[common/{mem,outb},guest/*,host/{mem,func,sandbox,tests}] removed guest panic context mem region

We had a guest panic context region to store the panic msg. Now, instead of storing info in shared mem, we
use debug_print. To still have some exception info  when using OutBAction::Abort, we pass parse the
exception name, which is more readable than before and provides information that is useful as illustrated
in some of the integration tests.

Signed-off-by: danbugs <[email protected]>

Author: danbugs

src/hyperlight_common/src/mem.rs

@@ -74,12 +74,6 @@ pub struct GuestStackData {
     pub bootStackAddress: u64,
 }
 
-#[repr(C)]
-pub struct GuestPanicContextData {
-    pub guestPanicContextDataSize: u64,
-    pub guestPanicContextDataBuffer: *mut c_void,
-}
-
 #[repr(C)]
 pub struct HyperlightPEB {
     pub security_cookie_seed: u64,
@@ -90,7 +84,6 @@ pub struct HyperlightPEB {
     pub runMode: RunMode,
     pub inputdata: InputData,
     pub outputdata: OutputData,
-    pub guestPanicContextData: GuestPanicContextData,
     pub guestheapData: GuestHeapData,
     pub gueststackData: GuestStackData,
 }

src/hyperlight_common/src/outb.rs

@@ -1,3 +1,74 @@
+use core::convert::TryFrom;
+
+use anyhow::{anyhow, Error};
+
+/// Exception codes for the x86 architecture.
+/// These are helpful to identify the type of exception that occurred
+/// together with OutBAction::Abort.
+#[repr(u8)]
+#[derive(Debug, Clone, Copy)]
+pub enum Exception {
+    DivideByZero = 0,
+    Debug = 1,
+    NonMaskableInterrupt = 2,
+    Breakpoint = 3,
+    Overflow = 4,
+    BoundRangeExceeded = 5,
+    InvalidOpcode = 6,
+    DeviceNotAvailable = 7,
+    DoubleFault = 8,
+    CoprocessorSegmentOverrun = 9,
+    InvalidTSS = 10,
+    SegmentNotPresent = 11,
+    StackSegmentFault = 12,
+    GeneralProtectionFault = 13,
+    PageFault = 14,
+    Reserved = 15,
+    X87FloatingPointException = 16,
+    AlignmentCheck = 17,
+    MachineCheck = 18,
+    SIMDFloatingPointException = 19,
+    VirtualizationException = 20,
+    SecurityException = 30,
+    NoException = 0xFF,
+}
+
+impl TryFrom<u8> for Exception {
+    type Error = Error;
+
+    fn try_from(value: u8) -> Result<Self, Self::Error> {
+        use Exception::*;
+        let exception = match value {
+            0 => DivideByZero,
+            1 => Debug,
+            2 => NonMaskableInterrupt,
+            3 => Breakpoint,
+            4 => Overflow,
+            5 => BoundRangeExceeded,
+            6 => InvalidOpcode,
+            7 => DeviceNotAvailable,
+            8 => DoubleFault,
+            9 => CoprocessorSegmentOverrun,
+            10 => InvalidTSS,
+            11 => SegmentNotPresent,
+            12 => StackSegmentFault,
+            13 => GeneralProtectionFault,
+            14 => PageFault,
+            15 => Reserved,
+            16 => X87FloatingPointException,
+            17 => AlignmentCheck,
+            18 => MachineCheck,
+            19 => SIMDFloatingPointException,
+            20 => VirtualizationException,
+            30 => SecurityException,
+            0x7F => NoException,
+            _ => return Err(anyhow!("Unknown exception code: {:#x}", value)),
+        };
+
+        Ok(exception)
+    }
+}
+
 /// Supported actions when issuing an OUTB actions by Hyperlight.
 /// - Log: for logging,
 /// - CallFunction: makes a call to a host function,

src/hyperlight_guest/src/entrypoint.rs

@@ -16,7 +16,6 @@ limitations under the License.
 
 use core::arch::asm;
 use core::ffi::{c_char, c_void, CStr};
-use core::ptr::copy_nonoverlapping;
 
 use hyperlight_common::mem::{HyperlightPEB, RunMode};
 use hyperlight_common::outb::OutBAction;
@@ -26,7 +25,7 @@ use spin::Once;
 use crate::gdt::load_gdt;
 use crate::guest_function_call::dispatch_function;
 use crate::guest_logger::init_logger;
-use crate::host_function_call::outb;
+use crate::host_function_call::{debug_print, outb};
 use crate::idtr::load_idt;
 use crate::{
     __security_cookie, HEAP_ALLOCATOR, MIN_STACK_ADDRESS, OS_PAGE_SIZE, OUTB_PTR,
@@ -44,28 +43,26 @@ pub fn halt() {
 
