feat(vm): Implement support for Hermit images

This is the Hermit image implementation variant which uses
virtual (in-memory) files on the hypervisor level
(in contrast to the kernel level).

Author: fogti

Cargo.lock

@@ -41,6 +41,7 @@ clap = { version = "4.5", features = ["derive", "env"] }
 clean-path = "0.2.1"
 core_affinity = "0.8"
 env_logger = "0.11"
+flate2 = "1.1"
 gdbstub = "0.7"
 gdbstub_arch = "0.3"
 hermit-abi = "0.5"

Cargo.toml

@@ -400,7 +400,7 @@ impl<'de> serde::de::Deserialize<'de> for Affinity {
 #[derive(Debug, Default, Deserialize, Merge, Parser)]
 #[cfg_attr(test, derive(PartialEq))]
 struct GuestArgs {
-	/// The kernel to execute
+	/// The kernel or Hermit image to execute
 	#[serde(skip)]
 	#[merge(skip)]
 	kernel: PathBuf,

src/bin/uhyve.rs

@@ -47,7 +47,6 @@ pub enum FdData {
 	/// A host file descriptor
 	Raw(RawFd),
 
-	#[allow(dead_code)]
 	/// An in-memory slice.
 	///
 	/// SAFETY: It is not allowed for `data` to point into guest memory.

src/isolation/fd.rs

@@ -111,7 +111,6 @@ impl UhyveFileMap {
 	}
 
 	/// Adds the contents of a decompressed hermit image to the file map.
-	#[allow(unused)]
 	pub fn add_hermit_image(&mut self, tar_bytes: &[u8]) -> Result<(), HermitImageError> {
 		if tar_bytes.is_empty() {
 			return Ok(());

src/isolation/filemap/mod.rs

@@ -16,7 +16,6 @@ pub enum File {
 	OnHost(PathBuf),
 
 	/// An in-memory file
-	#[allow(unused)]
 	Virtual(Arc<[u8]>),
 }
 

src/isolation/filemap/tree.rs

@@ -49,6 +49,27 @@ pub enum HypervisorError {
 	#[error("Invalid kernel path ({0})")]
 	InvalidKernelPath(PathBuf),
 
+	#[error("Path for {0} contained null bytes")]
+	PathContainedNullBytes(&'static str),
+
+	#[error(transparent)]
+	HermitImageError(#[from] crate::isolation::filemap::HermitImageError),
+
+	#[error("Unable to find Hermit image config in archive")]
+	HermitImageConfigNotFound,
+
+	#[error("Unable to parse Hermit image config: {0}")]
+	HermitImageConfigParseError(#[from] toml::de::Error),
+
+	#[error("Insufficient guest memory size: got = {got}, wanted = {wanted}")]
+	InsufficientGuestMemorySize {
+		got: byte_unit::Byte,
+		wanted: byte_unit::Byte,
+	},
+
+	#[error("Insufficient guest CPU count: got = {got}, wanted = {wanted}")]
+	InsufficientGuestCPUs { got: u32, wanted: u32 },
+
 	#[error("Kernel Loading Error: {0}")]
 	LoadedKernelError(#[from] vm::LoadKernelError),
 }

src/lib.rs

@@ -150,7 +150,7 @@ impl FromStr for CpuCount {
 }
 
 #[derive(Clone, Copy, Debug, Deserialize, PartialEq)]
-pub struct GuestMemorySize(Byte);
+pub struct GuestMemorySize(pub(crate) Byte);
 
 impl GuestMemorySize {
 	const fn minimum() -> Byte {
@@ -257,13 +257,13 @@ impl Default for EnvVars {
 		Self::Set(HashMap::new())
 	}
 }
-impl<S: AsRef<str> + std::fmt::Debug + PartialEq<S> + From<&'static str>> TryFrom<&[S]>
+impl<S: AsRef<str> + core::fmt::Debug + PartialEq + PartialEq<&'static str>> TryFrom<&[S]>
 	for EnvVars
 {
 	type Error = &'static str;
 
 	fn try_from(v: &[S]) -> Result<Self, Self::Error> {
-		if v.contains(&S::from("host")) {
+		if v.iter().any(|i| *i == "host") {
 			if v.len() != 1 {
 				warn!(
 					"Specifying -e host discards all other explicitly specified environment vars"

src/params.rs

@@ -1,5 +1,8 @@
 use std::{
-	env, fmt, fs, io,
+	env,
+	ffi::CString,
+	fmt, fs, io,
+	mem::{drop, take},
 	num::NonZero,
 	os::unix::prelude::JoinHandleExt,
 	path::PathBuf,
@@ -10,8 +13,9 @@ use std::{
 
 use core_affinity::CoreId;
 use hermit_entry::{
-	HermitVersion, UhyveIfVersion,
+	Format, HermitVersion, UhyveIfVersion,
 	boot_info::{BootInfo, HardwareInfo, LoadInfo, PlatformInfo, RawBootInfo, SerialPortBase},
+	config, detect_format,
 	elf::{KernelObject, LoadedKernel, ParseKernelError},
 };
 use internal::VirtualizationBackendInternal;
@@ -24,7 +28,7 @@ use crate::{
 	consts::*,
 	fdt::Fdt,
 	generate_address,
-	isolation::filemap::UhyveFileMap,
+	isolation::filemap::{UhyveFileMap, UhyveTreeFile},
 	mem::MmapMemory,
 	os::KickSignal,
 	params::{EnvVars, Params},
@@ -137,11 +141,127 @@ pub struct UhyveVm<VirtBackend: VirtualizationBackend> {
 	pub(crate) kernel_info: Arc<KernelInfo>,
 }
 impl<VirtBackend: VirtualizationBackend> UhyveVm<VirtBackend> {
-	pub fn new(kernel_path: PathBuf, params: Params) -> HypervisorResult<UhyveVm<VirtBackend>> {
+	pub fn new(kernel_path: PathBuf, mut params: Params) -> HypervisorResult<UhyveVm<VirtBackend>> {
 		let memory_size = params.memory_size.get();
 
