Allow configuring the signal number of the signal used to interrupt a sandbox

Signed-off-by: Ludvig Liljenberg <[email protected]>

Author: ludfjig

src/hyperlight_host/src/hypervisor/hyperv_linux.rs

@@ -400,6 +400,7 @@ impl HypervLinuxDriver {
                 cancel_requested: AtomicBool::new(false),
                 tid: AtomicU64::new(unsafe { libc::pthread_self() }),
                 retry_delay: config.get_interrupt_retry_delay(),
+                sig_rt_min_offset: config.get_interrupt_vcpu_sigrtmin_offset(),
                 dropped: AtomicBool::new(false),
             }),
 

src/hyperlight_host/src/hypervisor/kvm.rs

@@ -356,6 +356,7 @@ impl KVMDriver {
                 tid: AtomicU64::new(unsafe { libc::pthread_self() }),
                 retry_delay: config.get_interrupt_retry_delay(),
                 dropped: AtomicBool::new(false),
+                sig_rt_min_offset: config.get_interrupt_vcpu_sigrtmin_offset(),
             }),
 
             #[cfg(gdb)]

src/hyperlight_host/src/hypervisor/mod.rs

@@ -20,8 +20,6 @@ use tracing::{instrument, Span};
 use crate::error::HyperlightError::ExecutionCanceledByHost;
 use crate::mem::memory_region::{MemoryRegion, MemoryRegionFlags};
 use crate::metrics::METRIC_GUEST_CANCELLATION;
-#[cfg(any(kvm, mshv))]
-use crate::signal_handlers::INTERRUPT_VCPU_SIGRTMIN_OFFSET;
 use crate::{log_then_return, new_error, HyperlightError, Result};
 
 /// Util for handling x87 fpu state
@@ -357,14 +355,16 @@ pub(super) struct LinuxInterruptHandle {
     dropped: AtomicBool,
     /// Retry delay between signals sent to the vcpu thread
     retry_delay: Duration,
+    /// The offset of the SIGRTMIN signal used to interrupt the vcpu thread
+    sig_rt_min_offset: usize,
 }
 
 #[cfg(any(kvm, mshv))]
 impl InterruptHandle for LinuxInterruptHandle {
     fn kill(&self) -> bool {
         self.cancel_requested.store(true, Ordering::Relaxed);
 
-        let signal_number = libc::SIGRTMIN() + INTERRUPT_VCPU_SIGRTMIN_OFFSET;
+        let signal_number = libc::SIGRTMIN() + self.sig_rt_min_offset as libc::c_int;
         let mut sent_signal = false;
 
         while self.running.load(Ordering::Relaxed) {

src/hyperlight_host/src/sandbox/config.rs

@@ -63,6 +63,14 @@ pub struct SandboxConfiguration {
     /// signal can be delivered to the thread, but the thread may not yet
     /// have entered kernel space.
     interrupt_retry_delay: Duration,
+    /// Offset from `SIGRTMIN` used to determine the signal number for interrupting
+    /// the VCPU thread. The actual signal sent is `SIGRTMIN + interrupt_vcpu_sigrtmin_offset`.
+    ///
+    /// This signal must fall within the valid real-time signal range supported by the host.
+    ///
+    /// Note: Since real-time signals can vary across platforms, ensure that the offset
+    /// results in a signal number that is not already in use by other components of the system.
+    interrupt_vcpu_sigrtmin_offset: usize,
 }
 
 impl SandboxConfiguration {
@@ -76,6 +84,8 @@ impl SandboxConfiguration {
     pub const MIN_OUTPUT_SIZE: usize = 0x2000;
     /// The default interrupt retry delay
     pub const DEFAULT_INTERRUPT_RETRY_DELAY: Duration = Duration::from_micros(500);
+    /// The default signal offset from `SIGRTMIN` used to determine the signal number for interrupting
+    pub const INTERRUPT_VCPU_SIGRTMIN_OFFSET: usize = 0;
 
