Refactor api.rs, using VmState on Vm

hfo2/src/arch/aarch64.rs

@@ -19,6 +19,7 @@
 
 use core::mem;
 
+use crate::cpu::*;
 use crate::types::*;
 
 const FLOAT_REG_BYTES: usize = 16;
@@ -84,6 +85,26 @@ pub struct ArchRegs {
     peripherals: ArchPeriRegs,
 }
 
+// from src/arch/aarch64/hypervisor/offset.h
+// Note: always keep this constants same as ones in offset.h
+const CPU_ID: usize = 0;
+const CPU_STACK_BOTTOM: usize = 8;
+const VCPU_REGS: usize = 32;
+const REGS_LAZY: usize = 264;
+const REGS_FREGS: usize = REGS_LAZY + 232;
+//#[cfg(any(feature = "GIC_VERSION=3", feature = "GIC_VERSION=4"))]
+const REGS_GIC: usize = REGS_FREGS + 528;
+
+/// Checks above constants are correct.
+pub fn arch_cpu_module_init() {
+    assert_eq!(offset_of!(Cpu, id), CPU_ID);
+    assert_eq!(offset_of!(Cpu, stack_bottom), CPU_STACK_BOTTOM);
+    assert_eq!(offset_of!(VCpu, regs), VCPU_REGS);
+    assert_eq!(offset_of!(ArchRegs, lazy), REGS_LAZY);
+    assert_eq!(offset_of!(ArchRegs, fp), REGS_FREGS);
+    assert_eq!(offset_of!(ArchRegs, gic_ich_hcr_el2), REGS_GIC);
+}
+
 #[repr(C)]
 pub struct ArchSysRegs {
     vmpidr_el2: uintreg_t,

hfo2/src/arch/fake.rs

@@ -47,3 +47,7 @@ pub struct ArchRegs {
     vcpu_id: cpu_id_t,
     virtual_interrupt: bool,
 }
+
+pub fn arch_cpu_module_init() {
+    // Do nothing.
+}

hfo2/src/cpu.rs

@@ -138,7 +138,8 @@ pub struct Cpu {
     pub id: cpu_id_t,
 
     /// Pointer to bottom of the stack.
-    stack_bottom: *mut c_void,
+    /// `pub` here is only required by `arch_cpu_module_init`.
+    pub stack_bottom: *mut c_void,
 
     /// Enabling/disabling irqs are counted per-cpu. They are enabled when the count is zero, and
     /// disabled when it's non-zero.
@@ -184,6 +185,8 @@ pub unsafe extern "C" fn cpu_module_init(cpu_ids: *mut cpu_id_t, count: usize) {
     let boot_cpu_id: cpu_id_t = cpus.get_ref()[0].id;
     let mut found_boot_cpu: bool = false;
 
+    arch_cpu_module_init();
+
     cpu_count = count as u32;
 
     // Initialize CPUs with the IDs from the configuration passed in. The
@@ -321,6 +324,36 @@ pub unsafe extern "C" fn vcpu_index(vcpu: *const VCpu) -> spci_vcpu_index_t {
     index as u16
 }
 
+#[no_mangle]
+pub unsafe extern "C" fn vcpu_get_regs(vcpu: *mut VCpu) -> *mut ArchRegs {
+    &mut (*vcpu).regs
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn vcpu_get_regs_const(vcpu: *const VCpu) -> *const ArchRegs {
+    &(*vcpu).regs
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn vcpu_get_vm(vcpu: *mut VCpu) -> *mut Vm {
+    (*vcpu).vm
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn vcpu_get_cpu(vcpu: *mut VCpu) -> *mut Cpu {
+    (*vcpu).cpu
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn vcpu_set_cpu(vcpu: *mut VCpu, cpu: *mut Cpu) {
+    (*vcpu).cpu = cpu;
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn vcpu_get_interrupts(vcpu: *mut VCpu) -> *mut Interrupts {
+    &mut (*vcpu).interrupts
+}
+
 /// Check whether the given vcpu_state is an off state, for the purpose of
 /// turning vCPUs on and off. Note that aborted still counts as on in this
 /// context.
@@ -368,7 +401,7 @@ pub unsafe extern "C" fn vcpu_secondary_reset_and_start(
             false,
             (*vm).id,
             vcpu_index(vcpu) as cpu_id_t,
-            (*vm).ptable.root,
+            (*vm).get_ptable_raw(),
         );
         vcpu_on(vcpu_execution_locked, entry, arg);
     }
@@ -385,14 +418,11 @@ pub unsafe extern "C" fn vcpu_secondary_reset_and_start(
 #[no_mangle]
 pub unsafe extern "C" fn vcpu_handle_page_fault(
     current: *const VCpu,
-    f: *mut VCpuFaultInfo,
+    f: *const VCpuFaultInfo,
 ) -> bool {
     let vm = (*current).vm;
-    let mut mode = mem::uninitialized(); // to avoid use-of-uninitialized error
     let mask = (*f).mode | Mode::INVALID;
-    let resume;
-
-    sl_lock(&(*vm).lock);
+    let vm_inner = (*vm).inner.lock();
 
