Allow configuring the signal number of the signal used to interrupt a sandbox

Signed-off-by: Ludvig Liljenberg <[email protected]>

Author: ludfjig

src/hyperlight_host/src/hypervisor/hyperv_linux.rs

@@ -400,6 +400,7 @@ impl HypervLinuxDriver {
                 cancel_requested: AtomicBool::new(false),
                 tid: AtomicU64::new(unsafe { libc::pthread_self() }),
                 retry_delay: config.get_interrupt_retry_delay(),
+                sig_rt_min_offset: config.get_interrupt_vcpu_sigrtmin_offset(),
                 dropped: AtomicBool::new(false),
             }),
 

src/hyperlight_host/src/hypervisor/kvm.rs

@@ -356,6 +356,7 @@ impl KVMDriver {
                 tid: AtomicU64::new(unsafe { libc::pthread_self() }),
                 retry_delay: config.get_interrupt_retry_delay(),
                 dropped: AtomicBool::new(false),
+                sig_rt_min_offset: config.get_interrupt_vcpu_sigrtmin_offset(),
             }),
 
             #[cfg(gdb)]

src/hyperlight_host/src/hypervisor/mod.rs

@@ -20,8 +20,6 @@ use tracing::{instrument, Span};
 use crate::error::HyperlightError::ExecutionCanceledByHost;
 use crate::mem::memory_region::{MemoryRegion, MemoryRegionFlags};
 use crate::metrics::METRIC_GUEST_CANCELLATION;
-#[cfg(any(kvm, mshv))]
-use crate::signal_handlers::INTERRUPT_VCPU_SIGRTMIN_OFFSET;
 use crate::{log_then_return, new_error, HyperlightError, Result};
 
 /// Util for handling x87 fpu state
@@ -357,14 +355,16 @@ pub(super) struct LinuxInterruptHandle {
     dropped: AtomicBool,
     /// Retry delay between signals sent to the vcpu thread
     retry_delay: Duration,
+    /// The offset of the SIGRTMIN signal used to interrupt the vcpu thread
+    sig_rt_min_offset: u8,
 }
 
 #[cfg(any(kvm, mshv))]
 impl InterruptHandle for LinuxInterruptHandle {
     fn kill(&self) -> bool {
         self.cancel_requested.store(true, Ordering::Relaxed);
 
-        let signal_number = libc::SIGRTMIN() + INTERRUPT_VCPU_SIGRTMIN_OFFSET;
+        let signal_number = libc::SIGRTMIN() + self.sig_rt_min_offset as libc::c_int;
         let mut sent_signal = false;
 
         while self.running.load(Ordering::Relaxed) {

src/hyperlight_host/src/sandbox/config.rs

@@ -17,6 +17,7 @@ limitations under the License.
 use std::cmp::max;
 use std::time::Duration;
 
+use libc::c_int;
 use tracing::{instrument, Span};
 
 use crate::mem::exe::ExeInfo;
@@ -63,6 +64,14 @@ pub struct SandboxConfiguration {
     /// signal can be delivered to the thread, but the thread may not yet
     /// have entered kernel space.
     interrupt_retry_delay: Duration,
+    /// Offset from `SIGRTMIN` used to determine the signal number for interrupting
+    /// the VCPU thread. The actual signal sent is `SIGRTMIN + interrupt_vcpu_sigrtmin_offset`.
+    ///
+    /// This signal must fall within the valid real-time signal range supported by the host.
+    ///
+    /// Note: Since real-time signals can vary across platforms, ensure that the offset
+    /// results in a signal number that is not already in use by other components of the system.
+    interrupt_vcpu_sigrtmin_offset: u8,
 }
 
 impl SandboxConfiguration {
@@ -76,6 +85,8 @@ impl SandboxConfiguration {
     pub const MIN_OUTPUT_SIZE: usize = 0x2000;
     /// The default interrupt retry delay
     pub const DEFAULT_INTERRUPT_RETRY_DELAY: Duration = Duration::from_micros(500);
+    /// The default signal offset from `SIGRTMIN` used to determine the signal number for interrupting
+    pub const INTERRUPT_VCPU_SIGRTMIN_OFFSET: u8 = 0;
 
     #[allow(clippy::too_many_arguments)]
     /// Create a new configuration for a sandbox with the given sizes.
@@ -86,6 +97,7 @@ impl SandboxConfiguration {
         stack_size_override: Option<u64>,
         heap_size_override: Option<u64>,
         interrupt_retry_delay: Duration,
+        interrupt_vcpu_sigrtmin_offset: u8,
         #[cfg(gdb)] guest_debug_info: Option<DebugInfo>,
     ) -> Self {
         Self {
@@ -94,7 +106,7 @@ impl SandboxConfiguration {
             stack_size_override: stack_size_override.unwrap_or(0),
             heap_size_override: heap_size_override.unwrap_or(0),
             interrupt_retry_delay,
-
+            interrupt_vcpu_sigrtmin_offset,
             #[cfg(gdb)]
             guest_debug_info,
         }
@@ -136,6 +148,29 @@ impl SandboxConfiguration {
         self.interrupt_retry_delay
     }
 