-		let elf = fs::read(&kernel_path)
+		let kernel_data = fs::read(&kernel_path)
 			.map_err(|_e| HypervisorError::InvalidKernelPath(kernel_path.clone()))?;
+
+		// TODO: file_mapping not in kernel_info
+		let mut file_mapping = UhyveFileMap::new(
+			&params.file_mapping,
+			params.tempdir.clone(),
+			#[cfg(target_os = "linux")]
+			params.io_mode,
+		);
+
+		// `kernel_data` might be an Hermit image
+		let elf = match detect_format(&kernel_data[..]) {
+			None => return Err(HypervisorError::InvalidKernelPath(kernel_path.clone())),
+			Some(Format::Elf) => kernel_data,
+			Some(Format::Gzip) => {
+				{
+					use io::Read;
+
+					// decompress image
+					let mut buf_decompressed = Vec::new();
+					flate2::bufread::GzDecoder::new(&kernel_data[..])
+						.read_to_end(&mut buf_decompressed)?;
+					drop(kernel_data);
+
+					// insert Hermit image tree into file map
+					file_mapping.add_hermit_image(&buf_decompressed[..])?;
+				}
+
+				// TODO: make `hermit_entry::config::DEFAULT_CONFIG_NAME` public and use that here instead.
+				let config_data = if let Some(UhyveTreeFile::Virtual(data)) =
+					file_mapping.get_host_path(&CString::new("/hermit.toml").unwrap())
+				{
+					data
+				} else {
+					return Err(HypervisorError::HermitImageConfigNotFound);
+				};
+
+				let config: config::Config<'_> = toml::from_slice(&config_data[..])?;
+
+				// handle Hermit image configuration
+				match config {
+					config::Config::V1 {
+						mut input,
+						requirements,
+						kernel,
+					} => {
+						// .input
+						if params.kernel_args.is_empty() {
+							params.kernel_args.append(
+								&mut take(&mut input.kernel_args)
+									.into_iter()
+									.map(|i| i.into_owned())
+									.collect(),
+							);
+							if !input.app_args.is_empty() {
+								params.kernel_args.push("--".to_string());
+								params.kernel_args.append(
+									&mut take(&mut input.app_args)
+										.into_iter()
+										.map(|i| i.into_owned())
+										.collect(),
+								)
+							}
+						}
+						debug!("Passing kernel arguments: {:?}", &params.kernel_args);
+
+						// don't pass privileged env-var commands through
+						input.env_vars.retain(|i| i.contains('='));
+
+						if let EnvVars::Set(env) = &mut params.env {
+							if let Ok(EnvVars::Set(prev_env_vars)) =
+								EnvVars::try_from(&input.env_vars[..])
+							{
+								// env vars from params take precedence
+								let new_env_vars = take(env);
+								*env = prev_env_vars.into_iter().chain(new_env_vars).collect();
+							} else {
+								warn!("Unable to parse env vars from Hermit image configuration");
+							}
+						} else if input.env_vars.is_empty() {
+							info!("Ignoring Hermit image env vars due to `-e host`");
+						}
+
+						// .requirements
+
+						// TODO: what about default memory size?
+						if let Some(required_memory_size) = requirements.memory
+							&& params.memory_size.0 < required_memory_size
+						{
+							return Err(HypervisorError::InsufficientGuestMemorySize {
+								got: params.memory_size.0,
+								wanted: required_memory_size,
+							});
+						}
+
+						if params.cpu_count.get() < requirements.cpus {
+							return Err(HypervisorError::InsufficientGuestCPUs {
+								got: params.cpu_count.get(),
+								wanted: requirements.cpus,
+							});
+						}
+
+						// .kernel
+						if let Some(UhyveTreeFile::Virtual(data)) =
+							file_mapping.get_host_path(&CString::new(kernel.into_owned()).map_err(
+								|_| HypervisorError::PathContainedNullBytes("hermit image kernel"),
+							)?) {
+							data.to_vec()
+						} else {
+							error!("Unable to find kernel in Hermit image");
+							return Err(HypervisorError::InvalidKernelPath(kernel_path.clone()));
+						}
+					}
+				}
+			}
+		};
+
 		let object: KernelObject<'_> =
 			KernelObject::parse(&elf).map_err(LoadKernelError::ParseKernelError)?;
 
@@ -204,14 +324,9 @@ impl<VirtBackend: VirtualizationBackend> UhyveVm<VirtBackend> {
 		let mut mem = MmapMemory::new(memory_size, guest_address, false, false);
 
 		// TODO: file_mapping not in kernel_info
-		let file_mapping = Mutex::new(UhyveFileMap::new(
-			&params.file_mapping,
-			params.tempdir.clone(),
-			#[cfg(target_os = "linux")]
-			params.io_mode,
-		));
-		let mut mounts: Vec<_> = file_mapping.lock().unwrap().get_all_guest_dirs().collect();
+		let mut mounts: Vec<_> = file_mapping.get_all_guest_dirs().collect();
 		mounts.dedup();
+		let file_mapping = Mutex::new(file_mapping);
 
 		let serial = UhyveSerial::from_params(&params.output)?;