Fix leaky stack discovered by fuzzing host functions

Signed-off-by: Ludvig Liljenberg <lliljenberg@microsoft.com>
hyperlight-dev · Mar 5, 2025 · b4204f0 · b4204f0
1 parent e6baad3
commit b4204f0
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 43 deletions.
diff --git a/src/hyperlight_host/src/hypervisor/hyperv_linux.rs b/src/hyperlight_host/src/hypervisor/hyperv_linux.rs
@@ -231,12 +231,6 @@ impl Hypervisor for HypervLinuxDriver {
             dbg_mem_access_fn,
         )?;
 
-        // reset RSP to what it was before initialise
-        self.vcpu_fd.set_regs(&StandardRegisters {
-            rsp: self.orig_rsp.absolute()?,
-            rflags: 2, //bit 1 of rlags is required to be set
-            ..Default::default()
-        })?;
         Ok(())
     }
 
@@ -249,11 +243,10 @@ impl Hypervisor for HypervLinuxDriver {
         hv_handler: Option<HypervisorHandler>,
         #[cfg(gdb)] dbg_mem_access_fn: DbgMemAccessHandlerWrapper,
     ) -> Result<()> {
-        // Reset general purpose registers except RSP, then set RIP
-        let rsp_before = self.vcpu_fd.get_regs()?.rsp;
+        // Reset general purpose registers, then set RIP and RSP
         let regs = StandardRegisters {
             rip: dispatch_func_addr.into(),
-            rsp: rsp_before,
+            rsp: self.orig_rsp.absolute()?,
             rflags: 2, //bit 1 of rlags is required to be set
             ..Default::default()
         };
@@ -278,12 +271,6 @@ impl Hypervisor for HypervLinuxDriver {
             dbg_mem_access_fn,
         )?;
 
-        // reset RSP to what it was before function call
-        self.vcpu_fd.set_regs(&StandardRegisters {
-            rsp: rsp_before,
-            rflags: 2, //bit 1 of rlags is required to be set
-            ..Default::default()
-        })?;
         Ok(())
     }
 

diff --git a/src/hyperlight_host/src/hypervisor/hyperv_windows.rs b/src/hyperlight_host/src/hypervisor/hyperv_windows.rs
@@ -333,12 +333,6 @@ impl Hypervisor for HypervWindowsDriver {
             dbg_mem_access_hdl,
         )?;
 
-        // reset RSP to what it was before initialise
-        self.processor
-            .set_general_purpose_registers(&WHvGeneralRegisters {
-                rsp: self.orig_rsp.absolute()?,
-                ..Default::default()
-            })?;
         Ok(())
     }
 
@@ -351,11 +345,10 @@ impl Hypervisor for HypervWindowsDriver {
         hv_handler: Option<HypervisorHandler>,
         #[cfg(gdb)] dbg_mem_access_hdl: DbgMemAccessHandlerWrapper,
     ) -> Result<()> {
-        // Reset general purpose registers except RSP, then set RIP
-        let rsp_before = self.processor.get_regs()?.rsp;
+        // Reset general purpose registers, then set RIP and RSP
         let regs = WHvGeneralRegisters {
             rip: dispatch_func_addr.into(),
-            rsp: rsp_before,
+            rsp: self.orig_rsp.absolute()?,
             rflags: 1 << 1, // eflags bit index 1 is reserved and always needs to be 1
             ..Default::default()
         };
@@ -378,12 +371,6 @@ impl Hypervisor for HypervWindowsDriver {
             dbg_mem_access_hdl,
         )?;
 
-        // reset RSP to what it was before function call
-        self.processor
-            .set_general_purpose_registers(&WHvGeneralRegisters {
-                rsp: rsp_before,
-                ..Default::default()
-            })?;
         Ok(())
     }
 

diff --git a/src/hyperlight_host/src/hypervisor/kvm.rs b/src/hyperlight_host/src/hypervisor/kvm.rs
@@ -729,11 +729,6 @@ impl Hypervisor for KVMDriver {
             dbg_mem_access_fn,
         )?;
 
-        // reset RSP to what it was before initialise
-        self.vcpu_fd.set_regs(&kvm_regs {
-            rsp: self.orig_rsp.absolute()?,
-            ..Default::default()
-        })?;
         Ok(())
     }
 
@@ -746,11 +741,10 @@ impl Hypervisor for KVMDriver {
         hv_handler: Option<HypervisorHandler>,
         #[cfg(gdb)] dbg_mem_access_fn: DbgMemAccessHandlerWrapper,
     ) -> Result<()> {
-        // Reset general purpose registers except RSP, then set RIP
-        let rsp_before = self.vcpu_fd.get_regs()?.rsp;
+        // Reset general purpose registers, then set RIP and RSP
         let regs = kvm_regs {
             rip: dispatch_func_addr.into(),
-            rsp: rsp_before,
+            rsp: self.orig_rsp.absolute()?,
             ..Default::default()
         };
         self.vcpu_fd.set_regs(&regs)?;
@@ -774,11 +768,6 @@ impl Hypervisor for KVMDriver {
             dbg_mem_access_fn,
         )?;
 
-        // reset RSP to what it was before function call
-        self.vcpu_fd.set_regs(&kvm_regs {
-            rsp: rsp_before,
-            ..Default::default()
-        })?;
         Ok(())
     }