feat: handle hermit images + config nested in image

- fix(isolation): Fix resolution of archive root

  Without this fix, one gets the following error message:

  [WARN  uhyvelib::isolation::filemap] In hermit image [REDACTED].hermit: unable to find file "." -> /root

- Use experimental hermit-entry with image-reader PR applied

Author: fogti

Cargo.lock

@@ -1,4 +1,5 @@
 [workspace]
+members = ["uhyve-interface"]
 exclude = ["tests/test-kernels", "hermit-rs", "hermit-rs/*", "kernel"]
 
 [package]
@@ -50,7 +51,6 @@ core_affinity = "0.8"
 env_logger = "0.11"
 gdbstub = "0.7"
 gdbstub_arch = "0.3"
-hermit-entry = { version = "0.10.5", features = ["loader"] }
 libc = "0.2"
 log = "0.4"
 mac_address = "1.1"
@@ -74,6 +74,12 @@ merge = { version = "0.2" }
 yoke = "0.8"
 nohash = "0.2"
 
+[dependencies.hermit-entry]
+version = "0.10.5"
+git = "https://github.com/fogti/hermit-entry"
+branch = "image-reader"
+features = ["loader", "std"]
+
 [target.'cfg(target_os = "linux")'.dependencies]
 kvm-bindings = "0.14"
 kvm-ioctls = "0.24"

Cargo.toml

@@ -5,7 +5,7 @@ use std::{fs, num::ParseIntError, path::PathBuf, process, str::FromStr};
 use clap::{Command, CommandFactory, Parser, error::ErrorKind};
 use core_affinity::CoreId;
 use env_logger::Builder;
-use log::{LevelFilter, info};
+use log::{LevelFilter, info, warn};
 use merge::Merge;
 use serde::Deserialize;
 use thiserror::Error;
@@ -346,7 +346,7 @@ impl<'de> serde::de::Deserialize<'de> for Affinity {
 #[derive(Debug, Default, Deserialize, Merge, Parser)]
 #[cfg_attr(test, derive(PartialEq))]
 struct GuestArgs {
-	/// The kernel to execute
+	/// The kernel or image to execute
 	#[clap(value_parser)]
 	#[serde(skip)]
 	#[merge(skip)]
@@ -493,14 +493,14 @@ fn run_uhyve() -> i32 {
 
 	load_vm_config(&mut args);
 
-	let stats = args.uhyve.stats.unwrap_or_default();
 	let kernel_path = args.guest.kernel.clone();
+	let stats = args.uhyve.stats.unwrap_or_default();
 	let affinity = args.cpu.clone().get_affinity(&mut app);
 	let params = Params::from(args);
 
 	let vm = UhyveVm::new(kernel_path, params).unwrap_or_else(|e| panic!("Error: {e}"));
-
 	let res = vm.run(affinity);
+
 	if stats && let Some(stats) = res.stats {
 		println!("Run statistics:");
 		println!("{stats}");
@@ -514,7 +514,7 @@ fn main() {
 
 #[cfg(test)]
 mod tests {
-	use std::env;
+	use std::{env, path::Path};
 
 	use tempfile::tempdir;
 
@@ -605,9 +605,9 @@ mod tests {
 		)
 		.unwrap();
 
-		assert!(&config.uhyve.file_mapping.is_empty());
-		assert!(&config.uhyve.config.is_none());
-		assert!(&config.guest.kernel.to_str().unwrap().is_empty())
+		assert!(config.uhyve.file_mapping.is_empty());
+		assert!(config.uhyve.config.is_none());
+		assert!(config.guest.kernel == Path::new(""));
 	}
 
 	/// Tests whether TOML merge works as expected.

