Improve InterruptHandle::kill() documentation and clarify boolean return value #1121
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -166,7 +166,6 @@ sequenceDiagram | |
| end | ||
|
|
||
| deactivate IH | ||
| deactivate IH | ||
| ``` | ||
|
|
||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -208,12 +208,13 @@ pub(crate) trait InterruptHandleImpl: InterruptHandle { | |
| pub trait InterruptHandle: Send + Sync + Debug { | ||
| /// Interrupt the corresponding sandbox from running. | ||
| /// | ||
| /// This method sets a cancellation flag that prevents or stops the execution of guest code: | ||
| /// - If called while the sandbox is currently executing a guest function, it will interrupt the vCPU. | ||
| /// - If called before the sandbox starts executing (e.g., before a guest function call), it will prevent execution from starting. | ||
| /// | ||
| /// # Note | ||
| /// This function will block for the duration of the time it takes for the vcpu thread to be interrupted. | ||
| fn kill(&self); | ||
|
|
||
| /// Used by a debugger to interrupt the corresponding sandbox from running. | ||
| /// | ||
|
|
@@ -374,13 +375,13 @@ impl InterruptHandleImpl for LinuxInterruptHandle { | |
|
|
||
| #[cfg(any(kvm, mshv3))] | ||
| impl InterruptHandle for LinuxInterruptHandle { | ||
| fn kill(&self) { | ||
| // Release ordering ensures that any writes before kill() are visible to the vcpu thread | ||
| // when it checks is_cancelled() with Acquire ordering | ||
| self.state.fetch_or(Self::CANCEL_BIT, Ordering::Release); | ||
|
|
||
| // Send signals to interrupt the vcpu if it's currently running | ||
| self.send_signal(); | ||
| } | ||
|
|
||
| #[cfg(gdb)] | ||
|
|
@@ -513,7 +514,7 @@ impl InterruptHandleImpl for WindowsInterruptHandle { | |
|
|
||
| #[cfg(target_os = "windows")] | ||
| impl InterruptHandle for WindowsInterruptHandle { | ||
| fn kill(&self) { | ||
| use windows::Win32::System::Hypervisor::WHvCancelRunVirtualProcessor; | ||
|
|
||
| // Release ordering ensures that any writes before kill() are visible to the vcpu thread | ||
|
|
@@ -524,7 +525,7 @@ impl InterruptHandle for WindowsInterruptHandle { | |
| // This ensures we see the running state set by the vcpu thread | ||
| let state = self.state.load(Ordering::Acquire); | ||
| if state & Self::RUNNING_BIT == 0 { | ||
| return; | ||
| } | ||
|
|
||
| // Take read lock to prevent race with WHvDeletePartition in set_dropped(). | ||
|
|
@@ -534,15 +535,19 @@ impl InterruptHandle for WindowsInterruptHandle { | |
| Ok(guard) => guard, | ||
| Err(e) => { | ||
| log::error!("Failed to acquire partition_state read lock: {}", e); | ||
| return; | ||
| } | ||
| }; | ||
|
|
||
| if guard.dropped { | ||
| return; | ||
| } | ||
|
|
||
|
Contributor
There was a problem hiding this comment. @copilot Lets skip this, we have logging in other places
Contributor
Author
There was a problem hiding this comment. Removed the error logging for WHvCancelRunVirtualProcessor in commit 8b7a60c. The method now simply returns |
||
| unsafe { | ||
| if let Err(e) = WHvCancelRunVirtualProcessor(guard.handle, 0, 0) { | ||
| log::error!("Failed to cancel running virtual processor: {}", e); | ||
| } | ||
| }; | ||
|
Contributor
There was a problem hiding this comment. @ludfjig it seems the boolean here was useful information?
Contributor
There was a problem hiding this comment. yes but it would return false when cancelling before vcpu started executing.
Contributor
There was a problem hiding this comment. I am leaning towards keeping the bool and changing the wording in the docs since the linux implementation also returned a boolean before this. I am not a big fan of this change
Contributor
There was a problem hiding this comment. I'm open to that idea too.
Contributor
There was a problem hiding this comment. @copilot Lets keep the bool and update the comment to match the usage, specifically that it does not mean that it was success but that the signal was sent on linux and on windows it means true means it was killed but false could mean other things
Contributor
Author
There was a problem hiding this comment. Restored the boolean return value and updated the documentation in commit 0daa0fd. The docs now clarify that:
All test assertions have been restored. |
||
| } | ||
| #[cfg(gdb)] | ||
| fn kill_from_debugger(&self) -> bool { | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@copilot This sentence is not entirely accurate. If called before a guest call, indeed the kill() is ignored. But if called after guest call, but before entering the guest, it is still effective. Please analyze the code and update the docs to accurately describe the behavior of kill() to make it easier for readers to understand what kill() does
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated the documentation to accurately describe the timing behavior. The key clarification is that
kill()is only ignored if called beforeclear_cancel()in the guest function call lifecycle. If called after that point but before entering guest code, it will still prevent execution. See commit 5350a8c.