Use WHvResetPartition to clear guest-visible state on restore()

Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com>

Author: ludfjig

Justfile

@@ -1,6 +1,6 @@
 import 'c.just'
 
-set windows-shell := ["pwsh.exe", "-NoLogo", "-Command"]
+set windows-shell := ["pwsh.exe", "-NoLogo", "-NoProfile", "-Command"]
 set dotenv-load := true
 
 set-env-command := if os() == "windows" { "$env:" } else { "export " }
@@ -315,6 +315,11 @@ clippy target=default-target: (witguest-wit)
 clippyw target=default-target: (witguest-wit)
     {{ cargo-cmd }} clippy --all-targets --all-features --target x86_64-pc-windows-gnu --profile={{ if target == "debug" { "dev" } else { target } }}  -- -D warnings
 
+# Cross-check for linux from a windows host using clippy (no linking needed).
+# Only checks lib targets to avoid dev-dependencies (criterion->alloca) that need a C cross-compiler.
+clippyl target=default-target:
+    {{ cargo-cmd }} clippy --lib --all-features --target x86_64-unknown-linux-gnu --profile={{ if target == "debug" { "dev" } else { target } }}  -- -D warnings
+
 clippy-guests target=default-target: (witguest-wit) (ensure-cargo-hyperlight)
     cd src/tests/rust_guests/simpleguest && cargo hyperlight clippy --profile={{ if target == "debug" { "dev" } else { target } }} -- -D warnings
     cd src/tests/rust_guests/witguest && cargo hyperlight clippy --profile={{ if target == "debug" { "dev" } else { target } }} -- -D warnings

src/hyperlight_host/src/hypervisor/hyperlight_vm/x86_64.rs

@@ -40,9 +40,9 @@ use crate::hypervisor::gdb::{
 };
 #[cfg(gdb)]
 use crate::hypervisor::gdb::{DebugError, DebugMemoryAccessError};
-use crate::hypervisor::regs::{
-    CommonDebugRegs, CommonFpu, CommonRegisters, CommonSpecialRegisters,
-};
+#[cfg(not(target_os = "windows"))]
+use crate::hypervisor::regs::CommonDebugRegs;
+use crate::hypervisor::regs::{CommonFpu, CommonRegisters, CommonSpecialRegisters};
 #[cfg(not(gdb))]
 use crate::hypervisor::virtual_machine::VirtualMachine;
 #[cfg(kvm)]
@@ -330,22 +330,29 @@ impl HyperlightVm {
     }
 
     /// Resets the following vCPU state:
-    /// - General purpose registers
-    /// - Debug registers
-    /// - XSAVE (includes FPU/SSE state with proper FCW and MXCSR defaults)
-    /// - Special registers (restored from snapshot, with CR3 updated to new page table location)
+    /// - On Windows: calls WHvResetPartition (resets all per-VP state including
+    ///   GP registers, debug registers, XSAVE, MSRs, APIC, etc.)
+    /// - On Linux: explicitly resets GP registers, debug registers, and XSAVE
+    /// - On all platforms: restores special registers from snapshot with CR3
+    ///   updated to new page table location
     // TODO: check if other state needs to be reset
     pub(crate) fn reset_vcpu(
         &mut self,
         cr3: u64,
         sregs: &CommonSpecialRegisters,
     ) -> std::result::Result<(), RegisterError> {
-        self.vm.set_regs(&CommonRegisters {
-            rflags: 1 << 1, // Reserved bit always set
-            ..Default::default()
-        })?;
-        self.vm.set_debug_regs(&CommonDebugRegs::default())?;
-        self.vm.reset_xsave()?;
+        #[cfg(target_os = "windows")]
+        self.vm.reset_partition()?;
+
+        #[cfg(not(target_os = "windows"))]
+        {
+            self.vm.set_regs(&CommonRegisters {
+                rflags: 1 << 1, // Reserved bit always set
+                ..Default::default()
+            })?;
+            self.vm.set_debug_regs(&CommonDebugRegs::default())?;
+            self.vm.reset_xsave()?;
+        }
 
