feat(virtq): add MemOps for host and guest

andreiltd · andreiltd · commit 02e8a704b6a3 · 2026-04-10T16:36:55.000+02:00
Signed-off-by: Tomasz Andrzejak &lt;andreiltd@gmail.com&gt;
diff --git a/src/hyperlight_guest/src/lib.rs b/src/hyperlight_guest/src/lib.rs
@@ -25,6 +25,7 @@ pub mod error;
 pub mod exit;
 pub mod layout;
 pub mod prim_alloc;
+pub mod virtq_mem;
 
 pub mod guest_handle {
     pub mod handle;
diff --git a/src/hyperlight_guest/src/virtq_mem.rs b/src/hyperlight_guest/src/virtq_mem.rs
@@ -0,0 +1,67 @@
+/*
+Copyright 2026  The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+//! Guest-side [`MemOps`] implementation for virtqueue access.
+
+use core::convert::Infallible;
+use core::sync::atomic::{AtomicU16, Ordering};
+use core::{ptr, slice};
+
+use hyperlight_common::virtq::MemOps;
+
+/// Guest-side memory accessor for virtqueue operations. Treats virtq
+/// addresses as guest virtual addresses that map directly to memory.
+#[derive(Clone, Copy, Debug)]
+pub struct GuestMemOps;
+
+impl MemOps for GuestMemOps {
+    type Error = Infallible;
+
+    fn read(&self, addr: u64, dst: &mut [u8]) -> Result<usize, Self::Error> {
+        let src = addr as *const u8;
+        unsafe {
+            ptr::copy_nonoverlapping(src, dst.as_mut_ptr(), dst.len());
+        }
+        Ok(dst.len())
+    }
+
+    fn write(&self, addr: u64, src: &[u8]) -> Result<usize, Self::Error> {
+        let dst = addr as *mut u8;
+        unsafe {
+            ptr::copy_nonoverlapping(src.as_ptr(), dst, src.len());
+        }
+        Ok(src.len())
+    }
+
+    fn load_acquire(&self, addr: u64) -> Result<u16, Self::Error> {
+        let ptr = addr as *const AtomicU16;
+        Ok(unsafe { (*ptr).load(Ordering::Acquire) })
+    }
+
+    fn store_release(&self, addr: u64, val: u16) -> Result<(), Self::Error> {
+        let ptr = addr as *const AtomicU16;
+        unsafe { (*ptr).store(val, Ordering::Release) };
+        Ok(())
+    }
+
+    unsafe fn as_slice(&self, addr: u64, len: usize) -> Result<&[u8], Self::Error> {
+        Ok(unsafe { slice::from_raw_parts(addr as *const u8, len) })
+    }
+
+    unsafe fn as_mut_slice(&self, addr: u64, len: usize) -> Result<&mut [u8], Self::Error> {
+        Ok(unsafe { slice::from_raw_parts_mut(addr as *mut u8, len) })
+    }
+}
diff --git a/src/hyperlight_host/src/mem/mgr.rs b/src/hyperlight_host/src/mem/mgr.rs
@@ -818,10 +818,9 @@ impl SandboxMemoryManager<HostSharedMemory> {
     /// Compute the G2H virtqueue Layout from scratch region addresses.
     pub(crate) fn g2h_virtq_layout(&self) -> Result<hyperlight_common::virtq::Layout> {
         let base = self.layout.get_g2h_ring_gva();
-        let depth = self.layout.sandbox_memory_config.get_g2h_queue_depth();
+        let depth = self.layout.sandbox_memory_config.get_g2h_queue_depth() as u16;
 
-        let nz = NonZeroU16::new(depth as u16)
-            .ok_or_else(|| new_error!("G2H queue depth is zero"))?;
+        let nz = NonZeroU16::new(depth).ok_or_else(|| new_error!("G2H queue depth is zero"))?;
 
         unsafe { VirtqLayout::from_base(base, nz) }
             .map_err(|e| new_error!("Invalid G2H virtq layout: {:?}", e))
@@ -830,10 +829,9 @@ impl SandboxMemoryManager<HostSharedMemory> {
     /// Compute the H2G virtqueue Layout from scratch region addresses.
     pub(crate) fn h2g_virtq_layout(&self) -> Result<hyperlight_common::virtq::Layout> {
         let base = self.layout.get_h2g_ring_gva();
-        let depth = self.layout.sandbox_memory_config.get_h2g_queue_depth();
+        let depth = self.layout.sandbox_memory_config.get_h2g_queue_depth() as u16;
 
