From 51317d7ec32faa7936bd1b246568c55fb2f4a2fc Mon Sep 17 00:00:00 2001 From: Simon Davies Date: Thu, 15 May 2025 20:44:40 +0100 Subject: [PATCH] Remove in-process mode from hyperlight-guest and remaining clean up in hyperlight-host Signed-off-by: Simon Davies --- README.md | 3 +- fuzz/fuzz_targets/guest_call.rs | 1 - fuzz/fuzz_targets/host_call.rs | 3 +- fuzz/fuzz_targets/host_print.rs | 1 - src/hyperlight_common/src/mem.rs | 13 -- src/hyperlight_guest/src/chkstk.rs | 62 +------- src/hyperlight_guest/src/entrypoint.rs | 62 ++------ src/hyperlight_guest/src/guest_error.rs | 5 - .../src/host_function_call.rs | 45 ++---- src/hyperlight_guest/src/lib.rs | 9 +- src/hyperlight_host/benches/benchmarks.rs | 3 +- src/hyperlight_host/examples/func_ctx/main.rs | 2 +- .../examples/guest-debugging/main.rs | 3 +- .../examples/hello-world/main.rs | 1 - src/hyperlight_host/examples/logging/main.rs | 9 +- src/hyperlight_host/examples/metrics/main.rs | 11 +- .../examples/tracing-chrome/main.rs | 2 +- .../examples/tracing-otlp/main.rs | 2 +- .../examples/tracing-tracy/main.rs | 2 +- src/hyperlight_host/examples/tracing/main.rs | 9 +- src/hyperlight_host/src/func/call_ctx.rs | 2 +- .../src/func/guest_dispatch.rs | 7 - .../src/hypervisor/hypervisor_handler.rs | 25 +--- .../src/hypervisor/inprocess.rs | 140 ------------------ src/hyperlight_host/src/hypervisor/mod.rs | 3 +- src/hyperlight_host/src/lib.rs | 2 - src/hyperlight_host/src/mem/layout.rs | 25 +--- src/hyperlight_host/src/mem/mgr.rs | 8 +- src/hyperlight_host/src/metrics/mod.rs | 1 - .../src/sandbox/initialized_multi_use.rs | 9 +- src/hyperlight_host/src/sandbox/mod.rs | 6 +- .../src/sandbox/run_options.rs | 49 ------ .../src/sandbox/uninitialized.rs | 46 ++---- .../src/sandbox/uninitialized_evolve.rs | 31 +--- src/hyperlight_host/tests/common/mod.rs | 6 +- src/hyperlight_host/tests/integration_test.rs | 7 +- .../tests/sandbox_host_tests.rs | 6 +- 37 files changed, 90 insertions(+), 531 deletions(-) delete mode 100644 src/hyperlight_host/src/hypervisor/inprocess.rs delete mode 100644 src/hyperlight_host/src/sandbox/run_options.rs diff --git a/README.md b/README.md index c795e01ea..8a9788b19 100644 --- a/README.md +++ b/README.md @@ -42,8 +42,7 @@ fn main() -> hyperlight_host::Result<()> { // Create an uninitialized sandbox with a guest binary let mut uninitialized_sandbox = UninitializedSandbox::new( hyperlight_host::GuestBinary::FilePath(hyperlight_testing::simple_guest_as_string().unwrap()), - None, // default configuration - None, // default run options + None // default configuration )?; // Registering a host function makes it available to be called by the guest diff --git a/fuzz/fuzz_targets/guest_call.rs b/fuzz/fuzz_targets/guest_call.rs index 4cb22fb1e..a89bb15de 100644 --- a/fuzz/fuzz_targets/guest_call.rs +++ b/fuzz/fuzz_targets/guest_call.rs @@ -35,7 +35,6 @@ fuzz_target!( let u_sbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")), None, - None, ) .unwrap(); diff --git a/fuzz/fuzz_targets/host_call.rs b/fuzz/fuzz_targets/host_call.rs index 10e9ccf27..423186f16 100644 --- a/fuzz/fuzz_targets/host_call.rs +++ b/fuzz/fuzz_targets/host_call.rs @@ -33,8 +33,7 @@ fuzz_target!( init: { let u_sbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")), - None, - None, + None ) .unwrap(); diff --git a/fuzz/fuzz_targets/host_print.rs b/fuzz/fuzz_targets/host_print.rs index 33799ac03..c90245e13 100644 --- a/fuzz/fuzz_targets/host_print.rs +++ b/fuzz/fuzz_targets/host_print.rs @@ -21,7 +21,6 @@ fuzz_target!( let u_sbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")), None, - None, ) .unwrap(); diff --git a/src/hyperlight_common/src/mem.rs b/src/hyperlight_common/src/mem.rs index 03b886094..bd94fb692 100644 --- a/src/hyperlight_common/src/mem.rs +++ b/src/hyperlight_common/src/mem.rs @@ -22,16 +22,6 @@ pub const PAGE_SIZE_USIZE: usize = 1 << 12; use core::ffi::{c_char, c_void}; -#[repr(u64)] -#[derive(Debug, Copy, Clone, PartialEq, Eq)] -pub enum RunMode { - None = 0, - Hypervisor = 1, - InProcessWindows = 2, - InProcessLinux = 3, - Invalid = 4, -} - #[repr(C)] pub struct InputData { pub inputDataSize: u64, @@ -67,9 +57,6 @@ pub struct HyperlightPEB { pub security_cookie_seed: u64, pub guest_function_dispatch_ptr: u64, pub pCode: *mut c_char, - pub pOutb: *mut c_void, - pub pOutbContext: *mut c_void, - pub runMode: RunMode, pub inputdata: InputData, pub outputdata: OutputData, pub guestheapData: GuestHeapData, diff --git a/src/hyperlight_guest/src/chkstk.rs b/src/hyperlight_guest/src/chkstk.rs index e3e0dc4fc..f3cd24f64 100644 --- a/src/hyperlight_guest/src/chkstk.rs +++ b/src/hyperlight_guest/src/chkstk.rs @@ -15,12 +15,9 @@ limitations under the License. */ use core::arch::global_asm; -use core::mem::size_of; -use hyperlight_common::mem::RunMode; - -use crate::guest_error::{set_invalid_runmode_error, set_stack_allocate_error}; -use crate::{MIN_STACK_ADDRESS, RUNNING_MODE}; +use crate::guest_error::set_stack_allocate_error; +use crate::MIN_STACK_ADDRESS; extern "win64" { fn __chkstk(); @@ -35,21 +32,6 @@ global_asm!( push r10 push r11 - /* Load run_mode into r10 */ - mov r10, qword ptr [rip+{run_mode}] - - cmp r10, 0 - je handle_none - cmp r10, 1 - je handle_hypervisor - cmp r10, 2 - je handle_inproc_windows - cmp r10, 3 - je handle_inproc_linux - /* run_mode > 3 (invalid), so treat like handle_none */ - jmp handle_invalid - - handle_hypervisor: /* Load the minimum stack address from the PEB */ mov r11, [rip+{min_stack_addr}] @@ -72,49 +54,11 @@ global_asm!( call {set_error} hlt - handle_inproc_windows: - /* Get the current stack pointer */ - lea r10, [rsp + 0x18] - - /* Calculate what the new stack pointer will be */ - sub r10, rax - cmovb r10, r11 - mov r11, qword ptr gs:[0x0000000000000010] - cmp r10, r11 - jae cs_ret - and r10w, 0x0F000 - csip_stackprobe: - lea r11, [r11 + 0x0FFFFFFFFFFFFF000] - mov byte ptr [r11], 0 - cmp r10, r11 - jne csip_stackprobe cs_ret: /* Restore RAX, R11 */ pop r11 pop r10 - ret - handle_inproc_linux: - /* no-op */ - jmp cs_ret - handle_none: - /* no-op. This can entrypoint has a large stack allocation - before RunMode variable is set */ - jmp cs_ret - handle_invalid: - call {invalid_runmode}", - run_mode = sym RUNNING_MODE, + ret", min_stack_addr = sym MIN_STACK_ADDRESS, set_error = sym set_stack_allocate_error, - invalid_runmode = sym set_invalid_runmode_error ); - -// Assumptions made in implementation above. If these are no longer true, compilation will fail -// and the developer will need to update the assembly code. -const _: () = { - assert!