 #[no_mangle]
 pub extern "C" fn abort() -> ! {
-    abort_with_code(0)
+    abort_with_code(&[0])
 }
 
-pub fn abort_with_code(code: i32) -> ! {
-    let byte = code as u8;
-    outb(OutBAction::Abort as u16, &[byte]);
+pub fn abort_with_code(code: &[u8]) -> ! {
+    outb(OutBAction::Abort as u16, code);
     unreachable!()
 }
 
 /// Aborts the program with a code and a message.
 ///
 /// # Safety
 /// This function is unsafe because it dereferences a raw pointer.
-pub unsafe fn abort_with_code_and_message(code: i32, message_ptr: *const c_char) -> ! {
-    let peb_ptr = P_PEB.unwrap();
-    copy_nonoverlapping(
-        message_ptr,
-        (*peb_ptr).guestPanicContextData.guestPanicContextDataBuffer as *mut c_char,
-        CStr::from_ptr(message_ptr).count_bytes() + 1, // +1 for null terminator
+pub unsafe fn abort_with_code_and_message(code: &[u8], message_ptr: *const c_char) -> ! {
+    debug_print(
+        CStr::from_ptr(message_ptr)
+            .to_str()
+            .expect("Invalid UTF-8 string"),
     );
-    let byte = code as u8;
-    outb(OutBAction::Abort as u16, &[byte]);
+
+    outb(OutBAction::Abort as u16, code);
     unreachable!()
 }
 

src/hyperlight_guest/src/host_function_call.rs

@@ -80,11 +80,15 @@ pub fn outb(port: u16, data: &[u8]) {
         match RUNNING_MODE {
             RunMode::Hypervisor => {
                 for chunk in data.chunks(4) {
+                    // Process the data in chunks of 4 bytes. If a chunk has fewer than 4 bytes,
+                    // pad it with 0x7F to ensure it can be converted into a 4-byte array.
+                    // The choice of 0x7F as the padding value is arbitrary and does not carry
+                    // any special meaning; it simply ensures consistent chunk size.
                     let val = match chunk {
                         [a, b, c, d] => u32::from_le_bytes([*a, *b, *c, *d]),
-                        [a, b, c] => u32::from_le_bytes([*a, *b, *c, 0]),
-                        [a, b] => u32::from_le_bytes([*a, *b, 0, 0]),
-                        [a] => u32::from_le_bytes([*a, 0, 0, 0]),
+                        [a, b, c] => u32::from_le_bytes([*a, *b, *c, 0x7F]),
+                        [a, b] => u32::from_le_bytes([*a, *b, 0x7F, 0x7F]),
+                        [a] => u32::from_le_bytes([*a, 0x7F, 0x7F, 0x7F]),
                         [] => break,
                         _ => unreachable!(),
                     };

src/hyperlight_guest/src/idt.rs

@@ -14,6 +14,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+use hyperlight_common::outb::Exception;
+
 use crate::interrupt_entry::{
     _do_excp0, _do_excp1, _do_excp10, _do_excp11, _do_excp12, _do_excp13, _do_excp14, _do_excp15,
     _do_excp16, _do_excp17, _do_excp18, _do_excp19, _do_excp2, _do_excp20, _do_excp3, _do_excp30,
@@ -70,28 +72,28 @@ impl IdtEntry {
 pub(crate) static mut IDT: [IdtEntry; 256] = unsafe { core::mem::zeroed() };
 
