Skip to content

feat(whp): support no-surrogate mode via HYPERLIGHT_MAX_SURROGATES=0#1578

Open
danbugs wants to merge 1 commit into
hyperlight-dev:mainfrom
danbugs:feat/whp-no-surrogate
Open

feat(whp): support no-surrogate mode via HYPERLIGHT_MAX_SURROGATES=0#1578
danbugs wants to merge 1 commit into
hyperlight-dev:mainfrom
danbugs:feat/whp-no-surrogate

Conversation

@danbugs

@danbugs danbugs commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor
  • When HYPERLIGHT_MAX_SURROGATES=0, skip surrogate process creation entirely and use VirtualAlloc + WHvMapGpaRange instead of CreateFileMappingA + surrogate + WHvMapGpaRange2
  • This is a single-VM-per-process mode (WHvMapGpaRange returns ERROR_VID_PARTITION_ALREADY_EXISTS when called from multiple partitions in the same process)
  • compute_surrogate_counts() now accepts 0 as a valid minimum, and surrogates_disabled() checks the env var at runtime
  • WhpVm::surrogate_process is now Option<SurrogateProcess>, with map_memory/unmap_memory branching at runtime
  • ExclusiveSharedMemory::new() uses VirtualAlloc (via new DirectAllocation RAII type) when surrogates are disabled, CreateFileMappingA otherwise

Copilot AI review requested due to automatic review settings June 24, 2026 20:13
@danbugs danbugs added kind/enhancement For PRs adding features, improving functionality, docs, tests, etc. ready-for-review PR is ready for (re-)review labels Jun 24, 2026
Copilot AI reviewed Jun 24, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an optional Windows-only WHP mode (whp-no-surrogate) that bypasses the surrogate process for GPA mapping, intended for single-partition-per-process scenarios, and refactors shared-memory allocation to share validation/guard-page setup across allocation paths.

Changes:

  • Introduces a new whp-no-surrogate feature flag in hyperlight-host.
  • Adds a VirtualAlloc-backed shared memory allocation path (vs CreateFileMappingA) and maps GPAs via WHvMapGpaRange (vs dynamically-loaded WHvMapGpaRange2 through the surrogate).
  • Refactors Windows shared memory creation to reuse validated_total_size() and set_guard_pages() helpers.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File Description
src/hyperlight_host/src/mem/shared_mem.rs Adds DirectAlloc mapping mode + VirtualAlloc allocation path and refactors guard-page/size validation helpers.
src/hyperlight_host/src/hypervisor/virtual_machine/whp.rs Adds feature-gated mapping path using WHvMapGpaRange and removes surrogate-process usage when enabled.
src/hyperlight_host/Cargo.toml Declares the new whp-no-surrogate feature flag.

Comment thread src/hyperlight_host/src/mem/shared_mem.rs Outdated
Comment thread src/hyperlight_host/src/mem/shared_mem.rs Outdated
Comment thread src/hyperlight_host/src/mem/shared_mem.rs Outdated
Comment thread src/hyperlight_host/src/hypervisor/virtual_machine/whp.rs Outdated
Comment thread src/hyperlight_host/src/mem/shared_mem.rs Outdated
ludfjig
ludfjig reviewed Jun 24, 2026
View reviewed changes

@ludfjig ludfjig left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you considered making this a runtime option instead, for example on SandboxConfiguration? If possible I think I would prefer it

@danbugs
feat(whp): support no-surrogate mode via HYPERLIGHT_MAX_SURROGATES=0
820c953 
Signed-off-by: danbugs <danilochiarlone@gmail.com>
@danbugs danbugs force-pushed the feat/whp-no-surrogate branch from 35aaabf to 820c953 Compare June 24, 2026 22:24
@danbugs danbugs changed the title feat(whp): add whp-no-surrogate mode feat(whp): support no-surrogate mode via HYPERLIGHT_MAX_SURROGATES=0 Jun 24, 2026
@danbugs

danbugs commented Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Have you considered making this a runtime option instead, for example on SandboxConfiguration? If possible I think I would prefer it

Had a chat w/ @simongdavies and modified this PR to integrate w/ HYPERLIGHT_MAX_SURROGATES. Now, if you set that to zero, it just doesn't spawn a surrogate process–so, essentially, a runtime config 👍

@danbugs danbugs mentioned this pull request Jun 25, 2026
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ludfjig ludfjig ludfjig left review comments
Copilot code review Copilot Copilot left review comments
@devigned devigned Awaiting requested review from devigned devigned is a code owner
@dblnz dblnz Awaiting requested review from dblnz dblnz is a code owner
@jsturtevant jsturtevant Awaiting requested review from jsturtevant jsturtevant is a code owner
@jprendes jprendes Awaiting requested review from jprendes jprendes is a code owner
@syntactically syntactically Awaiting requested review from syntactically syntactically is a code owner
@simongdavies simongdavies Awaiting requested review from simongdavies simongdavies is a code owner
@andreiltd andreiltd Awaiting requested review from andreiltd andreiltd is a code owner
@squillace squillace Awaiting requested review from squillace squillace is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

kind/enhancement For PRs adding features, improving functionality, docs, tests, etc. ready-for-review PR is ready for (re-)review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@danbugs @ludfjig