(size_of::() == size_of::()); - assert!(RunMode::None as u64 == 0); - assert!(RunMode::Hypervisor as u64 == 1); - assert!(RunMode::InProcessWindows as u64 == 2); - assert!(RunMode::InProcessLinux as u64 == 3); - assert!(RunMode::Invalid as u64 == 4); -}; diff --git a/src/hyperlight_guest/src/entrypoint.rs b/src/hyperlight_guest/src/entrypoint.rs index e87a3b738..0e8506844 100644 --- a/src/hyperlight_guest/src/entrypoint.rs +++ b/src/hyperlight_guest/src/entrypoint.rs @@ -15,9 +15,9 @@ limitations under the License. */ use core::arch::asm; -use core::ffi::{c_char, c_void, CStr}; +use core::ffi::{c_char, CStr}; -use hyperlight_common::mem::{HyperlightPEB, RunMode}; +use hyperlight_common::mem::HyperlightPEB; use hyperlight_common::outb::OutBAction; use log::LevelFilter; use spin::Once; @@ -27,18 +27,11 @@ use crate::guest_function_call::dispatch_function; use crate::guest_logger::init_logger; use crate::host_function_call::outb; use crate::idtr::load_idt; -use crate::{ - __security_cookie, HEAP_ALLOCATOR, MIN_STACK_ADDRESS, OS_PAGE_SIZE, OUTB_PTR, - OUTB_PTR_WITH_CONTEXT, P_PEB, RUNNING_MODE, -}; +use crate::{__security_cookie, HEAP_ALLOCATOR, MIN_STACK_ADDRESS, OS_PAGE_SIZE, P_PEB}; #[inline(never)] pub fn halt() { - unsafe { - if RUNNING_MODE == RunMode::Hypervisor { - asm!("hlt", options(nostack)) - } - } + unsafe { asm!("hlt", options(nostack)) } } #[no_mangle] @@ -105,45 +98,14 @@ pub extern "win64" fn entrypoint(peb_address: u64, seed: u64, ops: u64, max_log_ .expect("Invalid log level"); init_logger(max_log_level); - match (*peb_ptr).runMode { - RunMode::Hypervisor => { - RUNNING_MODE = RunMode::Hypervisor; - // This static is to make it easier to implement the __chkstk function in assembly. - // It also means that should we change the layout of the struct in the future, we - // don't have to change the assembly code. - MIN_STACK_ADDRESS = (*peb_ptr).gueststackData.minUserStackAddress; - - // Setup GDT and IDT - load_gdt(); - load_idt(); - } - RunMode::InProcessLinux | RunMode::InProcessWindows => { - RUNNING_MODE = (*peb_ptr).runMode; - - OUTB_PTR = { - let outb_ptr: extern "win64" fn(u16, *const u8, u64) = - core::mem::transmute((*peb_ptr).pOutb); - Some(outb_ptr) - }; - - if (*peb_ptr).pOutbContext.is_null() { - panic!("OutbContext is null"); - } - - OUTB_PTR_WITH_CONTEXT = { - let outb_ptr_with_context: extern "win64" fn( - *mut c_void, - u16, - *const u8, - u64, - ) = core::mem::transmute((*peb_ptr).pOutb); - Some(outb_ptr_with_context) - }; - } - _ => { - panic!("Invalid runmode in PEB"); - } - } + // This static is to make it easier to implement the __chkstk function in assembly. + // It also means that should we change the layout of the struct in the future, we + // don't have to change the assembly code. + MIN_STACK_ADDRESS = (*peb_ptr).gueststackData.minUserStackAddress; + + // Setup GDT and IDT + load_gdt(); + load_idt(); let heap_start = (*peb_ptr).guestheapData.guestHeapBuffer as usize; let heap_size = (*peb_ptr).guestheapData.guestHeapSize as usize; diff --git a/src/hyperlight_guest/src/guest_error.rs b/src/hyperlight_guest/src/guest_error.rs index 4057c7c09..1c8f57261 100644 --- a/src/hyperlight_guest/src/guest_error.rs +++ b/src/hyperlight_guest/src/guest_error.rs @@ -52,11 +52,6 @@ pub(crate) extern "win64" fn set_stack_allocate_error() { outb(OutBAction::Abort as u16, &[ErrorCode::StackOverflow as u8]); } -#[no_mangle] -pub(crate) extern "win64" fn set_invalid_runmode_error() { - panic!("Invalid run mode in __chkstk"); -} - /// Exposes a C API to allow the guest to set an error /// /// # Safety diff --git a/src/hyperlight_guest/src/host_function_call.rs b/src/hyperlight_guest/src/host_function_call.rs index 84de2f091..df31307b3 100644 --- a/src/hyperlight_guest/src/host_function_call.rs +++ b/src/hyperlight_guest/src/host_function_call.rs @@ -25,13 +25,11 @@ use hyperlight_common::flatbuffer_wrappers::function_types::{ }; use hyperlight_common::flatbuffer_wrappers::guest_error::ErrorCode; use hyperlight_common::flatbuffer_wrappers::util::get_flatbuffer_result; -use hyperlight_common::mem::RunMode; use hyperlight_common::outb::OutBAction; use crate::error::{HyperlightGuestError, Result}; use crate::shared_input_data::try_pop_shared_input_data_into; use crate::shared_output_data::push_shared_output_data; -use crate::{OUTB_PTR, OUTB_PTR_WITH_CONTEXT, P_PEB, RUNNING_MODE}; /// Get a return value from a host function call. /// This usually requires a host function to be called first using `call_host_function`. @@ -77,39 +75,16 @@ pub fn call_host_function( pub fn outb(port: u16, data: &[u8]) { unsafe { - match RUNNING_MODE { - RunMode::Hypervisor => { - let mut i = 0; - while i < data.len() { - let remaining = data.len() - i; - let chunk_len = remaining.min(3); - let mut chunk = [0u8; 4]; - chunk[0] = chunk_len as u8; - chunk[1..1 + chunk_len].copy_from_slice(&data[i..i + chunk_len]); - let val = u32::from_le_bytes(chunk); - out32(port, val); - i += chunk_len; - } - } - RunMode::InProcessLinux | RunMode::InProcessWindows => { - if let Some(outb_func) = OUTB_PTR_WITH_CONTEXT { - if let Some(peb_ptr) = P_PEB { - outb_func( - (*peb_ptr).pOutbContext, - port, - data.as_ptr(), - data.len() as u64, - ); - } - } else if let Some(outb_func) = OUTB_PTR { - outb_func(port, data.as_ptr(), data.len() as u64); - } else { - panic!("Tried to call outb without hypervisor and without outb function ptrs"); - } - } - _ => { - panic!