Properly CoW page tables to the scratch region

Justfile

@@ -99,16 +99,10 @@ test-like-ci config=default-target hypervisor="kvm":
     @# test the tracing related features
     {{ if os() == "linux" { "just test-rust-tracing " + config + " " + if hypervisor == "mshv3" { "mshv3" } else { "kvm" } } else { "" } }}
 
-like-ci config=default-target hypervisor="kvm":
+code-checks-like-ci config=default-target hypervisor="kvm":
     @# Ensure up-to-date Cargo.lock
     cargo fetch --locked
 
-    @# typos
-    typos
-
-    @# check licence headers
-    just check-license-headers
-
     @# fmt
     just fmt-check
 
@@ -122,6 +116,17 @@ like-ci config=default-target hypervisor="kvm":
     @# Verify MSRV
     ./dev/verify-msrv.sh hyperlight-common hyperlight-guest hyperlight-guest-bin hyperlight-host hyperlight-component-util hyperlight-component-macro hyperlight-guest-tracing
 
+    @# Check 32-bit guests
+    {{ if os() == "linux" { "just check-i686 " + config } else { "" } }}
+
+    @# Check cargo features compile
+    just check
+
+    @# Check compilation with no default features
+    just test-compilation-no-default-features debug
+    just test-compilation-no-default-features release
+
+build-guests-like-ci config=default-target hypervisor="kvm":
     @# Build and move Rust guests
     just build-rust-guests {{config}}
     just move-rust-guests {{config}}
@@ -130,29 +135,62 @@ like-ci config=default-target hypervisor="kvm":
     just build-c-guests {{config}}
     just move-c-guests {{config}}
 
+build-test-like-ci config=default-target hypervisor="kvm":
     @# Build
     just build {{config}}
 
+    @# Run Miri tests
+    {{ if os() == "linux" { "just miri-tests" } else { "" } }}
+
     @# Run Rust tests
-    just test-like-ci {{config}} {{hypervisor}}
+    just test {{config}}
+
+    @# Run Rust tests with single driver
+    {{ if os() == "linux" { "just test " + config+ " " + if hypervisor == "mshv3" { "mshv3" } else { "kvm" } } else { "" } }}
 
+    @# Run Rust Gdb tests
+    just test-rust-gdb-debugging {{config}}
+
+    @# Run Rust Crashdump tests
+    just test-rust-crashdump {{config}}
+
+    @# Run Rust Tracing tests
+    {{ if os() == "linux" { "just test-rust-tracing " + config } else { "" } }}
+
+run-examples-like-ci config=default-target hypervisor="kvm":
     @# Run Rust examples - Windows
     {{ if os() == "windows" { "just run-rust-examples " + config } else { "" } }}
 
     @# Run Rust examples - linux
-    {{ if os() == "linux" { "just run-rust-examples-linux " + config + " " + if hypervisor == "mshv3" { "mshv3" } else { "kvm" } } else { "" } }}
+    {{ if os() == "linux" { "just run-rust-examples-linux " + config + " " } else { "" } }}
 
-    @# Run Rust Gdb tests
-    just test-rust-gdb-debugging {{ config }} {{ if hypervisor == "mshv3" { "mshv3" } else { "kvm" } }} 
+benchmarks-like-ci config=default-target hypervisor="$vm":
+    @# Run benchmarks
+    {{ if config == "release" { "just bench-ci main" } else { "" } }}
 
-    @# Run Rust Crashdump tests
-    just test-rust-crashdump {{config}} {{ if hypervisor == "mshv3" { "mshv3" } else { "kvm" } }}
+like-ci config=default-target hypervisor="kvm":
+    @# .github/workflows/dep_code_checks.yml
+    just code-checks-like-ci {{config}} {{hypervisor}}
 
-    @# Run Rust Tracing tests - linux
-    {{ if os() == "linux" { "just test-rust-tracing " + config + " " + if hypervisor == "mshv3" { "mshv3" } else { "kvm" } } else { "" } }}
+    @# .github/workflows/dep_build_guests.yml
+    just build-guests-like-ci {{config}} {{hypervisor}}
 
-    @# Run benchmarks
-    {{ if config == "release" { "just bench-ci main " + if hypervisor == "mshv3" { "mshv3" } else { "kvm" } } else { "" } }}
+    @# .github/workflows/dep_build_test.yml
+    just build-test-like-ci {{config}} {{hypervisor}}
+
+    @# .github/workflows/dep_run_examples.yml
+    just run-examples-like-ci {{config}} {{hypervisor}}
+
+    @# .github/workflows/dep_benchmarks.yml
+    just benchmarks-like-ci {{config}} {{hypervisor}}
+
+    @# can't run fuzzing locally
+
+    @# spelling
+    typos
+
+    @# license-headers
+    just check-license-headers
 
