diff --git a/src/hyperlight_host/src/func/host_functions.rs b/src/hyperlight_host/src/func/host_functions.rs index 3944b0703..abacc138f 100644 --- a/src/hyperlight_host/src/func/host_functions.rs +++ b/src/hyperlight_host/src/func/host_functions.rs @@ -179,9 +179,25 @@ macro_rules! impl_host_function { let func = Mutex::new(func); HostFunction { func: Arc::new(move |args: ($($P,)*)| { - func.try_lock() - .map_err(|e| new_error!("Error locking at {}:{}: {}", file!(), line!(), e))? - (args) + match func.try_lock() { + Ok(mut guard) => { + let result = guard(args); + drop(guard); + result + }, + Err(poison_err) => { + match poison_err { + // The previous call to this host function panicked, poisoning the lock. + // We can clear the poison safely. + std::sync::TryLockError::Poisoned(guard) => { + guard.into_inner()(args) + } + std::sync::TryLockError::WouldBlock => { + Err(new_error!("Error locking at {}:{}: mutex would block", file!(), line!())) + } + } + } + } }) } } diff --git a/src/hyperlight_host/src/sandbox/initialized_multi_use.rs b/src/hyperlight_host/src/sandbox/initialized_multi_use.rs index ecc650c99..931dad533 100644 --- a/src/hyperlight_host/src/sandbox/initialized_multi_use.rs +++ b/src/hyperlight_host/src/sandbox/initialized_multi_use.rs @@ -612,21 +612,23 @@ mod tests { let mut sbox: MultiUseSandbox = usbox.evolve()?; - let res: Result = sbox.call("ViolateSeccompFilters", ()); - - #[cfg(feature = "seccomp")] - match res { - Ok(_) => panic!("Expected to fail due to seccomp violation"), - Err(e) => match e { - HyperlightError::DisallowedSyscall => {} - _ => panic!("Expected DisallowedSyscall error: {}", e), - }, - } + for _ in 0..10 { + let res: Result = sbox.call("ViolateSeccompFilters", ()); + + #[cfg(feature = "seccomp")] + match res { + Ok(_) => panic!("Expected to fail due to seccomp violation"), + Err(e) => match e { + HyperlightError::DisallowedSyscall => {} + _ => panic!("Expected DisallowedSyscall error: {}", e), + }, + } - #[cfg(not(feature = "seccomp"))] - match res { - Ok(_) => (), - Err(e) => panic!("Expected to succeed without seccomp: {}", e), + #[cfg(not(feature = "seccomp"))] + match res { + Ok(_) => (), + Err(e) => panic!("Expected to succeed without seccomp: {}", e), + } } } @@ -648,11 +650,13 @@ mod tests { let mut sbox: MultiUseSandbox = usbox.evolve()?; - let res: Result = sbox.call("ViolateSeccompFilters", ()); + for _ in 0..10 { + let res: Result = sbox.call("ViolateSeccompFilters", ()); - match res { - Ok(_) => {} - Err(e) => panic!("Expected to succeed due to seccomp violation: {}", e), + match res { + Ok(_) => {} + Err(e) => panic!("Expected to succeed due to seccomp violation: {}", e), + } } }