data_model: removed FIRECRACKER_IS_JAILED

Removed the aforementioned global variable and reworked existing logic
to accomodate this change. When Firecracker is jailed, some parameters
are propagated from main.rs to the appropriate places in the
implementation of struct Kvm, and that of ApiServer, in order to
distinguish between having to create resources, and reusing a fd already
opened by the jailer.

Signed-off-by: Alexandru Agache <[email protected]>

Author: alexandruag

api_server/Cargo.toml

@@ -16,7 +16,6 @@ tokio-io = "=0.1.5"
 
 data_model = { path = "../data_model" }
 fc_util = { path = "../fc_util" }
-jailer = { path = "../jailer" }
 logger = { path = "../logger" }
 sys_util = { path = "../sys_util" }
 vmm = { path = "../vmm" }

api_server/src/lib.rs

@@ -10,11 +10,10 @@ extern crate tokio_uds;
 
 extern crate data_model;
 extern crate fc_util;
-extern crate jailer;
-extern crate vmm;
 #[macro_use]
 extern crate logger;
 extern crate sys_util;
+extern crate vmm;
 
 mod http_service;
 pub mod request;
@@ -44,6 +43,11 @@ pub enum Error {
     Eventfd(sys_util::Error),
 }
 
+pub enum UnixDomainSocket<P> {
+    Path(P),
+    Fd(i32),
+}
+
 pub type Result<T> = std::result::Result<T, Error>;
 
 pub struct ApiServer {
@@ -73,22 +77,22 @@ impl ApiServer {
     // TODO: does tokio_uds also support abstract domain sockets?
     pub fn bind_and_run<P: AsRef<Path>>(
         &self,
-        uds_path: P,
+        path_or_fd: UnixDomainSocket<P>,
         jailer_start_time_ms: Option<u64>,
     ) -> Result<()> {
         let mut core = Core::new().map_err(Error::Io)?;
         let handle = Rc::new(core.handle());
 
-        let listener = if data_model::FIRECRACKER_IS_JAILED
-            .load(std::sync::atomic::Ordering::Relaxed)
-        {
-            // This is a UnixListener of the tokio_uds variety. Using fd inherited from the jailer.
-            UnixListener::from_listener(
-                unsafe { std::os::unix::net::UnixListener::from_raw_fd(jailer::LISTENER_FD) },
-                &handle,
-            ).map_err(Error::Io)?
-        } else {
-            UnixListener::bind(uds_path, &handle).map_err(Error::Io)?
+        let listener = match path_or_fd {
+            UnixDomainSocket::Path(path) => UnixListener::bind(path, &handle).map_err(Error::Io)?,
+            UnixDomainSocket::Fd(fd) => {
+                // Safe because we assume fd is a valid file descriptor number, associated with a
+                // previously bound UnixListener.
+                UnixListener::from_listener(
+                    unsafe { std::os::unix::net::UnixListener::from_raw_fd(fd) },
+                    &handle,
+                ).map_err(Error::Io)?
+            }
         };
 
         if let Some(start_time_ms) = jailer_start_time_ms {

data_model/src/lib.rs

@@ -11,11 +11,6 @@ extern crate fc_util;
 pub mod mmds;
 pub mod vm;
 
-use std::sync::atomic::{AtomicBool, ATOMIC_BOOL_INIT};
-
-// ATOMIC_BOOL_INIT = false
-pub static FIRECRACKER_IS_JAILED: AtomicBool = ATOMIC_BOOL_INIT;
-
 #[derive(Deserialize, Serialize)]
 #[serde(deny_unknown_fields)]
 pub struct FirecrackerContext {

kvm/Cargo.toml

@@ -7,8 +7,6 @@ authors = ["The Chromium OS Authors"]
 byteorder = "=1.2.1"
 libc = ">=0.2.39"
 
-data_model = { path = "../data_model" }
-jailer = { path = "../jailer" }
 kvm_sys = { path = "../kvm_sys" }
 memory_model = { path = "../memory_model" }
 sys_util = { path = "../sys_util" }

kvm/src/lib.rs

@@ -7,8 +7,6 @@
 extern crate byteorder;
 extern crate libc;
 
