nitro: Update architecture

Makefile

@@ -17,13 +17,13 @@ SNP_INIT_SRC =	init/tee/snp_attest.c		\
 		$(KBS_INIT_SRC)			\
 
 TDX_INIT_SRC = $(KBS_INIT_SRC)
-NITRO_INIT_SRC = init/nitro/include/vsock.h		\
-		init/nitro/include/archive.h		\
+NITRO_INIT_SRC = init/nitro/include/archive.h		\
+		init/nitro/include/args_reader.h	\
 		init/nitro/include/fs.h			\
 		init/nitro/include/tap_afvsock.h	\
 		init/nitro/main.c			\
-		init/nitro/vsock.c			\
 		init/nitro/archive.c			\
+		init/nitro/args_reader.c		\
 		init/nitro/fs.c				\
 		init/nitro/tap_afvsock.c		\
 

examples/nitro.c

@@ -102,118 +102,6 @@ bool parse_cmdline(int argc, char *const argv[], struct cmdline *cmdline)
     return false;
 }
 
-void *listen_enclave_app_output(void *opague)
-{
-    int ret, sock_fd, bytes_read, client_fd;
-    char buffer[BUFSIZE];
-    struct sockaddr_vm addr;
-    struct timeval timeval;
-
-    sock_fd = socket(AF_VSOCK, SOCK_STREAM, 0);
-    if (sock_fd < 0) {
-        perror("unable to create host socket for application output");
-        return (void *)-1;
-    }
-
-    bzero((char *) &addr, sizeof(struct sockaddr_vm));
-    addr.svm_family = AF_VSOCK;
-    addr.svm_cid = VMADDR_CID_ANY;
-    addr.svm_port = 8081;
-
-    memset(&timeval, 0, sizeof(struct timeval));
-    timeval.tv_sec = 5;
-
-    ret = setsockopt(sock_fd, AF_VSOCK, SO_VM_SOCKETS_CONNECT_TIMEOUT, (void *) &timeval, sizeof(struct timeval));
-    if (ret < 0) {
-        close(sock_fd);
-        perror("unable to set socket options for application output socket");
-        return (void *)-1;
-    }
-
-    ret = bind(sock_fd, (struct sockaddr *) &addr, sizeof(addr));
-    if (ret < 0) {
-        close(sock_fd);
-        perror("unable to bind the host application output socket to the address");
-        return (void *)-1;
-    }
-
-    ret = listen(sock_fd, 1);
-    if (ret < 0) {
-        close(sock_fd);
-        perror("unable to listen for incoming connection to host application output socket.");
-        return (void *)-1;
-    }
-
-    client_fd = accept(sock_fd, NULL, NULL);
-    if (client_fd < 0) {
-        close(sock_fd);
-        perror("unable to connect host application output socket to guest socket");
-        return (void *)-1;
-    }
-
-    close(sock_fd);
-
-    while((bytes_read = read(client_fd, buffer, sizeof(buffer) - 1)) > 0) {
-        buffer[bytes_read] = '\0';
-        printf("%s", buffer);
-        fflush(stdout);
-    }
-
-    if (bytes_read < 0)
-        perror("application output socket read error");
-
-    close(client_fd);
-    return (void *)0;
-}
-
-void *listen_enclave_output(void *opaque)
-{
-    socklen_t addr_sz = sizeof(struct sockaddr_vm);
-    struct sockaddr_vm addr;
-    int ret, sock_fd, cid;
-    struct timeval timeval;
-    char buf[BUFSIZE];
-
-    cid = (int) opaque;
-
-    sock_fd = socket(AF_VSOCK, SOCK_STREAM, 0);
-    if (sock_fd < 0)
-        return (void *) -1;
-
-    bzero((char *) &addr, sizeof(struct sockaddr_vm));
-    addr.svm_family = AF_VSOCK;
-    addr.svm_cid = VMADDR_CID_HYPERVISOR;
-    addr.svm_port = cid + CID_TO_CONSOLE_PORT_OFFSET;
-
-    // Set vsock timeout limit to 5 seconds.
-    memset(&timeval, 0, sizeof(struct timeval));
-    timeval.tv_sec = 5;
-
-    ret = setsockopt(sock_fd, AF_VSOCK, SO_VM_SOCKETS_CONNECT_TIMEOUT,
-                        (void *) &timeval, sizeof(struct timeval));
-    if (ret < 0) {
-        close(sock_fd);
-        return (void *) -1;
-    }
-
-    ret = connect(sock_fd, (struct sockaddr *) &addr, addr_sz);
-    if (ret < 0) {
-        close(sock_fd);
-        return (void *) -1;
-    }
-
-    bzero(buf, BUFSIZE);
-    for (;;) {
-        ret = read(sock_fd, &buf, BUFSIZE);
-        if (ret <= 0)
-            break;
-
-        buf[ret] = '\0';
-
-        printf("%s", buf);
-    }
-}
-
 const char *const default_argv[] = { "cat", "/etc/os-release", NULL };
 