 pub(crate) fn init_idt() {
-    set_idt_entry(0, _do_excp0); // Divide by zero
-    set_idt_entry(1, _do_excp1); // Debug
-    set_idt_entry(2, _do_excp2); // Non-maskable interrupt
-    set_idt_entry(3, _do_excp3); // Breakpoint
-    set_idt_entry(4, _do_excp4); // Overflow
-    set_idt_entry(5, _do_excp5); // Bound Range Exceeded
-    set_idt_entry(6, _do_excp6); // Invalid Opcode
-    set_idt_entry(7, _do_excp7); // Device Not Available
-    set_idt_entry(8, _do_excp8); // Double Fault
-    set_idt_entry(9, _do_excp9); // Coprocessor Segment Overrun
-    set_idt_entry(10, _do_excp10); // Invalid TSS
-    set_idt_entry(11, _do_excp11); // Segment Not Present
-    set_idt_entry(12, _do_excp12); // Stack-Segment Fault
-    set_idt_entry(13, _do_excp13); // General Protection Fault
-    set_idt_entry(14, _do_excp14); // Page Fault
-    set_idt_entry(15, _do_excp15); // Reserved
-    set_idt_entry(16, _do_excp16); // x87 Floating-Point Exception
-    set_idt_entry(17, _do_excp17); // Alignment Check
-    set_idt_entry(18, _do_excp18); // Machine Check
-    set_idt_entry(19, _do_excp19); // SIMD Floating-Point Exception
-    set_idt_entry(20, _do_excp20); // Virtualization Exception
-    set_idt_entry(30, _do_excp30); // Security Exception
+    set_idt_entry(Exception::DivideByZero as usize, _do_excp0); // Divide by zero
+    set_idt_entry(Exception::Debug as usize, _do_excp1); // Debug
+    set_idt_entry(Exception::NonMaskableInterrupt as usize, _do_excp2); // Non-maskable interrupt
+    set_idt_entry(Exception::Breakpoint as usize, _do_excp3); // Breakpoint
+    set_idt_entry(Exception::Overflow as usize, _do_excp4); // Overflow
+    set_idt_entry(Exception::BoundRangeExceeded as usize, _do_excp5); // Bound Range Exceeded
+    set_idt_entry(Exception::InvalidOpcode as usize, _do_excp6); // Invalid Opcode
+    set_idt_entry(Exception::DeviceNotAvailable as usize, _do_excp7); // Device Not Available
+    set_idt_entry(Exception::DoubleFault as usize, _do_excp8); // Double Fault
+    set_idt_entry(Exception::CoprocessorSegmentOverrun as usize, _do_excp9); // Coprocessor Segment Overrun
+    set_idt_entry(Exception::InvalidTSS as usize, _do_excp10); // Invalid TSS
+    set_idt_entry(Exception::SegmentNotPresent as usize, _do_excp11); // Segment Not Present
+    set_idt_entry(Exception::StackSegmentFault as usize, _do_excp12); // Stack-Segment Fault
+    set_idt_entry(Exception::GeneralProtectionFault as usize, _do_excp13); // General Protection Fault
+    set_idt_entry(Exception::PageFault as usize, _do_excp14); // Page Fault
+    set_idt_entry(Exception::Reserved as usize, _do_excp15); // Reserved
+    set_idt_entry(Exception::X87FloatingPointException as usize, _do_excp16); // x87 Floating-Point Exception
+    set_idt_entry(Exception::AlignmentCheck as usize, _do_excp17); // Alignment Check
+    set_idt_entry(Exception::MachineCheck as usize, _do_excp18); // Machine Check
+    set_idt_entry(Exception::SIMDFloatingPointException as usize, _do_excp19); // SIMD Floating-Point Exception
+    set_idt_entry(Exception::VirtualizationException as usize, _do_excp20); // Virtualization Exception
+    set_idt_entry(Exception::SecurityException as usize, _do_excp30); // Security Exception
 }
 
 fn set_idt_entry(index: usize, handler: unsafe extern "sysv64" fn()) {

src/hyperlight_guest/src/interrupt_handlers.rs

@@ -14,17 +14,33 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+use alloc::format;
+use core::ffi::c_char;
+
+use hyperlight_common::flatbuffer_wrappers::guest_error::ErrorCode;
+use hyperlight_common::outb::Exception;
+
+use crate::entrypoint::abort_with_code_and_message;
+
 /// Exception handler
 #[no_mangle]
 pub extern "sysv64" fn hl_exception_handler(
     stack_pointer: u64,
     exception_number: u64,
     page_fault_address: u64,
 ) {
-    panic!(
-        "EXCEPTION: {:#x}\n\
+    let exception = Exception::try_from(exception_number as u8).expect("Invalid exception number");
+    let msg = format!(
+        "EXCEPTION: {:#?}\n\
             Page Fault Address: {:#x}\n\
             Stack Pointer: {:#x}",
-        exception_number, page_fault_address, stack_pointer
+        exception, page_fault_address, stack_pointer
     );
+
+    unsafe {
+        abort_with_code_and_message(
+            &[ErrorCode::GuestError as u8, exception as u8],
+            msg.as_ptr() as *const c_char,
+        );
+    }
 }

