Revert "save - move probe logic to common emu crate"

This reverts commit 7e808dd.

Author: chris-oo

openhcl/virt_mshv_vtl/src/processor/mod.rs

@@ -74,7 +74,6 @@ use virt::StopVp;
 use virt::VpHaltReason;
 use virt::VpIndex;
 use virt::io::CpuIo;
-use virt_support_x86emu::emulate::EmulationPolicy;
 use vm_topology::processor::TargetVpInfo;
 use vmcore::vmtime::VmTimeAccess;
 
@@ -1107,7 +1106,6 @@ impl<'a, T: Backing> UhProcessor<'a, T> {
         interruption_pending: bool,
         vtl: GuestVtl,
         cache: T::EmulationCache,
-        policy: EmulationPolicy<'_>,
     ) -> Result<(), VpHaltReason<UhRunVpError>>
     where
         for<'b> UhEmulationState<'b, 'a, D, T>:
@@ -1121,8 +1119,7 @@ impl<'a, T: Backing> UhProcessor<'a, T> {
             vtl,
             cache,
         };
-        virt_support_x86emu::emulate::emulate(&mut emulation_state, guest_memory, devices, policy)
-            .await
+        virt_support_x86emu::emulate::emulate(&mut emulation_state, guest_memory, devices).await
     }
 
     /// Emulates an instruction due to a memory access exit.

openhcl/virt_mshv_vtl/src/processor/mshv/x64.rs

@@ -64,7 +64,6 @@ use virt::x86::MsrError;
 use virt_support_x86emu::emulate::EmuCheckVtlAccessError;
 use virt_support_x86emu::emulate::EmuTranslateError;
 use virt_support_x86emu::emulate::EmuTranslateResult;
-use virt_support_x86emu::emulate::EmulationPolicy;
 use virt_support_x86emu::emulate::EmulatorSupport;
 use x86defs::RFlags;
 use x86defs::SegmentRegister;
@@ -670,13 +669,7 @@ impl<'a, 'b> InterceptHandler<'a, 'b> {
 
         let cache = self.vp.emulation_cache(self.intercepted_vtl);
         self.vp
-            .emulate(
-                dev,
-                interruption_pending,
-                self.intercepted_vtl,
-                cache,
-                EmulationPolicy::EmulateAll,
-            )
+            .emulate(dev, interruption_pending, self.intercepted_vtl, cache)
             .await?;
         Ok(())
     }
@@ -700,13 +693,7 @@ impl<'a, 'b> InterceptHandler<'a, 'b> {
         if message.access_info.string_op() || message.access_info.rep_prefix() {
             let cache = self.vp.emulation_cache(self.intercepted_vtl);
             self.vp
-                .emulate(
-                    dev,
-                    interruption_pending,
-                    self.intercepted_vtl,
-                    cache,
-                    EmulationPolicy::EmulateAll,
-                )
+                .emulate(dev, interruption_pending, self.intercepted_vtl, cache)
                 .await
         } else {
             let next_rip = next_rip(&message.header);
@@ -1176,10 +1163,6 @@ impl<T: CpuIo> EmulatorSupport for UhEmulationState<'_, '_, T, HypervisorBackedX
         }
     }
 
-    fn vtom(&self) -> Option<u64> {
-        None
-    }
-
     fn initial_gva_translation(&self) -> Option<virt_support_x86emu::emulate::InitialTranslation> {
         if (self.vp.runner.exit_message().header.typ != HvMessageType::HvMessageTypeGpaIntercept)
             && (self.vp.runner.exit_message().header.typ != HvMessageType::HvMessageTypeUnmappedGpa)

openhcl/virt_mshv_vtl/src/processor/snp/mod.rs

@@ -26,7 +26,6 @@ use crate::WakeReason;
 use crate::devmsr;
 use crate::processor::UhHypercallHandler;
 use crate::processor::UhProcessor;
-use guestmem::GuestMemory;
 use hcl::vmsa::VmsaWrapper;
 use hv1_emulator::hv::ProcessorVtlHv;
 use hv1_emulator::synic::ProcessorSynic;
@@ -61,9 +60,7 @@ use virt::x86::MsrErrorExt;
 use virt::x86::SegmentRegister;
 use virt::x86::TableRegister;
 use virt_support_apic::ApicClient;
-use virt_support_x86emu::emulate::EmulationPolicy;
 use virt_support_x86emu::emulate::EmulatorSupport as X86EmulatorSupport;
-use virt_support_x86emu::emulate::ProbeResult;
 use virt_support_x86emu::emulate::emulate_io;
 use virt_support_x86emu::emulate::emulate_translate_gva;
 use virt_support_x86emu::translate::TranslationRegisters;
@@ -1317,14 +1314,8 @@ impl UhProcessor<'_, SnpBacked> {
                         // to also check for io port installation, mainly for
                         // handling rep instructions.
 