src/bin/uhyve.rs

@@ -11,6 +11,7 @@ use crate::{
 	isolation::{
 		fd::{FdData, GuestFd},
 		filemap::UhyveFileMap,
+		image::MappedFile,
 	},
 	mem::{MemoryError, MmapMemory},
 	params::EnvVars,
@@ -92,8 +93,18 @@ pub fn unlink(mem: &MmapMemory, sysunlink: &mut UnlinkParams, file_map: &mut Uhy
 	sysunlink.ret = if let Some(host_path) = file_map.get_host_path(guest_path) {
 		// We can safely unwrap here, as host_path.as_bytes will never contain internal \0 bytes
 		// As host_path_c_string is a valid CString, this implementation is presumed to be safe.
-		let host_path_c_string = CString::new(host_path.as_bytes()).unwrap();
-		unsafe { libc::unlink(host_path_c_string.as_c_str().as_ptr()) }
+		match host_path {
+			MappedFile::OnHost(oh) => {
+				let host_path_c_string = CString::new(oh.as_os_str().as_bytes()).unwrap();
+				unsafe { libc::unlink(host_path_c_string.as_c_str().as_ptr()) }
+			}
+			MappedFile::InImage(_) => {
+				error!(
+					"The kernel requested to unlink() a ROM path ({guest_path:?}): Rejecting..."
+				);
+				-EROFS
+			}
+		}
 	} else {
 		error!("The kernel requested to unlink() an unknown path ({guest_path:?}): Rejecting...");
 		-ENOENT
@@ -113,20 +124,49 @@ pub fn open(mem: &MmapMemory, sysopen: &mut OpenParams, file_map: &mut UhyveFile
 		return;
 	}
 
-	sysopen.ret = if let Some(host_path) = file_map.get_host_path(guest_path) {
+	sysopen.ret = if let Some(guest_entry) = file_map.get_host_path(guest_path) {
 		debug!("{guest_path:#?} found in file map.");
-		// We can safely unwrap here, as host_path.as_bytes will never contain internal \0 bytes
-		// As host_path_c_string is a valid CString, this implementation is presumed to be safe.
-		let host_path_c_string = CString::new(host_path.as_bytes()).unwrap();
+		match guest_entry {
+			MappedFile::OnHost(host_path) => {
+				// We can safely unwrap here, as host_path.as_bytes will never contain internal \0 bytes
+				// As host_path_c_string is a valid CString, this implementation is presumed to be safe.
+				let host_path_c_string = CString::new(host_path.as_os_str().as_bytes()).unwrap();
 
-		let host_fd =
-			unsafe { libc::open(host_path_c_string.as_c_str().as_ptr(), flags, sysopen.mode) };
-		if let Some(guest_fd) = file_map.fdmap.insert(FdData::Raw(host_fd)) {
-			guest_fd.0
-		} else if host_fd < 0 {
-			host_fd
-		} else {
-			-ENOENT
+				let host_fd = unsafe {
+					libc::open(host_path_c_string.as_c_str().as_ptr(), flags, sysopen.mode)
+				};
+				if let Some(guest_fd) = file_map.fdmap.insert(FdData::Raw(host_fd)) {
+					guest_fd.0
+				} else if host_fd < 0 {
+					host_fd
+				} else {
+					-ENOENT
+				}
+			}
+			MappedFile::InImage(yk) => {
+				match yk.try_map_project(move |data, _| {
+					if let hermit_entry::ThinTree::File { content, .. } = data {
+						Ok(content)
+					} else {
+						Err(())
+					}
+				}) {
+					Ok(data) => {
+						file_map
+							.fdmap
+							.insert(FdData::Virtual {
+								data: data.erase_arc_cart(),
+								offset: 0,
+							})
+							.expect("virtual file fdmapping should never fail")
+							.0
+					}
+					Err(()) => {
+						debug!("Returning -EISDIR for {guest_path:#?}");
+						-EISDIR
+					}
+				}
+			}
 		}
 	} else {
 		debug!("{guest_path:#?} not found in file map.");
@@ -206,6 +246,7 @@ pub fn read(
 							amt,
 						)
 					};
+					*offset += u64::try_from(amt).unwrap();
 					amt as isize
 				}
 			}