feat(isolation): minimal support for Hermit image tar files

Note that this is only the backend support, it doesn't expose
that functionality to end-users of the `uhyve` binary.

Author: fogti

Cargo.lock

@@ -49,6 +49,7 @@ libc = "0.2"
 log = "0.4"
 mac_address = "1.1"
 nix = { version = "0.31", features = ["mman", "pthread", "signal"] }
+tar-no-std = { version = "0.4", features = ["alloc"] }
 thiserror = "2.0.18"
 time = "0.3"
 tun-tap = { version = "0.1.3", default-features = false }
@@ -66,7 +67,6 @@ uuid = { version = "1.20.0", features = ["fast-rng", "v4"]}
 toml = "1"
 serde = { version = "1.0", features = ["derive"] }
 merge = "0.2"
-yoke = "0.8"
 nohash = "0.2"
 
 [target.'cfg(target_os = "linux")'.dependencies]

Cargo.toml

@@ -309,7 +309,6 @@ pub fn read(
 					}
 				}
 				FdData::Virtual { data, offset } => {
-					let data: &[u8] = data.get();
 					let remaining = {
 						let pos = cmp::min(*offset, data.len() as u64);
 						&data[pos as usize..]
@@ -463,7 +462,7 @@ pub fn lseek(syslseek: &mut LseekParams, file_map: &mut UhyveFileMap) {
 			let tmp: i64 = match syslseek.whence as i32 {
 				SEEK_SET => 0,
 				SEEK_CUR => *offset as i64,
-				SEEK_END => data.get().len() as i64,
+				SEEK_END => data.len() as i64,
 				_ => -EINVAL as i64,
 			};
 			if tmp >= 0 {

src/hypercall.rs

@@ -3,10 +3,10 @@ use std::{
 	fmt,
 	hash::BuildHasherDefault,
 	os::fd::{FromRawFd, OwnedFd, RawFd},
+	sync::Arc,
 };
 
 use nohash::NoHashHasher;
-use yoke::{Yoke, erased::ErasedArcCart};
 
 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
 pub struct GuestFd(pub i32);
@@ -48,21 +48,17 @@ pub enum FdData {
 	Raw(RawFd),
 
 	#[allow(dead_code)]
-	/// An in-memory slice (possibly mmap-ed)
+	/// An in-memory slice.
 	///
 	/// SAFETY: It is not allowed for `data` to point into guest memory.
-	Virtual {
-		data: Yoke<&'static [u8], ErasedArcCart>,
-		offset: u64,
-	},
+	Virtual { data: Arc<[u8]>, offset: u64 },
 }
 
 impl fmt::Debug for FdData {
 	fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
 		match self {
 			FdData::Raw(r) => write!(f, "Raw({r})"),
 			FdData::Virtual { data, offset } => {
-				let data = data.get();
 				let data_snip = &data[..core::cmp::min(10, data.len())];
 				write!(f, "Virtual({data_snip:?} @ {offset})")
 			}

src/isolation/fd.rs

@@ -2,6 +2,7 @@ use std::{
 	ffi::{CStr, CString, OsString},
 	os::unix::ffi::OsStrExt,
 	path::PathBuf,
+	sync::Arc,
 };
 
 #[cfg(target_os = "linux")]
@@ -54,6 +55,19 @@ impl From<Option<String>> for UhyveIoMode {
 	}
 }
 
+#[derive(Clone, Debug, thiserror::Error)]
+pub enum HermitImageError {
+	#[error("The Hermit image tar file is corrupted: {0}")]
+	CorruptData(#[from] tar_no_std::CorruptDataError),
+
+	#[error("A file in the Hermit image doesn't have an UTF-8 file name: {0:?}")]
+	// NOTE: `Box`ed to avoid too large size differences between enum entries.
+	NonUtf8Filename(Box<tar_no_std::TarFormatString<256>>),
+
+	#[error("Unable to create a file from the Hermit image in the directory tree: {0:?}")]
+	CreateFile(String),
+}
+
 /// Wrapper around a `HashMap` to map guest paths to arbitrary host paths and track file descriptors.
 #[derive(Debug)]
 pub struct UhyveFileMap {
@@ -96,6 +110,32 @@ impl UhyveFileMap {
 		fm
 	}
 
+	/// Adds the contents of a decompressed hermit image to the file map.
+	#[allow(unused)]
+	pub fn add_hermit_image(&mut self, tar_bytes: &[u8]) -> Result<(), HermitImageError> {
+		if tar_bytes.is_empty() {
+			return Ok(());
+		}
+
+		for i in tar_no_std::TarArchiveRef::new(tar_bytes)?.entries() {
+			let filename = i.filename();
+			let filename = filename
+				.as_str()
+				.map_err(|_| HermitImageError::NonUtf8Filename(Box::new(filename)))?;
+			let data: Arc<[u8]> = i.data().to_vec().into();
+
+			// UNWRAP: `tar_no_std::ArchiveEntry::filename` already truncates at the first null byte.
+			if !self.create_file(
+				&CString::new(filename).unwrap(),
+				UhyveTreeFile::Virtual(data),
+			) {
+				return Err(HermitImageError::CreateFile(filename.to_string()));
+			}
+		}
+
+		Ok(())
+	}
+
 	/// Returns the host_path on the host filesystem given a requested guest_path, if it exists.
 	///
 	/// * `guest_path` - The guest path that is to be looked up in the map.

src/isolation/filemap/mod.rs

@@ -4,10 +4,9 @@ use std::{
 	fmt, fs,
 	os::unix::ffi::OsStrExt,
 	path::{Path, PathBuf},
+	sync::Arc,
 };
 
-use yoke::{Yoke, erased::ErasedArcCart};
-
 pub type Directory = HashMap<Box<str>, Tree>;
 
 /// A virtual file, which can either resolve to an on-host path or a virtual read-only file.
@@ -18,14 +17,14 @@ pub enum File {
 
 	/// An in-memory file
 	#[allow(unused)]
-	Virtual(Yoke<&'static [u8], ErasedArcCart>),
+	Virtual(Arc<[u8]>),
 }
 
 impl fmt::Debug for File {
 	fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
 		match self {
 			Self::OnHost(hp) => write!(f, "OnHost({:?})", hp),
-			Self::Virtual(_) => write!(f, "Virtual(..)"),
+			Self::Virtual(slice) => write!(f, "Virtual(len={})", slice.len()),
 		}
 	}
 }