +40,16 @@ fn build_vm(
     cfg: &config::UserVmConfig,
     info: &BootInfo,
     add_uart: bool,
-) -> Arc<RwLock<vm::VirtualMachine>> {
+) -> Arc<vm::VirtualMachine> {
     let physical_config = if add_uart == false {
         vm::PhysicalDeviceConfig::default()
     } else {
         vm::PhysicalDeviceConfig {
-            serial: Some(
+            serial: RwLock::new(Some(
                 physdev::com::Uart8250::new(0x3f8)
                     .expect("Failed to create UART"),
-            ),
-            ps2_keyboard: None,
+            )),
+            ps2_keyboard: RwLock::new(None),
         }
     };
 

mythril/src/memory.rs

@@ -3,12 +3,12 @@ use crate::vmcs;
 use alloc::boxed::Box;
 use alloc::vec::Vec;
 use bitflags::bitflags;
-use core::borrow::{Borrow, BorrowMut};
 use core::convert::TryFrom;
 use core::default::Default;
 use core::fmt;
 use core::ops::{Add, Deref, Index, IndexMut};
 use num_enum::TryFromPrimitive;
+use spin::RwLock;
 use ux;
 use x86::bits64::paging::*;
 use x86::controlregs::Cr0;
@@ -255,7 +255,7 @@ impl HostPhysFrame {
 }
 
 pub struct GuestAddressSpace {
-    root: Box<EptPml4Table>,
+    root: RwLock<Box<EptPml4Table>>,
 }
 
 #[derive(Copy, Clone, Debug)]
@@ -271,21 +271,26 @@ pub enum GuestAccess {
 impl GuestAddressSpace {
     pub fn new() -> Result<Self> {
         Ok(GuestAddressSpace {
-            root: Box::new(EptPml4Table::default()),
+            root: RwLock::new(Box::new(EptPml4Table::default())),
         })
     }
 
     pub fn map_frame(
-        &mut self,
+        &self,
         guest_addr: GuestPhysAddr,
         host_frame: HostPhysFrame,
         readonly: bool,
     ) -> Result<()> {
-        map_guest_memory(&mut self.root, guest_addr, host_frame, readonly)
+        map_guest_memory(
+            &mut self.root.write(),
+            guest_addr,
+            host_frame,
+            readonly,
+        )
     }
 
     pub fn map_new_frame(
-        &mut self,
+        &self,
         guest_addr: GuestPhysAddr,
         readonly: bool,
     ) -> Result<()> {
@@ -297,7 +302,7 @@ impl GuestAddressSpace {
 
     pub fn eptp(&self) -> u64 {
         // //TODO: check available memory types
-        (&*self.root as *const _ as u64) | (4 - 1) << 3 | 6
+        (&*(*self.root.read()) as *const _ as u64) | (4 - 1) << 3 | 6
     }
 
     pub fn translate_linear_address(
@@ -360,7 +365,7 @@ impl GuestAddressSpace {
         &self,
         addr: GuestPhysAddr,
     ) -> Result<HostPhysFrame> {
-        let ept_pml4e = &self.root[addr.p4_index()];
+        let ept_pml4e = &self.root.read()[addr.p4_index()];
         if ept_pml4e.is_unused() {
             return Err(Error::InvalidValue(
                 "No PML4 entry for GuestPhysAddr".into(),
@@ -440,7 +445,7 @@ impl GuestAddressSpace {
     }
 
     pub fn write_bytes(
-        &mut self,
+        &self,
         cr3: GuestPhysAddr,
         addr: GuestVirtAddr,
         mut bytes: &[u8],
@@ -471,25 +476,20 @@ impl GuestAddressSpace {
     }
 }
 
-pub type GuestAddressSpaceView<'a> =
-    GuestAddressSpaceWrapper<&'a GuestAddressSpace>;
-pub type GuestAddressSpaceViewMut<'a> =
-    GuestAddressSpaceWrapper<&'a mut GuestAddressSpace>;
-
-pub struct GuestAddressSpaceWrapper<T> {
-    space: T,
+pub struct GuestAddressSpaceView<'a> {
+    space: &'a GuestAddressSpace,
     cr3: GuestPhysAddr,
 }
 
-impl<T> GuestAddressSpaceWrapper<T>
-where
-    T: Borrow<GuestAddressSpace>,
-{
-    pub fn new(cr3: GuestPhysAddr, space: T) -> Self {
+impl<'a> GuestAddressSpaceView<'a> {
+    pub fn new(cr3: GuestPhysAddr, space: &'a GuestAddressSpace) -> Self {
         Self { space, cr3 }
     }
 
