fix(vcpu): bound vCPU thread join on handle drop

Manciukic · Manciukic · commit 1a24b3d1ef56 · 2026-06-11T17:18:40.000Z
VcpuHandle::drop join()ed the vCPU thread unconditionally, so a thread
that never observed its Finish event would block teardown forever. Poll
for exit with a 1s timeout and panic if it is exceeded, so teardown fails
fast instead of hanging.

Signed-off-by: Riccardo Mancini &lt;mancio@amazon.com&gt;
diff --git a/src/vmm/src/vstate/vcpu.rs b/src/vmm/src/vstate/vcpu.rs
@@ -9,6 +9,7 @@ use std::os::fd::AsRawFd;
 use std::sync::atomic::{Ordering, fence};
 use std::sync::mpsc::{Receiver, Sender, TryRecvError, channel};
 use std::sync::{Arc, Barrier};
+use std::time::{Duration, Instant};
 use std::{fmt, io, thread};
 
 use kvm_bindings::{KVM_SYSTEM_EVENT_RESET, KVM_SYSTEM_EVENT_SHUTDOWN};
@@ -32,6 +33,9 @@ use crate::vstate::vm::KvmVm;
 /// Signal number (SIGRTMIN) used to kick Vcpus.
 pub const VCPU_RTSIG_OFFSET: i32 = 0;
 
+/// Maximum time to wait for a vCPU thread to exit when dropping its handle.
+const VCPU_JOIN_TIMEOUT: Duration = Duration::from_secs(1);
+
 /// Errors associated with the wrappers over KVM ioctls.
 #[derive(Debug, thiserror::Error, displaydoc::Display)]
 pub enum VcpuError {
@@ -629,9 +633,19 @@ impl Drop for VcpuHandle {
         // The strategy of avoiding more complex messaging protocols during the Drop
         // helps avoid cycles which were preventing a truly clean shutdown.
         //
-        // If the code hangs at this point, that means that a Finish event was not
-        // sent by Vmm.
-        self.vcpu_thread.take().unwrap().join().unwrap();
+        // If the thread is not making progress towards exiting (e.g. a Finish event
+        // was not delivered), abort instead of blocking forever so teardown fails
+        // fast rather than hanging.
+        let thread = self.vcpu_thread.take().unwrap();
+        let deadline = Instant::now() + VCPU_JOIN_TIMEOUT;
+        while !thread.is_finished() {
+            assert!(
+                Instant::now() < deadline,
+                "Timed out waiting for vCPU thread to exit"
+            );
+            thread::sleep(Duration::from_millis(1));
+        }
+        thread.join().unwrap();
     }
 }
 
