Handle VMs misbehaving.
If a VM accesses memory it is not allowed to or otherwise triggers and
unhandled exception it will be aborted such that none of the vCPUs can
be run again.
The VM remains unchanged from the point of view of other VMs other than
it will not make any further progress.
Change-Id: I352e1c714f1e4b1b43185269f92e7fa41e09a4db
diff --git a/inc/hf/api.h b/inc/hf/api.h
index e9ffe88..2d956ef 100644
--- a/inc/hf/api.h
+++ b/inc/hf/api.h
@@ -27,7 +27,7 @@
int64_t api_vm_get_count(void);
int64_t api_vcpu_get_count(uint32_t vm_id, const struct vcpu *current);
struct hf_vcpu_run_return api_vcpu_run(uint32_t vm_id, uint32_t vcpu_idx,
- const struct vcpu *current,
+ struct vcpu *current,
struct vcpu **next);
int64_t api_vm_configure(ipaddr_t send, ipaddr_t recv, struct vcpu *current,
struct vcpu **next);
@@ -45,6 +45,7 @@
struct vcpu *api_preempt(struct vcpu *current);
struct vcpu *api_yield(struct vcpu *current);
struct vcpu *api_wait_for_interrupt(struct vcpu *current);
+struct vcpu *api_abort(struct vcpu *current);
int64_t api_interrupt_enable(uint32_t intid, bool enable, struct vcpu *current);
uint32_t api_interrupt_get(struct vcpu *current);
diff --git a/inc/hf/cpu.h b/inc/hf/cpu.h
index 10bb01f..865713f 100644
--- a/inc/hf/cpu.h
+++ b/inc/hf/cpu.h
@@ -45,6 +45,9 @@
/** The vcpu is waiting for an interrupt. */
vcpu_state_blocked_interrupt,
+
+ /** The vcpu has aborted. */
+ vcpu_state_aborted,
};
struct interrupts {
diff --git a/inc/hf/vm.h b/inc/hf/vm.h
index c29b6bc..be49524 100644
--- a/inc/hf/vm.h
+++ b/inc/hf/vm.h
@@ -16,6 +16,8 @@
#pragma once
+#include <stdatomic.h>
+
#include "hf/cpu.h"
#include "hf/list.h"
#include "hf/mm.h"
@@ -83,6 +85,8 @@
/** Wait entries to be used when waiting on other VM mailboxes. */
struct wait_entry wait_entries[MAX_VMS];
+
+ atomic_bool aborting;
};
/** Encapsulates a VM whose lock is held. */