     #[allow(clippy::too_many_arguments)]
     /// Create a new configuration for a sandbox with the given sizes.
@@ -86,6 +96,7 @@ impl SandboxConfiguration {
         stack_size_override: Option<u64>,
         heap_size_override: Option<u64>,
         interrupt_retry_delay: Duration,
+        interrupt_vcpu_sigrtmin_offset: usize,
         #[cfg(gdb)] guest_debug_info: Option<DebugInfo>,
     ) -> Self {
         Self {
@@ -94,7 +105,7 @@ impl SandboxConfiguration {
             stack_size_override: stack_size_override.unwrap_or(0),
             heap_size_override: heap_size_override.unwrap_or(0),
             interrupt_retry_delay,
-
+            interrupt_vcpu_sigrtmin_offset,
             #[cfg(gdb)]
             guest_debug_info,
         }
@@ -136,6 +147,20 @@ impl SandboxConfiguration {
         self.interrupt_retry_delay
     }
 
+    /// Get the signal offset from `SIGRTMIN` used to determine the signal number for interrupting the VCPU thread
+    pub fn get_interrupt_vcpu_sigrtmin_offset(&self) -> usize {
+        self.interrupt_vcpu_sigrtmin_offset
+    }
+
+    /// Sets the offset from `SIGRTMIN` to determine the real-time signal used for
+    /// interrupting the VCPU thread.
+    ///
+    /// The final signal number is computed as `SIGRTMIN + offset`, and it must fall within
+    /// the valid range of real-time signals supported by the host system.
+    pub fn set_interrupt_vcpu_sigrtmin_offset(&mut self, offset: usize) {
+        self.interrupt_vcpu_sigrtmin_offset = offset;
+    }
+
     /// Sets the configuration for the guest debug
     #[cfg(gdb)]
     #[instrument(skip_all, parent = Span::current(), level= "Trace")]
@@ -195,6 +220,7 @@ impl Default for SandboxConfiguration {
             None,
             None,
             Self::DEFAULT_INTERRUPT_RETRY_DELAY,
+            Self::INTERRUPT_VCPU_SIGRTMIN_OFFSET,
             #[cfg(gdb)]
             None,
         )
@@ -218,6 +244,7 @@ mod tests {
             Some(STACK_SIZE_OVERRIDE),
             Some(HEAP_SIZE_OVERRIDE),
             SandboxConfiguration::DEFAULT_INTERRUPT_RETRY_DELAY,
+            SandboxConfiguration::INTERRUPT_VCPU_SIGRTMIN_OFFSET,
             #[cfg(gdb)]
             None,
         );
@@ -244,6 +271,7 @@ mod tests {
             None,
             None,
             SandboxConfiguration::DEFAULT_INTERRUPT_RETRY_DELAY,
+            SandboxConfiguration::INTERRUPT_VCPU_SIGRTMIN_OFFSET,
             #[cfg(gdb)]
             None,
         );

src/hyperlight_host/src/sandbox/uninitialized_evolve.rs

@@ -88,7 +88,7 @@ where
     let dbg_mem_access_hdl = dbg_mem_access_handler_wrapper(hshm.clone());
 
     #[cfg(target_os = "linux")]
-    setup_signal_handlers()?;
+    setup_signal_handlers(&u_sbox.config)?;
 
     vm.initialise(
         peb_addr,

src/hyperlight_host/src/signal_handlers/mod.rs

@@ -14,12 +14,14 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+use libc::c_int;
+
+use crate::sandbox::SandboxConfiguration;
+
 #[cfg(feature = "seccomp")]
 pub mod sigsys_signal_handler;
 
-pub(crate) const INTERRUPT_VCPU_SIGRTMIN_OFFSET: i32 = 0;
-
-pub(crate) fn setup_signal_handlers() -> crate::Result<()> {
+pub(crate) fn setup_signal_handlers(config: &SandboxConfiguration) -> crate::Result<()> {
     // This is unsafe because signal handlers only allow a very restrictive set of
     // functions (i.e., async-signal-safe functions) to be executed inside them.
     // Anything that performs memory allocations, locks, and others are non-async-signal-safe.
@@ -48,7 +50,7 @@ pub(crate) fn setup_signal_handlers() -> crate::Result<()> {
         }));
     }
     vmm_sys_util::signal::register_signal_handler(
-        libc::SIGRTMIN() + INTERRUPT_VCPU_SIGRTMIN_OFFSET,
+        libc::SIGRTMIN() + config.get_interrupt_vcpu_sigrtmin_offset() as c_int,
         vm_kill_signal,
     )?;