Make virtual machine and emulated device allocation static

This patch make some significant changes to the allocation layout
of Mythril. Now, instead of heap allocation of devices and virtual
machines, these are allocated in the following way:

There is a static 'VirtualMachineSet' object that contains a list
of virtual machines and associated message passing contexts. This
structure is how inter-core and inter-vm communication occurs. Each
'VirtualMachine' now contains an ArrayVec of 'DynamicVirtualDevice'.

A 'DynamicVirtualDevice' is a wrapper around various EmulatedDevice
types that are _not_ part of the required guest architecture. For
example, a given PCI device is 'dynamic' in the sense that we cannot
state that it is part of the guest at compile time.

Non-dynamic EmulatedDevices are now stored explicitly as part of the
'StaticVirtualDevices' field of the 'VirtualMachine'. This makes it
significantly easier to reference a particular part of the guest
architecture (rather than having to look up a device by Port, for
example).

Author: ALSchwalm

mythril/Cargo.lock

@@ -12,7 +12,6 @@ test = []
 
 [dependencies]
 arraydeque = { version = "0.4.5", default-features = false }
-arrayvec = { version = "0.5.1", default-features = false }
 bitflags = "1.2.0"
 byteorder = { version = "1", default-features = false }
 num_enum = { version = "0.5.0", default-features = false }
@@ -29,6 +28,11 @@ spin = "0.5"
 ux = { version = "0.1.3", default-features = false }
 managed = { version = "0.8.0", features = ["map", "alloc"], default-features = false }
 
+[dependencies.arrayvec]
+version = "0.5.2"
+default-features = false
+features = ["unstable-const-fn"]
+
 [dependencies.iced-x86]
 version = "1.8.0"
 default-features = false

mythril/Cargo.toml

@@ -1,6 +1,6 @@
 %include "paging.mac"
 
-%define BSP_STACK_SIZE (PAGE_SIZE*50)
+%define BSP_STACK_SIZE (PAGE_SIZE*100)
 %define PAGE_HIERARCHY_SIZE (PAGE_SIZE*7)
 
 global PAGE_HIERARCHY

mythril/src/boot.S

@@ -23,6 +23,8 @@ pub fn emulate_cpuid(
 
         // Hide TSC deadline timer
         res.ecx &= !(1 << 24);
+    } else if guest_cpu.rax as u32 == 0x0b {
+        res.edx = crate::percore::read_core_id().raw as u32;
     }
 
     guest_cpu.rax = res.eax as u64 | (guest_cpu.rax & 0xffffffff00000000);

mythril/src/emulate/cpuid.rs

@@ -523,8 +523,7 @@ pub fn handle_apic_access(
             _ => return Err(Error::NotSupported),
         };
 
-        vcpu.local_apic
-            .register_write(vcpu.vm.clone(), offset, value)
+        vcpu.local_apic.register_write(vcpu.vm, offset, value)
     }
 
     let addr = vm::GUEST_LOCAL_APIC_ADDR

mythril/src/emulate/memio.rs

@@ -18,7 +18,6 @@ use crate::virtdev;
 use crate::vm;
 
 use alloc::collections::BTreeMap;
-use alloc::sync::Arc;
 use alloc::vec::Vec;
 use log::{debug, info};
 use managed::ManagedMap;
@@ -40,11 +39,11 @@ fn build_vm(
     cfg: &config::UserVmConfig,
     info: &BootInfo,
     add_uart: bool,
-) -> Arc<vm::VirtualMachine> {
+) -> vm::VirtualMachine {
     let physical_config = if add_uart == false {
-        vm::PhysicalDeviceConfig::default()
+        vm::HostPhysicalDevices::default()
     } else {
-        vm::PhysicalDeviceConfig {
+        vm::HostPhysicalDevices {
             serial: RwLock::new(Some(
                 physdev::com::Uart8250::new(0x3f8)
                     .expect("Failed to create UART"),
@@ -83,47 +82,18 @@ fn build_vm(
 
     acpi.add_sdt(madt).unwrap();
 
