diff --git a/src/hyperlight_host/src/signal_handlers/mod.rs b/src/hyperlight_host/src/signal_handlers/mod.rs index db52035d5..1644a7206 100644 --- a/src/hyperlight_host/src/signal_handlers/mod.rs +++ b/src/hyperlight_host/src/signal_handlers/mod.rs @@ -29,26 +29,31 @@ pub(crate) fn setup_signal_handlers(config: &SandboxConfiguration) -> crate::Res // should be safe to call. #[cfg(feature = "seccomp")] { + use std::sync::Once; + vmm_sys_util::signal::register_signal_handler( libc::SIGSYS, sigsys_signal_handler::handle_sigsys, ) .map_err(crate::HyperlightError::VmmSysError)?; - let original_hook = std::panic::take_hook(); - // Set a custom panic hook that checks for "DisallowedSyscall" - std::panic::set_hook(Box::new(move |panic_info| { - // Check if the panic payload matches "DisallowedSyscall" - if let Some(crate::HyperlightError::DisallowedSyscall) = panic_info - .payload() - .downcast_ref::( - ) { - // Do nothing to avoid superfluous syscalls - return; - } - // If not "DisallowedSyscall", use the original hook - original_hook(panic_info); - })); + static PANIC_HOOK_INIT: Once = Once::new(); + PANIC_HOOK_INIT.call_once(|| { + let original_hook = std::panic::take_hook(); + // Set a custom panic hook that checks for "DisallowedSyscall" + std::panic::set_hook(Box::new(move |panic_info| { + // Check if the panic payload matches "DisallowedSyscall" + if let Some(crate::HyperlightError::DisallowedSyscall) = panic_info + .payload() + .downcast_ref::( + ) { + // Do nothing to avoid superfluous syscalls + return; + } + // If not "DisallowedSyscall", use the original hook + original_hook(panic_info); + })); + }); } vmm_sys_util::signal::register_signal_handler( libc::SIGRTMIN() + config.get_interrupt_vcpu_sigrtmin_offset() as c_int,