("Tried to call outb in invalid runmode"); - } + let mut i = 0; + while i < data.len() { + let remaining = data.len() - i; + let chunk_len = remaining.min(3); + let mut chunk = [0u8; 4]; + chunk[0] = chunk_len as u8; + chunk[1..1 + chunk_len].copy_from_slice(&data[i..i + chunk_len]); + let val = u32::from_le_bytes(chunk); + out32(port, val); + i += chunk_len; } } } diff --git a/src/hyperlight_guest/src/lib.rs b/src/hyperlight_guest/src/lib.rs index 688d65fb8..f150f7834 100644 --- a/src/hyperlight_guest/src/lib.rs +++ b/src/hyperlight_guest/src/lib.rs @@ -21,7 +21,7 @@ use alloc::string::ToString; use buddy_system_allocator::LockedHeap; use guest_function_register::GuestFunctionRegister; use hyperlight_common::flatbuffer_wrappers::guest_error::ErrorCode; -use hyperlight_common::mem::{HyperlightPEB, RunMode}; +use hyperlight_common::mem::HyperlightPEB; use crate::entrypoint::abort_with_code_and_message; extern crate alloc; @@ -59,6 +59,7 @@ pub mod logging; pub(crate) extern "C" fn __CxxFrameHandler3() {} ///cbindgen:ignore #[no_mangle] +#[clippy::allow(clippy::non_upper_case_globals)] pub(crate) static _fltused: i32 = 0; // It looks like rust-analyzer doesn't correctly manage no_std crates, @@ -83,17 +84,13 @@ pub(crate) static HEAP_ALLOCATOR: LockedHeap<32> = LockedHeap::<32>::empty(); ///cbindgen:ignore #[no_mangle] +#[clippy::allow(clippy::non_upper_case_globals)] pub(crate) static mut __security_cookie: u64 = 0; pub(crate) static mut P_PEB: Option<*mut HyperlightPEB> = None; pub static mut MIN_STACK_ADDRESS: u64 = 0; pub static mut OS_PAGE_SIZE: u32 = 0; -pub(crate) static mut OUTB_PTR: Option = None; -pub(crate) static mut OUTB_PTR_WITH_CONTEXT: Option< - extern "win64" fn(*mut core::ffi::c_void, u16, *const u8, u64), -> = None; -pub static mut RUNNING_MODE: RunMode = RunMode::None; pub(crate) static mut REGISTERED_GUEST_FUNCTIONS: GuestFunctionRegister = GuestFunctionRegister::new(); diff --git a/src/hyperlight_host/benches/benchmarks.rs b/src/hyperlight_host/benches/benchmarks.rs index 4477ce04d..62624dd5c 100644 --- a/src/hyperlight_host/benches/benchmarks.rs +++ b/src/hyperlight_host/benches/benchmarks.rs @@ -26,7 +26,7 @@ use hyperlight_testing::simple_guest_as_string; fn create_uninit_sandbox() -> UninitializedSandbox { let path = simple_guest_as_string().unwrap(); - UninitializedSandbox::new(GuestBinary::FilePath(path), None, None).unwrap() + UninitializedSandbox::new(GuestBinary::FilePath(path), None).unwrap() } fn create_multiuse_sandbox() -> MultiUseSandbox { @@ -82,7 +82,6 @@ fn guest_call_benchmark(c: &mut Criterion) { let sandbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().unwrap()), Some(config), - None, ) .unwrap(); let mut sandbox = sandbox.evolve(Noop::default()).unwrap(); diff --git a/src/hyperlight_host/examples/func_ctx/main.rs b/src/hyperlight_host/examples/func_ctx/main.rs index ee408a328..8fe041393 100644 --- a/src/hyperlight_host/examples/func_ctx/main.rs +++ b/src/hyperlight_host/examples/func_ctx/main.rs @@ -27,7 +27,7 @@ fn main() { // test guest binary let sbox1: MultiUseSandbox = { let path = simple_guest_as_string().unwrap(); - let u_sbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None, None).unwrap(); + let u_sbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None).unwrap(); u_sbox.evolve(Noop::default()) } .unwrap(); diff --git a/src/hyperlight_host/examples/guest-debugging/main.rs b/src/hyperlight_host/examples/guest-debugging/main.rs index 514a9a256..2ea5a6eb7 100644 --- a/src/hyperlight_host/examples/guest-debugging/main.rs +++ b/src/hyperlight_host/examples/guest-debugging/main.rs @@ -47,8 +47,7 @@ fn main() -> hyperlight_host::Result<()> { hyperlight_host::GuestBinary::FilePath( hyperlight_testing::simple_guest_as_string().unwrap(), ), - cfg, // sandbox configuration - None, // default run options + cfg, // sandbox configuration )?; // Register a host functions diff --git a/src/hyperlight_host/examples/hello-world/main.rs b/src/hyperlight_host/examples/hello-world/main.rs index 6f27a34c5..2ee72a945 100644 --- a/src/hyperlight_host/examples/hello-world/main.rs +++ b/src/hyperlight_host/examples/hello-world/main.rs @@ -28,7 +28,6 @@ fn main() -> hyperlight_host::Result<()> { hyperlight_testing::simple_guest_as_string().unwrap(), ), None, // default configuration - None, // default run options )?; // Register a host functions diff --git a/src/hyperlight_host/examples/logging/main.rs b/src/hyperlight_host/examples/logging/main.rs index b24a5c7c7..3948947e0 100644 --- a/src/hyperlight_host/examples/logging/main.rs +++ b/src/hyperlight_host/examples/logging/main.rs @@ -42,7 +42,7 @@ fn main() -> Result<()> { let path = hyperlight_guest_path.clone(); let res: Result<()> = { // Create a new sandbox. - let mut usandbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None, None)?; + let mut usandbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None)?; usandbox.register_print(fn_writer)?; // Initialize the sandbox. @@ -81,11 +81,8 @@ fn main() -> Result<()> { } // Create a new sandbox. - let usandbox = UninitializedSandbox::new( - GuestBinary::FilePath(hyperlight_guest_path.clone()), - None, - None, - )?; + let usandbox = + UninitializedSandbox::new(GuestBinary::FilePath(hyperlight_guest_path.clone()), None)?; // Initialize the sandbox. diff --git a/src/hyperlight_host/examples/metrics/main.rs b/src/hyperlight_host/examples/metrics/main.rs index d443e9ca9..979b29506 100644 --- a/src/hyperlight_host/examples/metrics/main.rs +++ b/src/hyperlight_host/examples/metrics/main.rs @@ -54,7 +54,7 @@ fn do_hyperlight_stuff() { let path = hyperlight_guest_path.clone(); let handle = spawn(move || -> Result<()> { // Create a new sandbox. - let mut usandbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None, None)?; + let mut usandbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None)?; usandbox.register_print(fn_writer)?; // Initialize the sandbox. @@ -93,12 +93,9 @@ fn do_hyperlight_stuff() { } // Create a new sandbox. - let usandbox = UninitializedSandbox::new( - GuestBinary::FilePath(hyperlight_guest_path.clone()), - None, - None, - ) - .expect("Failed to create UninitializedSandbox"); + let usandbox = + UninitializedSandbox::new(GuestBinary::FilePath(hyperlight_guest_path.clone()), None) + .expect("Failed to create UninitializedSandbox"); // Initialize the sandbox. diff --git a/src/hyperlight_host/examples/tracing-chrome/main.rs b/src/hyperlight_host/examples/tracing-chrome/main.rs index c1c797553..b5fe3f79a 100644 --- a/src/hyperlight_host/examples/tracing-chrome/main.rs +++ b/src/hyperlight_host/examples/tracing-chrome/main.rs @@ -33,7 +33,7 @@ fn main() -> Result<()> { simple_guest_as_string().expect("Cannot find the guest binary at the expected location."); // Create a new sandbox. - let usandbox = UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None, None)?; + let usandbox = UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None)?; let mut sbox = usandbox .evolve(Noop::::default()) diff --git a/src/hyperlight_host/examples/tracing-otlp/main.rs b/src/hyperlight_host/examples/tracing-otlp/main.rs index bc89aae1a..97cb8d5c6 100644 --- a/src/hyperlight_host/examples/tracing-otlp/main.rs +++ b/src/hyperlight_host/examples/tracing-otlp/main.rs @@ -130,7 +130,7 @@ fn run_example(wait_input: bool) -> HyperlightResult<()> { // Create a new sandbox. let mut usandbox = - UninitializedSandbox::new(GuestBinary::FilePath(path.clone()), None, None)?; + UninitializedSandbox::new(GuestBinary::FilePath(path.clone()), None)?; usandbox.register_print(fn_writer)?; // Initialize the sandbox. diff --git a/src/hyperlight_host/examples/tracing-tracy/main.rs b/src/hyperlight_host/examples/tracing-tracy/main.rs index 72b929a2d..216eef1fc 100644 --- a/src/hyperlight_host/examples/tracing-tracy/main.rs +++ b/src/hyperlight_host/examples/tracing-tracy/main.rs @@ -39,7 +39,7 @@ fn main() -> Result<()> { simple_guest_as_string().expect("Cannot find the guest binary at the expected location."); // Create a new sandbox. - let usandbox = UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None, None)?; + let usandbox = UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None)?; let mut sbox = usandbox .evolve(Noop::::default()) diff --git a/src/hyperlight_host/examples/tracing/main.rs b/src/hyperlight_host/examples/tracing/main.rs index 077dec17b..a3ca8fb7e 100644 --- a/src/hyperlight_host/examples/tracing/main.rs +++ b/src/hyperlight_host/examples/tracing/main.rs @@ -71,7 +71,7 @@ fn run_example() -> Result<()> { let _entered = span.enter(); // Create a new sandbox. - let mut usandbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None, None)?; + let mut usandbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None)?; usandbox.register_print(fn_writer)?; // Initialize the sandbox. @@ -109,11 +109,8 @@ fn run_example() -> Result<()> { } // Create a new sandbox. - let usandbox = UninitializedSandbox::new( - GuestBinary::FilePath(hyperlight_guest_path.clone()), - None, - None, - )?; + let usandbox = + UninitializedSandbox::new(GuestBinary::FilePath(hyperlight_guest_path.clone()), None)?; // Initialize the sandbox. diff --git a/src/hyperlight_host/src/func/call_ctx.rs b/src/hyperlight_host/src/func/call_ctx.rs index 9d7404410..619c45818 100644 --- a/src/hyperlight_host/src/func/call_ctx.rs +++ b/src/hyperlight_host/src/func/call_ctx.rs @@ -117,7 +117,7 @@ mod tests { let path = simple_guest_as_string().map_err(|e| { HyperlightError::Error(format!("failed to get simple guest path ({e:?})")) })?; - UninitializedSandbox::new(GuestBinary::FilePath(path), None, None) + UninitializedSandbox::new(GuestBinary::FilePath(path), None) } /// Test to create a `MultiUseSandbox`, then call several guest functions diff --git a/src/hyperlight_host/src/func/guest_dispatch.rs b/src/hyperlight_host/src/func/guest_dispatch.rs index 8b911c295..8b512cead 100644 --- a/src/hyperlight_host/src/func/guest_dispatch.rs +++ b/src/hyperlight_host/src/func/guest_dispatch.rs @@ -154,7 +154,6 @@ mod tests { let mut usbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .unwrap(); @@ -187,7 +186,6 @@ mod tests { let mut usbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .unwrap(); @@ -218,7 +216,6 @@ mod tests { UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .unwrap() }; @@ -333,7 +330,6 @@ mod tests { // variability below None, // by default, the below represents in-hypervisor mode - None, ) .unwrap(); test_call_guest_function_by_name(u_sbox); @@ -354,7 +350,6 @@ mod tests { let usbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, )?; let sandbox: MultiUseSandbox = usbox.evolve(Noop::default())?; let mut ctx = sandbox.new_call_context(); @@ -402,7 +397,6 @@ mod tests { let mut usbox = UninitializedSandbox::new( GuestBinary::FilePath(callback_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .unwrap(); @@ -440,7 +434,6 @@ mod tests { let usbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .unwrap(); diff --git a/src/hyperlight_host/src/hypervisor/hypervisor_handler.rs b/src/hyperlight_host/src/hypervisor/hypervisor_handler.rs index 5044f0b29..8e351708c 100644 --- a/src/hyperlight_host/src/hypervisor/hypervisor_handler.rs +++ b/src/hyperlight_host/src/hypervisor/hypervisor_handler.rs @@ -299,7 +299,6 @@ impl HypervisorHandler { { hv = Some(set_up_hypervisor_partition( execution_variables.shm.try_lock().map_err(|e| new_error!("Failed to lock shm: {}", e))?.deref_mut().as_mut().ok_or_else(|| new_error!("shm not set"))?, - configuration.outb_handler.clone(), #[cfg(gdb)] &debug_info, )?); @@ -772,19 +771,15 @@ impl HypervisorHandler { } #[cfg(target_os = "windows")] { - if self.execution_variables.get_partition_handle()?.is_some() { - // partition handle only set when running in-hypervisor (not in-process) - unsafe { - WHvCancelRunVirtualProcessor( - #[allow(clippy::unwrap_used)] - self.execution_variables.get_partition_handle()?.unwrap(), // safe unwrap as we checked is some - 0, - 0, - ) - .map_err(|e| new_error!("Failed to cancel guest execution {:?}", e))?; - } + unsafe { + WHvCancelRunVirtualProcessor( + #[allow(clippy::unwrap_used)] + self.execution_variables.get_partition_handle()?.unwrap(), // safe unwrap as we checked is some + 0, + 0, + ) + .map_err(|e| new_error!("Failed to cancel guest execution {:?