-    let device_map = config.virtual_devices_mut();
+    let virtual_devices = &mut config.virtual_devices;
 
-    device_map
-        .register_device(virtdev::acpi::AcpiRuntime::new(0x600).unwrap())
-        .unwrap();
-    device_map
-        .register_device(virtdev::debug::DebugPort::new(0x402))
-        .unwrap();
-    device_map
-        .register_device(virtdev::com::Uart8250::new(0x3F8))
-        .unwrap();
-    device_map
-        .register_device(virtdev::vga::VgaController::new())
-        .unwrap();
-    device_map
-        .register_device(virtdev::dma::Dma8237::new())
-        .unwrap();
-    device_map
-        .register_device(virtdev::ignore::IgnoredDevice::new())
-        .unwrap();
-    device_map
-        .register_device(virtdev::pci::PciRootComplex::new())
-        .unwrap();
-    device_map
-        .register_device(virtdev::pic::Pic8259::new())
-        .unwrap();
-    device_map
-        .register_device(virtdev::keyboard::Keyboard8042::new())
-        .unwrap();
-    device_map
-        .register_device(virtdev::pit::Pit8254::new())
-        .unwrap();
-    device_map
-        .register_device(virtdev::pos::ProgrammableOptionSelect::new())
-        .unwrap();
-    device_map
-        .register_device(virtdev::rtc::CmosRtc::new(cfg.memory))
-        .unwrap();
-    device_map
-        .register_device(virtdev::ioapic::IoApic::new())
-        .unwrap();
+    virtual_devices.push(RwLock::new(
+        virtdev::DynamicVirtualDevice::DebugPort(
+            virtdev::debug::DebugPort::new(0x402)
+                .expect("Failed to make DebugPort"),
+        ),
+    ));
+
+    virtual_devices.push(RwLock::new(virtdev::DynamicVirtualDevice::Uart(
+        virtdev::com::Uart8250::new(0x3F8).expect("Failed to make Uart"),
+    )));
 
     let mut fw_cfg_builder = virtdev::qemu_fw_cfg::QemuFwCfgBuilder::new();
 
@@ -155,7 +125,9 @@ fn build_vm(
     )
     .unwrap();
 
-    device_map.register_device(fw_cfg_builder.build()).unwrap();
+    virtual_devices.push(RwLock::new(virtdev::DynamicVirtualDevice::Qemu(
+        fw_cfg_builder.build(),
+    )));
 
     vm::VirtualMachine::new(vm_id, config, info).expect("Failed to create vm")
 }
@@ -251,8 +223,6 @@ unsafe fn kmain(mut boot_info: BootInfo) -> ! {
     ioapic::map_gsi_vector(interrupt::gsi::UART, interrupt::vector::UART, 0)
         .expect("Failed to map com0 gsi");
 
-    let mut builder = vm::VirtualMachineSetBuilder::new();
-
     let raw_cfg = boot_info
         .find_module("mythril.cfg")
         .expect("Failed to find 'mythril.cfg' in boot information")
@@ -263,13 +233,15 @@ unsafe fn kmain(mut boot_info: BootInfo) -> ! {
 
     debug!("mythril.cfg: {:?}", mythril_cfg);
 
-    for (num, vm) in mythril_cfg.vms.into_iter().enumerate() {
-        builder
-            .insert_machine(build_vm(num as u32, &vm, &boot_info, num == 0))
-            .expect("Failed to insert new vm");
-    }
-
-    vm::init_virtual_machines(builder.finalize());
+    let vms = mythril_cfg
+        .vms
+        .into_iter()
+        .enumerate()
+        .map(|(num, vm_cfg)| {
+            build_vm(num as u32, &vm_cfg, &boot_info, num == 0)
+        });
+    vm::init_virtual_machines(vms)
+        .expect("Failed to initialize early virtual machine state");
 
     debug!("AP_STARTUP address: 0x{:x}", AP_STARTUP_ADDR);
 
