feat(virtq): replace host-to-guest calls with virtq

Signed-off-by: Tomasz Andrzejak <andreiltd@gmail.com>

Author: andreiltd

src/hyperlight_common/src/layout.rs

@@ -36,24 +36,28 @@ pub use arch::{SNAPSHOT_PT_GVA_MAX, SNAPSHOT_PT_GVA_MIN};
 pub const SCRATCH_TOP_SIZE_OFFSET: u64 = 0x08;
 pub const SCRATCH_TOP_ALLOCATOR_OFFSET: u64 = 0x10;
 pub const SCRATCH_TOP_SNAPSHOT_PT_GPA_BASE_OFFSET: u64 = 0x18;
-pub const SCRATCH_TOP_G2H_RING_GVA_OFFSET: u64 = 0x20;
-pub const SCRATCH_TOP_H2G_RING_GVA_OFFSET: u64 = 0x28;
-pub const SCRATCH_TOP_G2H_QUEUE_DEPTH_OFFSET: u64 = 0x30;
-pub const SCRATCH_TOP_H2G_QUEUE_DEPTH_OFFSET: u64 = 0x32;
-pub const SCRATCH_TOP_VIRTQ_POOL_PAGES_OFFSET: u64 = 0x34;
-pub const SCRATCH_TOP_VIRTQ_GENERATION_OFFSET: u64 = 0x36;
-pub const SCRATCH_TOP_EXN_STACK_OFFSET: u64 = 0x40;
+pub const SCRATCH_TOP_SNAPSHOT_GENERATION_OFFSET: u64 = 0x20;
+pub const SCRATCH_TOP_G2H_RING_GVA_OFFSET: u64 = 0x28;
+pub const SCRATCH_TOP_H2G_RING_GVA_OFFSET: u64 = 0x30;
+pub const SCRATCH_TOP_G2H_QUEUE_DEPTH_OFFSET: u64 = 0x38;
+pub const SCRATCH_TOP_H2G_QUEUE_DEPTH_OFFSET: u64 = 0x3A;
+pub const SCRATCH_TOP_G2H_POOL_PAGES_OFFSET: u64 = 0x3C;
+pub const SCRATCH_TOP_H2G_POOL_PAGES_OFFSET: u64 = 0x3E;
+pub const SCRATCH_TOP_H2G_POOL_GVA_OFFSET: u64 = 0x48;
+pub const SCRATCH_TOP_EXN_STACK_OFFSET: u64 = 0x50;
 
 const _: () = {
-    assert!(SCRATCH_TOP_SIZE_OFFSET + 8 <= SCRATCH_TOP_ALLOCATOR_OFFSET);
-    assert!(SCRATCH_TOP_ALLOCATOR_OFFSET + 8 <= SCRATCH_TOP_SNAPSHOT_PT_GPA_BASE_OFFSET);
-    assert!(SCRATCH_TOP_SNAPSHOT_PT_GPA_BASE_OFFSET + 8 <= SCRATCH_TOP_G2H_RING_GVA_OFFSET);
-    assert!(SCRATCH_TOP_G2H_RING_GVA_OFFSET + 8 <= SCRATCH_TOP_H2G_RING_GVA_OFFSET);
-    assert!(SCRATCH_TOP_H2G_RING_GVA_OFFSET + 8 <= SCRATCH_TOP_G2H_QUEUE_DEPTH_OFFSET);
-    assert!(SCRATCH_TOP_G2H_QUEUE_DEPTH_OFFSET + 2 <= SCRATCH_TOP_H2G_QUEUE_DEPTH_OFFSET);
-    assert!(SCRATCH_TOP_H2G_QUEUE_DEPTH_OFFSET + 2 <= SCRATCH_TOP_VIRTQ_POOL_PAGES_OFFSET);
-    assert!(SCRATCH_TOP_VIRTQ_POOL_PAGES_OFFSET + 2 <= SCRATCH_TOP_VIRTQ_GENERATION_OFFSET);
-    assert!(SCRATCH_TOP_VIRTQ_GENERATION_OFFSET + 2 <= SCRATCH_TOP_EXN_STACK_OFFSET);
+    assert!(SCRATCH_TOP_ALLOCATOR_OFFSET >= SCRATCH_TOP_SIZE_OFFSET + 8);
+    assert!(SCRATCH_TOP_SNAPSHOT_PT_GPA_BASE_OFFSET >= SCRATCH_TOP_ALLOCATOR_OFFSET + 8);
+    assert!(SCRATCH_TOP_SNAPSHOT_GENERATION_OFFSET >= SCRATCH_TOP_SNAPSHOT_PT_GPA_BASE_OFFSET + 8);
+    assert!(SCRATCH_TOP_G2H_RING_GVA_OFFSET >= SCRATCH_TOP_SNAPSHOT_GENERATION_OFFSET + 8);
+    assert!(SCRATCH_TOP_H2G_RING_GVA_OFFSET >= SCRATCH_TOP_G2H_RING_GVA_OFFSET + 8);
+    assert!(SCRATCH_TOP_G2H_QUEUE_DEPTH_OFFSET >= SCRATCH_TOP_H2G_RING_GVA_OFFSET + 8);
+    assert!(SCRATCH_TOP_H2G_QUEUE_DEPTH_OFFSET >= SCRATCH_TOP_G2H_QUEUE_DEPTH_OFFSET + 2);
+    assert!(SCRATCH_TOP_G2H_POOL_PAGES_OFFSET >= SCRATCH_TOP_H2G_QUEUE_DEPTH_OFFSET + 2);
+    assert!(SCRATCH_TOP_H2G_POOL_PAGES_OFFSET >= SCRATCH_TOP_G2H_POOL_PAGES_OFFSET + 2);
+    assert!(SCRATCH_TOP_H2G_POOL_GVA_OFFSET >= SCRATCH_TOP_H2G_POOL_PAGES_OFFSET + 8);
+    assert!(SCRATCH_TOP_EXN_STACK_OFFSET >= SCRATCH_TOP_H2G_POOL_GVA_OFFSET + 8);
     assert!(SCRATCH_TOP_EXN_STACK_OFFSET % 0x10 == 0);
 };
 

