nitro: Return enclave CID in krun_start_enter

The nitro enclaves device returns and enclave's CID when it starts.
Return this to the caller of krun_start_enter. The caller could then set
up vsocks for tasks like reading console logs.

Signed-off-by: Tyler Fanelli <[email protected]>

Author: tylerfanelli

Cargo.lock

@@ -36,7 +36,7 @@ hvf = { path = "../hvf" }
 kvm-bindings = { version = ">=0.11", features = ["fam-wrappers"] }
 kvm-ioctls = ">=0.21"
 nitro = { path = "../nitro", optional = true }
-nitro-enclaves = { version = "0.2.0", optional = true }
+nitro-enclaves = { version = "0.3.0", optional = true }
 vm-memory = ">=0.13"
 
 [lib]

src/libkrun/Cargo.toml

@@ -1896,10 +1896,13 @@ fn krun_start_enter_nitro(ctx_id: u32) -> i32 {
         return -libc::EINVAL;
     };
 
-    if let Err(e) = enclave.run() {
-        error!("Error running nitro enclave: {e}");
-        return -libc::EINVAL;
-    }
+    // Return enclave CID if successfully ran.
+    match enclave.run() {
+        Ok(cid) => cid.try_into().unwrap(), // Safe to unwrap.
+        Err(e) => {
+            error!("Error running nitro enclave: {e}");
 
-    KRUN_SUCCESS
+            -libc::EINVAL
+        }
+    }
 }

src/libkrun/src/lib.rs

@@ -12,4 +12,4 @@ nix = { version = "0.26.0", features = ["ioctl", "poll"] }
 vsock = "0.5.1"
 
 [target.'cfg(target_os = "linux")'.dependencies]
-nitro-enclaves = "0.2.0"
+nitro-enclaves = "0.3.0"

src/nitro/Cargo.toml

@@ -51,7 +51,7 @@ pub struct NitroEnclave {
 
 impl NitroEnclave {
     /// Run the enclave.
-    pub fn run(&mut self) -> Result<()> {
+    pub fn run(&mut self) -> Result<u32> {
         let device = Device::open().map_err(NitroError::DeviceOpen)?;
 
         let mut launcher = Launcher::new(&device).map_err(NitroError::VmCreate)?;
@@ -80,7 +80,7 @@ impl NitroEnclave {
 
         self.listen(VMADDR_CID_HYPERVISOR, cid + CID_TO_CONSOLE_PORT_OFFSET)?;
 
-        Ok(())
+        Ok(cid)
     }
 
     fn listen(&mut self, cid: u32, port: u32) -> Result<()> {