@@ -332,5 +304,17 @@ unsafe fn kmain(mut boot_info: BootInfo) -> ! {
         core::ptr::write_volatile(&mut AP_READY as *mut u8, 0);
     }
 
+    // Also don't start the bsp core if there is no guest assigned to use it
+    let bsp_core_id = percore::read_core_id();
+    if !vm::virtual_machines().is_assigned_core_id(bsp_core_id) {
+        debug!(
+            "Not starting core ID '{}' because it is not assigned to a guest",
+            bsp_core_id
+        );
+        loop {
+            crate::lock::relax_cpu();
+        }
+    }
+
     vcpu::mp_entry_point()
 }

mythril/src/kmain.rs

@@ -5,6 +5,7 @@
 #![feature(get_mut_unchecked)]
 #![feature(fixed_size_array)]
 #![feature(panic_info_message)]
+#![feature(array_value_iter)]
 #![feature(alloc_error_handler)]
 #![feature(lang_items)]
 #![feature(stmt_expr_attributes)]

mythril/src/lib.rs

@@ -61,20 +61,22 @@ pub unsafe fn init_sections(ncores: usize) -> Result<()> {
     Ok(())
 }
 
+unsafe fn percore_section_start(core_idx: u64) -> *const u8 {
+    if core_idx == 0 {
+        &PER_CORE_START as *const u8
+    } else {
+        let section_len = per_core_section_len();
+        (&AP_PER_CORE_SECTIONS[section_len * (core_idx - 1) as usize])
+            as *const u8
+    }
+}
+
 /// Initialize this core's per-core data
 ///
 /// This must be called by each AP (and the BSP) before
 /// the usage of any per-core variable
 pub unsafe fn init_segment_for_core(core_idx: u64) {
-    let fs = if core_idx == 0 {
-        &PER_CORE_START as *const u8 as u64
-    } else {
-        let section_len = per_core_section_len();
-        (&AP_PER_CORE_SECTIONS[section_len * (core_idx - 1) as usize])
-            as *const u8 as u64
-    };
-
-    msr::wrmsr(msr::IA32_FS_BASE, fs);
+    msr::wrmsr(msr::IA32_FS_BASE, percore_section_start(core_idx) as u64);
 
     RoAfterInit::init(
         crate::get_per_core_mut!(CORE_ID),

mythril/src/percore.rs

@@ -289,7 +289,7 @@ impl TimerWheel {
     /// expired and will reset any periodic timers.
     pub fn expire_elapsed_timers(
         &mut self,
-    ) -> Result<vec::Vec<TimerInterruptType>> {
+    ) -> Result<impl Iterator<Item = TimerInterruptType>> {
         let mut interrupts = vec![];
         let elapsed_oneshots = self
             .timers
@@ -318,7 +318,7 @@ impl TimerWheel {
         }
 
         self.update_interrupt_timer();
-        Ok(interrupts)
+        Ok(interrupts.into_iter())
     }
 
     fn update_interrupt_timer(&mut self) {

mythril/src/time.rs

@@ -8,11 +8,10 @@ use crate::percore;
 use crate::registers::{GdtrBase, IdtrBase};
 use crate::time;
 use crate::vm::VirtualMachine;
+use crate::{declare_per_core, get_per_core_mut};
 use crate::{virtdev, vm, vmcs, vmexit, vmx};
 use alloc::boxed::Box;
 use alloc::collections::BTreeMap;
-use alloc::sync::Arc;
-use alloc::vec::Vec;
 use core::mem;
 use core::pin::Pin;
 use x86::controlregs::{cr0, cr3, cr4};
@@ -24,6 +23,13 @@ extern "C" {
     static GDT64_DATA: u64;
 }
 
