Skip to content

Restructure guest/host error handling #868

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Restructure guest/host error handling #868

wants to merge 10 commits into from

Conversation

ludfjig
Copy link
Contributor

@ludfjig ludfjig commented Sep 5, 2025
edited
Loading

This PR improves error handling between host and guest functions to prevent memory leaks and ensure more reliable deserialization.

Previously, when a host function (invoked from the guest) returned an error, the error was reported immediately without unwinding the guest stack. This left guest-side allocations in an inconsistent state, leading to memory leaks on subsequent entries into the guest.

In addition, error reporting relied on a fragile mechanism: guest errors were manually serialized into a buffer, and the host would attempt to detect them by trying to deserialize an error. If deserialization succeeded, an error was assumed to have occurred. This approach is risky because there was nothing preventing GuestError and FunctionCallResult from possibly having the same serialized format since they are completely separate.

Changes

  • Guest/host function calls now always return a FunctionCallResult, which explicitly represents either Ok or Err.
  • If host function returns an error, it's serialized back into the guest, and the guest will properly unwind, and report it back to the host, fixing a memory leak.

TODO:

For C guests: If host function returns an error, guest will panic when trying to read an expected good value (because there is only an error instead), and leak memory as a result. Will fix this in follow up PR

Closes #826
Closes #497

@ludfjig ludfjig force-pushed the host_error_leak_fix branch 2 times, most recently from d346b32 to 2e45037 Compare September 8, 2025 18:07
@ludfjig ludfjig added the kind/bugfix For PRs that fix bugs label Sep 8, 2025
@ludfjig ludfjig force-pushed the host_error_leak_fix branch 4 times, most recently from 2e83739 to fac5e92 Compare September 9, 2025 17:55
@ludfjig
Add test that fails due memory leaking when host function error occurs
82a763d 
Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig
Update FlatBuffer schema and generation process
f12e463 
- Add all.fbs to include all schema files in one place
- Restructure function_call_result.fbs to use Result-like union
- Add HostError variant to ErrorCode enum in guest_error.fbs
- Update flatbuffer generation command in Justfile to use all.fbs
- Update documentation for new generation process

Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig
Regenerate FlatBuffer generated code
f535594 
Update all generated Rust code based on the new schema definitions.
This includes new types for error handling and result structures.

Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig
Refactor error handling types and utilities
0e16930 
- Update function_types.rs to handle Result-like return values
- Simplify guest_error.rs wrapper implementation
- Update util.rs for new generated types
- Update mod.rs  for new generated types

Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig
Remove obsolete guest error handling
37fb131 
- Remove guest_err.rs from hyperlight_host (replaced by new error handling)
- Remove guest_err.rs from hyperlight_guest_bin (replaced by new error handling)
- Update func/mod.rs to remove obsolete import

Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig
Update host-side error handling
fde8fd1 
- Update initialized_multi_use.rs to use new Result-like error handling
- Update mem/mgr.rs to handle host function errors properly
- Update sandbox/outb.rs for new error propagation pattern

Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig
Update guest-side error handling
b102719 
- Update guest/host_comm.rs to use new Result-like return values
- Update guest_bin/call.rs to properly handle host function errors
- Update guest_bin/lib.rs to remove obsolete error handling import and make GUEST_HANDLE public (for use in C-API)
- Update guest_capi/error.rs to support new error types

Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig
Fix up test to work with new error handling
58900b6 
Update sandbox_host_tests.rs to use the new Result-like error handling pattern.

Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig
Update Cargo dependencies
6b76ba0 
Update Cargo.lock and Cargo.toml files to reflect the dependency changes
needed for the new error handling implementation.

Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig ludfjig force-pushed the host_error_leak_fix branch from fac5e92 to 8818cf5 Compare September 9, 2025 17:56
@ludfjig
Fix test so it passes
ae355d7 
Signed-off-by: Ludvig Liljenberg <[email protected]>
@ludfjig ludfjig force-pushed the host_error_leak_fix branch from 8818cf5 to ae355d7 Compare September 9, 2025 18:10
@ludfjig ludfjig marked this pull request as ready for review September 9, 2025 18:20
@ludfjig ludfjig mentioned this pull request Sep 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danbugs danbugs Awaiting requested review from danbugs danbugs is a code owner

@dblnz dblnz Awaiting requested review from dblnz dblnz is a code owner

@devigned devigned Awaiting requested review from devigned devigned is a code owner

@syntactically syntactically Awaiting requested review from syntactically syntactically is a code owner

@marosset marosset Awaiting requested review from marosset marosset is a code owner

@jprendes jprendes Awaiting requested review from jprendes jprendes is a code owner

@simongdavies simongdavies Awaiting requested review from simongdavies simongdavies is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
kind/bugfix For PRs that fix bugs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Memory Leak in Guest on Error Calling Host Function Confusing ERROR tracing when not actually an error
1 participant
@ludfjig