Add back tests that were deleted from guest_dispatch.rs

ludfjig · ludfjig · commit 13efc6bd99af · 2025-05-28T22:57:24.000-07:00
Signed-off-by: Ludvig Liljenberg &lt;4257730+ludfjig@users.noreply.github.com&gt;
diff --git a/src/hyperlight_host/src/sandbox/initialized_multi_use.rs b/src/hyperlight_host/src/sandbox/initialized_multi_use.rs
@@ -295,10 +295,14 @@ where
 
 #[cfg(test)]
 mod tests {
+    use std::thread;
+
+    use crate::Result;
+    use crate::{is_hypervisor_present, HyperlightError};
     use hyperlight_common::flatbuffer_wrappers::function_types::{
         ParameterValue, ReturnType, ReturnValue,
     };
-    use hyperlight_testing::simple_guest_as_string;
+    use hyperlight_testing::{callback_guest_as_string, simple_guest_as_string};
 
     use crate::func::call_ctx::MultiUseGuestCallContext;
     use crate::sandbox::SandboxConfiguration;
@@ -384,4 +388,161 @@ mod tests {
             .unwrap();
         assert_eq!(res, ReturnValue::Int(0));
     }
+
+    #[test]
+    // TODO: Investigate why this test fails with an incorrect error when run alongside other tests
+    #[ignore]
+    fn test_violate_seccomp_filters() -> Result<()> {
+        if cfg!(target_os = "windows") {
+            // This test is not applicable on Windows as seccomp is a Linux-specific feature.
+            return Ok(());
+        }
+
+        if !is_hypervisor_present() {
+            panic!("Panic on create_multi_use_sandbox because no hypervisor is present");
+        }
+
+        fn make_get_pid_syscall() -> Result<u64> {
+            let pid = unsafe { libc::syscall(libc::SYS_getpid) };
+            Ok(pid as u64)
+        }
+
+        // First, run  to make sure it fails.
+        {
+            let mut usbox = UninitializedSandbox::new(
+                GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+                None,
+            )
+            .unwrap();
+
+            usbox.register("MakeGetpidSyscall", make_get_pid_syscall)?;
+
+            let mut sbox: MultiUseSandbox = usbox.evolve(Noop::default())?;
+
+            let res =
+                sbox.call_guest_function_by_name("ViolateSeccompFilters", ReturnType::ULong, None);
+
+            #[cfg(feature = "seccomp")]
+            match res {
+                Ok(_) => panic!("Expected to fail due to seccomp violation"),
+                Err(e) => match e {
+                    HyperlightError::DisallowedSyscall => {}
+                    _ => panic!("Expected DisallowedSyscall error: {}", e),
+                },
+            }
+
+            #[cfg(not(feature = "seccomp"))]
+            match res {
+                Ok(_) => (),
+                Err(e) => panic!("Expected to succeed without seccomp: {}", e),
+            }
+        }
+
+        // Second, run with allowing `SYS_getpid`
+        #[cfg(feature = "seccomp")]
+        {
+            let mut usbox = UninitializedSandbox::new(
+                GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+                None,
+            )
+            .unwrap();
+
+            usbox.register_with_extra_allowed_syscalls(
+                "MakeGetpidSyscall",
+                make_get_pid_syscall,
+                vec![libc::SYS_getpid],
+            )?;
+            // ^^^ note, we are allowing SYS_getpid
+
+            let mut sbox: MultiUseSandbox = usbox.evolve(Noop::default())?;
+
+            let res =
+                sbox.call_guest_function_by_name("ViolateSeccompFilters", ReturnType::ULong, None);
+
+            match res {
+                Ok(_) => {}
+                Err(e) => panic!("Expected to succeed due to seccomp violation: {}", e),
+            }
+        }
+
+        Ok(())
+    }
+
+    // This test is to capture the case where the guest execution is running a host function when cancelled and that host function
+    // is never going to return.
+    // The host function that is called will end after 5 seconds, but by this time the cancellation will have given up
+    // (using default timeout settings)  , so this tests looks for the error "Failed to cancel guest execution".
+    #[test]
+    #[ignore = "We cannot cancel host functions. TODO reenable this test when it's enabled"]
+    fn test_terminate_vcpu_calling_host_spinning_cpu() {
+        // This test relies upon a Hypervisor being present so for now
+        // we will skip it if there isn't one.
+        if !is_hypervisor_present() {
+            println!("Skipping test_call_guest_function_by_name because no hypervisor is present");
+            return;
+        }
+        let mut usbox = UninitializedSandbox::new(
+            GuestBinary::FilePath(callback_guest_as_string().expect("Guest Binary Missing")),
+            None,
+        )
+        .unwrap();
+
+        // Make this host call run for 5 seconds
+
+        fn spin() -> Result<()> {
+            thread::sleep(std::time::Duration::from_secs(5));
+            Ok(())
+        }
+
+        #[cfg(any(target_os = "windows", not(feature = "seccomp")))]
+        usbox.register("Spin", spin).unwrap();
+
+        #[cfg(all(target_os = "linux", feature = "seccomp"))]
+        usbox
+            .register_with_extra_allowed_syscalls("Spin", spin, vec![libc::SYS_clock_nanosleep])
+            .unwrap();
+
+        let sandbox: MultiUseSandbox = usbox.evolve(Noop::default()).unwrap();
+        let mut ctx = sandbox.new_call_context();
+        let result = ctx.call("CallHostSpin", ReturnType::Void, None);
+
+        assert!(result.is_err());
+        match result.unwrap_err() {
+            HyperlightError::GuestExecutionHungOnHostFunctionCall() => {}
+            e => panic!(
+                "Expected HyperlightError::GuestExecutionHungOnHostFunctionCall but got {:?}",
+                e
+            ),
+        }
+    }
+
+    #[test]
+    fn test_trigger_exception_on_guest() {
+        let usbox = UninitializedSandbox::new(
+            GuestBinary::FilePath(simple_guest_as_string().expect("Guest Binary Missing")),
+            None,
+        )
+        .unwrap();
+
+        let mut multi_use_sandbox: MultiUseSandbox = usbox.evolve(Noop::default()).unwrap();
+
+        let res = multi_use_sandbox.call_guest_function_by_name(
+            "TriggerException",
+            ReturnType::Void,
+            None,
+        );
+
+        assert!(res.is_err());
+
+        match res.unwrap_err() {
+            HyperlightError::GuestAborted(_, msg) => {
+                // msg should indicate we got an invalid opcode exception
+                assert!(msg.contains("InvalidOpcode"));
+            }
+            e => panic!(
+                "Expected HyperlightError::GuestExecutionError but got {:?}",
+                e
+            ),
+        }
+    }
 }
diff --git a/src/hyperlight_host/tests/integration_test.rs b/src/hyperlight_host/tests/integration_test.rs
@@ -52,6 +52,16 @@ fn kill_running_vm() {
         .unwrap_err();
     assert!(matches!(res, HyperlightError::ExecutionCanceledByHost()));
 
+    // Make sure we can still call guest functions after the VM was interrupted
+    sbox1
+        .call_guest_function_by_name(
+            "Echo",
+            ReturnType::Int,
+            Some(vec![ParameterValue::String("hello\n".to_string())]),
+        )
+        .unwrap();
+
+    // drop vm to make sure other thread can detect it
     drop(sbox1);
     thread.join().expect("Thread should finish");
 }