+const PER_CORE_HOST_STACK_SIZE: usize = 1024 * 1024;
+
+declare_per_core! {
+    static mut HOST_STACK: [u8; PER_CORE_HOST_STACK_SIZE]
+        = [0u8; PER_CORE_HOST_STACK_SIZE];
+}
+
 /// The post-startup point where a core begins executing its statically
 /// assigned VCPU. Past this point, there is no distinction between BSP
 /// and AP.
@@ -41,10 +47,10 @@ pub fn mp_entry_point() -> ! {
         vm
     };
 
-    let mut vcpu = VCpu::new(vm.clone()).expect("Failed to create vcpu");
+    let mut vcpu = VCpu::new(vm).expect("Failed to create vcpu");
 
     let vm_id = vm.id;
-    let is_vm_bsp = vm.config.bsp_id() == core_id;
+    let is_vm_bsp = vm.bsp_id() == core_id;
 
     // Increment the VM's count of ready cores
     vm.notify_ready();
@@ -89,11 +95,11 @@ pub enum InjectedInterruptType {
 /// ultimate handling will occur within an emulated device in the `VirtualMachine`'s
 /// `DeviceMap`)
 pub struct VCpu {
-    pub vm: Arc<VirtualMachine>,
+    pub vm: &'static VirtualMachine,
     pub vmcs: vmcs::ActiveVmcs,
     pub local_apic: virtdev::lapic::LocalApic,
     pending_interrupts: BTreeMap<u8, InjectedInterruptType>,
-    stack: Vec<u8>,
+    stack: &'static mut [u8; PER_CORE_HOST_STACK_SIZE],
 }
 
 impl VCpu {
@@ -102,18 +108,15 @@ impl VCpu {
     /// Note that the result must be `Pin`, as the `VCpu` pushes its own
     /// address on to the per-core host stack so it can be retrieved on
     /// VMEXIT.
-    pub fn new(vm: Arc<VirtualMachine>) -> Result<Pin<Box<Self>>> {
+    pub fn new(vm: &'static VirtualMachine) -> Result<Pin<Box<Self>>> {
         let vmx = vmx::Vmx::enable()?;
         let vmcs = vmcs::Vmcs::new()?.activate(vmx)?;
 
-        // Allocate 1MB for host stack space
-        let stack = vec![0u8; 1024 * 1024];
-
         let mut vcpu = Box::pin(Self {
             vm: vm,
             vmcs: vmcs,
             local_apic: virtdev::lapic::LocalApic::new(),
-            stack: stack,
+            stack: get_per_core_mut!(HOST_STACK),
             pending_interrupts: BTreeMap::new(),
         });
 
@@ -554,8 +557,7 @@ impl VCpu {
         for msg in vm::virtual_machines().recv_all_msgs() {
             match msg {
                 vm::VirtualMachineMsg::GrantConsole(serial) => {
-                    *self.vm.config.physical_devices().serial.write() =
-                        Some(serial);
+                    *self.vm.host_devices.serial.write() = Some(serial);
                 }
                 vm::VirtualMachineMsg::CancelTimer(timer_id) => {
                     time::cancel_timer(&timer_id)?;
@@ -577,8 +579,7 @@ impl VCpu {
     ) -> Result<()> {
         let serial_info = self
             .vm
-            .config
-            .physical_devices()
+            .host_devices
             .serial
             .read()
             .as_ref()
@@ -686,8 +687,7 @@ impl VCpu {
 
                     let serial = self
                         .vm
-                        .config
-                        .physical_devices()
+                        .host_devices
                         .serial
                         .write()
                         .take()
@@ -719,8 +719,7 @@ impl VCpu {
                     })?;
                 }
                 virtdev::DeviceEventResponse::GuestUartTransmitted(val) => {
-                    if self.vm.config.physical_devices().serial.read().is_some()
-                    {
+                    if self.vm.host_devices.serial.read().is_some() {
                         //TODO: This should be a write to the physical serial device
                         let buff = &[val];
                         let s = alloc::string::String::from_utf8_lossy(buff);