-                        self.emulate(
-                            dev,
-                            interruption_pending,
-                            entered_from_vtl,
-                            (),
-                            EmulationPolicy::EmulateAll,
-                        )
-                        .await?;
+                        self.emulate(dev, interruption_pending, entered_from_vtl, ())
+                            .await?;
                     } else {
                         let mut rax = vmsa.rax();
                         emulate_io(
@@ -1420,14 +1411,8 @@ impl UhProcessor<'_, SnpBacked> {
 
                 if emulate {
                     has_intercept = false;
-                    self.emulate(
-                        dev,
-                        interruption_pending,
-                        entered_from_vtl,
-                        (),
-                        EmulationPolicy::ProbeGpa(&self.partition.lower_vtl_memory_layout),
-                    )
-                    .await?;
+                    self.emulate(dev, interruption_pending, entered_from_vtl, ())
+                        .await?;
                     &mut self.backing.exit_stats[entered_from_vtl].npf
                 } else {
                     &mut self.backing.exit_stats[entered_from_vtl].npf_spurious
@@ -1755,19 +1740,6 @@ impl<T: CpuIo> X86EmulatorSupport for UhEmulationState<'_, '_, T, SnpBacked> {
         Some(self.vp.runner.vmsa(self.vtl).exit_info2())
     }
 
-    fn vtom(&self) -> Option<u64> {
-        self.vp.partition.caps.vtom
-    }
-
-    fn probe_ram(&self, _gpa: u64, _gm: &GuestMemory) -> ProbeResult {
-        // TODO SNP: Implement these probe checks similar to TDX.
-        ProbeResult::Emulate
-    }
-
-    fn probe_none(&self, _gpa: u64) -> ProbeResult {
-        ProbeResult::InjectMachineCheck
-    }
-
     fn initial_gva_translation(&self) -> Option<virt_support_x86emu::emulate::InitialTranslation> {
         None
     }

openhcl/virt_mshv_vtl/src/processor/tdx/mod.rs

@@ -23,7 +23,6 @@ use crate::UhPartitionInner;
 use crate::UhPartitionNewParams;
 use crate::UhProcessor;
 use crate::WakeReason;
-use guestmem::GuestMemory;
 use hcl::ioctl::ProcessorRunner;
 use hcl::ioctl::tdx::Tdx;
 use hcl::ioctl::tdx::TdxPrivateRegs;
@@ -69,14 +68,13 @@ use virt::x86::TableRegister;
 use virt_support_apic::ApicClient;
 use virt_support_apic::OffloadNotSupported;
 use virt_support_x86emu::emulate::EmulatedMemoryOperation;
-use virt_support_x86emu::emulate::EmulationPolicy;
 use virt_support_x86emu::emulate::EmulatorSupport as X86EmulatorSupport;
-use virt_support_x86emu::emulate::ProbeResult;
 use virt_support_x86emu::emulate::TranslateMode;
 use virt_support_x86emu::emulate::emulate_insn_memory_op;
 use virt_support_x86emu::emulate::emulate_io;
 use virt_support_x86emu::emulate::emulate_translate_gva;
 use virt_support_x86emu::translate::TranslationRegisters;
+use vm_topology::memory::AddressType;
 use vmcore::vmtime::VmTimeAccess;
 use x86defs::RFlags;
 use x86defs::X64_CR0_ET;
@@ -1770,7 +1768,6 @@ impl UhProcessor<'_, TdxBacked> {
                                 .valid(),
                             intercepted_vtl,
                             TdxEmulationCache::default(),
-                            EmulationPolicy::EmulateAll,
                         )
                         .await?;
                     } else {
@@ -2001,6 +1998,7 @@ impl UhProcessor<'_, TdxBacked> {
                 &mut self.backing.vtls[intercepted_vtl].exit_stats.wbinvd
             }
             VmxExitBasic::EPT_VIOLATION => {
+                let gpa = exit_info.gpa();
                 let ept_info = VmxEptExitQualification::from(exit_info.qualification());
                 // If this was an EPT violation while handling an iret, and
                 // that iret cleared the NMI blocking state, restore it.
@@ -2018,16 +2016,7 @@ impl UhProcessor<'_, TdxBacked> {
                         .into();
                     assert!(!old_interruptibility.blocked_by_nmi());
                 } else {
-                    self.emulate(
-                        dev,
-                        self.backing.vtls[intercepted_vtl]
-                            .interruption_information
-                            .valid(),
-                        intercepted_vtl,
-                        TdxEmulationCache::default(),
-                        EmulationPolicy::ProbeGpa(&self.partition.lower_vtl_memory_layout),
-                    )
-                    .await?;
+                    self.handle_ept(intercepted_vtl, dev, gpa, ept_info).await?;
                 }
 