         #[cfg(not(feature = "nanvix-unstable"))]
         {
@@ -880,7 +887,9 @@ mod tests {
     use super::*;
     #[cfg(kvm)]
     use crate::hypervisor::regs::FP_CONTROL_WORD_DEFAULT;
-    use crate::hypervisor::regs::{CommonSegmentRegister, CommonTableRegister, MXCSR_DEFAULT};
+    use crate::hypervisor::regs::{
+        CommonDebugRegs, CommonSegmentRegister, CommonTableRegister, MXCSR_DEFAULT,
+    };
     use crate::hypervisor::virtual_machine::VirtualMachine;
     use crate::mem::layout::SandboxMemoryLayout;
     use crate::mem::memory_region::{GuestMemoryRegion, MemoryRegionFlags};
@@ -1184,9 +1193,18 @@ mod tests {
     // Assertion Helpers - Verify vCPU state after reset
     // ==========================================================================
 
-    /// Assert that debug registers are in reset state.
-    /// Reserved bits in DR6/DR7 are read-only (set by CPU), so we only check
-    /// that writable bits are cleared to 0 and DR0-DR3 are zeroed.
+    /// Assert that debug registers are in architectural reset state.
+    ///
+    /// On Linux (KVM/MSHV): reset_vcpu explicitly zeroes debug registers.
+    ///
+    /// On Windows: WHvResetPartition resets to power-on defaults per
+    /// Intel SDM Vol. 3, Table 10-1:
+    ///   DR0-DR3 = 0 (breakpoint addresses cleared)
+    ///   DR6 = 0xFFFF0FF0 (reserved bits set, writable bits cleared)
+    ///   DR7 = 0x00000400 (reserved bit 10 set, all enables cleared)
+    ///
+    /// Reserved bits in DR6/DR7 are read-only and CPU-dependent, so we only
+    /// verify that writable bits are cleared to 0 and DR0-DR3 are zeroed.
     fn assert_debug_regs_reset(vm: &dyn VirtualMachine) {
         let debug_regs = vm.debug_regs().unwrap();
         let expected = CommonDebugRegs {
@@ -1201,19 +1219,58 @@ mod tests {
     }
 
     /// Assert that general-purpose registers are in reset state.
-    /// After reset, all registers should be zeroed except rflags which has
-    /// reserved bit 1 always set.
+    ///
+    /// On Linux (KVM/MSHV): reset_vcpu explicitly zeroes all GP regs and sets
+    /// rflags = 0x2, so we verify all-zeros.
+    ///
+    /// On Windows: WHvResetPartition sets architectural power-on defaults
+    /// per Intel SDM Vol. 3, Table 10-1:
+    ///   RIP = 0xFFF0 (reset vector)
+    ///   RDX = CPUID signature (CPU-dependent stepping/model/family)
+    ///   RFLAGS = 0x2 (only reserved bit 1 set)
+    ///   All other GP regs = 0
+    /// These are overwritten by dispatch_call_from_host before guest execution,
+    /// but we still verify the power-on state is correct.
     fn assert_regs_reset(vm: &dyn VirtualMachine) {
+        let regs = vm.regs().unwrap();
+        #[cfg(not(target_os = "windows"))]
         assert_eq!(
-            vm.regs().unwrap(),
+            regs,
             CommonRegisters {
-                rflags: 1 << 1, // Reserved bit 1 is always set
+                rflags: 1 << 1,
                 ..Default::default()
             }
         );
+        #[cfg(target_os = "windows")]
+        {
+            // WHvResetPartition sets x86 power-on reset values
+            // (Intel SDM Vol. 3, Table 10-1)
+            let expected = CommonRegisters {
+                rip: 0xFFF0,   // Reset vector
+                rdx: regs.rdx, // CPUID signature (CPU-dependent)
+                rflags: 0x2,   // Reserved bit 1
+                ..Default::default()
+            };
+            assert_ne!(
+                regs.rdx, 0x4444444444444444,
+                "RDX should not retain dirty value"
+            );
+            assert_eq!(regs, expected);
+        }
     }
 
     /// Assert that FPU state is in reset state.
+    ///
+    /// On Linux (KVM/MSHV): reset_vcpu calls reset_xsave which zeroes FPU state
+    /// and sets FCW/MXCSR to defaults.
+    ///
+    /// On Windows: WHvResetPartition resets to power-on defaults per
+    /// Intel SDM Vol. 3, Table 10-1 (FINIT-equivalent state):
+    ///   FCW = 0x037F (all exceptions masked, precision=64-bit, round=nearest)
+    ///   FSW = 0, FTW = 0 (all empty), FOP = 0, FIP = 0, FDP = 0
+    ///   MXCSR = 0x1F80 (all SIMD exceptions masked, round=nearest)
+    ///   ST0-ST7 = 0, XMM0-XMM15 = 0
+    ///
     /// Handles hypervisor-specific quirks (KVM MXCSR, empty FPU registers).
     fn assert_fpu_reset(vm: &dyn VirtualMachine) {
         let fpu = vm.fpu().unwrap();
@@ -1223,8 +1280,14 @@ mod tests {
         assert_eq!(fpu, expected_fpu);
     }
 
