Add poison state to sandbox #931
Open
+421
−4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com>
ludfjig
added
the
kind/enhancement
ludfjig
requested review from
danbugs,
dblnz,
devigned,
syntactically,
marosset,
jprendes and
simongdavies
as code owners
There was a problem hiding this comment.
Pull Request Overview
This PR introduces sandbox poisoning functionality to prevent further operations when a sandbox is in an inconsistent state that could compromise memory safety. The sandbox becomes poisoned when guest functions abort/panic or when host-initiated execution cancellation occurs.
Key changes:
- Added poisoned state tracking with safety checks across all sandbox operations
- Implemented automatic poison detection for specific error types (GuestAborted, ExecutionCanceledByHost)
- Added recovery mechanisms through snapshot restoration or manual poison clearing
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/hyperlight_host/src/sandbox/initialized_multi_use.rs | Core implementation of poison state tracking, safety checks, and recovery mechanisms |
| src/hyperlight_host/src/error.rs | Added PoisonedSandbox error variant with detailed documentation |
| src/hyperlight_host/tests/integration_test.rs | Updated interrupt tests to clear poison state for continued execution |
| src/hyperlight_host/src/sandbox/snapshot.rs | Added Debug trait to Snapshot struct |
| src/hyperlight_host/src/mem/shared_mem_snapshot.rs | Added Debug trait to SharedMemorySnapshot struct |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a poison state to sandbox in order to prevent further operations when the sandbox is left in an inconsistent state that could compromise memory safety, data integrity, or security. The sandbox becomes poisoned when guest functions abort/panic or when host-initiated execution cancellation occurs, leaving behind leaked heap allocations, corrupted data structures, or unreleased resources.
Poisoned sandboxes will reject all further operations (guest calls, snapshots, memory mapping) until the inconsistent state is resolved through either restoring to a snapshot or manually clearing the poison state.
Closes #848