-        let nz = NonZeroU16::new(depth as u16)
-            .ok_or_else(|| new_error!("H2G queue depth is zero"))?;
+        let nz = NonZeroU16::new(depth).ok_or_else(|| new_error!("H2G queue depth is zero"))?;
 
         unsafe { VirtqLayout::from_base(base, nz) }
             .map_err(|e| new_error!("Invalid H2G virtq layout: {:?}", e))
diff --git a/src/hyperlight_host/src/mem/mod.rs b/src/hyperlight_host/src/mem/mod.rs
@@ -38,3 +38,5 @@ pub mod shared_mem;
 /// Utilities for writing shared memory tests
 #[cfg(all(test, not(miri)))] // uses proptest which isn't miri-compatible
 pub(crate) mod shared_mem_tests;
+/// Host-side [`hyperlight_common::virtq::MemOps`] for virtqueue access.
+pub(crate) mod virtq_mem;
diff --git a/src/hyperlight_host/src/mem/virtq_mem.rs b/src/hyperlight_host/src/mem/virtq_mem.rs
@@ -0,0 +1,124 @@
+/*
+Copyright 2026  The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+//! Host-side [`MemOps`] implementation for virtqueue access.
+//!
+//! Translates guest virtual addresses used in virtqueue descriptors
+//! to offsets into the scratch [`HostSharedMemory`], reusing its
+//! volatile access and locking patterns.
+
+use core::sync::atomic::{AtomicU16, Ordering};
+
+use hyperlight_common::virtq::MemOps;
+
+use super::shared_mem::{HostSharedMemory, SharedMemory};
+
+/// Error type for host memory operations.
+#[derive(Debug, thiserror::Error)]
+pub enum HostMemError {
+    #[error("address {addr:#x} out of bounds scratch_size={scratch_size}")]
+    OutOfBounds { addr: u64, scratch_size: usize },
+    #[error("shared memory error: {0}")]
+    SharedMem(String),
+    #[error("as_slice/as_mut_slice not supported on host")]
+    DirectSliceNotSupported,
+}
+
+/// Host-side memory accessor for virtqueue operations.
+///
+/// Owns a clone of the scratch [`HostSharedMemory`] and translates
+/// guest virtual addresses (in the scratch region) to offsets for the
+/// existing volatile read/write methods.
+#[derive(Clone)]
+pub(crate) struct HostMemOps {
+    /// Cloned handle to the scratch shared memory
+    scratch: HostSharedMemory,
+    /// The guest virtual address that corresponds to scratch offset 0.
+    scratch_base_gva: u64,
+}
+
+impl HostMemOps {
+    /// Create a new `HostMemOps` backed by shared memory.
+    pub(crate) fn new(scratch: &HostSharedMemory, scratch_base_gva: u64) -> Self {
+        Self {
+            scratch: scratch.clone(),
+            scratch_base_gva,
+        }
+    }
+
+    /// Translate a guest virtual address to a scratch offset.
+    fn to_offset(&self, addr: u64) -> Result<usize, HostMemError> {
+        addr.checked_sub(self.scratch_base_gva)
+            .map(|o| o as usize)
+            .ok_or(HostMemError::OutOfBounds {
+                addr,
+                scratch_size: self.scratch.mem_size(),
+            })
+    }
+
+    /// Get a raw pointer into scratch memory at the given guest address.
+    fn raw_ptr(&self, addr: u64, len: usize) -> Result<*mut u8, HostMemError> {
+        let offset = self.to_offset(addr)?;
+        let scratch_size = self.scratch.mem_size();
+
+        if offset.checked_add(len).is_none_or(|end| end > scratch_size) {
+            return Err(HostMemError::OutOfBounds { addr, scratch_size });
+        }
+
+        Ok(self.scratch.base_ptr().wrapping_add(offset))
+    }
+}
+
+impl MemOps for HostMemOps {
+    type Error = HostMemError;
+
+    fn read(&self, addr: u64, dst: &mut [u8]) -> Result<usize, Self::Error> {
+        let offset = self.to_offset(addr)?;
+        self.scratch
+            .copy_to_slice(dst, offset)
+            .map_err(|e| HostMemError::SharedMem(e.to_string()))?;
+        Ok(dst.len())
+    }
+
+    fn write(&self, addr: u64, src: &[u8]) -> Result<usize, Self::Error> {
+        let offset = self.to_offset(addr)?;
+        self.scratch
+            .copy_from_slice(src, offset)
+            .map_err(|e| HostMemError::SharedMem(e.to_string()))?;
+        Ok(src.len())
+    }
+
+    fn load_acquire(&self, addr: u64) -> Result<u16, Self::Error> {
+        let ptr = self.raw_ptr(addr, core::mem::size_of::<u16>())?;
+        let atomic = unsafe { &*(ptr as *const AtomicU16) };
+        Ok(atomic.load(Ordering::Acquire))
+    }
+
+    fn store_release(&self, addr: u64, val: u16) -> Result<(), Self::Error> {
+        let ptr = self.raw_ptr(addr, core::mem::size_of::<u16>())?;
+        let atomic = unsafe { &*(ptr as *const AtomicU16) };
+        atomic.store(val, Ordering::Release);
+        Ok(())
+    }
+
+    unsafe fn as_slice(&self, _addr: u64, _len: usize) -> Result<&[u8], Self::Error> {
+        Err(HostMemError::DirectSliceNotSupported)
+    }
+
+    unsafe fn as_mut_slice(&self, _addr: u64, _len: usize) -> Result<&mut [u8], Self::Error> {
+        Err(HostMemError::DirectSliceNotSupported)
+    }
+}
