feat(mirage): add dynamic device naming via manifest and annotations #363
Conversation
✅ Deploy Preview for urunc canceled.
|
|
| var manifest Solo5Manifest | ||
| // Attempt to find the start of the JSON object '{' | ||
| jsonStart := strings.Index(string(data), "{") | ||
| if jsonStart == -1 { | ||
| return nil, fmt.Errorf("invalid manifest format") | ||
| } | ||
|
|
||
| if err := json.Unmarshal(data[jsonStart:], &manifest); err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| return &manifest, nil |
There was a problem hiding this comment.
The note doesn't contain json. See https://github.com/Solo5/solo5/blob/dabc69fd89b8119449ec4088c54b458d4ccc851b/include/mft_abi.h for the format, or https://git.robur.coop/robur/ocaml-solo5-elftool/src/branch/main/lib/solo5_elftool.ml#L73-L146 for code that parses the format.
If you want json you can use solo5-elftool query-manifest $executable assuming solo5-elftool is in $PATH. This adds an external dependency though.
There was a problem hiding this comment.
@reynir Thanks for catching this! You are absolutely right
I was incorrectly assuming the manifest section contained JSON, but it is indeed raw binary data as defined in the ABI.
To avoid introducing an external dependency on solo5-elftool, I have rewritten the implementation to parse the binary data natively in Go. The updated parser now:
Follows the layout defined in mft_abi.h.
Correctly handles the C-struct alignment and padding (specifically the 8-byte alignment for the version and device types).
Includes logic to skip the ELF Note header if present.
| mirageID := m.getMirageDeviceName(ifName, "NET_BASIC", "service") | ||
|
|
||
| netOption := fmt.Sprintf("--net:%s=%s", mirageID, ifName) | ||
| netOption += fmt.Sprintf(" --net-mac:%s=%s", mirageID, mac) |
There was a problem hiding this comment.
Not sure what the security model is, but you may consider enforcing the constraint that device names are alphanumerical (and at most a fixed length which I don't remember). Otherwise you can inject arbitrary strings here.
There was a problem hiding this comment.
I have updated getMirageDeviceName to enforce strict validation:
Alphanumeric Check: The resolved name is validated against a regex (^[a-zA-Z0-9_]+$).
Fallback: If the name contains invalid characters, it safely falls back to the default name (e.g., storage or service) rather than passing the raw string.
There was a problem hiding this comment.
Sorry, it doesn't make sense to add a fallback. If the name is invalid then solo5-hvt/solo5-spt will error out parsing the ELF. Even if the ELF was not invalid solo5-hvt/solo5-spt will error out because you just made up a device name that doesn't match the manifest.
codesmith25103
force-pushed
the
Issue315
branch
2 times, most recently
from
fd0bf6f to
3844f3c
Compare
Previously, urunc hardcoded MirageOS network interfaces to 'service' and block devices to 'storage'. This caused failures for unikernels that defined different interface names in their Solo5 manifest. This commit introduces dynamic device discovery and mapping: - Parsed .note.solo5.manifest from ELF binary for auto-detection. - Added support for urunc.dev/mirage-net-map annotations. - Updated UnikernelParams to pass binary path and annotations. This ensures compatibility with diverse MirageOS unikernels. Fixes: urunc-dev#315 Signed-off-by: Sankalp <sankalp25103@gmail.com>
codesmith25103
force-pushed
the
Issue315
branch
from
3844f3c to
44f2f95
Compare
| // Heuristic to skip ELF Note Header | ||
| if len(data) > 12 { | ||
| var namesz uint32 | ||
| // FIX: Checked error return value (errcheck warning) | ||
| if err := binary.Read(bytes.NewReader(data[0:4]), binary.LittleEndian, &namesz); err != nil { | ||
| // If we can't even read 4 bytes, just ignore this check and use offset 0 | ||
| } else { | ||
| // If namesz is 6 ("Solo5\0"), skip header. | ||
| // Header = 12 + aligned(namesz) | ||
| if namesz == 6 { | ||
| offset = int64(12 + ((namesz + 3) &^ 3)) | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
I don't understand this. Does the ELF library do this or not? It doesn't make sense to maybe do this to me. What is the heuristic exactly?
| } | ||
|
|
||
| // MftHeader matches the 12-byte header found in the binary. | ||
| // 0x00: Pad/Reserved (4) |
There was a problem hiding this comment.
The padding is <4 and depends on the note owner and such. I don't think this is right.
| // Sanity Check | ||
| if header.Version != 1 { | ||
| return nil, fmt.Errorf("invalid manifest version: %d (expected 1)", header.Version) | ||
| } |
There was a problem hiding this comment.
You should check that the number of entries is at least 1 as there is always the RESERVED_FIRST entry.
There was a problem hiding this comment.
Also check entries is less than or equal to MFT_MAX_ENTRIES.
| switch entry.Type { | ||
|
|
||
| case mftDevNetBasic: | ||
| devType = "NET_BASIC" | ||
| case mftDevBlockBasic: | ||
| devType = "BLOCK_BASIC" | ||
| default: | ||
| devType = fmt.Sprintf("UNKNOWN_%d", entry.Type) | ||
| } |
There was a problem hiding this comment.
You forgot the RESERVED_FIRST entry which is always present and the first entry.
| const ( | ||
| mftDevBlockBasic = 0 | ||
| mftDevNetBasic = 1 | ||
| mftNameMax = 64 |
There was a problem hiding this comment.
Not sure where you got the number 64. It's not right.
| Name [mftNameMax + 1]byte | ||
| Pad [7]byte // Exported to avoid panic in binary.Read | ||
| Type uint64 | ||
| Flags uint64 |
| Pad [7]byte // Exported to avoid panic in binary.Read | ||
| Type uint64 | ||
| Flags uint64 | ||
| Pad2 [16]byte // Exported to avoid panic in binary.Read |
| mirageID := m.getMirageDeviceName(ifName, "NET_BASIC", "service") | ||
|
|
||
| netOption := fmt.Sprintf("--net:%s=%s", mirageID, ifName) | ||
| netOption += fmt.Sprintf(" --net-mac:%s=%s", mirageID, mac) |
There was a problem hiding this comment.
Sorry, it doesn't make sense to add a fallback. If the name is invalid then solo5-hvt/solo5-spt will error out parsing the ELF. Even if the ELF was not invalid solo5-hvt/solo5-spt will error out because you just made up a device name that doesn't match the manifest.
| } | ||
| cleanName := string(entry.Name[:nameLen]) | ||
|
|
||
| // Skip empty names (often internal devices) |
There was a problem hiding this comment.
There are no such thing as internal devices. Empty names are disallowed.
| monitorRootfsDirName = "monRootfs" | ||
| containerRootfsMountPath = "/cntrRootfs" |
There was a problem hiding this comment.
This change is unrelated. It would be helpful to me if unrelated changes were kept out of this PR
3 participants
Previously, urunc hardcoded MirageOS network interfaces to 'service'
and block devices to 'storage'. This caused failures for unikernels
that defined different interface names in their Solo5 manifest.
This commit introduces dynamic device discovery and mapping:
This ensures compatibility with diverse MirageOS unikernels.
Fixes: #315