Skip to content

Commit

Permalink
Merge branch 'main' into drop_snapshot_forward_compatibility
Browse files Browse the repository at this point in the history
  • Loading branch information
bchalios authored Sep 21, 2023
2 parents 20ccdec + 0c3c9fc commit 9e80c09
Show file tree
Hide file tree
Showing 23 changed files with 105 additions and 185 deletions.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

147 changes: 0 additions & 147 deletions build.rs

This file was deleted.

1 change: 0 additions & 1 deletion src/cpu-template-helper/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ name = "cpu-template-helper"
version = "1.5.0-dev"
authors = ["Amazon Firecracker team <[email protected]>"]
edition = "2021"
build = "../../build.rs"
license = "Apache-2.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

Expand Down
2 changes: 1 addition & 1 deletion src/cpu-template-helper/src/utils/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ pub mod aarch64;
#[cfg(target_arch = "x86_64")]
pub mod x86_64;

pub const CPU_TEMPLATE_HELPER_VERSION: &str = env!("FIRECRACKER_VERSION");
pub const CPU_TEMPLATE_HELPER_VERSION: &str = env!("CARGO_PKG_VERSION");

/// Trait for key of `HashMap`-based modifier.
///
Expand Down
8 changes: 7 additions & 1 deletion src/firecracker/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name = "firecracker"
version = "1.5.0-dev"
authors = ["Amazon Firecracker team <[email protected]>"]
edition = "2021"
build = "../../build.rs"
build = "build.rs"
description = "Firecracker enables you to deploy workloads in lightweight virtual machines, called microVMs, which provide enhanced security and workload isolation over traditional VMs, while enabling the speed and resource efficiency of containers."
homepage = "https://firecracker-microvm.github.io/"
license = "Apache-2.0"
Expand Down Expand Up @@ -36,6 +36,12 @@ regex = { version = "1.9.5", default-features = false, features = ["std", "unico
serde = { version = "1.0.188", features = ["derive"] }
userfaultfd = "0.6.1"

[build-dependencies]
bincode = "1.2.1"
seccompiler = { path = "../seccompiler" }
serde = { version = "1.0.188" }
serde_json = "1.0.107"

[[example]]
name = "uffd_malicious_handler"
path = "examples/uffd/malicious_handler.rs"
Expand Down
62 changes: 62 additions & 0 deletions src/firecracker/build.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
// Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

use std::collections::BTreeMap;
use std::fs::File;
use std::path::Path;

use seccompiler::common::BpfProgram;
use seccompiler::compiler::{Compiler, JsonFile};

const ADVANCED_BINARY_FILTER_FILE_NAME: &str = "seccomp_filter.bpf";

const JSON_DIR: &str = "../../resources/seccomp";
const SECCOMPILER_SRC_DIR: &str = "../seccompiler/src";

// This script is run on every modification in the target-specific JSON file in `resources/seccomp`.
// It compiles the JSON seccomp policies into a serializable BPF format, using seccompiler-bin.
// The generated binary code will get included in Firecracker's code, at compile-time.
fn main() {
// Target triple
let target = std::env::var("TARGET").expect("Missing target.");
let out_dir = std::env::var("OUT_DIR").expect("Missing build-level OUT_DIR.");
// Target arch (x86_64 / aarch64)
let target_arch = std::env::var("CARGO_CFG_TARGET_ARCH").expect("Missing target arch.");

let seccomp_json_path = format!("{}/{}.json", JSON_DIR, target);
// If the current target doesn't have a default filter, use a default, empty filter.
// This is to make sure that Firecracker builds even with libc toolchains for which we don't
// provide a default filter. For example, GNU libc.
let seccomp_json_path = if Path::new(&seccomp_json_path).exists() {
seccomp_json_path
} else {
println!(
"cargo:warning=No default seccomp policy for target: {}. Defaulting to \
`resources/seccomp/unimplemented.json`.",
target
);
format!("{}/unimplemented.json", JSON_DIR)
};

