(ocaml-pkvm-proxy) port kvmtest to OCaml

Author: pqwy

.gitignore

@@ -0,0 +1,3 @@
+/_build
+/.cache
+/compile_commands.json

dune-project

@@ -0,0 +1,14 @@
+(lang dune 3.0)
+
+(generate_opam_files)
+
+(source (github rems-project/linux-tests))
+(maintainers "dk505@cl.cam.ac.uk")
+
+(package
+ (name pkvm-proxy)
+ (synopsis "Issue pKVM hypercalls using pkvm-proxy")
+ (description "Break VMs.")
+ (depends
+  (fmt (>= 0.9.0))
+  (logs (>= 0.7.0))))

pkvm-proxy.opam

@@ -0,0 +1,28 @@
+# This file is generated by dune, edit dune-project instead
+opam-version: "2.0"
+synopsis: "Issue pKVM hypercalls using pkvm-proxy"
+description: "Break VMs."
+maintainer: ["dk505@cl.cam.ac.uk"]
+homepage: "https://github.com/rems-project/linux-tests"
+bug-reports: "https://github.com/rems-project/linux-tests/issues"
+depends: [
+  "dune" {>= "3.0"}
+  "fmt" {>= "0.9.0"}
+  "logs" {>= "0.7.0"}
+  "odoc" {with-doc}
+]
+build: [
+  ["dune" "subst"] {dev}
+  [
+    "dune"
+    "build"
+    "-p"
+    name
+    "-j"
+    jobs
+    "@install"
+    "@runtest" {with-test}
+    "@doc" {with-doc}
+  ]
+]
+dev-repo: "git+https://github.com/rems-project/linux-tests.git"

src-bin/dune

@@ -0,0 +1,5 @@
+(executable
+  (name kvmtest)
+  (libraries pkvm_proxy logs.fmt fmt.tty))
+
+(env (release (link_flags (-ccopt -static))))

src-bin/kvmtest.ml

@@ -0,0 +1,43 @@
+open Pkvm_proxy
+module Log = (val Logs.(Src.create "kvmtest" |> src_log))
+
+let _ =
+  Fmt_tty.setup_std_outputs ();
+  Logs.set_level ~all:true (Some Logs.Debug);
+  Logs.set_reporter (Logs_fmt.reporter ())
+
+let _ =
+  sched_setaffinity [|0|]; (* vcpu_load .. vcpu_put *)
+
+  let vm, handle = init_vm ~protected:true () in
+  let vcpu = init_vcpu handle 0 in
+  vcpu.@[vcpu_regs] <- { regs = [| 0x37L; 0x1300L; 0xdeadL |]; pc = 0x1000L; sp = 0L; pstate = 0L };
+  vcpu_set_dirty vcpu;
+
+  topup_hyp_memcache vcpu.@[vcpu_memcache] 10;
+
+  vcpu_load handle 0;
+
+  let gcode = kernel_region_alloc page_size in
+  region_memory gcode |> Bigstring.blit_from_string "\x20\x00\x00\x8b\x40\x00\x00\xf9\x00\x00\x20\xd4";
+  kernel_region_release gcode;
+  map_region_guest vcpu gcode vcpu.@[vcpu_regs].pc;
+
+  let exit_code = vcpu_run vcpu in
+  Log.app (fun k -> k "@[<2>Ran VCPU 0,@ exit %a,@ fault %a@]"
+      pp_arm_exception exit_code pp_fault_info vcpu.@[vcpu_fault]);
+  vcpu_sync_state ();
+  Log.app (fun k -> k "%a" pp_regs vcpu.@[vcpu_regs]);
+
+  vcpu_put ();
+  teardown_vm handle vm;
+
+  kernel_region_unshare_hyp vcpu;
+  kernel_region_free vcpu;
+
+  kernel_region_reclaim gcode;
+  kernel_region_free gcode;
+
+  Gc.full_major(); (* see if it crashes *)
+
+  ()

src/dune

@@ -0,0 +1,10 @@
+(library
+  (name pkvm_proxy)
+  (public_name pkvm-proxy)
+  (synopsis "pKVM userspace proxy")
+  (wrapped false)
+  (foreign_stubs
+    (language c)
+    (names pkvm-proxy)
+    (flags (:standard -Wall -Wextra -O3)))
+  (libraries unix bigarray fmt logs))

