Move debug_interrupt AtomicBool into state AtomicU64

Signed-off-by: Ludvig Liljenberg <[email protected]>

Author: ludfjig

docs/cancellation.md

@@ -12,14 +12,14 @@ Hyperlight provides a mechanism to forcefully interrupt guest execution through
 
 The `LinuxInterruptHandle` uses a packed atomic u64 to track execution state:
 
-- **state (AtomicU64)**: Packs two bits:
+- **state (AtomicU64)**: Packs three bits:
+  - **Bit 2 (DEBUG_INTERRUPT_BIT)**: Set when debugger interrupt is requested (gdb feature only)
   - **Bit 1 (RUNNING_BIT)**: Set when vCPU is actively running in guest mode
   - **Bit 0 (CANCEL_BIT)**: Set when cancellation has been requested via `kill()`
 - **tid (AtomicU64)**: Thread ID where the vCPU is running
-- **debug_interrupt (AtomicBool)**: Set when debugger interrupt is requested (gdb feature only)
 - **dropped (AtomicBool)**: Set when the corresponding VM has been dropped
 
-The packed state enables atomic reads of both RUNNING_BIT and CANCEL_BIT simultaneously via `get_running_and_cancel()`. Within a single `VirtualCPU::run()` call, the CANCEL_BIT remains set across vcpu exits and re-entries (such as when calling host functions), ensuring cancellation persists until the guest call completes. However, `clear_cancel()` resets the CANCEL_BIT at the beginning of each new guest function call (specifically in `MultiUseSandbox::call`, before `VirtualCPU::run()` is called), preventing cancellation requests from affecting subsequent guest function calls.
+The packed state enables atomic reads of RUNNING_BIT, CANCEL_BIT and DEBUG_INTERRUPT_BIT simultaneously via `get_running_cancel_debug()`. Within a single `VirtualCPU::run()` call, the CANCEL_BIT remains set across vcpu exits and re-entries (such as when calling host functions), ensuring cancellation persists until the guest call completes. However, `clear_cancel()` resets the CANCEL_BIT at the beginning of each new guest function call (specifically in `MultiUseSandbox::call`, before `VirtualCPU::run()` is called), preventing cancellation requests from affecting subsequent guest function calls.
 
 ### Signal Mechanism
 
@@ -176,9 +176,9 @@ sequenceDiagram
    - Ensures all writes before `kill()` are visible when vCPU thread checks `is_cancelled()` with `Acquire`
 
 2. **Send Signals**: Enter retry loop via `send_signal()`
-   - Atomically load both running and cancel flags via `get_running_and_cancel()` with `Acquire` ordering
-   - Continue if `running=true AND cancel=true` (or `running=true AND debug_interrupt=true` with gdb)
-   - Exit loop immediately if `running=false OR cancel=false`
+   - Atomically load running, cancel and debug flags via `get_running_cancel_debug()` with `Acquire` ordering
+   - Continue if `running=true AND cancel=true` (or `running=true AND debug=true` with gdb)
+   - Exit loop immediately if `running=false OR (cancel=false AND debug=false)`
 
 3. **Signal Delivery**: Send `SIGRTMIN+offset` via `pthread_kill`
    - Signal interrupts the `ioctl` that runs the vCPU, causing `EINTR`
@@ -209,7 +209,7 @@ graph TB
         F[send_signal<br/>Load running with Acquire]
         G[Load tid with Acquire]
         H[pthread_kill]
-        I[kill_from_debugger<br/>Store debug_interrupt<br/>with Release]
+        I[kill_from_debugger<br/>fetch_or DEBUG_INTERRUPT_BIT<br/>with Release]
     end
     
     B -->|Synchronizes-with| F
@@ -255,8 +255,7 @@ While the core cancellation mechanism follows the same conceptual model on Windo
 
 The `WindowsInterruptHandle` uses a simpler structure compared to Linux:
 
