[guest/{entrypoint,host_fxn_call,interrupts},host/outb] brought back panic info to abort

In #474, I removed the guest panic context region. With that, aborting was split into two steps:
(1) printing panic info w/ debug_print, and
(2) exiting w/ abort and codes.

This PR addresses feedback I got in #474 to join the operations by buffering string output when
aborting.

This PR also cleans up our manual chunking logic w/ outb and leverages out32 w/ length prefixing to
minimize VM exits. Abort detects it should finishing buffering by a terminator code (0xFF).

Edited tests to check for panic message in aborts as they were prior to #474 merged.

Signed-off-by: danbugs <[email protected]>

Author: danbugs

src/hyperlight_guest/src/entrypoint.rs

@@ -25,7 +25,7 @@ use spin::Once;
 use crate::gdt::load_gdt;
 use crate::guest_function_call::dispatch_function;
 use crate::guest_logger::init_logger;
-use crate::host_function_call::{debug_print, outb};
+use crate::host_function_call::outb;
 use crate::idtr::load_idt;
 use crate::{
     __security_cookie, HEAP_ALLOCATOR, MIN_STACK_ADDRESS, OS_PAGE_SIZE, OUTB_PTR,
@@ -43,11 +43,12 @@ pub fn halt() {
 
 #[no_mangle]
 pub extern "C" fn abort() -> ! {
-    abort_with_code(&[0])
+    abort_with_code(&[0, 0xFF])
 }
 
 pub fn abort_with_code(code: &[u8]) -> ! {
     outb(OutBAction::Abort as u16, code);
+    outb(OutBAction::Abort as u16, &[0xFF]); // send abort terminator (if not included in code)
     unreachable!()
 }
 
@@ -56,13 +57,19 @@ pub fn abort_with_code(code: &[u8]) -> ! {
 /// # Safety
 /// This function is unsafe because it dereferences a raw pointer.
 pub unsafe fn abort_with_code_and_message(code: &[u8], message_ptr: *const c_char) -> ! {
-    debug_print(
-        CStr::from_ptr(message_ptr)
-            .to_str()
-            .expect("Invalid UTF-8 string"),
-    );
-
+    // Step 1: Send abort code (typically 1 byte, but `code` allows flexibility)
     outb(OutBAction::Abort as u16, code);
+
+    // Step 2: Convert the C string to bytes
+    let message_bytes = CStr::from_ptr(message_ptr).to_bytes(); // excludes null terminator
+
+    // Step 3: Send the message itself in chunks
+    outb(OutBAction::Abort as u16, message_bytes);
+
+    // Step 4: Send abort terminator to signal completion (e.g., 0xFF)
+    outb(OutBAction::Abort as u16, &[0xFF]);
+
+    // This function never returns
     unreachable!()
 }
 

src/hyperlight_guest/src/host_function_call.rs

@@ -17,7 +17,7 @@ limitations under the License.
 use alloc::format;
 use alloc::string::ToString;
 use alloc::vec::Vec;
-use core::arch::global_asm;
+use core::arch;
 
 use hyperlight_common::flatbuffer_wrappers::function_call::{FunctionCall, FunctionCallType};
 use hyperlight_common::flatbuffer_wrappers::function_types::{
@@ -79,21 +79,16 @@ pub fn outb(port: u16, data: &[u8]) {
     unsafe {
         match RUNNING_MODE {
             RunMode::Hypervisor => {
-                for chunk in data.chunks(4) {
-                    // Process the data in chunks of 4 bytes. If a chunk has fewer than 4 bytes,
-                    // pad it with 0x7F to ensure it can be converted into a 4-byte array.
-                    // The choice of 0x7F as the padding value is arbitrary and does not carry
-                    // any special meaning; it simply ensures consistent chunk size.
-                    let val = match chunk {
-                        [a, b, c, d] => u32::from_le_bytes([*a, *b, *c, *d]),
-                        [a, b, c] => u32::from_le_bytes([*a, *b, *c, 0x7F]),
-                        [a, b] => u32::from_le_bytes([*a, *b, 0x7F, 0x7F]),
-                        [a] => u32::from_le_bytes([*a, 0x7F, 0x7F, 0x7F]),
-                        [] => break,
-                        _ => unreachable!(),
-                    };
-
-                    hloutd(val, port);
+                let mut i = 0;
+                while i < data.len() {
+                    let remaining = data.len() - i;
+                    let chunk_len = remaining.min(3);
+                    let mut chunk = [0u8; 4];
+                    chunk[0] = chunk_len as u8;
+                    chunk[1..1 + chunk_len].copy_from_slice(&data[i..i + chunk_len]);
+                    let val = u32::from_le_bytes(chunk);
+                    out32(port, val);
+                    i += chunk_len;
                 }
             }
             RunMode::InProcessLinux | RunMode::InProcessWindows => {
@@ -119,11 +114,25 @@ pub fn outb(port: u16, data: &[u8]) {
     }
 }
 