src/pkvm-proxy.c

@@ -0,0 +1,91 @@
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#include <strings.h>
+
+#define __USE_GNU   // glibc
+#define _GNU_SOURCE // musl
+#include <sched.h>
+
+#include <caml/memory.h>
+#include <caml/alloc.h>
+#include <caml/unixsupport.h>
+#include <caml/bigarray.h>
+
+#include "pkvm-proxy.h"
+
+CAMLprim value caml_sizes(void) {
+  CAMLparam0();
+  CAMLlocal1(res);
+  res = caml_alloc_tuple(4);
+  Store_field(res, 0, Val_long(sizeof(void *)));
+  Store_field(res, 1, Val_long(sizeof(int)));
+  Store_field(res, 2, Val_long(sizeof(__u64)));
+  Store_field(res, 3, Val_long(sizeof(struct hprox_memcache)));
+  CAMLreturn(res);
+}
+
+static inline int __ioc_wrap(int res) {
+  if (res < 0) uerror("ioctl", Nothing);
+  return Val_long(res);
+}
+
+CAMLprim value caml_pkvm_ioctl (value fd, value req) {
+  CAMLparam2(fd, req);
+  CAMLreturn(__ioc_wrap(ioctl(Long_val(fd), Long_val(req))));
+}
+
+CAMLprim value caml_pkvm_ioctl_long (value fd, value req, value arg) {
+  CAMLparam3(fd, req, arg);
+  CAMLreturn(__ioc_wrap(ioctl(Long_val(fd), Long_val(req), Long_val(arg))));
+}
+
+CAMLprim value caml_pkvm_ioctl_ptr (value fd, value req, value arg) {
+  CAMLparam3(fd, req, arg);
+  CAMLreturn(__ioc_wrap(ioctl(Long_val(fd), Long_val(req), Caml_ba_data_val(arg))));
+}
+
+/* Assumes _IOC_{NONE,WRITE,READ} haven't been redefined by arch, since we use
+ * constructor indices.
+ */
+CAMLprim value caml__IOC(value dir, value type, value nr, value size) {
+  CAMLparam4(dir, type, nr, size);
+  CAMLreturn(Val_long(_IOC(Long_val(dir), Long_val(type), Long_val(nr), Long_val(size))));
+}
+
+extern value caml_unix_mapped_alloc(int, int, void *, intnat *);
+
+/* XXX Works around hyp-proxy not implementing stat.
+ * It's super unsafe because the fd size is provided as an argument and cannot
+ * be checked.
+ */
+CAMLprim value caml_super_unsafe_ba_mmap(value fd, value size) {
+  CAMLparam2(fd, size);
+  intnat sz = Long_val(size);
+  void *addr = mmap(NULL, sz, PROT_READ|PROT_WRITE, MAP_SHARED, Long_val(fd), 0);
+  if (addr == (void *) MAP_FAILED) uerror("bad_map_file", Nothing);
+  CAMLreturn(caml_unix_mapped_alloc(CAML_BA_UINT8|CAML_BA_C_LAYOUT, 1, addr, &sz));
+}
+
+CAMLprim value caml_ba_munmap(value arr) {
+  CAMLparam1(arr);
+  if (munmap(Caml_ba_data_val(arr), caml_ba_byte_size(Caml_ba_array_val(arr))) != 0)
+    uerror("munmap", Nothing);
+  CAMLreturn(Val_unit);
+}
+
+CAMLprim value caml_ba_bzero(value arr) {
+  CAMLparam1(arr);
+  bzero(Caml_ba_data_val(arr), caml_ba_byte_size(Caml_ba_array_val(arr)));
+  CAMLreturn(Val_unit);
+}
+
+CAMLprim value caml_sched_setaffinity(value thread, value cpus) {
+  CAMLparam2(thread, cpus);
+  cpu_set_t cpu_set;
+  CPU_ZERO(&cpu_set);
+  for (unsigned int i = 0; i < Wosize_val(cpus); ++i)
+    CPU_SET(Long_val(Field(cpus, i)), &cpu_set);
+  if (sched_setaffinity(Long_val(thread), sizeof(cpu_set_t), &cpu_set) < 0)
+    uerror("sched_setaffinity", Nothing);
+  CAMLreturn(Val_unit);
+}