-    /// Assert that special registers are in reset state.
-    /// Handles hypervisor-specific differences in hidden descriptor cache fields.
+    /// Assert that special registers match the expected snapshot state.
+    ///
+    /// After reset_vcpu, sregs are explicitly restored from the snapshot
+    /// (with CR3 updated). This verifies they match the expected 64-bit
+    /// long mode configuration from CommonSpecialRegisters::standard_64bit_defaults.
+    ///
+    /// Handles hypervisor-specific differences in hidden descriptor cache fields
+    /// (unusable, granularity, type_ for unused segments).
     fn assert_sregs_reset(vm: &dyn VirtualMachine, pml4_addr: u64) {
         let defaults = CommonSpecialRegisters::standard_64bit_defaults(pml4_addr);
         let sregs = vm.sregs().unwrap();

src/hyperlight_host/src/hypervisor/regs/x86_64/mod.rs

@@ -19,6 +19,7 @@ mod fpu;
 mod special_regs;
 mod standard_regs;
 
+#[cfg(any(not(target_os = "windows"), gdb, test))]
 pub(crate) use debug_regs::*;
 pub(crate) use fpu::*;
 pub(crate) use special_regs::*;

src/hyperlight_host/src/hypervisor/virtual_machine/kvm/x86_64.rs

@@ -210,6 +210,7 @@ impl VirtualMachine for KvmVm {
         Ok(())
     }
 
+    #[cfg(any(gdb, test))]
     fn fpu(&self) -> std::result::Result<CommonFpu, RegisterError> {
         // Note: On KVM this ignores MXCSR.
         // See https://github.com/torvalds/linux/blob/d358e5254674b70f34c847715ca509e46eb81e6f/arch/x86/kvm/x86.c#L12554-L12599
@@ -246,6 +247,7 @@ impl VirtualMachine for KvmVm {
         Ok(())
     }
 
+    #[cfg(any(gdb, test))]
     fn debug_regs(&self) -> std::result::Result<CommonDebugRegs, RegisterError> {
         let kvm_debug_regs = self
             .vcpu_fd
@@ -262,7 +264,7 @@ impl VirtualMachine for KvmVm {
         Ok(())
     }
 
-    #[allow(dead_code)]
+    #[cfg(any(crashdump, test))]
     fn xsave(&self) -> std::result::Result<Vec<u8>, RegisterError> {
         let xsave = self
             .vcpu_fd

src/hyperlight_host/src/hypervisor/virtual_machine/mod.rs

@@ -21,9 +21,9 @@ use tracing::{Span, instrument};
 
 #[cfg(gdb)]
 use crate::hypervisor::gdb::DebugError;
-use crate::hypervisor::regs::{
-    CommonDebugRegs, CommonFpu, CommonRegisters, CommonSpecialRegisters,
-};
+#[cfg(any(not(target_os = "windows"), gdb, test))]
+use crate::hypervisor::regs::CommonDebugRegs;
+use crate::hypervisor::regs::{CommonFpu, CommonRegisters, CommonSpecialRegisters};
 use crate::mem::memory_region::MemoryRegion;
 #[cfg(feature = "trace_guest")]
 use crate::sandbox::trace::TraceContext as SandboxTraceContext;
@@ -103,7 +103,7 @@ pub(crate) enum HypervisorType {
 /// Minimum XSAVE buffer size: 512 bytes legacy region + 64 bytes header.
 /// Only used by MSHV and WHP which use compacted XSAVE format and need to
 /// validate buffer size before accessing XCOMP_BV.
-#[cfg(any(mshv3, target_os = "windows"))]
+#[cfg(mshv3)]
 pub(crate) const XSAVE_MIN_SIZE: usize = 576;
 