 #define DEFAULT_PATH_ENV "PATH=/sbin:/usr/sbin:/bin:/usr/bin"
@@ -269,8 +157,6 @@ int main(int argc, char *const argv[])
     struct cmdline cmdline;
     pthread_t debug_console_thread, app_thread;
 
-    int nitro_start_flags = KRUN_NITRO_START_FLAG_DEBUG;
-
     if (!parse_cmdline(argc, argv, &cmdline)) {
         putchar('\n');
         print_help(argv[0]);
@@ -305,10 +191,9 @@ int main(int argc, char *const argv[])
         return -1;
     }
 
-    // Configure the nitro enclave to run in debug mode.
-    if (err = krun_nitro_set_start_flags(ctx_id, nitro_start_flags)) {
+    if (err = krun_set_console_output(ctx_id, "/dev/stdout")) {
         errno = -err;
-        perror("Error configuring nitro enclave start flags");
+        perror("Error configuring the console output");
         return -1;
     }
 
@@ -320,7 +205,7 @@ int main(int argc, char *const argv[])
     }
 
     // Configure the enclave's execution environment.
-    if (err = krun_set_exec(ctx_id, "ls", default_argv, default_envp)) {
+    if (err = krun_set_exec(ctx_id, default_argv[0], default_argv, default_envp)) {
         errno = -err;
         perror("Error configuring enclave execution path");
         return -1;
@@ -342,12 +227,6 @@ int main(int argc, char *const argv[])
         }
     }
 
-    ret = pthread_create(&app_thread, NULL, listen_enclave_app_output, NULL);
-    if (ret < 0) {
-        perror("unable to create new app listener thread");
-        return -1;
-    }
-
     /*
      * Start and enter the microVM. In the libkrun-nitro flavor, a positive
      * value returned by krun_start_enter() is the enclave's CID.
@@ -358,19 +237,4 @@ int main(int argc, char *const argv[])
         perror("Error creating the microVM");
         return -1;
     }
-
-    if (nitro_start_flags == KRUN_NITRO_START_FLAG_DEBUG) {
-        ret = pthread_create(&debug_console_thread, NULL, listen_enclave_output, (void *) cid);
-        if (ret < 0) {
-            perror("unable to create new listener thread");
-            return -1;
-        }
-    }
-
-    ret = pthread_join(app_thread, NULL);
-    if (ret < 0) {
-        perror("unable to join app listener thread");
-        return -1;
-    }
-    return 0;
 }

include/libkrun.h

@@ -972,29 +972,6 @@ int32_t krun_get_max_vcpus(void);
 */
 int32_t krun_split_irqchip(uint32_t ctx_id, bool enable);
 
-#define KRUN_NITRO_IMG_TYPE_EIF 1
-/**
- * Configure a Nitro Enclaves image.
- *
- * Arguments:
- *  "ctx_id"     - the configuration context ID.
- *  "image_path" - a null-terminated string representing the path of the image
- *                 in the host.
- *  "image_type" - the type of enclave image being provided.
- */
-int32_t krun_nitro_set_image(uint32_t ctx_id, const char *image_path,
-                             uint32_t image_type);
-
-#define KRUN_NITRO_START_FLAG_DEBUG (1 << 0)
-/**
- * Configure a Nitro Enclave's start flags.
- *
- * Arguments:
- *  "ctx_id" - the configuration context ID.
- *  "start_flags" - Start flags.
- */
-int32_t krun_nitro_set_start_flags(uint32_t ctx_id, uint64_t start_flags);
-
 /*
  * Do not create an implicit console device in the guest. By using this API,
  * libkrun will create zero console devices on behalf of the user. Any
@@ -1171,9 +1148,6 @@ int32_t krun_set_root_disk_remount(uint32_t ctx_id, const char *device, const ch
  *  code once the microVM shuts down. If an error occurred before running the workload the process
  *  will exit() with an error exit code.
  *
- *  In the nitro flavor, this function always returns. Upon success, this function will return the
- *  CID of the nitro enclave that was started.
- *
  * Error exit codes:
  *  125     - "init" cannot set up the environment inside the microVM.
  *  126     - "init" can find the executable to be run inside the microVM but cannot execute it.