Added capability to load extra blob data in sandbox #605
Conversation
danbugs
requested review from
ludfjig,
dblnz,
devigned,
syntactically and
marosset
as code owners
danbugs
added
the
kind/enhancement
danbugs
force-pushed
the
load-extra-blob
branch
2 times, most recently
from
f46ffef to
e46c2a8
Compare
There was a problem hiding this comment.
The PR comment states that the this is a non-breaking change, but the rename GuestBinary -> GuestBlob is breaking, right? Also I do think the renaming is not intuitive for users who want to load a guest binary, when it's now called GuestBlob
Not strictly related to your PR, but I think we should consider not allowing passing blobs/binaries by "path", which would force the consumers to do their own reading of files, etc, and instead only take slices of u8.
I haven't fully thought about it, but maybe Uninitialized::new should take a trait instead?
|
IIRC, @simongdavies had an idea where the host could share host memory with the VM by adding pages to the VM's page table. Would something like that help in this case? |
On the breaking-change point, you're right. Guess what I meant to say is that you don't necessarily have to pass a
If so, I can change
It does currently take a trait: |
What do you think about letting pub trait GuestEnvironment {
/// Get the guest binary
fn guest_binary(&self) -> &[u8];
/// Get optional memory blobs
fn blobs(&self) -> Option<&[&[u8]]>;
}Then we could implement it for exisiting GuestBinary, and also a new GuestBinaryWithBlob, etc, etc. |
I think I like |
@simongdavies @jprendes @dblnz @andreiltd @syntactically, any opinions on the API of this PR? |
I don't recall what that might have been, but I think if @danbugs takes up my feedback about allowing the data to have RWX flags associated with it then if its R we could do an optimisation where its only allocated in the host once, that would require us to change the way we bounds check though so I think out of scope here. We also talked about allowing a user to pass an vector of (address,len) into a sandbox for mapping, that may be a better way to do something like this, and it may fit better in a configuration than as a argument to the new function |
I think this all stemmed from us having in-proc and more specifically loadlib support in Windows, I think you are correct, I don't think we need it any longer ,not sure if now is the right time though... |
I quite like it as it is but not really that fussed either way, eventually we should bury all this behind a builder, that might be the right time to get rid of the paths |
danbugs
force-pushed
the
load-extra-blob
branch
2 times, most recently
from
7371ebe to
96749f1
Compare
Added configurable flags to the new mem region 👍 |
#614 ~ made an issue for this, @ludfjig / @simongdavies |
danbugs
force-pushed
the
load-extra-blob
branch
3 times, most recently
from
eace8a2 to
fcddae7
Compare
The GuestEnvironment struct contains two blobs of data. One identifiable as a guest binary, and one undifferentiated guest blob. This GuestEnvironment is now used to create a new sandbox in place of just a guest binary. There are TryFrom impls to be able to convert from a guest binary to a GuestEnvironment, so this isn't a breaking change. Signed-off-by: danbugs <[email protected]>
+ if guest blob is provided, we now write it to shared mem when creating a sandbox Signed-off-by: danbugs <[email protected]>
W/ this, now the guest can access that memory region. Signed-off-by: danbugs <[email protected]>
… data + modified guest and guest_bin libs for it too Signed-off-by: danbugs <[email protected]>
This PR contains the following changes:
(1) Made a non-breaking change to the signature of the
UninitializedSandbox::new(...)function. Now, instead of aGuestBinary, it takes aGuestEnvironment, which contains the usual binary + optional blob data.(2) Created new user memory region to store the extra blob data and added some extra config options for it.
(3) Added info of the new memory region to the PEB.
(4) Added tests verifying added blob data.
Reviewing commit-by-commit might be best 👍