Implement reuse of hypervisor file handles

Copilot · simongdavies · Copilot · commit 1e2faa824734 · 2025-05-19T23:25:16.000Z
Co-authored-by: simongdavies &lt;1397489+simongdavies@users.noreply.github.com&gt;
diff --git a/src/hyperlight_host/src/hypervisor/hyperv_linux.rs b/src/hyperlight_host/src/hypervisor/hyperv_linux.rs
@@ -25,6 +25,7 @@ extern crate mshv_bindings3 as mshv_bindings;
 extern crate mshv_ioctls3 as mshv_ioctls;
 
 use std::fmt::{Debug, Formatter};
+use std::sync::OnceLock;
 
 use log::{error, LevelFilter};
 #[cfg(mshv2)]
@@ -271,17 +272,26 @@ mod debug {
     }
 }
 
+/// Static global MSHV handle to avoid reopening /dev/mshv for every sandbox
+static MSHV_HANDLE: OnceLock<Option<Mshv>> = OnceLock::new();
+
+/// Get the global MSHV handle, initializing it if needed
+#[instrument(skip_all, parent = Span::current(), level = "Trace")]
+pub(crate) fn get_mshv_handle() -> &'static Option<Mshv> {
+    MSHV_HANDLE.get_or_init(|| match Mshv::new() {
+        Ok(mshv) => Some(mshv),
+        Err(e) => {
+            log::info!("MSHV is not available on this system: {}", e);
+            None
+        }
+    })
+}
+
 /// Determine whether the HyperV for Linux hypervisor API is present
 /// and functional.
 #[instrument(skip_all, parent = Span::current(), level = "Trace")]
 pub(crate) fn is_hypervisor_present() -> bool {
-    match Mshv::new() {
-        Ok(_) => true,
-        Err(_) => {
-            log::info!("MSHV is not available on this system");
-            false
-        }
-    }
+    get_mshv_handle().is_some()
 }
 
 /// A Hypervisor driver for HyperV-on-Linux. This hypervisor is often
@@ -317,7 +327,11 @@ impl HypervLinuxDriver {
         pml4_ptr: GuestPtr,
         #[cfg(gdb)] gdb_conn: Option<DebugCommChannel<DebugResponse, DebugMsg>>,
     ) -> Result<Self> {
-        let mshv = Mshv::new()?;
+        let mshv = match get_mshv_handle() {
+            Some(mshv) => mshv.clone(),
+            None => return Err(new_error!("MSHV is not available on this system")),
+        };
+
         let pr = Default::default();
         #[cfg(mshv2)]
         let vm_fd = mshv.create_vm_with_config(&pr)?;
diff --git a/src/hyperlight_host/src/hypervisor/kvm.rs b/src/hyperlight_host/src/hypervisor/kvm.rs
@@ -16,6 +16,7 @@ limitations under the License.
 
 use std::convert::TryFrom;
 use std::fmt::Debug;
+use std::sync::OnceLock;
 #[cfg(gdb)]
 use std::sync::{Arc, Mutex};
 
@@ -42,26 +43,38 @@ use crate::mem::ptr::{GuestPtr, RawPtr};
 use crate::HyperlightError;
 use crate::{log_then_return, new_error, Result};
 
-/// Return `true` if the KVM API is available, version 12, and has UserMemory capability, or `false` otherwise
+/// Static global KVM handle to avoid reopening /dev/kvm for every sandbox
+static KVM_HANDLE: OnceLock<Option<Kvm>> = OnceLock::new();
+
+/// Get the global KVM handle, initializing it if needed
 #[instrument(skip_all, parent = Span::current(), level = "Trace")]
-pub(crate) fn is_hypervisor_present() -> bool {
-    if let Ok(kvm) = Kvm::new() {
-        let api_version = kvm.get_api_version();
-        match api_version {
-            version if version == 12 && kvm.check_extension(UserMemory) => true,
-            12 => {
-                log::info!("KVM does not have KVM_CAP_USER_MEMORY capability");
-                false
-            }
-            version => {
-                log::info!("KVM GET_API_VERSION returned {}, expected 12", version);
-                false
+pub(crate) fn get_kvm_handle() -> &'static Option<Kvm> {
+    KVM_HANDLE.get_or_init(|| match Kvm::new() {
+        Ok(kvm) => {
+            let api_version = kvm.get_api_version();
+            match api_version {
+                version if version == 12 && kvm.check_extension(UserMemory) => Some(kvm),
+                12 => {
+                    log::info!("KVM does not have KVM_CAP_USER_MEMORY capability");
+                    None
+                }
+                version => {
+                    log::info!("KVM GET_API_VERSION returned {}, expected 12", version);
+                    None
+                }
             }
         }
-    } else {
-        log::info!("KVM is not available on this system");
-        false
-    }
+        Err(e) => {
+            log::info!("KVM is not available on this system: {}", e);
+            None
+        }
+    })
+}
+
+/// Return `true` if the KVM API is available, version 12, and has UserMemory capability, or `false` otherwise
+#[instrument(skip_all, parent = Span::current(), level = "Trace")]
+pub(crate) fn is_hypervisor_present() -> bool {
+    get_kvm_handle().is_some()
 }
 
 #[cfg(gdb)]
@@ -300,7 +313,10 @@ impl KVMDriver {
         rsp: u64,
         #[cfg(gdb)] gdb_conn: Option<DebugCommChannel<DebugResponse, DebugMsg>>,
     ) -> Result<Self> {
-        let kvm = Kvm::new()?;
+        let kvm = match get_kvm_handle() {
+            Some(kvm) => kvm.clone(),
+            None => return Err(new_error!("KVM is not available on this system")),
+        };
 
         let vm_fd = kvm.create_vm_with_type(0)?;
 