src/hyperlight_common/src/virtq/mod.rs

@@ -157,6 +157,7 @@ mod event;
 pub mod msg;
 mod pool;
 mod producer;
+pub mod recycle_pool;
 mod ring;
 
 use core::num::NonZeroU16;
@@ -170,7 +171,7 @@ pub use producer::*;
 pub use ring::*;
 use thiserror::Error;
 
-/// A trait for notifying about new requests in the virtqueue.
+/// A trait for notifying the consumer about virtqueue events.
 pub trait Notifier {
     fn notify(&self, stats: QueueStats);
 }
@@ -439,15 +440,14 @@ pub(crate) mod test_utils {
         }
     }
 
+    type TestProducer = VirtqProducer<Arc<TestMem>, TestNotifier, TestPool>;
+    type TestConsumer = VirtqConsumer<Arc<TestMem>, TestNotifier>;
+
     /// Create test infrastructure: a producer, consumer, and notifier backed
     /// by the supplied [`OwnedRing`].
     pub(crate) fn make_test_producer(
         ring: &OwnedRing,
-    ) -> (
-        VirtqProducer<Arc<TestMem>, TestNotifier, TestPool>,
-        VirtqConsumer<Arc<TestMem>, TestNotifier>,
-        TestNotifier,
-    ) {
+    ) -> (TestProducer, TestConsumer, TestNotifier) {
         let layout = ring.layout();
         let mem = ring.mem();
 

src/hyperlight_common/src/virtq/pool.rs

@@ -79,7 +79,6 @@ limitations under the License.
 //!   owning slab (`Slab::resize`) but will never move allocations between
 //!   slabs.
 
-#[cfg(all(test, loom))]
 use alloc::sync::Arc;
 use core::cmp::Ordering;
 
@@ -124,6 +123,9 @@ pub trait BufferProvider {
 
     /// Resize by trying in-place grow; otherwise reserve a new block and free old.
     fn resize(&self, old_alloc: Allocation, new_len: usize) -> Result<Allocation, AllocError>;
+
+    /// Reset the pool to initial state.
+    fn reset(&self) {}
 }
 
 impl<T: BufferProvider> BufferProvider for alloc::rc::Rc<T> {
@@ -136,9 +138,12 @@ impl<T: BufferProvider> BufferProvider for alloc::rc::Rc<T> {
     fn resize(&self, old_alloc: Allocation, new_len: usize) -> Result<Allocation, AllocError> {
         (**self).resize(old_alloc, new_len)
     }
+    fn reset(&self) {
+        (**self).reset()
+    }
 }
 