                 &mut self.backing.vtls[intercepted_vtl].exit_stats.ept_violation
@@ -2372,6 +2361,94 @@ impl UhProcessor<'_, TdxBacked> {
         self.backing.vtls[vtl].exception_error_code = 0;
     }
 
+    fn inject_mc(&mut self, vtl: GuestVtl) {
+        self.backing.vtls[vtl].interruption_information = InterruptionInformation::new()
+            .with_valid(true)
+            .with_vector(x86defs::Exception::MACHINE_CHECK.0)
+            .with_interruption_type(INTERRUPT_TYPE_HARDWARE_EXCEPTION);
+    }
+
+    async fn handle_ept(
+        &mut self,
+        intercepted_vtl: GuestVtl,
+        dev: &impl CpuIo,
+        gpa: u64,
+        ept_info: VmxEptExitQualification,
+    ) -> Result<(), VpHaltReason<UhRunVpError>> {
+        // vtom may be 0 if we are hiding isolation
+        let vtom = self.partition.caps.vtom.unwrap_or(0);
+        let is_shared = (gpa & vtom) == vtom && vtom != 0;
+        let canonical_gpa = gpa & !vtom;
+
+        // Only emulate the access if the gpa is expected to be accessible. This
+        // means, the gpa was described to VTL0 in some form as memory or mmio,
+        // and the hardware did not generate an exit for a private/shared
+        // violation.
+        let address_type = self
+            .partition
+            .lower_vtl_memory_layout
+            .probe_address(canonical_gpa);
+
+        match address_type {
+            Some(AddressType::Mmio) => {
+                // Emulate the access.
+                self.emulate(
+                    dev,
+                    self.backing.vtls[intercepted_vtl]
+                        .interruption_information
+                        .valid(),
+                    intercepted_vtl,
+                    TdxEmulationCache::default(),
+                )
+                .await?;
+            }
+            Some(AddressType::Ram) => {
+                // TODO TDX: This path changes when we support VTL page
+                // protections and MNF. That will require injecting events to
+                // VTL1 or other handling.
+                //
+                // For now, we just check if the exit was suprious or if we
+                // should inject a machine check. An exit is considered spurious
+                // if the gpa is accessible.
+                if self.partition.gm[intercepted_vtl].check_gpa_readable(gpa) {
+                    tracelimit::warn_ratelimited!(gpa, "possible spurious EPT violation, ignoring");
+                } else {
+                    // TODO: It would be better to show what exact bitmap check
+                    // failed, but that requires some refactoring of how the
+                    // different bitmaps are stored. Do this when we support VTL
+                    // protections or MNF.
+                    //
+                    // If we entered this path, it means the bitmap check on
+                    // `check_gpa_readable` failed so we can assume that if the
+                    // address is shared, the actual state of the page is
+                    // private, and vice versa. This is because the address
+                    // should have already been checked to be valid memory
+                    // described to the guest or not.
+                    tracelimit::warn_ratelimited!(
+                        gpa,
+                        is_shared,
+                        ?ept_info,
+                        "guest accessed inaccessible gpa, injecting MC"
+                    );
+                    self.inject_mc(intercepted_vtl);
+                }
+            }
+            None => {
+                // The guest should never attempt to access address that are not
+                // described in mmio or ram. Inject a machine check.
+                tracelimit::warn_ratelimited!(
+                    gpa,
+                    is_shared,
+                    ?ept_info,
+                    "guest accessed gpa not described in memory layout, injecting MC"
+                );
+                self.inject_mc(intercepted_vtl);
+            }
+        }
+
+        Ok(())
+    }
+
     fn handle_tdvmcall(&mut self, dev: &impl CpuIo, intercepted_vtl: GuestVtl) {
         let regs = self.runner.tdx_enter_guest_gps();
         if regs[TdxGp::R10] == 0 {
@@ -2778,63 +2855,6 @@ impl<T: CpuIo> X86EmulatorSupport for UhEmulationState<'_, '_, T, TdxBacked> {
         Some(TdxExit(self.vp.runner.tdx_vp_enter_exit_info()).gpa())
     }
 