}", e))?; } - // if running in-process on windows, we currently have no way of cancelling the execution } Ok(()) @@ -826,8 +821,6 @@ pub enum HandlerMsg { fn set_up_hypervisor_partition( mgr: &mut SandboxMemoryManager, - #[allow(unused_variables)] // parameter only used for in-process mode - outb_handler: OutBHandlerWrapper, #[cfg(gdb)] debug_info: &Option, ) -> Result> { let mem_size = u64::try_from(mgr.shared_mem.mem_size())?; @@ -863,7 +856,6 @@ fn set_up_hypervisor_partition( } // Create gdb thread if gdb is enabled and the configuration is provided - // This is only done when the hypervisor is not in-process #[cfg(gdb)] let gdb_conn = if let Some(DebugInfo { port }) = debug_info { let gdb_conn = create_gdb_thread(*port, unsafe { pthread_self() }); @@ -975,7 +967,6 @@ mod tests { let usbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), cfg, - None, ) .unwrap(); diff --git a/src/hyperlight_host/src/hypervisor/inprocess.rs b/src/hyperlight_host/src/hypervisor/inprocess.rs deleted file mode 100644 index 0a87c30d2..000000000 --- a/src/hyperlight_host/src/hypervisor/inprocess.rs +++ /dev/null @@ -1,140 +0,0 @@ -/* -Copyright 2024 The Hyperlight Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -use std::fmt::Debug; -use std::os::raw::c_void; - -use log::LevelFilter; - -#[cfg(gdb)] -use super::handlers::DbgMemAccessHandlerWrapper; -use super::{HyperlightExit, Hypervisor}; -#[cfg(crashdump)] -use crate::mem::memory_region::MemoryRegion; -use crate::sandbox::leaked_outb::LeakedOutBWrapper; -use crate::Result; - -/// Arguments passed to inprocess driver -pub struct InprocessArgs<'a> { - /// raw ptr to guest's entrypoint fn. Since we are in-process mode, this is a ptr in the host's address space - pub entrypoint_raw: u64, - /// raw ptr to peb structure. Since we are in-process mode, this is a ptr in the host's address space - pub peb_ptr_raw: u64, - // compiler can't tell that we are actually using this in a deeply unsafe way. - #[allow(dead_code)] - pub(crate) leaked_outb_wrapper: LeakedOutBWrapper<'a>, -} - -/// Arguments passed to inprocess driver -pub struct InprocessDriver<'a> { - args: InprocessArgs<'a>, -} - -impl Debug for InprocessArgs<'_> { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - f.debug_struct("InprocessArgs") - .field("entrypoint_raw", &self.entrypoint_raw) - .field("peb_ptr_raw", &self.peb_ptr_raw) - .finish() - } -} - -impl<'a> InprocessDriver<'a> { - /// Create a new InprocessDriver. This should only be used in testing/debugging, - /// since it doesn't run the guest code in a hypervisor - pub fn new(args: InprocessArgs<'a>) -> Result { - Ok(Self { args }) - } -} - -impl Debug for InprocessDriver<'_> { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - f.debug_struct("InprocessDriver") - .field("args", &self.args) - .finish() - } -} - -impl<'a> Hypervisor for InprocessDriver<'a> { - fn initialise( - &mut self, - _peb_addr: crate::mem::ptr::RawPtr, - seed: u64, - page_size: u32, - _outb_handle_fn: super::handlers::OutBHandlerWrapper, - _mem_access_fn: super::handlers::MemAccessHandlerWrapper, - _hv_handler: Option, - _guest_max_log_level: Option, - #[cfg(gdb)] _dbg_mem_access_fn: DbgMemAccessHandlerWrapper, - ) -> crate::Result<()> { - let entrypoint_fn: extern "win64" fn(u64, u64, u64, u64) = - unsafe { std::mem::transmute(self.args.entrypoint_raw as *const c_void) }; - - entrypoint_fn( - self.args.peb_ptr_raw, - seed, - page_size as u64, - log::max_level() as u64, - ); - - Ok(()) - } - - fn dispatch_call_from_host( - &mut self, - dispatch_func_addr: crate::mem::ptr::RawPtr, - _outb_handle_fn: super::handlers::OutBHandlerWrapper, - _mem_access_fn: super::handlers::MemAccessHandlerWrapper, - _hv_handler: Option, - #[cfg(gdb)] _dbg_mem_access_fn: DbgMemAccessHandlerWrapper, - ) -> crate::Result<()> { - let ptr: u64 = dispatch_func_addr.into(); - let dispatch_func: extern "win64" fn() = - unsafe { std::mem::transmute(ptr as *const c_void) }; - - dispatch_func(); - Ok(()) - } - - fn handle_io( - &mut self, - _port: u16, - _data: Vec, - _rip: u64, - _instruction_length: u64, - _outb_handle_fn: super::handlers::OutBHandlerWrapper, - ) -> crate::Result<()> { - unimplemented!("handle_io should not be needed since we are in in-process mode") - } - - fn run(&mut self) -> Result { - unimplemented!("run should not be needed since we are in in-process mode") - } - - fn as_mut_hypervisor(&mut self) -> &mut dyn Hypervisor { - self - } - - #[cfg(target_os = "windows")] - fn get_partition_handle(&self) -> windows::Win32::System::Hypervisor::WHV_PARTITION_HANDLE { - unimplemented!("get_partition_handle should not be needed since we are in in-process mode") - } - - #[cfg(crashdump)] - fn get_memory_regions(&self) -> &[MemoryRegion] { - unimplemented!("get_memory_regions is not supported since we are in in-process mode") - } -} diff --git a/src/hyperlight_host/src/hypervisor/mod.rs b/src/hyperlight_host/src/hypervisor/mod.rs index a4617c553..62cebe829 100644 --- a/src/hyperlight_host/src/hypervisor/mod.rs +++ b/src/hyperlight_host/src/hypervisor/mod.rs @@ -363,8 +363,7 @@ pub(crate) mod tests { )); } - let sandbox = - UninitializedSandbox::new(GuestBinary::FilePath(filename.clone()), None, None)?; + let sandbox = UninitializedSandbox::new(GuestBinary::FilePath(filename.clone()), None)?; let (hshm, gshm) = sandbox.mgr.build(); drop(hshm); diff --git a/src/hyperlight_host/src/lib.rs b/src/hyperlight_host/src/lib.rs index f0a98a0d8..c18027d63 100644 --- a/src/hyperlight_host/src/lib.rs +++ b/src/hyperlight_host/src/lib.rs @@ -97,8 +97,6 @@ pub use sandbox::uninitialized::GuestBinary; /// A sandbox that can call be used to make multiple calls to guest functions, /// and otherwise reused multiple times pub use sandbox::MultiUseSandbox; -/// The re-export for the `SandboxRunOptions` type -pub use sandbox::SandboxRunOptions; /// The re-export for the `UninitializedSandbox` type pub use sandbox::UninitializedSandbox; diff --git a/src/hyperlight_host/src/mem/layout.rs b/src/hyperlight_host/src/mem/layout.rs index ff5a0c26f..7dea36cde 100644 --- a/src/hyperlight_host/src/mem/layout.rs +++ b/src/hyperlight_host/src/mem/layout.rs @@ -16,7 +16,7 @@ limitations under the License. use std::fmt::Debug; use std::mem::{offset_of, size_of}; -use hyperlight_common::mem::{GuestStackData, HyperlightPEB, RunMode, PAGE_SIZE_USIZE}; +use hyperlight_common::mem::{GuestStackData, HyperlightPEB, PAGE_SIZE_USIZE}; use rand::{rng, RngCore}; use tracing::{instrument, Span}; @@ -82,8 +82,7 @@ pub(crate) struct SandboxMemoryLayout { peb_offset: usize, peb_security_cookie_seed_offset: usize, peb_guest_dispatch_function_ptr_offset: usize, // set by guest in guest entrypoint - peb_code_and_outb_pointer_offset: usize, - peb_runmode_offset: usize, + peb_code_pointer_offset: usize, peb_input_data_offset: usize, peb_output_data_offset: usize, peb_heap_data_offset: usize, @@ -128,7 +127,7 @@ impl Debug for SandboxMemoryLayout { ) .field( "Code and OutB Pointer Offset", - &format_args!("{:#x}", self.peb_code_and_outb_pointer_offset), + &format_args!("{:#x}", self.peb_code_pointer_offset), ) .field( "Input Data Offset", @@ -226,8 +225,7 @@ impl SandboxMemoryLayout { peb_offset + offset_of!(HyperlightPEB, security_cookie_seed); let peb_guest_dispatch_function_ptr_offset = peb_offset + offset_of!(HyperlightPEB, guest_function_dispatch_ptr); - let peb_code_and_outb_pointer_offset = peb_offset + offset_of!(HyperlightPEB, pCode); - let peb_runmode_offset = peb_offset + offset_of!(HyperlightPEB, runMode); + let peb_code_pointer_offset = peb_offset + offset_of!(HyperlightPEB, pCode); let peb_input_data_offset = peb_offset + offset_of!(HyperlightPEB, inputdata); let peb_output_data_offset = peb_offset + offset_of!(HyperlightPEB, outputdata); let peb_heap_data_offset = peb_offset + offset_of!(HyperlightPEB, guestheapData); @@ -261,8 +259,7 @@ impl SandboxMemoryLayout { heap_size, peb_security_cookie_seed_offset, peb_guest_dispatch_function_ptr_offset, - peb_code_and_outb_pointer_offset, - peb_runmode_offset, + peb_code_pointer_offset, peb_input_data_offset, peb_output_data_offset, peb_heap_data_offset, @@ -280,11 +277,6 @@ impl SandboxMemoryLayout { }) } - /// Gets the offset in guest memory to the RunMode field in the PEB struct. - pub fn get_run_mode_offset(&self) -> usize { - self.peb_runmode_offset - } - /// Get the offset in guest memory to the output data size #[instrument(skip_all, parent = Span::current(), level= "Trace")] pub(super) fn get_output_data_size_offset(&self) -> usize { @@ -309,7 +301,7 @@ impl SandboxMemoryLayout { pub(super) fn get_outb_pointer_offset(&self) -> usize { // The outb pointer is immediately after the code pointer // in the `CodeAndOutBPointers` struct which is a u64 - self.peb_code_and_outb_pointer_offset + size_of::() + self.peb_code_pointer_offset + size_of::() } /// Get the offset in guest memory to the OutB context. @@ -357,7 +349,7 @@ impl SandboxMemoryLayout { pub(super) fn get_code_pointer_offset(&self) -> usize { // The code pointer is the first field // in the `CodeAndOutBPointers` struct which is a u64 - self.peb_code_and_outb_pointer_offset + self.peb_code_pointer_offset } /// Get the offset in guest memory to where the guest dispatch function @@ -685,9 +677,6 @@ impl SandboxMemoryLayout { // Skip code, is set when loading binary // skip outb and outb context, is set when running in_proc - // Set RunMode in PEB - shared_mem.write_u64(self.get_run_mode_offset(), RunMode::Hypervisor as u64)?; - // Set up input buffer pointer shared_mem.write_u64( self.get_input_data_size_offset(), diff --git a/src/hyperlight_host/src/mem/mgr.rs b/src/hyperlight_host/src/mem/mgr.rs index ddb760280..81da40030 100644 --- a/src/hyperlight_host/src/mem/mgr.rs +++ b/src/hyperlight_host/src/mem/mgr.rs @@ -386,13 +386,7 @@ impl SandboxMemoryManager { // This pointer is written by the guest library but is accessible to // the guest engine so we should bounds check it before we return it. - // - // When executing with in-hypervisor mode, there is no danger from - // the guest manipulating this memory location because the only - // addresses that are valid are in its own address space. - // - // When executing in-process, manipulating this pointer could cause the - // host to execute arbitrary functions. + let guest_ptr = GuestPtr::try_from(RawPtr::from(guest_dispatch_function_ptr))?; guest_ptr.absolute() } diff --git a/src/hyperlight_host/src/metrics/mod.rs b/src/hyperlight_host/src/metrics/mod.rs index 17b6f9668..c08f30c94 100644 --- a/src/hyperlight_host/src/metrics/mod.rs +++ b/src/hyperlight_host/src/metrics/mod.rs @@ -110,7 +110,6 @@ mod tests { let uninit = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().unwrap()), None, - None, ) .unwrap(); diff --git a/src/hyperlight_host/src/sandbox/initialized_multi_use.rs b/src/hyperlight_host/src/sandbox/initialized_multi_use.rs index f1a67bde1..e6007742d 100644 --- a/src/hyperlight_host/src/sandbox/initialized_multi_use.rs +++ b/src/hyperlight_host/src/sandbox/initialized_multi_use.rs @@ -277,8 +277,7 @@ mod tests { let sbox1: MultiUseSandbox = { let path = simple_guest_as_string().unwrap(); - let u_sbox = - UninitializedSandbox::new(GuestBinary::FilePath(path), Some(cfg), None).unwrap(); + let u_sbox = UninitializedSandbox::new(GuestBinary::FilePath(path), Some(cfg)).unwrap(); u_sbox.evolve(Noop::default()) } .unwrap(); @@ -296,8 +295,7 @@ mod tests { let sbox2: MultiUseSandbox = { let path = simple_guest_as_string().unwrap(); - let u_sbox = - UninitializedSandbox::new(GuestBinary::FilePath(path), Some(cfg), None).unwrap(); + let u_sbox = UninitializedSandbox::new(GuestBinary::FilePath(path), Some(cfg)).unwrap(); u_sbox.evolve(Noop::default()) } .unwrap(); @@ -322,8 +320,7 @@ mod tests { fn evolve_devolve_handles_state_correctly() { let sbox1: MultiUseSandbox = { let path = simple_guest_as_string().unwrap(); - let u_sbox = - UninitializedSandbox::new(GuestBinary::FilePath(path), None, None).unwrap(); + let u_sbox = UninitializedSandbox::new(GuestBinary::FilePath(path), None).unwrap(); u_sbox.evolve(Noop::default()) } .unwrap(); diff --git a/src/hyperlight_host/src/sandbox/mod.rs b/src/hyperlight_host/src/sandbox/mod.rs index 0f532003d..3cad349d6 100644 --- a/src/hyperlight_host/src/sandbox/mod.rs +++ b/src/hyperlight_host/src/sandbox/mod.rs @@ -30,8 +30,6 @@ pub(crate) mod mem_access; /// `SandboxMemoryManager` pub(crate) mod mem_mgr; pub(crate) mod outb; -/// Options for configuring a sandbox -mod run_options; /// Functionality for creating uninitialized sandboxes, manipulating them, /// and converting them to initialized sandboxes. pub mod uninitialized; @@ -43,8 +41,6 @@ pub(crate) mod uninitialized_evolve; pub use config::SandboxConfiguration; /// Re-export for the `MultiUseSandbox` type pub use initialized_multi_use::MultiUseSandbox; -/// Re-export for `SandboxRunOptions` type -pub use run_options::SandboxRunOptions; use tracing::{instrument, Span}; /// Re-export for `GuestBinary` type pub use uninitialized::GuestBinary; @@ -135,7 +131,7 @@ mod tests { for i in 0..10 { let simple_guest_path = simple_guest_as_string().expect("Guest Binary Missing"); let unintializedsandbox = - UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None, None) + UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None) .unwrap_or_else(|_| panic!