src/pkvm-proxy.h

@@ -0,0 +1,131 @@
+#include <sys/types.h>
+#include <linux/types.h>
+#include <linux/kvm.h>
+#include <sys/sysinfo.h>
+
+
+/* XXX
+ * This comes from linux/kvm.h, but only for aarch64. Mirrored here simply
+ * to make it compile for x86_64.
+ */
+#ifdef __x86_64__
+struct user_pt_regs {
+        __u64           regs[31];
+        __u64           sp;
+        __u64           pc;
+        __u64           pstate;
+};
+#endif
+
+#define __KVM_HOST_SMCCC_FUNC___kvm_hyp_init			0
+
+enum __kvm_host_smccc_func {
+	/* Hypercalls available only prior to pKVM finalisation */
+	/* __KVM_HOST_SMCCC_FUNC___kvm_hyp_init */
+	__KVM_HOST_SMCCC_FUNC___kvm_get_mdcr_el2 =
+		__KVM_HOST_SMCCC_FUNC___kvm_hyp_init + 1,
+	__KVM_HOST_SMCCC_FUNC___pkvm_init,
+	__KVM_HOST_SMCCC_FUNC___pkvm_create_private_mapping,
+	__KVM_HOST_SMCCC_FUNC___pkvm_cpu_set_vector,
+	__KVM_HOST_SMCCC_FUNC___kvm_enable_ssbs,
+	__KVM_HOST_SMCCC_FUNC___vgic_v3_init_lrs,
+	__KVM_HOST_SMCCC_FUNC___vgic_v3_get_gic_config,
+	__KVM_HOST_SMCCC_FUNC___kvm_flush_vm_context,
+	__KVM_HOST_SMCCC_FUNC___kvm_tlb_flush_vmid_ipa,
+	__KVM_HOST_SMCCC_FUNC___kvm_tlb_flush_vmid, /* 10 */
+	__KVM_HOST_SMCCC_FUNC___kvm_flush_cpu_context,
+	__KVM_HOST_SMCCC_FUNC___pkvm_prot_finalize,
+
+	/* Hypercalls available after pKVM finalisation */
+	__KVM_HOST_SMCCC_FUNC___pkvm_host_share_hyp,
+	__KVM_HOST_SMCCC_FUNC___pkvm_host_unshare_hyp,
+	__KVM_HOST_SMCCC_FUNC___pkvm_host_reclaim_page,
+	__KVM_HOST_SMCCC_FUNC___pkvm_host_map_guest,
+	__KVM_HOST_SMCCC_FUNC___kvm_adjust_pc,
+	__KVM_HOST_SMCCC_FUNC___kvm_vcpu_run,
+	__KVM_HOST_SMCCC_FUNC___kvm_timer_set_cntvoff,
+	__KVM_HOST_SMCCC_FUNC___vgic_v3_save_vmcr_aprs, /* 20 */
+	__KVM_HOST_SMCCC_FUNC___vgic_v3_restore_vmcr_aprs,
+	__KVM_HOST_SMCCC_FUNC___pkvm_init_vm,
+	__KVM_HOST_SMCCC_FUNC___pkvm_init_vcpu,
+	__KVM_HOST_SMCCC_FUNC___pkvm_teardown_vm,
+	__KVM_HOST_SMCCC_FUNC___pkvm_vcpu_load,
+	__KVM_HOST_SMCCC_FUNC___pkvm_vcpu_put,
+	__KVM_HOST_SMCCC_FUNC___pkvm_vcpu_sync_state,
+};
+
+#define HPROX_HVC_TYPE 'h'
+#define HPROX_STRUCTS_TYPE 's'
+#define HPROX_ALLOC_TYPE 'a'
+#define HPROX_MEMCACHE_TYPE 'm'
+
+
+// Perform the HVC numbered hvcnum, with this number of arguments.
+// The ioctl parameter is an array containing the arguments
+#define HVC_PROXY_IOCTL(hvcnum, numarg) \
+	_IOC(_IOC_WRITE, HPROX_HVC_TYPE, hvcnum, 8 * numarg)
+
+// All those ioctl return a size or an offset as return value.
+#define HPROX_STRUCT_KVM_GET_SIZE _IO(HPROX_STRUCTS_TYPE, 0)
