From 7ec30e1487b1e1f36b8ac8a49faef29b2c6b0f07 Mon Sep 17 00:00:00 2001 From: g2flyer Date: Mon, 1 Jul 2024 08:53:28 -0700 Subject: [PATCH] WIP: rollback status introspection Signed-off-by: g2flyer --- libos/include/libos_fs_pseudo.h | 1 + libos/src/fs/dev/fs.c | 4 ++ libos/src/fs/dev/rollback.c | 64 +++++++++++++++++++++++++++ libos/src/meson.build | 1 + libos/test/regression/meson.build | 1 + libos/test/regression/rollback.c | 28 ++++++++++++ libos/test/regression/tests.toml | 1 + libos/test/regression/tests_musl.toml | 1 + 8 files changed, 101 insertions(+) create mode 100644 libos/src/fs/dev/rollback.c create mode 100644 libos/test/regression/rollback.c diff --git a/libos/include/libos_fs_pseudo.h b/libos/include/libos_fs_pseudo.h index 31883d67b1..b1b3275544 100644 --- a/libos/include/libos_fs_pseudo.h +++ b/libos/include/libos_fs_pseudo.h @@ -229,6 +229,7 @@ int proc_ipc_thread_follow_link(struct libos_dentry* dent, char** out_target); int init_devfs(void); int init_attestation(struct pseudo_node* dev); +int init_rollback(struct pseudo_node* dev); /* sysfs */ diff --git a/libos/src/fs/dev/fs.c b/libos/src/fs/dev/fs.c index 3068ea40c2..e013178209 100644 --- a/libos/src/fs/dev/fs.c +++ b/libos/src/fs/dev/fs.c @@ -176,5 +176,9 @@ int init_devfs(void) { if (ret < 0) return ret; + ret = init_rollback(root); + if (ret < 0) + return ret; + return 0; } diff --git a/libos/src/fs/dev/rollback.c b/libos/src/fs/dev/rollback.c new file mode 100644 index 0000000000..f0b4fda657 --- /dev/null +++ b/libos/src/fs/dev/rollback.c @@ -0,0 +1,64 @@ +/* SPDX-License-Identifier: LGPL-3.0-or-later */ +/* Copyright (C) 2024 Intel Labs + * Michael Steiner + */ + +/*! + * \file + * + * This file contains a pseudo-device for an application to inspect the rollback protection state. + * `/dev/rollback/ pseudo-file. + * + */ + +// TODO (MST): also add pseudo file to get hash of the last seen root hash (or, better for +// atomicity, status ahd hash) + +#include "api.h" +#include "libos_fs_encrypted.h" +#include "libos_fs_pseudo.h" +#include "pal.h" +#include "toml_utils.h" + +static int path_load(struct libos_dentry* dent, char** out_data, size_t* out_size) { + // TODO (MST): implement me + // - find volume matching path + // - libos/include/libos_fs.h:int walk_mounts(int (*walk)(struct libos_mount* mount, void* + // arg), void* arg); + // - libos_mount* find_mount_from_uri(const char* uri) path_lookupat(start, path, + // - lookup_flags, &dent); + // + // - find (relative) path in map + /* + struct libos_encrypted_volume_state_map* file_state = NULL; + lock(&(enc->volume->files_state_map_lock)); + HASH_FIND_STR(enc->volume->files_state_map, norm_path, file_state); + unlock(&(enc->volume->files_state_map_lock)); + */ + // - prepare outpub buffer with map entry + /* + if (is_set) { + char* buf = malloc(sizeof(pf_key)); + if (!buf) + return -ENOMEM; + memcpy(buf, &pf_key, sizeof(pf_key)); + + *out_data = buf; + *out_size = sizeof(pf_key); + } else { + *out_data = NULL; + *out_size = 0; + } + */ + __UNUSED(dent); + __UNUSED(out_data); + __UNUSED(out_size); + return 0; +} + +int init_rollback(struct pseudo_node* dev) { + struct pseudo_node* rollback_dir = pseudo_add_dir(dev, "rollback"); + pseudo_add_str(rollback_dir, "file_status", &path_load); + + return 0; +} \ No newline at end of file diff --git a/libos/src/meson.build b/libos/src/meson.build index b9946bc2af..43e19095c2 100644 --- a/libos/src/meson.build +++ b/libos/src/meson.build @@ -19,6 +19,7 @@ libos_sources = files( 'fs/chroot/fs.c', 'fs/dev/attestation.c', 'fs/dev/fs.c', + 'fs/dev/rollback.c', 'fs/etc/fs.c', 'fs/eventfd/fs.c', 'fs/libos_dcache.c', diff --git a/libos/test/regression/meson.build b/libos/test/regression/meson.build index c755d44fe8..3ef649a893 100644 --- a/libos/test/regression/meson.build +++ b/libos/test/regression/meson.build @@ -100,6 +100,7 @@ tests = { 'readdir': {}, 'rename_unlink': {}, 'rename_unlink_fchown': {}, + 'rollback': {}, 'run_test': { 'include_directories': include_directories( # for `gramine_entry_api.h` diff --git a/libos/test/regression/rollback.c b/libos/test/regression/rollback.c new file mode 100644 index 0000000000..c862c91917 --- /dev/null +++ b/libos/test/regression/rollback.c @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: LGPL-3.0-or-later */ +/* Copyright (C) 2024 Intel Corporation + * Michael Steiner + */ + +/* Test for setting and reading encrypted files keys (/dev/attestation/keys). */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "rw_file.h" + +// TODO (MST): implement me +// - tests +// - handles correctly paths which are not encryped files +// - reports correctly presence/absence of files +// - for existing files, reports correct state (one for each state) + +int main(int argc, char** argv) { + return 0; +} diff --git a/libos/test/regression/tests.toml b/libos/test/regression/tests.toml index 68d52176f6..5402a84350 100644 --- a/libos/test/regression/tests.toml +++ b/libos/test/regression/tests.toml @@ -99,6 +99,7 @@ manifests = [ "readdir", "rename_unlink", "rename_unlink_fchown", + "rollback", "run_test", "rwlock", "sched", diff --git a/libos/test/regression/tests_musl.toml b/libos/test/regression/tests_musl.toml index 34a2217934..8f6bb315b8 100644 --- a/libos/test/regression/tests_musl.toml +++ b/libos/test/regression/tests_musl.toml @@ -101,6 +101,7 @@ manifests = [ "readdir", "rename_unlink", "rename_unlink_fchown", + "rollback", "run_test", "rwlock", "sched",