Allow bypass poisoned mutex. This is ok because sandbox is single-threaded

Signed-off-by: Ludvig Liljenberg <[email protected]>

Author: ludfjig

src/hyperlight_host/src/func/host_functions.rs

@@ -179,9 +179,25 @@ macro_rules! impl_host_function {
                 let func = Mutex::new(func);
                 HostFunction {
                     func: Arc::new(move |args: ($($P,)*)| {
-                        func.try_lock()
-                            .map_err(|e| new_error!("Error locking at {}:{}: {}", file!(), line!(), e))?
-                            (args)
+                        match func.try_lock() {
+                            Ok(mut guard) => {
+                                let result = guard(args);
+                                drop(guard);
+                                result
+                            },
+                            Err(poison_err) => {
+                                match poison_err {
+                                    // The previous call to this host function panicked, poisoning the lock.
+                                    // We can clear the poison safely.
+                                    std::sync::TryLockError::Poisoned(guard) => {
+                                        guard.into_inner()(args)
+                                    }
+                                    std::sync::TryLockError::WouldBlock => {
+                                        Err(new_error!("Error locking at {}:{}: mutex would block", file!(), line!()))
+                                    }
+                                }
+                            }
+                        }
                     })
                 }
             }

src/hyperlight_host/src/sandbox/initialized_multi_use.rs

@@ -612,21 +612,23 @@ mod tests {
 
             let mut sbox: MultiUseSandbox = usbox.evolve()?;
 
-            let res: Result<u64> = sbox.call("ViolateSeccompFilters", ());
-
-            #[cfg(feature = "seccomp")]
-            match res {
-                Ok(_) => panic!("Expected to fail due to seccomp violation"),
-                Err(e) => match e {
-                    HyperlightError::DisallowedSyscall => {}
-                    _ => panic!("Expected DisallowedSyscall error: {}", e),
-                },
-            }
+            for _ in 0..10 {
+                let res: Result<u64> = sbox.call("ViolateSeccompFilters", ());
+
+                #[cfg(feature = "seccomp")]
+                match res {
+                    Ok(_) => panic!("Expected to fail due to seccomp violation"),
+                    Err(e) => match e {
+                        HyperlightError::DisallowedSyscall => {}
+                        _ => panic!("Expected DisallowedSyscall error: {}", e),
+                    },
+                }
 
-            #[cfg(not(feature = "seccomp"))]
-            match res {
-                Ok(_) => (),
-                Err(e) => panic!("Expected to succeed without seccomp: {}", e),
+                #[cfg(not(feature = "seccomp"))]
+                match res {
+                    Ok(_) => (),
+                    Err(e) => panic!("Expected to succeed without seccomp: {}", e),
+                }
             }
         }
 
@@ -648,11 +650,13 @@ mod tests {
 
             let mut sbox: MultiUseSandbox = usbox.evolve()?;
 
-            let res: Result<u64> = sbox.call("ViolateSeccompFilters", ());
+            for _ in 0..10 {
+                let res: Result<u64> = sbox.call("ViolateSeccompFilters", ());
 
-            match res {
-                Ok(_) => {}
-                Err(e) => panic!("Expected to succeed due to seccomp violation: {}", e),
+                match res {
+                    Ok(_) => {}
+                    Err(e) => panic!("Expected to succeed due to seccomp violation: {}", e),
+                }
             }
         }