-impl<T: BufferProvider> BufferProvider for alloc::sync::Arc<T> {
+impl<T: BufferProvider> BufferProvider for Arc<T> {
     fn alloc(&self, len: usize) -> Result<Allocation, AllocError> {
         (**self).alloc(len)
     }
@@ -148,6 +153,9 @@ impl<T: BufferProvider> BufferProvider for alloc::sync::Arc<T> {
     fn resize(&self, old_alloc: Allocation, new_len: usize) -> Result<Allocation, AllocError> {
         (**self).resize(old_alloc, new_len)
     }
+    fn reset(&self) {
+        (**self).reset()
+    }
 }
 
 /// The owner of a mapped buffer, ensuring its lifetime.
@@ -540,26 +548,20 @@ struct Inner<const L: usize, const U: usize> {
 }
 
 /// Two tier buffer pool with small and large slabs.
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub struct BufferPool<const L: usize = 256, const U: usize = 4096> {
-    inner: AtomicRefCell<Inner<L, U>>,
+    // TODO: Use Rc instead, relax Sync + Send bounds
+    inner: Arc<AtomicRefCell<Inner<L, U>>>,
 }
 
 impl<const L: usize, const U: usize> BufferPool<L, U> {
     /// Create a new buffer pool over a fixed region.
     pub fn new(base_addr: u64, region_len: usize) -> Result<Self, AllocError> {
         let inner = Inner::<L, U>::new(base_addr, region_len)?;
         Ok(Self {
-            inner: inner.into(),
+            inner: Arc::new(inner.into()),
         })
     }
-
-    /// Reset the pool to initial state
-    pub fn reset(&self) {
-        let mut inner = self.inner.borrow_mut();
-        inner.lower.reset();
-        inner.upper.reset();
-    }
 }
 
 #[cfg(all(test, loom))]
@@ -672,6 +674,12 @@ impl<const L: usize, const U: usize> BufferProvider for BufferPool<L, U> {
     fn resize(&self, old_alloc: Allocation, new_len: usize) -> Result<Allocation, AllocError> {
         self.inner.borrow_mut().resize(old_alloc, new_len)
     }
+
+    fn reset(&self) {
+        let mut inner = self.inner.borrow_mut();
+        inner.lower.reset();
+        inner.upper.reset();
+    }
 }
 
 #[cfg(all(test, loom))]

src/hyperlight_common/src/virtq/producer.rs

@@ -282,6 +282,13 @@ where
         *slot = Some(inflight);
 
         let should_notify = self.inner.should_notify_since(cursor_before)?;
+
+        // TODO(virtq): for now simulate current outb behavior of only
+        // notifying on bidirectional (request/response) entries.
+        // Eventually this should be decoupled from the buffer layout
+        // and driven entirely by event suppression rules.
+        let should_notify = should_notify && matches!(inflight, Inflight::ReadWrite { .. });
+
         if should_notify {
             self.notifier.notify(QueueStats {
                 num_free: self.inner.num_free(),
@@ -292,6 +299,17 @@ where
         Ok(Token(id))
     }
 
+    /// Signal backpressure to the consumer.
+    ///
+    /// Bypasses event suppression. Call this when submit fails with a backpressure error and the consumer needs to drain.
+    #[inline]
+    pub fn notify_backpressure(&self) {
+        self.notifier.notify(QueueStats {
+            num_free: self.inner.num_free(),
+            num_inflight: self.inner.num_inflight(),
+        });
+    }
+
     /// Get the current used cursor position.
     ///
     /// Useful for setting up descriptor-based event suppression.
@@ -330,10 +348,20 @@ where
         Ok(())
     }
 