-- **state (AtomicU64)**: Packs the same two bits (RUNNING_BIT and CANCEL_BIT)
-- **debug_interrupt (AtomicBool)**: Set when debugger interrupt is requested (gdb feature only)
+- **state (AtomicU64)**: Packs three bits (RUNNING_BIT, CANCEL_BIT and DEBUG_INTERRUPT_BIT)
 - **partition_handle**: Windows Hyper-V partition handle for the VM
 - **dropped (AtomicBool)**: Set when the corresponding VM has been dropped
 

src/hyperlight_host/src/hypervisor/hyperv_linux.rs

@@ -376,8 +376,6 @@ impl HypervLinuxDriver {
 
         let interrupt_handle: Arc<dyn InterruptHandleImpl> = Arc::new(LinuxInterruptHandle {
             state: AtomicU64::new(0),
-            #[cfg(gdb)]
-            debug_interrupt: AtomicBool::new(false),
             #[cfg(all(
                 target_arch = "x86_64",
                 target_vendor = "unknown",

src/hyperlight_host/src/hypervisor/hyperv_windows.rs

@@ -325,8 +325,6 @@ impl HypervWindowsDriver {
 
         let interrupt_handle = Arc::new(WindowsInterruptHandle {
             state: AtomicU64::new(0),
-            #[cfg(gdb)]
-            debug_interrupt: AtomicBool::new(false),
             partition_handle,
             dropped: AtomicBool::new(false),
         });

src/hyperlight_host/src/hypervisor/kvm.rs

@@ -334,8 +334,6 @@ impl KVMDriver {
 
         let interrupt_handle: Arc<dyn InterruptHandleImpl> = Arc::new(LinuxInterruptHandle {
             state: AtomicU64::new(0),
-            #[cfg(gdb)]
-            debug_interrupt: AtomicBool::new(false),
             #[cfg(all(
                 target_arch = "x86_64",
                 target_vendor = "unknown",

src/hyperlight_host/src/hypervisor/mod.rs

@@ -582,6 +582,7 @@ pub(super) struct LinuxInterruptHandle {
     /// Atomic value packing vcpu execution state.
     ///
     /// Bit layout:
+    /// - Bit 2: DEBUG_INTERRUPT_BIT - set when debugger interrupt is requested
     /// - Bit 1: RUNNING_BIT - set when vcpu is actively running
     /// - Bit 0: CANCEL_BIT - set when cancellation has been requested
     ///
@@ -595,11 +596,6 @@ pub(super) struct LinuxInterruptHandle {
     /// but at most one VM will have RUNNING_BIT set at any given time.
     tid: AtomicU64,
 
-    /// Debugger interrupt flag (gdb feature only).
-    /// Set when `kill_from_debugger()` is called, cleared when vcpu stops running.
-    #[cfg(gdb)]
-    debug_interrupt: AtomicBool,
-
     /// Whether the corresponding VM has been dropped.
     dropped: AtomicBool,
 
@@ -614,33 +610,35 @@ pub(super) struct LinuxInterruptHandle {
 impl LinuxInterruptHandle {
     const RUNNING_BIT: u64 = 1 << 1;
     const CANCEL_BIT: u64 = 1 << 0;
+    #[cfg(gdb)]
+    const DEBUG_INTERRUPT_BIT: u64 = 1 << 2;
 
-    /// Get the running and cancel flags atomically.
+    /// Get the running, cancel and debug flags atomically.
     ///
     /// # Memory Ordering
     /// Uses `Acquire` ordering to synchronize with the `Release` in `set_running()` and `kill()`.
     /// This ensures that when we observe running=true, we also see the correct `tid` value.
-    fn get_running_and_cancel(&self) -> (bool, bool) {
+    fn get_running_cancel_debug(&self) -> (bool, bool, bool) {
         let state = self.state.load(Ordering::Acquire);
         let running = state & Self::RUNNING_BIT != 0;
         let cancel = state & Self::CANCEL_BIT != 0;
-        (running, cancel)
+        #[cfg(gdb)]
+        let debug = state & Self::DEBUG_INTERRUPT_BIT != 0;
+        #[cfg(not(gdb))]
+        let debug = false;
+        (running, cancel, debug)
     }
 
     fn send_signal(&self) -> bool {
         let signal_number = libc::SIGRTMIN() + self.sig_rt_min_offset as libc::c_int;
         let mut sent_signal = false;
 
         loop {
-            let (running, cancel) = self.get_running_and_cancel();
+            let (running, cancel, debug) = self.get_running_cancel_debug();
 
             // Check if we should continue sending signals
             // Exit if not running OR if neither cancel nor debug_interrupt is set
-            #[cfg(gdb)]
-            let should_continue =
-                running && (cancel || self.debug_interrupt.load(Ordering::Acquire));
-            #[cfg(not(gdb))]
-            let should_continue = running && cancel;
+            let should_continue = running && (cancel || debug);
 
             if !should_continue {
                 break;
@@ -698,7 +696,7 @@ impl InterruptHandleImpl for LinuxInterruptHandle {
     fn is_debug_interrupted(&self) -> bool {
         #[cfg(gdb)]
         {
-            self.debug_interrupt.load(Ordering::Acquire)
+            self.state.load(Ordering::Acquire) & Self::DEBUG_INTERRUPT_BIT != 0
         }
         #[cfg(not(gdb))]
         {
@@ -708,7 +706,8 @@ impl InterruptHandleImpl for LinuxInterruptHandle {
 