// Retrigger the build script if the JSON file has changed.
// let json_path = json_path.to_str().expect("Invalid bytes");
println!("cargo:rerun-if-changed={}", seccomp_json_path);
// Also retrigger the build script on any seccompiler source code change.
println!("cargo:rerun-if-changed={}", SECCOMPILER_SRC_DIR);

let input = std::fs::read_to_string(seccomp_json_path).expect("Correct input file");
let filters: JsonFile = serde_json::from_str(&input).expect("Input read");

let arch = target_arch.as_str().try_into().expect("Target");
let compiler = Compiler::new(arch);

// transform the IR into a Map of BPFPrograms
let bpf_data: BTreeMap<String, BpfProgram> = compiler
.compile_blob(filters.0, false)
.expect("Successfull compilation");

// serialize the BPF programs & output them to a file
let out_path = format!("{}/{}", out_dir, ADVANCED_BINARY_FILTER_FILE_NAME);
let output_file = File::create(out_path).expect("Create seccompiler output path");
bincode::serialize_into(output_file, &bpf_data).expect("Seccompiler serialization");
}
2 changes: 1 addition & 1 deletion src/firecracker/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ use crate::seccomp::SeccompConfig;
// see https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s15.html for more information.
const DEFAULT_API_SOCK_PATH: &str = "/run/firecracker.socket";
const DEFAULT_INSTANCE_ID: &str = "anonymous-instance";
const FIRECRACKER_VERSION: &str = env!("FIRECRACKER_VERSION");
const FIRECRACKER_VERSION: &str = env!("CARGO_PKG_VERSION");
const MMDS_CONTENT_ARG: &str = "metadata";

#[derive(Debug, thiserror::Error, displaydoc::Display)]
Expand Down
1 change: 0 additions & 1 deletion src/jailer/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ name = "jailer"
version = "1.5.0-dev"
authors = ["Amazon Firecracker team <[email protected]>"]
edition = "2021"
build = "../../build.rs"
description = "Process for starting Firecracker in production scenarios; applies a cgroup/namespace isolation barrier and then drops privileges."
homepage = "https://firecracker-microvm.github.io/"
license = "Apache-2.0"
Expand Down
2 changes: 1 addition & 1 deletion src/jailer/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ mod chroot;
mod env;
mod resource_limits;

const JAILER_VERSION: &str = env!("FIRECRACKER_VERSION");
const JAILER_VERSION: &str = env!("CARGO_PKG_VERSION");

#[derive(Debug, thiserror::Error)]
pub enum JailerError {
Expand Down
1 change: 0 additions & 1 deletion src/rebase-snap/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ name = "rebase-snap"
version = "1.5.0-dev"
authors = ["Amazon Firecracker team <[email protected]>"]
edition = "2021"
build = "../../build.rs"
license = "Apache-2.0"

[[bin]]
Expand Down
2 changes: 1 addition & 1 deletion src/rebase-snap/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use std::os::unix::io::AsRawFd;
use utils::arg_parser::{ArgParser, Argument, Arguments, Error as ArgError};
use utils::seek_hole::SeekHole;

const REBASE_SNAP_VERSION: &str = env!("FIRECRACKER_VERSION");
const REBASE_SNAP_VERSION: &str = env!("CARGO_PKG_VERSION");
const BASE_FILE: &str = "base-file";
const DIFF_FILE: &str = "diff-file";

Expand Down
1 change: 0 additions & 1 deletion src/seccompiler/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ name = "seccompiler"
version = "1.5.0-dev"
authors = ["Amazon Firecracker team <[email protected]>"]
edition = "2021"
build = "../../build.rs"
description = "Program that compiles multi-threaded seccomp-bpf filters expressed as JSON into raw BPF programs, serializing them and outputting them to a file."
homepage = "https://firecracker-microvm.github.io/"
license = "Apache-2.0"
Expand Down
Loading

0 comments on commit 9e80c09

Please sign in to comment.