+    /// Get the signal offset from `SIGRTMIN` used to determine the signal number for interrupting the VCPU thread
+    pub fn get_interrupt_vcpu_sigrtmin_offset(&self) -> u8 {
+        self.interrupt_vcpu_sigrtmin_offset
+    }
+
+    /// Sets the offset from `SIGRTMIN` to determine the real-time signal used for
+    /// interrupting the VCPU thread.
+    ///
+    /// The final signal number is computed as `SIGRTMIN + offset`, and it must fall within
+    /// the valid range of real-time signals supported by the host system.
+    ///
+    /// Returns Ok(()) if the offset is valid, or an error if it exceeds the maximum real-time signal number.
+    pub fn set_interrupt_vcpu_sigrtmin_offset(&mut self, offset: u8) -> crate::Result<()> {
+        if libc::SIGRTMIN() + offset as c_int > libc::SIGRTMAX() {
+            return Err(crate::new_error!(
+                "Invalid SIGRTMIN offset: {}. It exceeds the maximum real-time signal number.",
+                offset
+            ));
+        }
+        self.interrupt_vcpu_sigrtmin_offset = offset;
+        Ok(())
+    }
+
     /// Sets the configuration for the guest debug
     #[cfg(gdb)]
     #[instrument(skip_all, parent = Span::current(), level= "Trace")]
@@ -195,6 +230,7 @@ impl Default for SandboxConfiguration {
             None,
             None,
             Self::DEFAULT_INTERRUPT_RETRY_DELAY,
+            Self::INTERRUPT_VCPU_SIGRTMIN_OFFSET,
             #[cfg(gdb)]
             None,
         )
@@ -218,6 +254,7 @@ mod tests {
             Some(STACK_SIZE_OVERRIDE),
             Some(HEAP_SIZE_OVERRIDE),
             SandboxConfiguration::DEFAULT_INTERRUPT_RETRY_DELAY,
+            SandboxConfiguration::INTERRUPT_VCPU_SIGRTMIN_OFFSET,
             #[cfg(gdb)]
             None,
         );
@@ -244,6 +281,7 @@ mod tests {
             None,
             None,
             SandboxConfiguration::DEFAULT_INTERRUPT_RETRY_DELAY,
+            SandboxConfiguration::INTERRUPT_VCPU_SIGRTMIN_OFFSET,
             #[cfg(gdb)]
             None,
         );

src/hyperlight_host/src/sandbox/uninitialized_evolve.rs

@@ -88,7 +88,7 @@ where
     let dbg_mem_access_hdl = dbg_mem_access_handler_wrapper(hshm.clone());
 
     #[cfg(target_os = "linux")]
-    setup_signal_handlers()?;
+    setup_signal_handlers(&u_sbox.config)?;
 
     vm.initialise(
         peb_addr,

src/hyperlight_host/src/signal_handlers/mod.rs

@@ -14,12 +14,14 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+use libc::c_int;
+
+use crate::sandbox::SandboxConfiguration;
+
 #[cfg(feature = "seccomp")]
 pub mod sigsys_signal_handler;
 
-pub(crate) const INTERRUPT_VCPU_SIGRTMIN_OFFSET: i32 = 0;
-
-pub(crate) fn setup_signal_handlers() -> crate::Result<()> {
+pub(crate) fn setup_signal_handlers(config: &SandboxConfiguration) -> crate::Result<()> {
     // This is unsafe because signal handlers only allow a very restrictive set of
     // functions (i.e., async-signal-safe functions) to be executed inside them.
     // Anything that performs memory allocations, locks, and others are non-async-signal-safe.
@@ -48,7 +50,7 @@ pub(crate) fn setup_signal_handlers() -> crate::Result<()> {
         }));
     }
     vmm_sys_util::signal::register_signal_handler(
-        libc::SIGRTMIN() + INTERRUPT_VCPU_SIGRTMIN_OFFSET,
+        libc::SIGRTMIN() + config.get_interrupt_vcpu_sigrtmin_offset() as c_int,
         vm_kill_signal,
     )?;
 

src/hyperlight_host/tests/integration_test.rs

@@ -283,6 +283,47 @@ fn interrupt_moved_sandbox() {
     thread2.join().expect("Thread should finish");
 }
 
+#[test]
+fn interrupt_custom_signal_no_and_retry_delay() {
+    env_logger::builder().filter_level(LevelFilter::Info).init();
+    let mut config = SandboxConfiguration::default();
+    config.set_interrupt_vcpu_sigrtmin_offset(0).unwrap();
+    config.set_interrupt_retry_delay(Duration::from_secs(1));
+
+    let mut sbox1: MultiUseSandbox = UninitializedSandbox::new(
+        GuestBinary::FilePath(simple_guest_as_string().unwrap()),
+        Some(config),
+    )
+    .unwrap()
+    .evolve(Noop::default())
+    .unwrap();
+
+    let interrupt_handle = sbox1.interrupt_handle();
+    assert!(!interrupt_handle.dropped()); // not yet dropped
+    let barrier = Arc::new(Barrier::new(2));
+    let barrier2 = barrier.clone();
+
+    const NUM_ITERS: usize = 3;
+
+    let thread = thread::spawn(move || {
+        for _ in 0..NUM_ITERS {
+            barrier2.wait();
+            // wait for the guest call to start
+            thread::sleep(Duration::from_millis(1000));
+            interrupt_handle.kill();
+        }
+    });
+
+    for _ in 0..NUM_ITERS {
+        barrier.wait();
+        let res = sbox1
+            .call_guest_function_by_name::<i32>("Spin", ())
+            .unwrap_err();
+        assert!(matches!(res, HyperlightError::ExecutionCanceledByHost()));
+    }
+    thread.join().expect("Thread should finish");
+}
+
 #[test]
 fn print_four_args_c_guest() {
     let path = c_simple_guest_as_string().unwrap();