src/hyperlight_guest/src/lib.rs

@@ -18,10 +18,10 @@ limitations under the License.
 // Deps
 use alloc::string::ToString;
 use core::hint::unreachable_unchecked;
-use core::ptr::copy_nonoverlapping;
 
 use buddy_system_allocator::LockedHeap;
 use guest_function_register::GuestFunctionRegister;
+use host_function_call::debug_print;
 use hyperlight_common::flatbuffer_wrappers::guest_error::ErrorCode;
 use hyperlight_common::mem::{HyperlightPEB, RunMode};
 use hyperlight_common::outb::OutBAction;
@@ -73,14 +73,7 @@ pub(crate) static _fltused: i32 = 0;
 // to satisfy the clippy when cfg == test
 #[allow(dead_code)]
 fn panic(info: &core::panic::PanicInfo) -> ! {
-    unsafe {
-        let peb_ptr = P_PEB.unwrap();
-        copy_nonoverlapping(
-            info.to_string().as_ptr(),
-            (*peb_ptr).guestPanicContextData.guestPanicContextDataBuffer as *mut u8,
-            (*peb_ptr).guestPanicContextData.guestPanicContextDataSize as usize,
-        );
-    }
+    debug_print(info.to_string().as_str());
     outb(OutBAction::Abort as u16, &[ErrorCode::UnknownError as u8]);
     unsafe { unreachable_unchecked() }
 }

src/hyperlight_guest/src/memory.rs

@@ -67,7 +67,7 @@ unsafe fn alloc_helper(size: usize, zero: bool) -> *mut c_void {
             false => alloc::alloc::alloc(layout),
         };
         if raw_ptr.is_null() {
-            abort_with_code(ErrorCode::MallocFailed as i32);
+            abort_with_code(&[ErrorCode::MallocFailed as u8]);
         } else {
             let layout_ptr = raw_ptr as *mut Layout;
             layout_ptr.write(layout);
@@ -148,7 +148,7 @@ pub unsafe extern "C" fn realloc(ptr: *mut c_void, size: usize) -> *mut c_void {
 
         if new_block_start.is_null() {
             // Realloc failed
-            abort_with_code(ErrorCode::MallocFailed as i32);
+            abort_with_code(&[ErrorCode::MallocFailed as u8]);
         } else {
             // Update the stored Layout, then return ptr to memory right after the Layout.
             new_block_start.write(new_layout);

src/hyperlight_guest_capi/src/error.rs

@@ -12,10 +12,10 @@ pub extern "C" fn hl_set_error(err: ErrorCode, message: *const c_char) {
 
 #[no_mangle]
 pub extern "C" fn hl_abort_with_code(err: i32) {
-    hyperlight_guest::entrypoint::abort_with_code(err);
+    hyperlight_guest::entrypoint::abort_with_code(&[err as u8]);
 }
 
 #[no_mangle]
 pub extern "C" fn hl_abort_with_code_and_message(err: i32, message: *const c_char) {
-    unsafe { hyperlight_guest::entrypoint::abort_with_code_and_message(err, message) };
+    unsafe { hyperlight_guest::entrypoint::abort_with_code_and_message(&[err as u8], message) };
 }

src/hyperlight_host/src/func/guest_dispatch.rs

@@ -494,7 +494,7 @@ mod tests {
         match res.unwrap_err() {
             HyperlightError::GuestAborted(_, msg) => {
                 // msg should indicate we got an invalid opcode exception
-                assert!(msg.contains("EXCEPTION: 0x6"));
+                assert!(msg.contains("InvalidOpcode"));
             }
             e => panic!(
                 "Expected HyperlightError::GuestExecutionError but got {:?}",

src/hyperlight_host/src/hypervisor/hyperv_windows.rs

@@ -393,7 +393,7 @@ impl Hypervisor for HypervWindowsDriver {
         outb_handle_fn
             .try_lock()
             .map_err(|e| new_error!("Error locking at {}:{}: {}", file!(), line!(), e))?
-            .call(port, payload)?;
+            .call(port, data)?;
 
         let mut regs = self.processor.get_regs()?;
         regs.rip = rip + instruction_length;
@@ -505,7 +505,7 @@ pub mod tests {
     #[serial]
     fn test_init() {
         let outb_handler = {
-            let func: Box<dyn FnMut(u16, u64) -> Result<()> + Send> =
+            let func: Box<dyn FnMut(u16, Vec<u8>) -> Result<()> + Send> =
                 Box::new(|_, _| -> Result<()> { Ok(()) });
             Arc::new(Mutex::new(OutBHandler::from(func)))
         };