+// The argument must be a: enum struct_kvm_fields
+#define HPROX_STRUCT_KVM_GET_OFFSET _IO(HPROX_STRUCTS_TYPE, 1)
+#define HPROX_HYP_VM_GET_SIZE _IO(HPROX_STRUCTS_TYPE, 2)
+#define HPROX_PGD_GET_SIZE _IO(HPROX_STRUCTS_TYPE, 3)
+#define HPROX_STRUCT_KVM_VCPU_GET_SIZE _IO(HPROX_STRUCTS_TYPE, 4)
+// The argument must be a: enum struct_kvm_vcpu_fields
+#define HPROX_STRUCT_KVM_VCPU_GET_OFFSET _IO(HPROX_STRUCTS_TYPE, 5)
+#define HPROX_HYP_VCPU_GET_SIZE _IO(HPROX_STRUCTS_TYPE, 6)
+
+enum struct_kvm_fields {
+	HPROX_NR_MEM_SLOT_PAGES, /* unsigned long */
+	HPROX_VCPU_ARRAY, /* xarray */
+	HPROX_MAX_VCPUS, /* int */
+	HPROX_CREATED_VCPUS, /* int */
+	HPROX_ARCH_PKVM_ENABLED, /* bool */
+	HPROX_ARCH_PKVM_TEARDOWN_MC, /* struct hprox_memcache */
+};
+
+enum struct_kvm_vcpu_fields {
+	HPROX_VCPU_ID, /* int */
+	HPROX_VCPU_IDX, /* int */
+	HPROX_VCPU_CFLAGS, /* 8 bits bitfield */
+	HPROX_VCPU_IFLAGS, /* 8 bits bitfield */
+	HPROX_VCPU_FEATURES, /* KVM_VCPU_MAX_FEATURES bits bitfield */
+	HPROX_VCPU_HCR_EL2, /* u64 */
+	HPROX_VCPU_FAULT, /* struct hprox_vcpu_fault_info */
+	HPROX_VCPU_REGS, /* struct user_pt_regs */
+	HPROX_VCPU_FP_REGS, /* struct user_fpsimd_state */
+	HPROX_VCPU_MEMCACHE, /* struct hprox_memcache */
+	// TODO add SVE state, for now SVE-less guests only
+};
+
+struct hprox_vcpu_fault_info {
+	__u64 esr_el2; /* Hyp Syndrom Register */
+	__u64 far_el2; /* Hyp Fault Address Register */
+	__u64 hpfar_el2; /* Hyp IPA Fault Address Register */
+	__u64 disr_el1; /* Deferred [SError] Status Register */
+};
+
+// Need to match up kvm_hyp_memcache
+struct hprox_memcache {
+        __u64 head; // kernel address, might not be accessible, if not
+			    // donated from a hprox_alloc region.
+	unsigned long nr_pages;
+};
+enum hprox_alloc_type { HPROX_VMALLOC, HPROX_PAGES_EXACT };
+
+// the ioctl parameter is the size of the allocation
+#define HPROX_ALLOC(alloc) _IO(HPROX_ALLOC_TYPE, alloc)
+#define HPROX_ALLOC_PAGES HPROX_ALLOC(HPROX_PAGES_EXACT)
+
+// ioctl on the mmapable fd from the HPROX_ALLOC ioctl
+#define HPROX_ALLOC_KADDR _IOR('A',0, __u64)
+#define HPROX_ALLOC_PHYS _IOR('A', 1, __u64)
+#define HPROX_ALLOC_RELEASE _IO('A', 2)
+#define HPROX_ALLOC_FREE _IO('A', 3)
+
+// memcache ioctl, free is encoded as topup 0
+#define HPROX_MEMCACHE_FREE \
+	_IOWR(HPROX_MEMCACHE_TYPE, 0, struct hprox_memcache)
+#define HPROX_MEMCACHE_TOPUP(n) \
+	_IOWR(HPROX_MEMCACHE_TYPE, (n), struct hprox_memcache)