From de7f94008696f527960611249074a0ad8f0e5a28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 04:35:59 +0000 Subject: [PATCH 1/5] build(deps): bump opentelemetry-otlp from 0.31.0 to 0.31.1 (#1332) Bumps [opentelemetry-otlp](https://github.com/open-telemetry/opentelemetry-rust) from 0.31.0 to 0.31.1. - [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-rust/blob/main/docs/release_0.30.md) - [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.31.0...opentelemetry-otlp-0.31.1) --- updated-dependencies: - dependency-name: opentelemetry-otlp dependency-version: 0.31.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- src/hyperlight_host/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a702a751a..32a35a2ef 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2284,9 +2284,9 @@ dependencies = [ [[package]] name = "opentelemetry-otlp" -version = "0.31.0" +version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a2366db2dca4d2ad033cad11e6ee42844fd727007af5ad04a1730f4cb8163bf" +checksum = "1f69cd6acbb9af919df949cd1ec9e5e7fdc2ef15d234b6b795aaa525cc02f71f" dependencies = [ "http", "opentelemetry", diff --git a/src/hyperlight_host/Cargo.toml b/src/hyperlight_host/Cargo.toml index 80b232538..0e4d97d8b 100644 --- a/src/hyperlight_host/Cargo.toml +++ b/src/hyperlight_host/Cargo.toml @@ -97,7 +97,7 @@ tracing = "0.1.44" tracing-subscriber = {version = "0.3.23", features = ["std", "env-filter"]} tracing-opentelemetry = "0.32.1" opentelemetry = "0.31.0" -opentelemetry-otlp = { version = "0.31.0", default-features = false, features = ["http-proto", "reqwest-blocking-client", "grpc-tonic"] } +opentelemetry-otlp = { version = "0.31.1", default-features = false, features = ["http-proto", "reqwest-blocking-client", "grpc-tonic"] } opentelemetry-semantic-conventions = "0.31" opentelemetry_sdk = { version = "0.31.0", features = ["rt-tokio"] } tokio = { version = "1.50.0", features = ["full"] } From 1e457580e97052783ac1431794bd0837aa529b0e Mon Sep 17 00:00:00 2001 From: James Sturtevant Date: Fri, 20 Mar 2026 09:14:00 -0700 Subject: [PATCH 2/5] Remove Linux-only restriction from map_region on MultiUseSandbox (#1330) * Remove Linux-only restriction from map_region on MultiUseSandbox The map_region method and its tests were gated behind #[cfg(target_os = "linux")] but the underlying VM trait (VirtualMachine::map_memory) has implementations for KVM, MSHV, and WHP (Windows). The method itself contains no platform-specific code. - Remove #[cfg(target_os = "linux")] from map_region, its imports (log_then_return, MemoryRegionFlags), and all related tests/helpers - Fix region_for_memory helper to use platform-correct host base type (HostRegionBase on Windows, usize on Linux) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: James Sturtevant * Add cross-platform host_region_base/end helpers to SharedMemory Replace platform-conditional #[cfg] blocks and verbose turbofish calls with host_region_base() and host_region_end() on SharedMemory. This simplifies mapping_at() and the test region_for_memory helper. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: James Sturtevant --------- Signed-off-by: James Sturtevant Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- src/hyperlight_host/src/mem/shared_mem.rs | 38 ++++++++++++------- .../src/sandbox/initialized_multi_use.rs | 22 ++--------- 2 files changed, 27 insertions(+), 33 deletions(-) diff --git a/src/hyperlight_host/src/mem/shared_mem.rs b/src/hyperlight_host/src/mem/shared_mem.rs index 5c4a1a63f..367722f6d 100644 --- a/src/hyperlight_host/src/mem/shared_mem.rs +++ b/src/hyperlight_host/src/mem/shared_mem.rs @@ -721,14 +721,9 @@ impl GuestSharedMemory { ), }; let guest_base = guest_base as usize; - #[cfg(not(windows))] - let host_base = self.base_addr(); - #[cfg(windows)] - let host_base = self.host_region_base(); - let host_end = ::add(host_base, self.mem_size()); MemoryRegion { guest_region: guest_base..