-extern "win64" {
-    fn hloutd(value: u32, port: u16);
+pub(crate) unsafe fn out32(port: u16, val: u32) {
+    arch::asm!("out dx, eax", in("dx") port, in("eax") val, options(preserves_flags, nomem, nostack));
 }
 
-pub fn print_output_as_guest_function(function_call: &FunctionCall) -> Result<Vec<u8>> {
+/// Prints a message using `OutBAction::DebugPrint`. It transmits bytes of a message
+/// through several VMExists and, with such, it is slower than
+/// `print_output_with_host_print`.
+///
+/// This function should be used in debug mode only. This function does not
+/// require memory to be setup to be used.
+pub fn debug_print(msg: &str) {
+    outb(OutBAction::DebugPrint as u16, msg.as_bytes());
+}
+
+/// Print a message using the host's print function.
+///
+/// This function requires memory to be setup to be used. In particular, the
+/// existence of the input and output memory regions.
+pub fn print_output_with_host_print(function_call: &FunctionCall) -> Result<Vec<u8>> {
     if let ParameterValue::String(message) = function_call.parameters.clone().unwrap()[0].clone() {
         call_host_function(
             "HostPrint",
@@ -135,20 +144,7 @@ pub fn print_output_as_guest_function(function_call: &FunctionCall) -> Result<Ve
     } else {
         Err(HyperlightGuestError::new(
             ErrorCode::GuestError,
-            "Wrong Parameters passed to print_output_as_guest_function".to_string(),
+            "Wrong Parameters passed to print_output_with_host_print".to_string(),
         ))
     }
 }
-
-pub fn debug_print(msg: &str) {
-    outb(OutBAction::DebugPrint as u16, msg.as_bytes());
-}
-
-global_asm!(
-    ".global hloutd
-     hloutd:
-        mov eax, ecx
-        mov dx, dx
-        out dx, eax
-        ret"
-);

src/hyperlight_guest/src/interrupt_handlers.rs

@@ -31,10 +31,9 @@ pub extern "sysv64" fn hl_exception_handler(
 ) {
     let exception = Exception::try_from(exception_number as u8).expect("Invalid exception number");
     let msg = format!(
-        "EXCEPTION: {:#?}\n\
-            Page Fault Address: {:#x}\n\
+        "Page Fault Address: {:#x}\n\
             Stack Pointer: {:#x}",
-        exception, page_fault_address, stack_pointer
+        page_fault_address, stack_pointer
     );
 
     unsafe {

src/hyperlight_guest/src/lib.rs

@@ -17,16 +17,13 @@ limitations under the License.
 #![no_std]
 // Deps
 use alloc::string::ToString;
-use core::hint::unreachable_unchecked;
 
 use buddy_system_allocator::LockedHeap;
 use guest_function_register::GuestFunctionRegister;
-use host_function_call::debug_print;
 use hyperlight_common::flatbuffer_wrappers::guest_error::ErrorCode;
 use hyperlight_common::mem::{HyperlightPEB, RunMode};
-use hyperlight_common::outb::OutBAction;
 
-use crate::host_function_call::outb;
+use crate::entrypoint::abort_with_code_and_message;
 extern crate alloc;
 