 /// Standard XSAVE buffer size (4KB) used by KVM and MSHV.
@@ -240,6 +240,9 @@ pub enum RegisterError {
     #[cfg(target_os = "windows")]
     #[error("Failed to convert WHP registers: {0}")]
     ConversionFailed(String),
+    #[cfg(target_os = "windows")]
+    #[error("Failed to reset partition: {0}")]
+    ResetPartition(HypervisorError),
 }
 
 /// Map memory error
@@ -319,36 +322,48 @@ pub(crate) trait VirtualMachine: Debug + Send {
     ) -> std::result::Result<VmExit, RunVcpuError>;
 
     /// Get regs
-    #[allow(dead_code)]
     fn regs(&self) -> std::result::Result<CommonRegisters, RegisterError>;
     /// Set regs
     fn set_regs(&self, regs: &CommonRegisters) -> std::result::Result<(), RegisterError>;
     /// Get fpu regs
-    #[allow(dead_code)]
+    #[cfg(any(gdb, test))]
     fn fpu(&self) -> std::result::Result<CommonFpu, RegisterError>;
     /// Set fpu regs
     fn set_fpu(&self, fpu: &CommonFpu) -> std::result::Result<(), RegisterError>;
     /// Get special regs
-    #[allow(dead_code)]
     fn sregs(&self) -> std::result::Result<CommonSpecialRegisters, RegisterError>;
     /// Set special regs
     fn set_sregs(&self, sregs: &CommonSpecialRegisters) -> std::result::Result<(), RegisterError>;
     /// Get the debug registers of the vCPU
-    #[allow(dead_code)]
+    #[cfg(any(gdb, test))]
     fn debug_regs(&self) -> std::result::Result<CommonDebugRegs, RegisterError>;
     /// Set the debug registers of the vCPU
+    #[cfg(any(not(target_os = "windows"), gdb, test))]
     fn set_debug_regs(&self, drs: &CommonDebugRegs) -> std::result::Result<(), RegisterError>;
 
     /// Get xsave
-    #[allow(dead_code)]
+    #[cfg(any(crashdump, test))]
     fn xsave(&self) -> std::result::Result<Vec<u8>, RegisterError>;
     /// Reset xsave to default state
+    #[cfg(not(target_os = "windows"))]
     fn reset_xsave(&self) -> std::result::Result<(), RegisterError>;
     /// Set xsave - only used for tests
     #[cfg(test)]
     #[cfg(not(feature = "nanvix-unstable"))]
     fn set_xsave(&self, xsave: &[u32]) -> std::result::Result<(), RegisterError>;
 
+    /// Reset the partition using WHvResetPartition.
+    ///
+    /// Resets all per-VP state to architectural defaults: GP registers, segment
+    /// registers, control registers, EFER, MSRs, debug registers, full XSAVE
+    /// state (x87/SSE/AVX/AVX-512/AMX), XCR0, APIC/LAPIC, pending interrupts,
+    /// and VMCS/VMCB internals.
+    ///
+    /// Does NOT reset: GPA memory mappings or contents, partition configuration,
+    /// notification ports, or VPCI device state.
+    #[cfg(target_os = "windows")]
+    fn reset_partition(&self) -> std::result::Result<(), RegisterError>;
+
     /// Get partition handle
     #[cfg(target_os = "windows")]
     fn partition_handle(&self) -> windows::Win32::System::Hypervisor::WHV_PARTITION_HANDLE;

src/hyperlight_host/src/hypervisor/virtual_machine/mshv/x86_64.rs

@@ -238,6 +238,7 @@ impl VirtualMachine for MshvVm {
         Ok(())
     }
 
+    #[cfg(any(gdb, test))]
     fn fpu(&self) -> std::result::Result<CommonFpu, RegisterError> {
         let mshv_fpu = self
             .vcpu_fd
@@ -270,6 +271,7 @@ impl VirtualMachine for MshvVm {
         Ok(())
     }
 
+    #[cfg(any(gdb, test))]
     fn debug_regs(&self) -> std::result::Result<CommonDebugRegs, RegisterError> {
         let debug_regs = self
             .vcpu_fd
@@ -286,7 +288,7 @@ impl VirtualMachine for MshvVm {
         Ok(())
     }
 
-    #[allow(dead_code)]
+    #[cfg(any(crashdump, test))]
     fn xsave(&self) -> std::result::Result<Vec<u8>, RegisterError> {
         let xsave = self
             .vcpu_fd