init: remove TEE-specific code#590
Conversation
jakecorrenti
force-pushed
the
remove-conf-comp-init
branch
2 times, most recently
from
853c5f3 to
e0adba0
Compare
jakecorrenti
force-pushed
the
remove-conf-comp-init
branch
3 times, most recently
from
eea13c7 to
112582a
Compare
jakecorrenti
force-pushed
the
remove-conf-comp-init
branch
from
112582a to
fb56242
Compare
Since we never built the init binary in this repository in the first place, remove it. Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
jakecorrenti
force-pushed
the
remove-conf-comp-init
branch
from
fb56242 to
bc605b0
Compare
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
|
I welcome this change, but whats the plan - it will be moved to libkrunfw? Will you reuse some parts of init.c from here? (I suppose because you are modularizing some parts into separate files. |
jakecorrenti
force-pushed
the
remove-conf-comp-init
branch
from
bc605b0 to
5ed633a
Compare
Yes, the Confidential Computing init code will be moved to libkrunfw (PR still needs to be made). The Conf. Computing init code is practically the same as the standard variant but with the attestation bits. The goal here was to make as much code reusable so that a PR to the init binary here didn't have to result in a PR in libkrunfw at the same time. The Conf. For 2.0 I was envisioning the init code being re-written in Rust (which I've started working on in the background) and having any shared code be a separate crate. Then this would allow the init crates in libkrun and libkrunfw to just import the crate and not have to deal with any funny scripts at compile time. Just a thought, and it hasn't been fully thought through yet. |
jakecorrenti
force-pushed
the
remove-conf-comp-init
branch
2 times, most recently
from
e57ccef to
46258ec
Compare
|
/gemini review |
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
jakecorrenti
force-pushed
the
remove-conf-comp-init
branch
from
46258ec to
7501753
Compare
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the init process by modularizing the code previously contained in init.c into separate files: fs.c, parser.c, utils.c, and timesync.c. The build script is updated to compile these new modules. Several critical logic errors were identified in the new modules, including missing null-termination for the configuration buffer, incorrect pointer checks for the configuration arguments, and flawed conditional logic when setting the hostname and working directory.
| data = malloc(data_len); | ||
| if (!data) { | ||
| perror("Couldn't allocate memory"); | ||
| goto cleanup_fd; | ||
| } | ||
|
|
||
| if (read(fd, data, data_len) < 0) { | ||
| perror("Error reading config file"); | ||
| goto cleanup_data; | ||
| } |
There was a problem hiding this comment.
The buffer data is allocated with data_len bytes but is later treated as a string (e.g., in strstr within config_parse_env). It should be null-terminated to avoid buffer over-reads. Additionally, the read call should ensure the entire file is read as expected.
data = malloc(data_len + 1);
if (!data) {
perror("Couldn't allocate memory");
goto cleanup_fd;
}
if (read(fd, data, data_len) < (ssize_t)data_len) {
perror("Error reading config file");
goto cleanup_data;
}
data[data_len] = '\0';| } | ||
|
|
||
| jsmn_init(&parser); | ||
| num_tokens = jsmn_parse(&parser, data, strlen(data), tokens, MAX_TOKENS); |
There was a problem hiding this comment.
Using strlen(data) on a buffer that may not be null-terminated is unsafe and can lead to a buffer over-read. Since the length is already known from the file metadata, it should be used directly, which also restores the behavior of the original code.
| num_tokens = jsmn_parse(&parser, data, strlen(data), tokens, MAX_TOKENS); | |
| num_tokens = jsmn_parse(&parser, data, data_len, tokens, MAX_TOKENS); |
| krun_init = getenv("KRUN_INIT"); | ||
| if (krun_init) { | ||
| (*exec_argv)[0] = krun_init; | ||
| } else if (config_argv) { |
There was a problem hiding this comment.
config_argv is a pointer to the variable in main (char ***), so it is never NULL. The check should be performed on *config_argv to see if a configuration was actually parsed. As it stands, if no config is found, *exec_argv is set to NULL, which will cause a crash in exec_child when it attempts to dereference it.
| } else if (config_argv) { | |
| } else if (*config_argv) { |
| if (hostname && sethostname(hostname, strlen(hostname)) < 0) { | ||
| perror("sethostname(getenv(HOSTNAME))"); | ||
| exit(-1); | ||
| } else if (sethostname(&localhost[0], strlen(localhost)) < 0) { | ||
| perror("sethostname(localhost)"); | ||
| exit(-1); | ||
| } |
There was a problem hiding this comment.
There is a logic error in how the hostname is set. If hostname is not NULL and sethostname succeeds, the if condition evaluates to false, causing the else if branch to execute. This results in the hostname being set to the desired value and then immediately overwritten by "localhost".
char *name = hostname ? hostname : localhost;
if (sethostname(name, strlen(name)) < 0) {
perror("sethostname");
exit(-1);
}| if (env_workdir && chdir(env_workdir) < 0) { | ||
| perror("chdir(getenv(KRUN_WORKDIR))"); | ||
| exit(-1); | ||
| } else if (config_workdir && chdir(config_workdir) < 0) { | ||
| perror("chdir(config_workdir)"); | ||
| exit(-1); | ||
| } |
There was a problem hiding this comment.
Similar to the hostname issue, the chdir logic is flawed. If env_workdir is set and chdir succeeds, the else if branch will still be evaluated, potentially calling chdir again with config_workdir. The intention is likely to use env_workdir if available, otherwise fall back to config_workdir.
char *workdir = env_workdir ? env_workdir : config_workdir;
if (workdir && chdir(workdir) < 0) {
perror("chdir");
exit(-1);
}
3 participants
Since we never built the init binary in this repository in the first place, remove it.