 // Modules
@@ -73,9 +70,11 @@ pub(crate) static _fltused: i32 = 0;
 // to satisfy the clippy when cfg == test
 #[allow(dead_code)]
 fn panic(info: &core::panic::PanicInfo) -> ! {
-    debug_print(info.to_string().as_str());
-    outb(OutBAction::Abort as u16, &[ErrorCode::UnknownError as u8]);
-    unsafe { unreachable_unchecked() }
+    let msg = info.to_string();
+    let c_string = alloc::ffi::CString::new(msg)
+        .unwrap_or_else(|_| alloc::ffi::CString::new("panic (invalid utf8)").unwrap());
+
+    unsafe { abort_with_code_and_message(&[ErrorCode::UnknownError as u8], c_string.as_ptr()) }
 }
 
 // Globals

src/hyperlight_host/src/hypervisor/handlers.rs

@@ -25,7 +25,7 @@ use crate::{new_error, Result};
 /// has initiated an outb operation.
 pub trait OutBHandlerCaller: Sync + Send {
     /// Function that gets called when an outb operation has occurred.
-    fn call(&mut self, port: u16, payload: Vec<u8>) -> Result<()>;
+    fn call(&mut self, port: u16, payload: u32) -> Result<()>;
 }
 
 /// A convenient type representing a common way `OutBHandler` implementations
@@ -36,7 +36,7 @@ pub trait OutBHandlerCaller: Sync + Send {
 /// a &mut self).
 pub type OutBHandlerWrapper = Arc<Mutex<dyn OutBHandlerCaller>>;
 
-pub(crate) type OutBHandlerFunction = Box<dyn FnMut(u16, Vec<u8>) -> Result<()> + Send>;
+pub(crate) type OutBHandlerFunction = Box<dyn FnMut(u16, u32) -> Result<()> + Send>;
 
 /// A `OutBHandler` implementation using a `OutBHandlerFunction`
 ///
@@ -52,7 +52,7 @@ impl From<OutBHandlerFunction> for OutBHandler {
 
 impl OutBHandlerCaller for OutBHandler {
     #[instrument(err(Debug), skip_all, parent = Span::current(), level= "Trace")]
-    fn call(&mut self, port: u16, payload: Vec<u8>) -> Result<()> {
+    fn call(&mut self, port: u16, payload: u32) -> Result<()> {
         let mut func = self
             .0
             .try_lock()

src/hyperlight_host/src/hypervisor/hyperv_linux.rs

@@ -546,10 +546,15 @@ impl Hypervisor for HypervLinuxDriver {
         instruction_length: u64,
         outb_handle_fn: OutBHandlerWrapper,
     ) -> Result<()> {
+        let mut padded = [0u8; 4];
+        let copy_len = data.len().min(4);
+        padded[..copy_len].copy_from_slice(&data[..copy_len]);
+        let val = u32::from_le_bytes(padded);
+
         outb_handle_fn
             .try_lock()
             .map_err(|e| new_error!("Error locking at {}:{}: {}", file!(), line!(), e))?
-            .call(port, data)?;
+            .call(port, val)?;
 
         // update rip
         self.vcpu_fd.set_reg(&[hv_register_assoc {

src/hyperlight_host/src/hypervisor/hyperv_windows.rs

@@ -390,10 +390,15 @@ impl Hypervisor for HypervWindowsDriver {
         instruction_length: u64,
         outb_handle_fn: OutBHandlerWrapper,
     ) -> Result<()> {
+        let mut padded = [0u8; 4];
+        let copy_len = data.len().min(4);
+        padded[..copy_len].copy_from_slice(&data[..copy_len]);
+        let val = u32::from_le_bytes(padded);
+
         outb_handle_fn
             .try_lock()
             .map_err(|e| new_error!("Error locking at {}:{}: {}", file!(), line!(), e))?
-            .call(port, data)?;
+            .call(port, val)?;
 