(guest_base + self.mem_size()), - host_region: host_base..host_end, + host_region: self.host_region_base()..self.host_region_end(), region_type, flags, } @@ -779,15 +774,30 @@ pub trait SharedMemory { } /// Extract a base address that can be mapped into a VM for this - /// SharedMemory - #[cfg(target_os = "windows")] - fn host_region_base(&self) -> super::memory_region::HostRegionBase { - super::memory_region::HostRegionBase { - from_handle: self.region().handle.into(), - handle_base: self.region().ptr as usize, - handle_size: self.region().size, - offset: PAGE_SIZE_USIZE, + /// SharedMemory. + /// + /// On Linux this returns a raw `usize` pointer. On Windows it + /// returns a [`HostRegionBase`](super::memory_region::HostRegionBase) + /// that carries the file-mapping handle metadata needed by WHP. + fn host_region_base(&self) -> ::HostBaseType { + #[cfg(not(windows))] + { + self.base_addr() } + #[cfg(windows)] + { + super::memory_region::HostRegionBase { + from_handle: self.region().handle.into(), + handle_base: self.region().ptr as usize, + handle_size: self.region().size, + offset: PAGE_SIZE_USIZE, + } + } + } + + /// Return the end address of the host region (base + usable size). + fn host_region_end(&self) -> ::HostBaseType { + ::add(self.host_region_base(), self.mem_size()) } /// Run some code with exclusive access to the SharedMemory diff --git a/src/hyperlight_host/src/sandbox/initialized_multi_use.rs b/src/hyperlight_host/src/sandbox/initialized_multi_use.rs index 8f147c11c..3c206dc65 100644 --- a/src/hyperlight_host/src/sandbox/initialized_multi_use.rs +++ b/src/hyperlight_host/src/sandbox/initialized_multi_use.rs @@ -32,20 +32,16 @@ use super::file_mapping::prepare_file_cow; use super::host_funcs::FunctionRegistry; use super::snapshot::Snapshot; use crate::HyperlightError::{self, SnapshotSandboxMismatch}; -use crate::Result; use crate::func::{ParameterTuple, SupportedReturnType}; use crate::hypervisor::InterruptHandle; use crate::hypervisor::hyperlight_vm::{HyperlightVm, HyperlightVmError}; -#[cfg(target_os = "linux")] -use crate::log_then_return; -use crate::mem::memory_region::MemoryRegion; -#[cfg(target_os = "linux")] -use crate::mem::memory_region::MemoryRegionFlags; +use crate::mem::memory_region::{MemoryRegion, MemoryRegionFlags}; use crate::mem::mgr::SandboxMemoryManager; use crate::mem::shared_mem::{HostSharedMemory, SharedMemory as _}; use crate::metrics::{ METRIC_GUEST_ERROR, METRIC_GUEST_ERROR_LABEL_CODE, maybe_time_and_emit_guest_call, }; +use crate::{Result, log_then_return}; /// A fully initialized sandbox that can execute guest functions multiple times. /// @@ -525,7 +521,6 @@ impl MultiUseSandbox { /// The caller must ensure the host memory region remains valid and unmodified /// for the lifetime of `self`. #[instrument(err(Debug), skip(self, rgn), parent = Span::current())] - #[cfg(target_os = "linux")] pub unsafe fn map_region(&mut self, rgn: &MemoryRegion) -> Result<()> { if self.poisoned { return Err(crate::HyperlightError::PoisonedSandbox); @@ -914,9 +909,7 @@ mod tests { use hyperlight_testing::sandbox_sizes::{LARGE_HEAP_SIZE, MEDIUM_HEAP_SIZE, SMALL_HEAP_SIZE}; use hyperlight_testing::simple_guest_as_string; - #[cfg(target_os = "linux")] use crate::mem::memory_region::{MemoryRegion, MemoryRegionFlags, MemoryRegionType}; - #[cfg(target_os = "linux")] use crate::mem::shared_mem::{ExclusiveSharedMemory, GuestSharedMemory, SharedMemory as _}; use crate::sandbox::SandboxConfiguration; use crate::{GuestBinary, HyperlightError, MultiUseSandbox, Result, UninitializedSandbox}; @@ -955,7 +948,6 @@ mod tests { } // map_region should fail when poisoned - #[cfg(target_os = "linux")] { let map_mem = allocate_guest_memory(); let guest_base = 0x0; @@ -965,7 +957,6 @@ mod tests { } // map_file_cow should fail when poisoned - #[cfg(target_os = "linux")] { let temp_file = std::env::temp_dir().join("test_poison_map_file.bin"); let res = sbox.map_file_cow(&temp_file, 0x0, None).unwrap_err(); @@ -1227,7 +1218,6 @@ mod tests { } } - #[cfg(target_os = "linux")] #[test] fn test_mmap() { let mut sbox = UninitializedSandbox::new( @@ -1263,7 +1253,6 @@ mod tests { } // Makes sure MemoryRegionFlags::READ | MemoryRegionFlags::EXECUTE executable but not writable - #[cfg(target_os = "linux")] #[test] fn test_mmap_write_exec() { let mut sbox = UninitializedSandbox::new( @@ -1312,7 +1301,6 @@ mod tests { }; } - #[cfg(target_os = "linux")] fn page_aligned_memory(src: &[u8]) -> GuestSharedMemory { use hyperlight_common::mem::PAGE_SIZE_USIZE; @@ -1326,29 +1314,25 @@ mod tests { guest_mem } - #[cfg(target_os = "linux")] fn region_for_memory( mem: &GuestSharedMemory, guest_base: usize, flags: MemoryRegionFlags, ) -> MemoryRegion { - let ptr = mem.base_addr(); let len = mem.mem_size(); MemoryRegion { - host_region: ptr..(ptr + len), + host_region: mem.host_region_base()..mem.host_region_end(), guest_region: guest_base..(guest_base + len), flags, region_type: MemoryRegionType::Heap, } } - #[cfg(target_os = "linux")] fn allocate_guest_memory() -> GuestSharedMemory { page_aligned_memory(b"test data for snapshot") } #[test] - #[cfg(target_os = "linux")] fn snapshot_restore_handles_remapping_correctly() { let mut sbox: MultiUseSandbox = { let path = simple_guest_as_string().unwrap(); From 9049548f883a2ea389dfcd0d99dde9bca0ee4d44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 09:19:45 -0700 Subject: [PATCH 3/5] Bump gdbstub from 0.7.9 to 0.7.10 (#1298) Bumps [gdbstub](https://github.com/daniel5151/gdbstub) from 0.7.9 to 0.7.10. - [Release notes](https://github.com/daniel5151/gdbstub/releases) - [Changelog](https://github.com/daniel5151/gdbstub/blob/master/CHANGELOG.md) - [Commits](https://github.com/daniel5151/gdbstub/compare/0.7.9...0.7.10) --- updated-dependencies: - dependency-name: gdbstub dependency-version: 0.7.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 12 ++++++------ src/hyperlight_host/Cargo.toml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 32a35a2ef..02ac95f5c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1025,16 +1025,16 @@ dependencies = [ [[package]] name = "gdbstub" -version = "0.7.9" +version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bf845b08f7c2ef3b5ad19f80779d43ae20d278652b91bb80adda65baf2d8ed6" +checksum = "5bafc7e33650ab9f05dcc16325f05d56b8d10393114e31a19a353b86fa60cfe7" dependencies = [ "bitflags 2.11.0", "cfg-if", "log", "managed", "num-traits", - "paste", + "pastey", ] [[package]] @@ -2435,10 +2435,10 @@ dependencies = [ ] [[package]] -name = "paste" -version = "1.0.15" +name = "pastey" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" +checksum = "b867cad97c0791bbd3aaa6472142568c6c9e8f71937e98379f584cfb0cf35bec" [[package]] name = "pe-unwind-info" diff --git a/src/hyperlight_host/Cargo.toml b/src/hyperlight_host/Cargo.toml index 0e4d97d8b..df53cd04c 100644 --- a/src/hyperlight_host/Cargo.toml +++ b/src/hyperlight_host/Cargo.toml @@ -21,7 +21,7 @@ bench = false # see https://bheisler.github.io/criterion.rs/book/faq.html#cargo- workspace = true [dependencies] -gdbstub = { version = "0.7.9", optional = true } +gdbstub = { version = "0.7.10", optional = true } gdbstub_arch = { version = "0.3.2", optional = true } goblin = { version = "0.10", default-features = false, features = ["std", "elf32", "elf64", "endian_fd"] } rand = { version = "0.10" } From 53f840f2f09bfb0b57724be70f92eac5fb6af295 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Mar 2026 04:33:36 +0000 Subject: [PATCH 4/5] Bump gdbstub_arch from 0.3.2 to 0.3.3 (#1300) Bumps [gdbstub_arch](https://github.com/daniel5151/gdbstub) from 0.3.2 to 0.3.3. - [Release notes](https://github.com/daniel5151/gdbstub/releases) - [Changelog](https://github.com/daniel5151/gdbstub/blob/master/CHANGELOG.md) - [Commits](https://github.com/daniel5151/gdbstub/commits) --- updated-dependencies: - dependency-name: gdbstub_arch dependency-version: 0.3.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- src/hyperlight_host/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 02ac95f5c..b1bef640f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1039,9 +1039,9 @@ dependencies = [ [[package]] name = "gdbstub_arch" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22dde0e1b68787036ccedd0b1ff6f953527a0e807e571fbe898975203027278f" +checksum = "6c02bfe7bd65f42bcda751456869dfa1eb2bd1c36e309b9ec27f4888d41cf258" dependencies = [ "gdbstub", "num-traits", diff --git a/src/hyperlight_host/Cargo.toml b/src/hyperlight_host/Cargo.toml index df53cd04c..c183037fc 100644 --- a/src/hyperlight_host/Cargo.toml +++ b/src/hyperlight_host/Cargo.toml @@ -22,7 +22,7 @@ workspace = true [dependencies] gdbstub = { version = "0.7.10", optional = true } -gdbstub_arch = { version = "0.3.2", optional = true } +gdbstub_arch = { version = "0.3.3", optional = true } goblin = { version = "0.10", default-features = false, features = ["std", "elf32", "elf64", "endian_fd"] } rand = { version = "0.10" } cfg-if = { version = "1.0.4" } From 9d0c3f71be9a5996a8c65727317d480487b83350 Mon Sep 17 00:00:00 2001 From: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com> Date: Mon, 23 Mar 2026 09:08:09 -0700 Subject: [PATCH 5/5] Defer clearing tlb flush flag (#1333) Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com> --- .../src/hypervisor/hyperlight_vm/x86_64.rs | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/src/hyperlight_host/src/hypervisor/hyperlight_vm/x86_64.rs b/src/hyperlight_host/src/hypervisor/hyperlight_vm/x86_64.rs index e8f21e119..d82f2c58b 100644 --- a/src/hyperlight_host/src/hypervisor/hyperlight_vm/x86_64.rs +++ b/src/hyperlight_host/src/hypervisor/hyperlight_vm/x86_64.rs @@ -292,7 +292,6 @@ impl HyperlightVm { let mut rflags = 1 << 1; // RFLAGS.1 is RES1 if self.pending_tlb_flush { rflags |= 1 << 6; // set ZF if we need a tlb flush done before anything else executes - self.pending_tlb_flush = false; } // set RIP and RSP, reset others let regs = CommonRegisters { @@ -319,13 +318,20 @@ impl HyperlightVm { .set_fpu(&CommonFpu::default()) .map_err(DispatchGuestCallError::SetupRegs)?; - self.run( - mem_mgr, - host_funcs, - #[cfg(gdb)] - dbg_mem_access_fn, - ) - .map_err(DispatchGuestCallError::Run) + let result = self + .run( + mem_mgr, + host_funcs, + #[cfg(gdb)] + dbg_mem_access_fn, + ) + .map_err(DispatchGuestCallError::Run); + + // Clear the TLB flush flag only after run() returns. The guest + // may have been cancelled before it executed the flush. + self.pending_tlb_flush = false; + + result } /// Resets the following vCPU state: