Skip to content

aws-nitro: Separate guest kernel module loading, updates#549

Open
tylerfanelli wants to merge 4 commits intocontainers:mainfrom
tylerfanelli:awsnitro-init-modules
Open

aws-nitro: Separate guest kernel module loading, updates#549
tylerfanelli wants to merge 4 commits intocontainers:mainfrom
tylerfanelli:awsnitro-init-modules

Conversation

@tylerfanelli
Copy link
Member

No description provided.

Nitro enclaves do not allow user input, so it remains unclear if
debugging the init binary would be possible. Strip debug symbols to
shrink the binary size.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
Start the debug output proxy immediately after the enclave has booted
(if debug mode is enabled).

Change the debug enclave argument to instead represent enabling
application output, as nothing has to be done by the enclave VM if debug
output is enabled. In this case, output will be printed to the console,
which libkrun will already be connected to and forwarding data to/from.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
The krun-nitro-eif-ctl tool allows users to configure the kernel modules
loaded within their enclave. This is done through a directory
`/root` in the initrd. Read this directory and load each
module into the enclave kernel within the bootstrap process.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
Copy link
Member Author

cc @jakecorrenti

@slp
Copy link
Collaborator

slp commented Feb 18, 2026

/gemini

@slp
Copy link
Collaborator

slp commented Feb 18, 2026

/gemini review

Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

The pull request refactors the kernel module loading mechanism by introducing a new mod.c file and separating debug output handling from application output. The debug flag has been consistently renamed to app_output across the C and Rust codebases, improving clarity. The changes also include an optimization to strip symbols from the aws-nitro init binary and a new feature to stream debug output from the serial console. Overall, the changes enhance modularity, clarify intent, and improve the build process.

continue;

// Copy the full path of the module file.
sprintf(path, "%s/%s", KRUN_LINUX_MODS_DIR_NAME, entry->d_name);

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Using sprintf is generally unsafe as it does not perform bounds checking, which can lead to buffer overflows if entry->d_name is unexpectedly long. It's safer to use snprintf to prevent potential security vulnerabilities.

Suggested change
sprintf(path, "%s/%s", KRUN_LINUX_MODS_DIR_NAME, entry->d_name);
snprintf(path, sizeof(path), "%s/%s", KRUN_LINUX_MODS_DIR_NAME, entry->d_name);

Comment on lines +312 to +314
* If not running in debug mode, initialize the application output proxy. In
* debug mode, the enclave uses the console (which is already connected) for
* output.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The comment here could be updated for better clarity. Since args->app_output now explicitly indicates whether application output is enabled (which implies non-debug mode), the phrase "If not running in debug mode" is slightly redundant. Consider rephrasing to directly state the purpose of app_output.

For example, "If application output is enabled, initialize the application output proxy. Otherwise, the enclave uses the console for output."

Suggested change
* If not running in debug mode, initialize the application output proxy. In
* debug mode, the enclave uses the console (which is already connected) for
* output.
* If application output is enabled, initialize the application output proxy. Otherwise,
* the enclave uses the console (which is already connected) for output.

*/
int mods_load(void)
{
char path[MOD_FILE_NAME_BUF_SIZE + strlen(KRUN_LINUX_MODS_DIR_NAME) + 1];

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using strlen on a string literal like KRUN_LINUX_MODS_DIR_NAME at runtime is less efficient than using sizeof for compile-time calculation. While it works, sizeof is generally preferred for fixed-size string literals to avoid unnecessary runtime overhead.

Suggested change
char path[MOD_FILE_NAME_BUF_SIZE + strlen(KRUN_LINUX_MODS_DIR_NAME) + 1];
char path[MOD_FILE_NAME_BUF_SIZE + sizeof(KRUN_LINUX_MODS_DIR_NAME) + 1];

Comment on lines +78 to +80
valid = 1;
valid &= !(strcmp(entry->d_name, ".") == 0);
valid &= !(strcmp(entry->d_name, "..") == 0);

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The valid checks can be simplified for better readability. Instead of separate valid &= lines, you can combine them into a single conditional or use strcmp directly in the if statement.

Suggested change
valid = 1;
valid &= !(strcmp(entry->d_name, ".") == 0);
valid &= !(strcmp(entry->d_name, "..") == 0);
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments