Add back tests that were deleted

Signed-off-by: Ludvig Liljenberg <[email protected]>

Author: ludfjig

src/hyperlight_host/src/hypervisor/mod.rs

@@ -367,3 +367,76 @@ impl InterruptHandle for LinuxInterruptHandle {
         self.dropped.load(Ordering::Relaxed)
     }
 }
+
+#[cfg(all(test, any(target_os = "windows", kvm)))]
+pub(crate) mod tests {
+    use std::sync::{Arc, Mutex};
+
+    use hyperlight_testing::dummy_guest_as_string;
+
+    use super::handlers::{MemAccessHandler, OutBHandler};
+    #[cfg(gdb)]
+    use crate::hypervisor::DbgMemAccessHandlerCaller;
+    use crate::mem::ptr::RawPtr;
+    use crate::sandbox::uninitialized::GuestBinary;
+    use crate::sandbox::uninitialized_evolve::set_up_hypervisor_partition;
+    use crate::sandbox::UninitializedSandbox;
+    use crate::{is_hypervisor_present, new_error, Result};
+
+    #[cfg(gdb)]
+    struct DbgMemAccessHandler {}
+
+    #[cfg(gdb)]
+    impl DbgMemAccessHandlerCaller for DbgMemAccessHandler {
+        fn read(&mut self, _offset: usize, _data: &mut [u8]) -> Result<()> {
+            Ok(())
+        }
+
+        fn write(&mut self, _offset: usize, _data: &[u8]) -> Result<()> {
+            Ok(())
+        }
+
+        fn get_code_offset(&mut self) -> Result<usize> {
+            Ok(0)
+        }
+    }
+
+    #[test]
+    fn test_initialise() -> Result<()> {
+        if !is_hypervisor_present() {
+            return Ok(());
+        }
+
+        let outb_handler: Arc<Mutex<OutBHandler>> = {
+            let func: Box<dyn FnMut(u16, u32) -> Result<()> + Send> =
+                Box::new(|_, _| -> Result<()> { Ok(()) });
+            Arc::new(Mutex::new(OutBHandler::from(func)))
+        };
+        let mem_access_handler = {
+            let func: Box<dyn FnMut() -> Result<()> + Send> = Box::new(|| -> Result<()> { Ok(()) });
+            Arc::new(Mutex::new(MemAccessHandler::from(func)))
+        };
+        #[cfg(gdb)]
+        let dbg_mem_access_handler = Arc::new(Mutex::new(DbgMemAccessHandler {}));
+
+        let filename = dummy_guest_as_string().map_err(|e| new_error!("{}", e))?;
+
+        let sandbox = UninitializedSandbox::new(GuestBinary::FilePath(filename.clone()), None)?;
+        let (_hshm, mut gshm) = sandbox.mgr.build();
+        let mut vm = set_up_hypervisor_partition(
+            &mut gshm,
+            #[cfg(gdb)]
+            &sandbox.debug_info,
+        )?;
+        vm.initialise(
+            RawPtr::from(0x230000),
+            1234567890,
+            4096,
+            outb_handler,
+            mem_access_handler,
+            None,
+            #[cfg(gdb)]
+            dbg_mem_access_handler,
+        )
+    }
+}

src/hyperlight_host/src/sandbox/initialized_multi_use.rs

@@ -295,16 +295,21 @@ where
 
 #[cfg(test)]
 mod tests {
+    use std::thread;
+
     use hyperlight_common::flatbuffer_wrappers::function_types::{
         ParameterValue, ReturnType, ReturnValue,
     };
-    use hyperlight_testing::simple_guest_as_string;
+    use hyperlight_testing::{callback_guest_as_string, simple_guest_as_string};
 
     use crate::func::call_ctx::MultiUseGuestCallContext;
     use crate::sandbox::SandboxConfiguration;
     use crate::sandbox_state::sandbox::{DevolvableSandbox, EvolvableSandbox};
     use crate::sandbox_state::transition::{MultiUseContextCallback, Noop};
-    use crate::{GuestBinary, MultiUseSandbox, UninitializedSandbox};
+    use crate::{
+        is_hypervisor_present, GuestBinary, HyperlightError, MultiUseSandbox, Result,
+        UninitializedSandbox,
+    };
 
     // Tests to ensure that many (1000) function calls can be made in a call context with a small stack (1K) and heap(14K).
     // This test effectively ensures that the stack is being properly reset after each call and we are not leaking memory in the Guest.
@@ -384,4 +389,157 @@ mod tests {
             .unwrap();
         assert_eq!(res, ReturnValue::Int(0));
     }
+
+    #[test]
+    // TODO: Investigate why this test fails with an incorrect error when run alongside other tests
+    #[ignore]
+    #[cfg(target_os = "linux")]
+    fn test_violate_seccomp_filters() -> Result<()> {
+        if !is_hypervisor_present() {
+            panic!("Panic on create_multi_use_sandbox because no hypervisor is present");
+        }
+
+        fn make_get_pid_syscall() -> Result<u64> {
+            let pid = unsafe { libc::syscall(libc::SYS_getpid) };
+            Ok(pid as u64)
+        }
+
+        // First, run  to make sure it fails.
+        {
+            let mut usbox = UninitializedSandbox::new(
+                GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+                None,
+            )
+            .unwrap();
+
+            usbox.register("MakeGetpidSyscall", make_get_pid_syscall)?;
+
+            let mut sbox: MultiUseSandbox = usbox.evolve(Noop::default())?;
+
+            let res =
+                sbox.call_guest_function_by_name("ViolateSeccompFilters", ReturnType::ULong, None);
+
+            #[cfg(feature = "seccomp")]
+            match res {
+                Ok(_) => panic!("Expected to fail due to seccomp violation"),
+                Err(e) => match e {
+                    HyperlightError::DisallowedSyscall => {}
+                    _ => panic!("Expected DisallowedSyscall error: {}", e),
+                },
+            }
+
+            #[cfg(not(feature = "seccomp"))]
+            match res {
+                Ok(_) => (),
+                Err(e) => panic!("Expected to succeed without seccomp: {}", e),
+            }
+        }
+
+        // Second, run with allowing `SYS_getpid`
+        #[cfg(feature = "seccomp")]
+        {
+            let mut usbox = UninitializedSandbox::new(
+                GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+                None,
+            )
+            .unwrap();
+
+            usbox.register_with_extra_allowed_syscalls(
+                "MakeGetpidSyscall",
+                make_get_pid_syscall,
+                vec![libc::SYS_getpid],
+            )?;
+            // ^^^ note, we are allowing SYS_getpid
+
+            let mut sbox: MultiUseSandbox = usbox.evolve(Noop::default())?;
+
+            let res =
+                sbox.call_guest_function_by_name("ViolateSeccompFilters", ReturnType::ULong, None);
+
+            match res {
+                Ok(_) => {}
+                Err(e) => panic!("Expected to succeed due to seccomp violation: {}", e),
+            }
+        }
+
+        Ok(())
+    }
+
+    // This test is to capture the case where the guest execution is running a host function when cancelled and that host function
+    // is never going to return.
+    // The host function that is called will end after 5 seconds, but by this time the cancellation will have given up
+    // (using default timeout settings)  , so this tests looks for the error "Failed to cancel guest execution".
+    #[test]
+    #[ignore = "We cannot cancel host functions. TODO reenable this test when it's enabled"]
+    fn test_terminate_vcpu_calling_host_spinning_cpu() {
+        // This test relies upon a Hypervisor being present so for now
+        // we will skip it if there isn't one.
+        if !is_hypervisor_present() {
+            println!("Skipping test_call_guest_function_by_name because no hypervisor is present");
+            return;
+        }
+        let mut usbox = UninitializedSandbox::new(
+            GuestBinary::FilePath(callback_guest_as_string().expect("Guest Binary Missing")),
+            None,
+        )
+        .unwrap();
+
+        // Make this host call run for 5 seconds
+
+        fn spin() -> Result<()> {
+            thread::sleep(std::time::Duration::from_secs(5));
+            Ok(())
+        }
+
+        #[cfg(any(target_os = "windows", not(feature = "seccomp")))]
+        usbox.register("Spin", spin).unwrap();
+
+        #[cfg(all(target_os = "linux", feature = "seccomp"))]
+        usbox
+            .register_with_extra_allowed_syscalls("Spin", spin, vec![libc::SYS_clock_nanosleep])
+            .unwrap();
+
+        let sandbox: MultiUseSandbox = usbox.evolve(Noop::default()).unwrap();
+        let mut ctx = sandbox.new_call_context();
+        let result = ctx.call("CallHostSpin", ReturnType::Void, None);
+
+        assert!(result.is_err());
+        match result.unwrap_err() {
+            HyperlightError::GuestExecutionHungOnHostFunctionCall() => {}
+            e => panic!(
+                "Expected HyperlightError::GuestExecutionHungOnHostFunctionCall but got {:?}",
+                e
+            ),
+        }
+    }
+
+    #[test]
+    fn test_trigger_exception_on_guest() {
+        let usbox = UninitializedSandbox::new(
+            GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+            None,
+        )
+        .unwrap();
+
+        let mut multi_use_sandbox: MultiUseSandbox = usbox.evolve(Noop::default()).unwrap();
+
+        let res = multi_use_sandbox.call_guest_function_by_name(
+            "TriggerException",
+            ReturnType::Void,
+            None,
+        );
+
+        assert!(res.is_err());
+
+        match res.unwrap_err() {
+            HyperlightError::GuestAborted(_, msg) => {
+                // msg should indicate we got an invalid opcode exception
+                assert!(msg.contains("InvalidOpcode"));
+            }
+            e => panic!(
+                "Expected HyperlightError::GuestExecutionError but got {:?}",
+                e
+            ),
+        }
+    }
 }

src/hyperlight_host/src/sandbox/uninitialized_evolve.rs

@@ -141,7 +141,7 @@ pub(super) fn evolve_impl_multi_use(u_sbox: UninitializedSandbox) -> Result<Mult
     )
 }
 
-fn set_up_hypervisor_partition(
+pub(crate) fn set_up_hypervisor_partition(
     mgr: &mut SandboxMemoryManager<GuestSharedMemory>,
     #[cfg(gdb)] debug_info: &Option<DebugInfo>,
 ) -> Result<Box<dyn Hypervisor>> {