     #[cfg(gdb)]
     fn clear_debug_interrupt(&self) {
-        self.debug_interrupt.store(false, Ordering::Release);
+        self.state
+            .fetch_and(!Self::DEBUG_INTERRUPT_BIT, Ordering::Release);
     }
 
     fn set_dropped(&self) {
@@ -731,7 +730,8 @@ impl InterruptHandle for LinuxInterruptHandle {
 
     #[cfg(gdb)]
     fn kill_from_debugger(&self) -> bool {
-        self.debug_interrupt.store(true, Ordering::Release);
+        self.state
+            .fetch_or(Self::DEBUG_INTERRUPT_BIT, Ordering::Release);
         self.send_signal()
     }
     fn dropped(&self) -> bool {
@@ -747,6 +747,7 @@ pub(super) struct WindowsInterruptHandle {
     /// Atomic value packing vcpu execution state.
     ///
     /// Bit layout:
+    /// - Bit 2: DEBUG_INTERRUPT_BIT - set when debugger interrupt is requested
     /// - Bit 1: RUNNING_BIT - set when vcpu is actively running
     /// - Bit 0: CANCEL_BIT - set when cancellation has been requested
     ///
@@ -757,9 +758,6 @@ pub(super) struct WindowsInterruptHandle {
     /// (e.g., during host function calls), but is cleared at the start of each new `VirtualCPU::run()` call.
     state: AtomicU64,
 
-    // This is used to signal the GDB thread to stop the vCPU
-    #[cfg(gdb)]
-    debug_interrupt: AtomicBool,
     partition_handle: windows::Win32::System::Hypervisor::WHV_PARTITION_HANDLE,
     dropped: AtomicBool,
 }
@@ -768,6 +766,8 @@ pub(super) struct WindowsInterruptHandle {
 impl WindowsInterruptHandle {
     const RUNNING_BIT: u64 = 1 << 1;
     const CANCEL_BIT: u64 = 1 << 0;
+    #[cfg(gdb)]
+    const DEBUG_INTERRUPT_BIT: u64 = 1 << 2;
 }
 
 #[cfg(target_os = "windows")]
@@ -792,15 +792,18 @@ impl InterruptHandleImpl for WindowsInterruptHandle {
 
     fn clear_running(&self) {
         // Release ordering to ensure all vcpu operations are visible before clearing running
-        self.state.fetch_and(!Self::RUNNING_BIT, Ordering::Release);
+        let mut mask = !Self::RUNNING_BIT;
         #[cfg(gdb)]
-        self.debug_interrupt.store(false, Ordering::Release);
+        {
+            mask &= !Self::DEBUG_INTERRUPT_BIT;
+        }
+        self.state.fetch_and(mask, Ordering::Release);
     }
 
     fn is_debug_interrupted(&self) -> bool {
         #[cfg(gdb)]
         {
-            self.debug_interrupt.load(Ordering::Acquire)
+            self.state.load(Ordering::Acquire) & Self::DEBUG_INTERRUPT_BIT != 0
         }
         #[cfg(not(gdb))]
         {
@@ -810,8 +813,8 @@ impl InterruptHandleImpl for WindowsInterruptHandle {
 
     #[cfg(gdb)]
     fn clear_debug_interrupt(&self) {
-        #[cfg(gdb)]
-        self.debug_interrupt.store(false, Ordering::Release);
+        self.state
+            .fetch_and(!Self::DEBUG_INTERRUPT_BIT, Ordering::Release);
     }
 
     fn set_dropped(&self) {
@@ -843,7 +846,8 @@ impl InterruptHandle for WindowsInterruptHandle {
     fn kill_from_debugger(&self) -> bool {
         use windows::Win32::System::Hypervisor::WHvCancelRunVirtualProcessor;
 
-        self.debug_interrupt.store(true, Ordering::Release);
+        self.state
+            .fetch_or(Self::DEBUG_INTERRUPT_BIT, Ordering::Release);
         // Acquire ordering to synchronize with the Release in set_running()
         let state = self.state.load(Ordering::Acquire);
         if state & Self::RUNNING_BIT != 0 {