-    fn vtom(&self) -> Option<u64> {
-        self.vp.partition.caps.vtom
-    }
-
-    fn probe_ram(&self, gpa: u64, gm: &GuestMemory) -> ProbeResult {
-        let vtom = self.vtom().unwrap_or(0);
-        let is_shared = (gpa & vtom) == vtom && vtom != 0;
-
-        // TODO TDX: This path changes when we support VTL page
-        // protections and MNF. That will require injecting events to
-        // VTL1 or other handling.
-        //
-        // For now, we just check if the exit was suprious or if we
-        // should inject a machine check. An exit is considered spurious
-        // if the gpa is accessible.
-        if gm.check_gpa_readable(gpa) {
-            tracelimit::warn_ratelimited!(
-                is_shared,
-                gpa,
-                "possible spurious EPT violation, ignoring"
-            );
-            ProbeResult::Ignore
-        } else {
-            // TODO: It would be better to show what exact bitmap check
-            // failed, but that requires some refactoring of how the
-            // different bitmaps are stored. Do this when we support VTL
-            // protections or MNF.
-            //
-            // If we entered this path, it means the bitmap check on
-            // `check_gpa_readable` failed so we can assume that if the
-            // address is shared, the actual state of the page is
-            // private, and vice versa. This is because the address
-            // should have already been checked to be valid memory
-            // described to the guest or not.
-            tracelimit::warn_ratelimited!(
-                gpa,
-                is_shared,
-                "guest accessed inaccessible gpa, injecting MC"
-            );
-            ProbeResult::InjectMachineCheck
-        }
-    }
-
-    fn probe_none(&self, gpa: u64) -> ProbeResult {
-        let vtom = self.vtom().unwrap_or(0);
-        let is_shared = (gpa & vtom) == vtom && vtom != 0;
-
-        // The guest should never attempt to access address that are not
-        // described in mmio or ram. Inject a machine check.
-        tracelimit::warn_ratelimited!(
-            gpa,
-            is_shared,
-            "guest accessed gpa not described in memory layout, injecting MC"
-        );
-        ProbeResult::InjectMachineCheck
-    }
-
     fn initial_gva_translation(&self) -> Option<virt_support_x86emu::emulate::InitialTranslation> {
         let exit_info = TdxExit(self.vp.runner.tdx_vp_enter_exit_info());
         let ept_info = VmxEptExitQualification::from(exit_info.qualification());

vmm_core/virt_mshv/src/lib.rs

@@ -69,7 +69,6 @@ use virt::irqcon::MsiRequest;
 use virt::x86::max_physical_address_size_from_cpuid;
 use virt_support_x86emu::emulate::EmuTranslateError;
 use virt_support_x86emu::emulate::EmuTranslateResult;
-use virt_support_x86emu::emulate::EmulationPolicy;
 use virt_support_x86emu::emulate::EmulatorSupport;
 use virt_support_x86emu::emulate::TranslateGvaSupport;
 use virt_support_x86emu::emulate::TranslateMode;
@@ -464,13 +463,7 @@ impl MshvProcessor<'_> {
             interruption_pending,
             cache,
         };
-        virt_support_x86emu::emulate::emulate(
-            &mut support,
-            &self.partition.gm,
-            devices,
-            EmulationPolicy::EmulateAll,
-        )
-        .await
+        virt_support_x86emu::emulate::emulate(&mut support, &self.partition.gm, devices).await
     }
 
     async fn handle_io_port_intercept(
@@ -942,10 +935,6 @@ impl EmulatorSupport for MshvEmulationState<'_> {
         }
     }
 
-    fn vtom(&self) -> Option<u64> {
-        None
-    }
-
     fn initial_gva_translation(&self) -> Option<virt_support_x86emu::emulate::InitialTranslation> {
         if (self.message.header.message_type != HvMessageType::HvMessageTypeGpaIntercept.0)
             && (self.message.header.message_type != HvMessageType::HvMessageTypeUnmappedGpa.0)