zerovm: add execution detail docs, with diagrams (WIP)

[larsbutler]

The editable, source versions of the diagrams are here:

• https://docs.google.com/drawings/d/11Ir31RlDT-Nix6eAdfqRpTeLoaouijeBX5191I0ufDc/edit
• https://docs.google.com/drawings/d/1-DHHGr0s7asEeg_eToTV4y9LByY8_pX3pGh5JVFkKSM/edit
• https://docs.google.com/drawings/d/1y6T14nSF6_YKp_xZ-BxXYzu4HHBaHbfl2ssYffGHOgY/edit

[pkit]

Diagrams are incorrect, all FS handling is in untrusted code.
ZeroVM trusted knows only about channels and nothing else.
You can pread/pwrite to channel. Each channel has a predefined file descriptor that never changes and can be never opened or closed.

[Sgt-Mac]

Would you elaborate in a little bit more detail as to what you mean...? From what I see ZRT handles the TAR FS and while executed within untrusted memory, ZRT was still considered trusted code base...? Has this changed?

[pkit]

There is no context switch when handling FS or any other thing by ZRT. And I'm used to 'black border rectangles' representing different contexts. :)

[Sgt-Mac]

I think that's fair. ;P

However, I believe these diagrams are architecturally correct and should be added to the docs. In order to help those who are new to ZeroVM understand how this all works. Too granular detail, in one document, has the potential to cause confusion. Especially, considering the proverbial lines between ZVM and ZRT/ZVM-toolchain are quite blurred.

Supporting artifacts:
https://github.com/zerovm/zrt/blob/master/lib/zcalls/zcalls_prolog.c#L309
https://github.com/zerovm/zrt/blob/master/lib/zcalls/zcalls_zrt.c#L324

[larsbutler]

It kind of makes sense to lump ZRT and ZeroVM stuff together in the diagrams, but it would be false to call ZRT "trusted". I'll see if I can come up with some alternative diagrams to clarify it.

[larsbutler]

What about the zerovm_init.png? Is that correct? The part I'm unsure about is the TARball mounting (in blue).

[mgeisler]

Lars and I just had a chat about the diagrams here in the office. @larsbutler: as we discussed, ZeroVM doesn't know anything about the tarball (except that it maps it from a file in the host filesystme to a channel inside the sandbox) and it known nothing at all about the in-memory filesystem. So I suggest moving those parts into the untrusted box or removing them altogether since they're not really part of the core ZeroVM initialization process.

[pkit]

Tarball is not a part of the init process. The final result of the init (before execution) is a "user manifest" which is just a structure in memory with all the data that gets passed to untrusted: channel file descriptors, available memory, quotas, etc.