-extern crate data_model;
-extern crate jailer;
 extern crate kvm_sys;
 extern crate memory_model;
 extern crate sys_util;
@@ -44,24 +42,23 @@ pub struct Kvm {
 
 impl Kvm {
     /// Opens `/dev/kvm/` and returns a Kvm object on success.
-    pub fn new() -> Result<Kvm> {
-        let ret = if data_model::FIRECRACKER_IS_JAILED.load(std::sync::atomic::Ordering::Relaxed) {
-            // /dev/kvm fd inherited from the jailer.
-            jailer::KVM_FD
-        } else {
-            // Open calls are safe because we give a constant nul-terminated string and verify the
-            // result.
-            unsafe { open("/dev/kvm\0".as_ptr() as *const c_char, O_RDWR) }
-        };
-
+    pub fn new() -> Result<Self> {
+        // Safe because we give a constant nul-terminated string and verify the result.
+        let ret = unsafe { open("/dev/kvm\0".as_ptr() as *const c_char, O_RDWR) };
         if ret < 0 {
             return errno_result();
         }
 
         // Safe because we verify that ret is valid and we own the fd.
-        Ok(Kvm {
-            kvm: unsafe { File::from_raw_fd(ret) },
-        })
+        Ok(unsafe { Self::new_with_fd_number(ret) })
+    }
+
+    /// Creates a new Kvm object assuming `fd` represents an existing open file descriptor
+    /// associated with `/dev/kvm`.
+    pub unsafe fn new_with_fd_number(fd: RawFd) -> Self {
+        Kvm {
+            kvm: File::from_raw_fd(fd),
+        }
     }
 
     pub fn get_api_version(&self) -> i32 {

src/main.rs

@@ -5,9 +5,10 @@ extern crate serde_json;
 
 extern crate api_server;
 extern crate data_model;
+extern crate fc_util;
+extern crate jailer;
 #[macro_use]
 extern crate logger;
-extern crate fc_util;
 extern crate seccomp;
 extern crate vmm;
 
@@ -18,7 +19,7 @@ use std::path::PathBuf;
 use std::sync::mpsc::channel;
 use std::sync::{Arc, RwLock};
 
-use api_server::ApiServer;
+use api_server::{ApiServer, UnixDomainSocket};
 use data_model::mmds::MMDS;
 use data_model::FirecrackerContext;
 use logger::{Metric, LOGGER, METRICS};
@@ -74,10 +75,12 @@ fn main() {
     let mut instance_id = String::from(DEFAULT_INSTANCE_ID);
     let mut seccomp_level = 0;
     let mut start_time_ms = None;
+
+    let mut is_jailed = false;
+
     if let Some(s) = cmd_arguments.value_of("context") {
         let context = serde_json::from_str::<FirecrackerContext>(s).unwrap();
-        data_model::FIRECRACKER_IS_JAILED
-            .store(context.jailed, std::sync::atomic::Ordering::Relaxed);
+        is_jailed = context.jailed;
         instance_id = context.id;
         seccomp_level = context.seccomp_level;
         start_time_ms = Some(context.start_time_ms);
@@ -94,10 +97,23 @@ fn main() {
     let api_event_fd = server
         .get_event_fd_clone()
         .expect("Cannot clone API eventFD.");
+
+    let kvm_fd = if is_jailed {
+        Some(jailer::KVM_FD)
+    } else {
+        None
+    };
+
     let _vmm_thread_handle =
-        vmm::start_vmm_thread(shared_info, api_event_fd, from_api, seccomp_level);
+        vmm::start_vmm_thread(shared_info, api_event_fd, from_api, seccomp_level, kvm_fd);
+
+    let uds_path_or_fd = if is_jailed {
+        UnixDomainSocket::Fd(jailer::LISTENER_FD)
+    } else {
+        UnixDomainSocket::Path(bind_path)
+    };
 