("Failed to create UninitializedSandbox {}", i)); unintializedsandbox_queue diff --git a/src/hyperlight_host/src/sandbox/run_options.rs b/src/hyperlight_host/src/sandbox/run_options.rs deleted file mode 100644 index 6c5f6904b..000000000 --- a/src/hyperlight_host/src/sandbox/run_options.rs +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright 2024 The Hyperlight Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -use tracing::{instrument, Span}; - -/// Configuration options for setting up a new `UninitializedSandbox` and -/// subsequent initialized sandboxes, including `MultiUseSandbox`. -/// -/// A `SandboxRunOptions` instance must be created with either in-process -/// or in-hypervisor execution mode, and then can optionally be augmented -/// with run-from-guest-binary mode if created with in-hypervisor mode. -#[derive(Debug, Clone, Default, Eq, PartialEq)] -pub enum SandboxRunOptions { - /// Run directly in a platform-appropriate hypervisor - #[default] - RunInHypervisor, - /// Run in-process, without a hypervisor, optionally using the - /// Windows LoadLibrary API to load the binary if the `bool` field is - /// set to `true`. This should only be used for testing and debugging - /// as it does not offer any security guarantees. - RunInProcess(bool), -} - -impl SandboxRunOptions { - /// Returns true if the sandbox should be run in-process using the LoadLibrary API. - #[instrument(skip_all, parent = Span::current(), level= "Trace")] - pub(super) fn use_loadlib(&self) -> bool { - matches!(self, Self::RunInProcess(true)) - } - - #[instrument(skip_all, parent = Span::current(), level= "Trace")] - /// Returns true if the sandbox should be run in-process - pub(super) fn in_process(&self) -> bool { - matches!(self, SandboxRunOptions::RunInProcess(_)) - } -} diff --git a/src/hyperlight_host/src/sandbox/uninitialized.rs b/src/hyperlight_host/src/sandbox/uninitialized.rs index caf22b38b..61dc6f472 100644 --- a/src/hyperlight_host/src/sandbox/uninitialized.rs +++ b/src/hyperlight_host/src/sandbox/uninitialized.rs @@ -27,7 +27,6 @@ use tracing::{instrument, Span}; use super::config::DebugInfo; use super::host_funcs::{default_writer_func, FunctionRegistry}; use super::mem_mgr::MemMgrWrapper; -use super::run_options::SandboxRunOptions; use super::uninitialized_evolve::evolve_impl_multi_use; use crate::func::host_functions::{HostFunction, IntoHostFunction}; #[cfg(feature = "build-metadata")] @@ -139,11 +138,7 @@ impl UninitializedSandbox { skip(guest_binary), parent = Span::current() )] - pub fn new( - guest_binary: GuestBinary, - cfg: Option, - sandbox_run_options: Option, - ) -> Result { + pub fn new(guest_binary: GuestBinary, cfg: Option) -> Result { #[cfg(feature = "build-metadata")] log_build_details(); @@ -359,19 +354,15 @@ mod tests { // Guest Binary exists at path let binary_path = simple_guest_as_string().unwrap(); - let sandbox = - UninitializedSandbox::new(GuestBinary::FilePath(binary_path.clone()), None, None); + let sandbox = UninitializedSandbox::new(GuestBinary::FilePath(binary_path.clone()), None); assert!(sandbox.is_ok()); // Guest Binary does not exist at path let mut binary_path_does_not_exist = binary_path.clone(); binary_path_does_not_exist.push_str(".nonexistent"); - let uninitialized_sandbox = UninitializedSandbox::new( - GuestBinary::FilePath(binary_path_does_not_exist), - None, - None, - ); + let uninitialized_sandbox = + UninitializedSandbox::new(GuestBinary::FilePath(binary_path_does_not_exist), None); assert!(uninitialized_sandbox.is_err()); // Non default memory configuration @@ -387,11 +378,11 @@ mod tests { }; let uninitialized_sandbox = - UninitializedSandbox::new(GuestBinary::FilePath(binary_path.clone()), cfg, None); + UninitializedSandbox::new(GuestBinary::FilePath(binary_path.clone()), cfg); assert!(uninitialized_sandbox.is_ok()); let uninitialized_sandbox = - UninitializedSandbox::new(GuestBinary::FilePath(binary_path), None, None).unwrap(); + UninitializedSandbox::new(GuestBinary::FilePath(binary_path), None).unwrap(); // Get a Sandbox from an uninitialized sandbox without a call back function @@ -400,11 +391,8 @@ mod tests { // Test with a valid guest binary buffer let binary_path = simple_guest_as_string().unwrap(); - let sandbox = UninitializedSandbox::new( - GuestBinary::Buffer(fs::read(binary_path).unwrap()), - None, - None, - ); + let sandbox = + UninitializedSandbox::new(GuestBinary::Buffer(fs::read(binary_path).unwrap()), None); assert!(sandbox.is_ok()); // Test with a invalid guest binary buffer @@ -412,7 +400,7 @@ mod tests { let binary_path = simple_guest_as_string().unwrap(); let mut bytes = fs::read(binary_path).unwrap(); let _ = bytes.split_off(100); - let sandbox = UninitializedSandbox::new(GuestBinary::Buffer(bytes), None, None); + let sandbox = UninitializedSandbox::new(GuestBinary::Buffer(bytes), None); assert!(sandbox.is_err()); } @@ -432,7 +420,6 @@ mod tests { UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .unwrap() }; @@ -551,7 +538,6 @@ mod tests { let mut sandbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .expect("Failed to create sandbox"); @@ -641,7 +627,6 @@ mod tests { let mut sandbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .expect("Failed to create sandbox"); @@ -669,7 +654,6 @@ mod tests { let mut sandbox = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")), None, - None, ) .expect("Failed to create sandbox"); @@ -710,7 +694,7 @@ mod tests { let unintializedsandbox = { let err_string = format!("failed to create UninitializedSandbox {i}"); let err_str = err_string.as_str(); - UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None, None) + UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None) .expect(err_str) }; @@ -845,7 +829,7 @@ mod tests { let mut binary_path = simple_guest_as_string().unwrap(); binary_path.push_str("does_not_exist"); - let sbox = UninitializedSandbox::new(GuestBinary::FilePath(binary_path), None, None); + let sbox = UninitializedSandbox::new(GuestBinary::FilePath(binary_path), None); assert!