Only clear io buffer after unsuccesfull guest call.

ludfjig · ludfjig · commit 57f171610b64 · 2025-08-28T15:23:53.000-07:00
Signed-off-by: Ludvig Liljenberg &lt;4257730+ludfjig@users.noreply.github.com&gt;

Undo stuff that breaks unwinding

Signed-off-by: Ludvig Liljenberg &lt;4257730+ludfjig@users.noreply.github.com&gt;
diff --git a/src/hyperlight_host/src/sandbox/initialized_multi_use.rs b/src/hyperlight_host/src/sandbox/initialized_multi_use.rs
@@ -423,9 +423,14 @@ impl MultiUseSandbox {
                 .get_guest_function_call_result()
         })();
 
-        // TODO: Do we want to allow re-entrant guest function calls?
-        self.get_mgr_wrapper_mut().as_mut().clear_io_buffers();
-
+        // In the happy path we do not need to clear io-buffers from the host because:
+        // - the serialized guest function call is zeroed out by the guest during deserialization, see call to `try_pop_shared_input_data_into::<FunctionCall>()`
+        // - the serialized guest function result is zeroed out by us (the host) during deserialization, see `get_guest_function_call_result`
+        // - any serialized host function call are zeroed out by us (the host) during deserialization, see `get_host_function_call`
+        // - any serialized host function result is zeroed out by the guest during deserialization, see `get_host_return_value`
+        if res.is_err() {
+            self.get_mgr_wrapper_mut().as_mut().clear_io_buffers();
+        }
         res
     }
 
@@ -504,6 +509,25 @@ mod tests {
     use crate::sandbox::SandboxConfiguration;
     use crate::{GuestBinary, HyperlightError, MultiUseSandbox, Result, UninitializedSandbox};
 
+    /// Make sure input/output buffers are properly reset after guest call (with host call)
+    #[test]
+    fn io_buffer_reset() {
+        let mut cfg = SandboxConfiguration::default();
+        cfg.set_input_data_size(4096);
+        cfg.set_output_data_size(4096);
+        let path = simple_guest_as_string().unwrap();
+        let mut sandbox =
+            UninitializedSandbox::new(GuestBinary::FilePath(path), Some(cfg)).unwrap();
+        sandbox.register("HostAdd", |a: i32, b: i32| a + b).unwrap();
+        let mut sandbox = sandbox.evolve().unwrap();
+
+        // will exhaust io if leaky
+        for _ in 0..1000 {
+            let result = sandbox.call::<i32>("Add", (5i32, 10i32)).unwrap();
+            assert_eq!(result, 15);
+        }
+    }
+
     /// Tests that call_guest_function_by_name restores the state correctly
     #[test]
     fn test_call_guest_function_by_name() {
