Expand description
Host-side read-only view of the guest’s heap-resident cap
directory (see guest_cache_reader::GuestCacheReader).
Host-side read-only view of the guest’s heap-resident cap
directory.
After Commit 2, the guest kernel is linked into the per-process
GUEST_VA reservation at a canonical low-half VA. The host
process can mmap-shadow the kernel image at the same VA, so any
kernel-mode pointer (e.g. the address of the
nub_arch_x86::state_cache::CACHE CacheDirectory<FixedState>)
is directly dereferenceable from host code.
GuestCacheReader wraps the directory VA published by the
guest in its BootInfo block (MultiUseSandbox::boot_info
later — for now this module just exposes the type for
Commit 4’s wiring) and exposes a get(hash) -> Option<&Cap>
helper. The directory is a CacheDirectory<FixedState> on
both sides — both host and guest see the same
Box<CacheEntry> cells through the same FixedState seed, so
bucket assignments match and the host’s view of the table is
byte-identical to the guest’s.
§Safety
- The construction is
unsafe: the caller must promise thedirectory_vais correct (came from a verifiedBootInfo::magic+ matchingdirectory_type_id). - The reader holds no lock on its own. To read consistently, the caller must ensure no concurrent guest-mode mutation is in flight (V0: the host only reads when no guest call is executing — Hyperlight serialises host/guest exclusively).
- Returned
&Capborrows live until the next time the host hands control back to the guest. After that the directory’s contents may change and any retained pointer is stale.
Structs§
- Guest
Cache Reader - Read-only view of the guest’s heap-resident cap directory.
Enums§
- Guest
Cache Reader Error - Failures from
GuestCacheReader::new.