-    /// Reset ring and inflight state to initial values.
-    /// Does not reset the buffer pool; call pool.reset() separately if needed.
+    /// Reset ring, inflight, and pool state to initial values.
+    ///
+    /// # Safety
+    ///
+    /// All [`RecvCompletion`]s (and their backing [`Bytes`]) from
+    /// previous `poll()` calls must have been dropped before calling
+    /// this. Outstanding completions hold pool allocations via
+    /// `BufferOwner`; resetting the pool while they exist would cause
+    /// double-free on drop.
+    ///
+    /// TODO(virtq): properly restore state after snapshot instead of just resetting everything
     pub fn reset(&mut self) {
         self.inner.reset();
+        self.pool.reset();
         self.inflight.fill(None);
     }
 }
@@ -343,14 +371,14 @@ where
 /// If dropped without building, no resources are leaked (allocations are
 /// deferred to [`build`](Self::build)).
 #[must_use = "call .build() to create a SendEntry"]
-pub struct ChainBuilder<M: MemOps + Clone, P: BufferProvider + Clone> {
+pub struct ChainBuilder<M: MemOps, P: BufferProvider + Clone> {
     mem: M,
     pool: P,
     entry_cap: Option<usize>,
     cqe_cap: Option<usize>,
 }
 
-impl<M: MemOps + Clone, P: BufferProvider + Clone> ChainBuilder<M, P> {
+impl<M: MemOps, P: BufferProvider + Clone> ChainBuilder<M, P> {
     fn new(mem: M, pool: P) -> Self {
         Self {
             mem,

src/hyperlight_common/src/virtq/recycle_pool.rs

@@ -0,0 +1,120 @@
+/*
+Copyright 2026  The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+//! A simple fixed-size buffer recycler for H2G prefill entries.
+//!
+//! Unlike [`super::BufferPool`] which uses a bitmap allocator, this
+//! holds a fixed set of same-sized buffer addresses in a free list.
+//! Alloc and dealloc are O(1). Intended for H2G writable buffers
+//! that are pre-allocated once and recycled after each use.
+
+use alloc::sync::Arc;
+
+use atomic_refcell::AtomicRefCell;
+use smallvec::SmallVec;
+
+use super::{AllocError, Allocation, BufferProvider};
+
+/// A recycling buffer provider with fixed-size slots.
+#[derive(Clone)]
+pub struct RecyclePool {
+    inner: Arc<AtomicRefCell<RecyclePoolInner>>,
+}
+
+struct RecyclePoolInner {
+    base_addr: u64,
+    slot_size: usize,
+    count: usize,
+    free: SmallVec<[u64; 64]>,
+}
+
+impl RecyclePool {
+    /// Create a new recycling pool by carving `base..base+region_len` into slots of `slot_size` bytes.
+    pub fn new(base_addr: u64, region_len: usize, slot_size: usize) -> Result<Self, AllocError> {
+        if slot_size == 0 {
+            return Err(AllocError::InvalidArg);
+        }
+
+        let count = region_len / slot_size;
+        if count == 0 {
+            return Err(AllocError::EmptyRegion);
+        }
+
+        let mut free = SmallVec::with_capacity(count);
+        for i in 0..count {
+            free.push(base_addr + (i * slot_size) as u64);
+        }
+
+        let inner = AtomicRefCell::new(RecyclePoolInner {
+            base_addr,
+            slot_size,
+            count,
+            free,
+        });
+
+        Ok(Self {
+            inner: inner.into(),
+        })
+    }
+
+    /// Number of free slots.
+    pub fn num_free(&self) -> usize {
+        self.inner.borrow().free.len()
+    }
+}
+
+impl BufferProvider for RecyclePool {
+    fn alloc(&self, len: usize) -> Result<Allocation, AllocError> {
+        let mut inner = self.inner.borrow_mut();
+        if len > inner.slot_size {
+            return Err(AllocError::OutOfMemory);
+        }
+
+        let addr = inner.free.pop().ok_or(AllocError::OutOfMemory)?;
+
+        Ok(Allocation {
+            addr,
+            len: inner.slot_size,
+        })
+    }
+
+    fn dealloc(&self, alloc: Allocation) -> Result<(), AllocError> {
+        let mut inner = self.inner.borrow_mut();
+        inner.free.push(alloc.addr);
+        Ok(())
+    }
+
+    fn resize(&self, old: Allocation, new_len: usize) -> Result<Allocation, AllocError> {
+        let inner = self.inner.borrow();
+        if new_len > inner.slot_size {
+            return Err(AllocError::OutOfMemory);
+        }
+        Ok(old)
+    }
+
+    fn reset(&self) {
+        let mut inner = self.inner.borrow_mut();
+        let base = inner.base_addr;
+        let slot = inner.slot_size;
+        let count = inner.count;
+
+        inner.free.clear();
+
+        for i in 0..count {
+            inner.free.push(base + (i * slot) as u64);
+        }
+    }
+}