Open
Conversation
syntactically
requested review from
danbugs,
dblnz,
devigned,
jprendes,
ludfjig,
marosset and
simongdavies
as code owners
syntactically
added
the
kind/enhancement
syntactically
force-pushed
the
lm/enable-cow
branch
4 times, most recently
from
306fac3 to
c2b03ea
Compare
ludfjig
previously approved these changes
Feb 12, 2026
Contributor
ludfjig
left a comment
ludfjig
left a comment
There was a problem hiding this comment.
LGTM. No feedback other than some nits, feel free to ignore
andreiltd
reviewed
Feb 13, 2026
jsturtevant
reviewed
Feb 17, 2026
Previously, these were inconsistent. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
These values could conflict with those in the SandboxConfiguration also passed in. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
These are, for now, still set up at certain distinguished addresses (at the beginning of the region) that the host and the guest can both compute. In the future, hopefully all of this will be replaced with a more flexible set up based on the ring-buffer I/O design doc. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
In 1f94fb3, some odd behaviour with MSHV and MAP_PRIVATE mappings was noticed. It turns out that this was actually due to the hypervisor pinning the old page structures, which meant that `madvise(MADV_DONTNEED)` resulted in the userspace view of the memory in question becoming completely divorced from the hypervisor view. Switching (back) to MAP_SHARED "fixed" this only because it meant that zeroing was actually ineffective for both the host and the guest (so at least host writes were reflected in the guest): `madvise(2)` notes that shared anonymous mappings will have their contents repopulated on access after an `MADV_DONTNEED`. This commit switches back to `MAP_PRIVATE` (so that the optimisation is correct on KVM, where it works) and disables the optimisation on MSHV, where the scratch region will always be zeroed by writing zeroes to it. The original intent of lazily zeroing/populating the memory will likely only be possible on MSHV with kernel/hypervisor changes for support. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
In preparation for the snapshot becoming immutable, this gets rid of on of the last places that assume identity mapping & require early memory writes in the sandbox. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
There are still a few changes needed to be able to ensure that the host doesn't try to write to the snapshot region before it can be mmap'd readonly into the guest. However, the guest no longer tries to write to the snapshot region. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
This is necessary for now on amd64, where processor page table walks of the guest page tables are treated as writes w.r.t. to the second-level page tables, meaning that no guest page table can ever be in the (mapped readonly at stage 2) snapshot region. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
This is still somewhat broken (see #721), since it relies on the flush_tlb function ending up in the big area around the code that is still identity mapped. So, this code should probably move somewhere else. However, this fixes a very significant bug in the prior code, where the flush_tlb() function called on guest function dispatch could return to the wrong address, due to the correct return address having been pushed onto the wrong page due to a stale TLB entry. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Certain page-table updates that do not require TLB invalidation were previously missing any kind of fence at all to keep table walks coherent. This commit introduces a new barrier for this scenario. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Fix silent merge conflict Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Fix silent merge conflict Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
This fixes some annoying edge cases where the guest .cargo/config.toml vendor file were not picked up. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Avoid using unwrap() to panic in a guest exception handler, in case that code allocates. Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
syntactically
dismissed stale reviews from dblnz, andreiltd, and ludfjig
via
5e239b4
syntactically
force-pushed
the
lm/enable-cow
branch
from
c2b03ea to
5e239b4
Compare
Member
Author
|
@ludfjig @dblnz @simongdavies @jsturtevant any further thoughts on this? |
dblnz
reviewed
Feb 24, 2026
| // Ensure that any tracing output from the initialisation phase is | ||
| // flushed to the host, if necessary. | ||
| #[cfg(all(feature = "trace_guest", target_arch = "x86_64"))] | ||
| hyperlight_guest_tracing::flush(); |
jsturtevant
approved these changes
Feb 24, 2026
Contributor
jsturtevant
left a comment
jsturtevant
left a comment
There was a problem hiding this comment.
Thanks, All my requested changes Look good!
simongdavies
approved these changes
Feb 24, 2026
Contributor
simongdavies
left a comment
simongdavies
left a comment
There was a problem hiding this comment.
LGTM , Great Job !!!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are still a number of things that need to be done before the performance improvements from CoW will actually be apparent (e.g. making it possible to mmap the snapshot mapping readonly directly from the page cache, rather than copy it into a SharedMemory).