         let mut regs = self.processor.get_regs()?;
         regs.rip = rip + instruction_length;
@@ -505,7 +510,7 @@ pub mod tests {
     #[serial]
     fn test_init() {
         let outb_handler = {
-            let func: Box<dyn FnMut(u16, Vec<u8>) -> Result<()> + Send> =
+            let func: Box<dyn FnMut(u16, u32) -> Result<()> + Send> =
                 Box::new(|_, _| -> Result<()> { Ok(()) });
             Arc::new(Mutex::new(OutBHandler::from(func)))
         };

src/hyperlight_host/src/hypervisor/kvm.rs

@@ -497,10 +497,15 @@ impl Hypervisor for KVMDriver {
         if data.is_empty() {
             log_then_return!("no data was given in IO interrupt");
         } else {
+            let mut padded = [0u8; 4];
+            let copy_len = data.len().min(4);
+            padded[..copy_len].copy_from_slice(&data[..copy_len]);
+            let value = u32::from_le_bytes(padded);
+
             outb_handle_fn
                 .try_lock()
                 .map_err(|e| new_error!("Error locking at {}:{}: {}", file!(), line!(), e))?
-                .call(port, data)?;
+                .call(port, value)?;
         }
 
         Ok(())
@@ -664,7 +669,7 @@ mod tests {
         }
 
         let outb_handler: Arc<Mutex<OutBHandler>> = {
-            let func: Box<dyn FnMut(u16, Vec<u8>) -> Result<()> + Send> =
+            let func: Box<dyn FnMut(u16, u32) -> Result<()> + Send> =
                 Box::new(|_, _| -> Result<()> { Ok(()) });
             Arc::new(Mutex::new(OutBHandler::from(func)))
         };

src/hyperlight_host/src/sandbox/mem_mgr.rs

@@ -29,27 +29,39 @@ pub type StackCookie = [u8; STACK_COOKIE_LEN];
 /// A container with methods for accessing `SandboxMemoryManager` and other
 /// related objects
 #[derive(Clone)]
-pub(crate) struct MemMgrWrapper<S>(SandboxMemoryManager<S>, StackCookie);
+pub(crate) struct MemMgrWrapper<S> {
+    mgr: SandboxMemoryManager<S>,
+    stack_cookie: StackCookie,
+    abort_buffer: Vec<u8>,
+}
 
 impl<S: SharedMemory> MemMgrWrapper<S> {
     #[instrument(skip_all, parent = Span::current(), level= "Trace")]
     pub(super) fn new(mgr: SandboxMemoryManager<S>, stack_cookie: StackCookie) -> Self {
-        Self(mgr, stack_cookie)
+        Self {
+            mgr,
+            stack_cookie,
+            abort_buffer: Vec::new(),
+        }
     }
 
     #[instrument(skip_all, parent = Span::current(), level= "Trace")]
     pub(crate) fn unwrap_mgr(&self) -> &SandboxMemoryManager<S> {
-        &self.0
+        &self.mgr
     }
 
     #[instrument(skip_all, parent = Span::current(), level= "Trace")]
     pub(crate) fn unwrap_mgr_mut(&mut self) -> &mut SandboxMemoryManager<S> {
-        &mut self.0
+        &mut self.mgr
     }
 
     #[instrument(skip_all, parent = Span::current(), level= "Trace")]
     pub(super) fn get_stack_cookie(&self) -> &StackCookie {
-        &self.1
+        &self.stack_cookie
+    }
+
+    pub fn get_abort_buffer_mut(&mut self) -> &mut Vec<u8> {
+        &mut self.abort_buffer
     }
 }
 
@@ -74,8 +86,8 @@ impl MemMgrWrapper<ExclusiveSharedMemory> {
         MemMgrWrapper<HostSharedMemory>,
         SandboxMemoryManager<GuestSharedMemory>,
     ) {
-        let (hshm, gshm) = self.0.build();
-        (MemMgrWrapper(hshm, self.1), gshm)
+        let (hshm, gshm) = self.mgr.build();
+        (MemMgrWrapper::new(hshm, self.stack_cookie), gshm)
     }
 
     #[instrument(err(Debug), skip_all, parent = Span::current(), level= "Trace")]