 # runs all tests
 test target=default-target features="": (test-unit target features) (test-isolated target features) (test-integration "rust" target features) (test-integration "c" target features) (test-doc target features)

flake.nix

@@ -17,7 +17,7 @@
             patchRustPkg = pkg: (pkg.overrideAttrs (oA: {
               buildCommand = (builtins.replaceStrings
                 [ "rustc,rustdoc" ]
-                [ "rustc,rustdoc,clippy-driver,cargo-clippy" ]
+                [ "rustc,rustdoc,clippy-driver,cargo-clippy,miri,cargo-miri" ]
                 oA.buildCommand) + (let
                   wrapperPath = pkgs.path + "/pkgs/build-support/bintools-wrapper/ld-wrapper.sh";
                   baseOut = pkgs.clangStdenv.cc.bintools.out;
@@ -67,8 +67,9 @@
                 "x86_64-unknown-linux-gnu"
                 "x86_64-pc-windows-msvc" "x86_64-unknown-none"
                 "wasm32-wasip1" "wasm32-wasip2" "wasm32-unknown-unknown"
+                "i686-unknown-linux-gnu"
               ];
-              extensions = [ "rust-src" ];
+              extensions = [ "rust-src" ] ++ (if args.channel == "nightly" then [ "miri-preview" ] else []);
             });
 
           # Hyperlight needs a variety of toolchains, since we use Nightly
@@ -96,6 +97,31 @@
             rustc = toolchains.stable.rust;
           };
 
+          # when building a guest with cargo-hyperlight, or when
+          # building a miri sysroot for the main workspace, we need to
+          # include any crates.io dependencies of the standard library
+          # (e.g. rustc-literal-escaper)
+          stdlibLocks = lib.mapAttrsToList (_: toolchain:
+            "${toolchain.rust}/lib/rustlib/src/rust/library/Cargo.lock"
+          ) toolchains;
+          stdlibDeps = builtins.map (lockFile:
+            rust-platform.importCargoLock { inherit lockFile; }) stdlibLocks;
+          withStdlibLock = lockFile:
+            pkgs.symlinkJoin {
+              name = "cargo-deps";
+              paths = stdlibDeps ++ [
+                (rust-platform.importCargoLock {
+                  inherit lockFile;
+                })
+              ];
+            };
+          deps = {
+            "Cargo.toml" = withStdlibLock ./Cargo.lock;
+            "src/tests/rust_guests/dummyguest/Cargo.toml" = withStdlibLock ./src/tests/rust_guests/dummyguest/Cargo.lock;
+            "src/tests/rust_guests/simpleguest/Cargo.toml" = withStdlibLock ./src/tests/rust_guests/simpleguest/Cargo.lock;
+            "src/tests/rust_guests/witguest/Cargo.toml" = withStdlibLock ./src/tests/rust_guests/witguest/Cargo.lock;
+          };
+
           # Script snippet, used in the cargo/rustc wrappers below,
           # which creates a number of .cargo/config.toml files in
           # order to allow using Nix-fetched dependencies (this must
@@ -105,7 +131,7 @@
           # unfortunately that tends not to play well with subcommands
           # like `cargo clippy` and `cargo hyperlight` (see
           # https://github.com/rust-lang/cargo/issues/11031).
-          materialiseDeps = deps: let
+          materialiseDeps = let
             sortedNames =  lib.lists.reverseList (builtins.attrNames deps);
             matchClause = path: ''  */${path}) root="''${manifest%${path}}" ;;'';
             matchClauses = lib.strings.concatStringsSep "\n"
@@ -127,14 +153,28 @@
             makeClauses = lib.strings.concatStringsSep "\n"
               (lib.mapAttrsToList makeClause deps);
           in ''
-            manifest=$(''${base}/bin/cargo locate-project --message-format plain --workspace)
+            base_cargo() {
+              PATH="$base/bin:$PATH" "$base/bin/cargo" "$@"
+            }
+
+            manifest=$(base_cargo locate-project --message-format plain --workspace)
             case "$manifest" in
               ${matchClauses}
             esac
             if [ -f ''${root}/flake.nix ]; then
               sed -i '/# vendor dependency configuration generated by nix/{N;d;}' $root/.git/info/exclude
               ${makeClauses}
             fi
+
+            # libgit2-sys copies a vendored git2 into the target/
+            # directory somewhere. In certain, rare, cases,
+            # libgit2-sys is rebuilt in the same incremental dep
+            # directory as it was before, and then this copy fails,
+            # because the files, copied from the nix store, already
+            # exist and do not have w permission. Hack around this
+            # issue by making any existing libgit2-sys vendored git2
+            # files writable before a build can be run
+            find "$(base_cargo metadata --format-version 1 | jq -r '.target_directory')" -path '*/build/libgit2-sys-*/out/include' -print0 | xargs -r -0 chmod u+w -R
           '';
 