(sbox.is_err()); // Now we should still be in span 1 but span 2 should be created (we created entered and exited span 2 when we called UninitializedSandbox::new) @@ -927,8 +911,7 @@ mod tests { let mut invalid_binary_path = simple_guest_as_string().unwrap(); invalid_binary_path.push_str("does_not_exist"); - let sbox = - UninitializedSandbox::new(GuestBinary::FilePath(invalid_binary_path), None, None); + let sbox = UninitializedSandbox::new(GuestBinary::FilePath(invalid_binary_path), None); assert!(sbox.is_err()); // When tracing is creating log records it will create a log @@ -998,7 +981,6 @@ mod tests { let sbox = UninitializedSandbox::new( GuestBinary::FilePath(valid_binary_path.into_os_string().into_string().unwrap()), None, - None, ); assert!(sbox.is_err()); @@ -1032,7 +1014,6 @@ mod tests { let res = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().unwrap()), None, - None, ); res.unwrap() }; @@ -1047,8 +1028,7 @@ mod tests { #[test] fn test_invalid_path() { let invalid_path = "some/path/that/does/not/exist"; - let sbox = - UninitializedSandbox::new(GuestBinary::FilePath(invalid_path.to_string()), None, None); + let sbox = UninitializedSandbox::new(GuestBinary::FilePath(invalid_path.to_string()), None); println!("{:?}", sbox); #[cfg(target_os = "windows")] assert!( diff --git a/src/hyperlight_host/src/sandbox/uninitialized_evolve.rs b/src/hyperlight_host/src/sandbox/uninitialized_evolve.rs index 2499dd2aa..05c445790 100644 --- a/src/hyperlight_host/src/sandbox/uninitialized_evolve.rs +++ b/src/hyperlight_host/src/sandbox/uninitialized_evolve.rs @@ -176,35 +176,10 @@ mod tests { callback_guest_as_string().unwrap(), ]; for guest_bin_path in guest_bin_paths { - let u_sbox = UninitializedSandbox::new( - GuestBinary::FilePath(guest_bin_path.clone()), - None, - None, - ) - .unwrap(); + let u_sbox = + UninitializedSandbox::new(GuestBinary::FilePath(guest_bin_path.clone()), None) + .unwrap(); evolve_impl_multi_use(u_sbox).unwrap(); } } - - #[test] - #[cfg(target_os = "windows")] - fn test_evolve_in_proc() { - use crate::SandboxRunOptions; - - let guest_bin_paths = vec![ - simple_guest_as_string().unwrap(), - callback_guest_as_string().unwrap(), - ]; - for guest_bin_path in guest_bin_paths { - let u_sbox: UninitializedSandbox = UninitializedSandbox::new( - GuestBinary::FilePath(guest_bin_path.clone()), - None, - Some(SandboxRunOptions::RunInHypervisor), - ) - .unwrap(); - let err = format!("error evolving sandbox with guest binary {guest_bin_path}"); - let err_str = err.as_str(); - evolve_impl_multi_use(u_sbox).expect(err_str); - } - } } diff --git a/src/hyperlight_host/tests/common/mod.rs b/src/hyperlight_host/tests/common/mod.rs index 716035864..246259d5e 100644 --- a/src/hyperlight_host/tests/common/mod.rs +++ b/src/hyperlight_host/tests/common/mod.rs @@ -29,7 +29,6 @@ pub fn new_uninit() -> Result { UninitializedSandbox::new( GuestBinary::FilePath(get_c_or_rust_simpleguest_path()), None, - None, ) } @@ -38,7 +37,6 @@ pub fn new_uninit_rust() -> Result { UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().unwrap()), None, - None, ) } @@ -49,7 +47,7 @@ pub fn get_simpleguest_sandboxes( let sandboxes = [ // in hypervisor elf - UninitializedSandbox::new(GuestBinary::FilePath(elf_path.clone()), None, None).unwrap(), + UninitializedSandbox::new(GuestBinary::FilePath(elf_path.clone()), None).unwrap(), ]; sandboxes @@ -70,7 +68,7 @@ pub fn get_callbackguest_uninit_sandboxes( let sandboxes = [ // in hypervisor elf - UninitializedSandbox::new(GuestBinary::FilePath(elf_path.clone()), None, None).unwrap(), + UninitializedSandbox::new(GuestBinary::FilePath(elf_path.clone()), None).unwrap(), ]; sandboxes diff --git a/src/hyperlight_host/tests/integration_test.rs b/src/hyperlight_host/tests/integration_test.rs index 03c26386a..2df993070 100644 --- a/src/hyperlight_host/tests/integration_test.rs +++ b/src/hyperlight_host/tests/integration_test.rs @@ -32,7 +32,7 @@ use crate::common::{new_uninit, new_uninit_rust}; fn print_four_args_c_guest() { let path = c_simple_guest_as_string().unwrap(); let guest_path = GuestBinary::FilePath(path); - let uninit = UninitializedSandbox::new(guest_path, None, None); + let uninit = UninitializedSandbox::new(guest_path, None); let mut sbox1 = uninit.unwrap().evolve(Noop::default()).unwrap(); let res = sbox1.call_guest_function_by_name( @@ -146,7 +146,7 @@ fn guest_abort_with_context2() { fn guest_abort_c_guest() { let path = c_simple_guest_as_string().unwrap(); let guest_path = GuestBinary::FilePath(path); - let uninit = UninitializedSandbox::new(guest_path, None, None); + let uninit = UninitializedSandbox::new(guest_path, None); let mut sbox1 = uninit.unwrap().evolve(Noop::default()).unwrap(); let res = sbox1 @@ -247,7 +247,6 @@ fn guest_malloc_abort() { let uninit = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().unwrap()), Some(cfg), - None, ) .unwrap(); let mut sbox2 = uninit.evolve(Noop::default()).unwrap(); @@ -270,7 +269,7 @@ fn guest_malloc_abort() { fn dynamic_stack_allocate_c_guest() { let path = c_simple_guest_as_string().unwrap(); let guest_path = GuestBinary::FilePath(path); - let uninit = UninitializedSandbox::new(guest_path, None, None); + let uninit = UninitializedSandbox::new(guest_path, None); let mut sbox1: MultiUseSandbox = uninit.unwrap().evolve(Noop::default()).unwrap(); let res2 = sbox1 diff --git a/src/hyperlight_host/tests/sandbox_host_tests.rs b/src/hyperlight_host/tests/sandbox_host_tests.rs index 6407510df..b80fdc376 100644 --- a/src/hyperlight_host/tests/sandbox_host_tests.rs +++ b/src/hyperlight_host/tests/sandbox_host_tests.rs @@ -392,7 +392,6 @@ fn max_memory_sandbox() { let a = UninitializedSandbox::new( GuestBinary::FilePath(simple_guest_as_string().unwrap()), Some(cfg), - None, ); assert!(matches!( @@ -565,10 +564,7 @@ fn callback_test_parallel() { #[test] #[cfg_attr(target_os = "windows", serial)] // using LoadLibrary requires serial tests fn host_function_error() -> Result<()> { - // TODO: Remove the `.take(1)`, which makes this test only run in hypervisor. - // This test does not work when running in process. This is because when running in-process, - // when a host function returns an error, an infinite loop is created. - for mut sandbox in get_callbackguest_uninit_sandboxes(None).into_iter().take(1) { + for mut sandbox in get_callbackguest_uninit_sandboxes(None).into_iter() { // create host function sandbox.register("HostMethod1", |_: String| -> Result { Err(new_error!("Host function error!"))