     // Check if this is a legitimate fault, i.e., if the page table doesn't
     // allow the access attemped by the VM.
@@ -402,14 +432,11 @@ pub unsafe extern "C" fn vcpu_handle_page_fault(
     // invalidations while holding the VM lock, so we don't need to do
     // anything else to recover from it. (Acquiring/releasing the lock
     // ensured that the invalidations have completed.)
-    resume = mm_vm_get_mode(
-        &mut (*vm).ptable,
-        (*f).ipaddr,
-        ipa_add((*f).ipaddr, 1),
-        &mut mode,
-    ) && (mode & mask) == (*f).mode;
-
-    sl_unlock(&(*vm).lock);
+    let resume = vm_inner
+        .ptable
+        .get_mode((*f).ipaddr, ipa_add((*f).ipaddr, 1))
+        .map(|mode| mode & mask == (*f).mode)
+        .unwrap_or(false);
 
     if !resume {
         dlog!(

hfo2/src/dlog.rs

@@ -17,7 +17,7 @@
 use core::fmt;
 
 use crate::spinlock::*;
-use crate::vm::*;
+use crate::types::*;
 
 extern "C" {
     fn plat_console_putchar(c: u8);
@@ -54,22 +54,3 @@ pub fn _print(args: fmt::Arguments) {
     use core::fmt::Write;
     WRITER.lock().write_fmt(args).unwrap();
 }
-
-/// Send the contents of the given VM's log buffer to the log, preceded by the
-/// VM ID and followed by a newline.
-pub unsafe extern "C" fn dlog_flush_vm_buffer(vm: VmLocked) {
-    use core::fmt::Write;
-    let mut writer = WRITER.lock();
-
-    writer.write_str("VM ");
-    writer.write_fmt(format_args!("{}", (*vm.vm).id));
-    writer.write_str(": ");
-
-    for i in 0..(*vm.vm).log_buffer_length {
-        plat_console_putchar((*vm.vm).log_buffer[i]);
-        (*vm.vm).log_buffer[i] = '\0' as u32 as u8;
-    }
-
-    (*vm.vm).log_buffer_length = 0;
-    plat_console_putchar('\n' as u32 as u8);
-}

hfo2/src/lib.rs

@@ -21,6 +21,7 @@
 #![feature(maybe_uninit_ref)]
 #![feature(ptr_offset_from)]
 #![feature(const_raw_ptr_to_usize_cast)]
+#![feature(bind_by_move_pattern_guards)]
 
 #[macro_use]
 extern crate bitflags;

hfo2/src/mm.rs

@@ -141,6 +141,13 @@ bitflags! {
     }
 }
 
+impl Mode {
+    /// Check that the mode indicates memory that is vaid, owned and exclusive.
+    pub fn valid_owned_and_exclusive(&self) -> bool {
+        (*self & (Mode::INVALID | Mode::UNOWNED | Mode::SHARED)).is_empty()
+    }
+}
+
 bitflags! {
     /// Flags for memory management operations.
     struct Flags: u32 {
@@ -160,7 +167,7 @@ type ptable_addr_t = uintvaddr_t;
 const_assert_eq!(addr_size_eq; mem::size_of::<ptable_addr_t>(), mem::size_of::<uintpaddr_t>());
 
 /// The hypervisor page table.
-static HYPERVISOR_PAGE_TABLE: SpinLock<PageTable<Stage1>> =
+pub static HYPERVISOR_PAGE_TABLE: SpinLock<PageTable<Stage1>> =
     SpinLock::new(unsafe { PageTable::null() });
 
 /// Is stage2 invalidation enabled?
@@ -801,8 +808,13 @@ impl<S: Stage> PageTable<S> {
         mem::forget(self);
     }
 
-    fn get_raw(&self) -> *const RawPage {
-        pa_addr(self.root) as *const RawPage
+    /// Returns the address of the root of this page table. The return type is
+    /// paddr_t, physically addressed raw pointer. That means calling this
+    /// method is safe but accessing the memory of returned address is unsafe.
+    /// TODO: Better return type is PAddr<RawPage> (meaning of *mut RawPage
+    /// which is address physically.)
+    pub fn as_raw(&self) -> paddr_t {
+        self.root
     }
 
     fn deref(&self) -> &[RawPageTable] {

hfo2/src/spinlock.rs

@@ -97,6 +97,23 @@ impl<T> SpinLock<T> {
     pub unsafe fn get_mut_unchecked(&self) -> &mut T {
         &mut *self.data.get()
     }
+
+    pub fn lock_both<'s>(
+        lhs: &'s Self,
+        rhs: &'s Self,
+    ) -> (SpinLockGuard<'s, T>, SpinLockGuard<'s, T>) {
+        RawSpinLock::lock_both(&lhs.lock, &rhs.lock);
+        (
+            SpinLockGuard {
+                lock: lhs,
+                _marker: PhantomData,
+            },
+            SpinLockGuard {
+                lock: rhs,
+                _marker: PhantomData,
+            },
+        )
+    }
 }
 
 pub struct SpinLockGuard<'s, T> {