           # Hyperlight scripts use cargo in a bunch of ways that don't
@@ -144,28 +184,28 @@
           # scripts also use `rustup toolchain install` in some cases, in
           # order to work in CI, so we provide a fake rustup that does
           # nothing as well.
-          rustup-like-wrapper = name: deps: pkgs.writeShellScriptBin name
+          rustup-like-wrapper = name: pkgs.writeShellScriptBin name
             (let
               clause = name: toolchain:
                 "+${name}) base=\"${toolchain.rust}\"; shift 1; ;;";
               clauses = lib.strings.concatStringsSep "\n"
                 (lib.mapAttrsToList clause toolchains);
             in ''
               base="${toolchains.stable.rust}"
-              ${materialiseDeps deps}
+              ${materialiseDeps}
               case "$1" in
                 ${clauses}
                 install) exit 0; ;;
               esac
               export PATH="$base/bin:$PATH"
               exec "$base/bin/${name}" "$@"
             '');
-          fake-rustup = deps: pkgs.symlinkJoin {
+          fake-rustup = pkgs.symlinkJoin {
             name = "fake-rustup";
             paths = [
               (pkgs.writeShellScriptBin "rustup" "")
-              (rustup-like-wrapper "rustc" deps)
-              (rustup-like-wrapper "cargo" deps)
+              (rustup-like-wrapper "rustc")
+              (rustup-like-wrapper "cargo")
             ];
           };
 
@@ -182,34 +222,11 @@
             };
             cargoHash = "sha256-muiMVrK1TydQiMitihfo7xYidqUIIQ+Hw3BIeo5rLFw=";
           };
-          # when building a guest with cargo-hyperlight, we need to
-          # include any crates.io dependencies of the standard library
-          # (e.g. rustc-literal-escaper)
-          stdlibLocks = lib.mapAttrsToList (_: toolchain:
-            "${toolchain.rust}/lib/rustlib/src/rust/library/Cargo.lock"
-          ) toolchains;
-          stdlibDeps = builtins.map (lockFile:
-            rust-platform.importCargoLock { inherit lockFile; }) stdlibLocks;
-          withStdlibLock = lockFile:
-            pkgs.symlinkJoin {
-              name = "cargo-deps";
-              paths = stdlibDeps ++ [
-                (rust-platform.importCargoLock {
-                  inherit lockFile;
-                })
-              ];
-            };
-          deps = finalRootVendor: {
-            "Cargo.toml" = finalRootVendor;
-            "src/tests/rust_guests/dummyguest/Cargo.toml" = withStdlibLock ./src/tests/rust_guests/dummyguest/Cargo.lock;
-            "src/tests/rust_guests/simpleguest/Cargo.toml" = withStdlibLock ./src/tests/rust_guests/simpleguest/Cargo.lock;
-            "src/tests/rust_guests/witguest/Cargo.toml" = withStdlibLock ./src/tests/rust_guests/witguest/Cargo.lock;
-          };
         in (buildRustPackageClang (mkDerivationAttrs: {
           pname = "hyperlight";
           version = "0.0.0";
           src = lib.cleanSource ./.;
-          cargoLock.lockFile = ./Cargo.lock;
+          cargoDeps = deps."Cargo.toml";
 
           nativeBuildInputs = [
             azure-cli
@@ -246,7 +263,7 @@
           # Set this through shellHook rather than nativeBuildInputs to be
           # really sure that it overrides the real cargo.
           postHook = ''
-            export PATH="${fake-rustup (deps mkDerivationAttrs.cargoDeps)}/bin:$PATH"
+            export PATH="${fake-rustup}/bin:$PATH"
           '';
         })).overrideAttrs(oA: {
           hardeningDisable = [ "all" ];

src/hyperlight_common/src/arch/amd64/layout.rs

@@ -18,7 +18,8 @@ limitations under the License.
 /// to make working with start/end ptrs in a few places more
 /// convenient (not needing to worry about overflow)
 pub const MAX_GVA: usize = 0xffff_ffff_ffff_efff;
-pub const SNAPSHOT_PT_GVA: usize = 0xffff_8000_0000_0000;
+pub const SNAPSHOT_PT_GVA_MIN: usize = 0xffff_8000_0000_0000;
+pub const SNAPSHOT_PT_GVA_MAX: usize = 0xffff_80ff_ffff_ffff;
 
 /// We assume 36-bit IPAs for now, since every amd64 processor
 /// supports at least 36 bits.  Almost all of them support at least 40