-    server.bind_and_run(bind_path, start_time_ms).unwrap();
+    server.bind_and_run(uds_path_or_fd, start_time_ms).unwrap();
 }
 
 #[cfg(test)]

vmm/src/lib.rs

@@ -191,15 +191,20 @@ struct KvmContext {
 }
 
 impl KvmContext {
-    fn new() -> Result<Self> {
+    fn new(kvm_fd: Option<RawFd>) -> Result<Self> {
         fn check_cap(kvm: &Kvm, cap: Cap) -> std::result::Result<(), Error> {
             if !kvm.check_extension(cap) {
                 return Err(Error::KvmCap(cap));
             }
             Ok(())
         }
 
-        let kvm = Kvm::new().map_err(Error::Kvm)?;
+        let kvm = if let Some(fd) = kvm_fd {
+            // Safe because we expect kvm_fd to contain a valid fd number when is_some() == true.
+            unsafe { Kvm::new_with_fd_number(fd) }
+        } else {
+            Kvm::new().map_err(Error::Kvm)?
+        };
 
         if kvm.get_api_version() != kvm::KVM_API_VERSION as i32 {
             return Err(Error::KvmApiVersion(kvm.get_api_version()));
@@ -476,6 +481,7 @@ impl Vmm {
         api_event_fd: EventFd,
         from_api: Receiver<Box<VmmAction>>,
         seccomp_level: u32,
+        kvm_fd: Option<RawFd>,
     ) -> Result<Self> {
         let mut epoll_context = EpollContext::new()?;
         // If this fails, it's fatal; using expect() to crash.
@@ -491,7 +497,7 @@ impl Vmm {
             ).expect("Cannot add write metrics TimerFd to epoll.");
 
         let block_device_configs = BlockDeviceConfigs::new();
-        let kvm = KvmContext::new()?;
+        let kvm = KvmContext::new(kvm_fd)?;
         let vm = Vm::new(kvm.fd()).map_err(Error::Vm)?;
 
         Ok(Vmm {
@@ -1554,18 +1560,26 @@ impl PartialEq for VmmAction {
 /// * `seccomp_level` - The level of seccomp filtering used. Filters are loaded before executing
 ///                     guest code.
 ///                     See `seccomp::SeccompLevel` for more information about seccomp levels.
+/// * `kvm_fd` - Provides the option of supplying an already existing raw file descriptor
+///              associated with `/dev/kvm`.
 pub fn start_vmm_thread(
     api_shared_info: Arc<RwLock<InstanceInfo>>,
     api_event_fd: EventFd,
     from_api: Receiver<Box<VmmAction>>,
     seccomp_level: u32,
+    kvm_fd: Option<RawFd>,
 ) -> thread::JoinHandle<()> {
     thread::Builder::new()
         .name("fc_vmm".to_string())
         .spawn(move || {
             // If this fails, consider it fatal. Use expect().
-            let mut vmm = Vmm::new(api_shared_info, api_event_fd, from_api, seccomp_level)
-                .expect("Cannot create VMM.");
+            let mut vmm = Vmm::new(
+                api_shared_info,
+                api_event_fd,
+                from_api,
+                seccomp_level,
+                kvm_fd,
+            ).expect("Cannot create VMM.");
             match vmm.run_control() {
                 Ok(()) => vmm.stop(0),
                 Err(_) => vmm.stop(1),
@@ -1685,6 +1699,7 @@ mod tests {
             EventFd::new().expect("cannot create eventFD"),
             from_api,
             seccomp::SECCOMP_LEVEL_ADVANCED,
+            None,
         ).expect("Cannot Create VMM");
         return vmm;
     }
@@ -2081,7 +2096,7 @@ mod tests {
         use std::os::unix::fs::MetadataExt;
         use std::os::unix::io::FromRawFd;
 
-        let c = KvmContext::new().unwrap();
+        let c = KvmContext::new(None).unwrap();
         let nr_vcpus = c.nr_vcpus();
         let max_vcpus = c.max_vcpus();