-    pub fn from_vmcs(vmcs: &vmcs::ActiveVmcs, space: T) -> Result<Self> {
+    pub fn from_vmcs(
+        vmcs: &vmcs::ActiveVmcs,
+        space: &'a GuestAddressSpace,
+    ) -> Result<Self> {
         let cr3 = vmcs.read_field(vmcs::VmcsField::GuestCr3)?;
         let cr3 = GuestPhysAddr::new(cr3);
         Ok(Self { space, cr3 })
@@ -500,7 +500,7 @@ where
         addr: GuestVirtAddr,
         access: GuestAccess,
     ) -> Result<FrameIter> {
-        self.space.borrow().frame_iter(self.cr3, addr, access)
+        self.space.frame_iter(self.cr3, addr, access)
     }
 
     pub fn read_bytes(
@@ -509,46 +509,32 @@ where
         length: usize,
         access: GuestAccess,
     ) -> Result<Vec<u8>> {
-        self.space
-            .borrow()
-            .read_bytes(self.cr3, addr, length, access)
+        self.space.read_bytes(self.cr3, addr, length, access)
     }
 
     pub fn translate_linear_address(
         &self,
         addr: GuestVirtAddr,
         access: GuestAccess,
     ) -> Result<GuestPhysAddr> {
-        self.space
-            .borrow()
-            .translate_linear_address(self.cr3, addr, access)
+        self.space.translate_linear_address(self.cr3, addr, access)
     }
-}
 
-impl<T> GuestAddressSpaceWrapper<T>
-where
-    T: BorrowMut<GuestAddressSpace>,
-{
     pub fn write_bytes(
-        &mut self,
+        &self,
         addr: GuestVirtAddr,
         bytes: &[u8],
         access: GuestAccess,
     ) -> Result<()> {
-        self.space
-            .borrow_mut()
-            .write_bytes(self.cr3, addr, bytes, access)
+        self.space.write_bytes(self.cr3, addr, bytes, access)
     }
 }
 
-impl<T> Deref for GuestAddressSpaceWrapper<T>
-where
-    T: Borrow<GuestAddressSpace>,
-{
-    type Target = T;
+impl<'a> Deref for GuestAddressSpaceView<'a> {
+    type Target = GuestAddressSpace;
 
-    fn deref(&self) -> &Self::Target {
-        &self.space
+    fn deref(&self) -> &'a Self::Target {
+        self.space
     }
 }
 

mythril/src/percore.rs

@@ -111,12 +111,12 @@ pub fn read_core_id() -> CoreId {
 }
 
 #[doc(hidden)]
-pub unsafe fn get_pre_core_impl<T>(t: &T) -> &T {
+pub unsafe fn get_per_core_impl<T>(t: &T) -> &T {
     core::mem::transmute(per_core_address(t as *const T as *const u8))
 }
 
 #[doc(hidden)]
-pub unsafe fn get_pre_core_mut_impl<T>(t: &mut T) -> &mut T {
+pub unsafe fn get_per_core_mut_impl<T>(t: &mut T) -> &mut T {
     core::mem::transmute(per_core_address(t as *const T as *const u8))
 }
 
@@ -125,7 +125,7 @@ macro_rules! get_per_core {
     ($name:ident) => {
         #[allow(unused_unsafe)]
         unsafe {
-            $crate::percore::get_pre_core_impl(&mut $name)
+            $crate::percore::get_per_core_impl(&$name)
         }
     };
 }
@@ -135,7 +135,7 @@ macro_rules! get_per_core_mut {
     ($name:ident) => {
         #[allow(unused_unsafe)]
         unsafe {
-            $crate::percore::get_pre_core_mut_impl(&mut $name)
+            $crate::percore::get_per_core_mut_impl(&mut $name)
         }
     };
 }
@@ -150,6 +150,12 @@ macro_rules! __declare_per_core_internal {
 
         declare_per_core!($($t)*);
     };
+    ($(#[$attr:meta])* ($($vis:tt)*) static $N:ident : $T:ty = $e:expr; $($t:tt)*) => {
+        #[link_section = ".per_core"]
+        $($vis)* static $N: $T = $e;
+
+        declare_per_core!($($t)*);
+    };
     () => ()
 }
 
@@ -165,5 +171,15 @@ macro_rules! declare_per_core {
     ($(#[$attr:meta])* pub ($($vis:tt)+) static mut $N:ident : $T:ty = $e:expr; $($t:tt)*) => {
         __declare_per_core_internal!($(#[$attr])* (pub ($($vis)+)) static mut $N : $T = $e; $($t)*);
     };
+    // Rules for immutable variables
+    ($(#[$attr:meta])* static $N:ident : $T:ty = $e:expr; $($t:tt)*) => {
+        __declare_per_core_internal!($(#[$attr])* () static $N : $T = $e; $($t)*);
+    };
+    ($(#[$attr:meta])* pub static $N:ident : $T:ty = $e:expr; $($t:tt)*) => {
+        __declare_per_core_internal!($(#[$attr])* (pub) static $N : $T = $e; $($t)*);
+    };
+    ($(#[$attr:meta])* pub ($($vis:tt)+) static $N:ident : $T:ty = $e:expr; $($t:tt)*) => {
+        __declare_per_core_internal!($(#[$attr])* (pub ($($vis)+)) static $N : $T = $e; $($t)*);
+    };
     () => ()
 }