diff --git a/libos/include/libos_fs_pseudo.h b/libos/include/libos_fs_pseudo.h index d0b37cddf2..d64bd61f33 100644 --- a/libos/include/libos_fs_pseudo.h +++ b/libos/include/libos_fs_pseudo.h @@ -233,6 +233,7 @@ int proc_ipc_thread_follow_link(struct libos_dentry* dent, char** out_target); int init_devfs(void); int init_attestation(struct pseudo_node* dev); +int init_rollback(struct pseudo_node* dev); /* sysfs */ diff --git a/libos/src/fs/dev/fs.c b/libos/src/fs/dev/fs.c index 3068ea40c2..e013178209 100644 --- a/libos/src/fs/dev/fs.c +++ b/libos/src/fs/dev/fs.c @@ -176,5 +176,9 @@ int init_devfs(void) { if (ret < 0) return ret; + ret = init_rollback(root); + if (ret < 0) + return ret; + return 0; } diff --git a/libos/src/fs/dev/rollback.c b/libos/src/fs/dev/rollback.c new file mode 100644 index 0000000000..f0b4fda657 --- /dev/null +++ b/libos/src/fs/dev/rollback.c @@ -0,0 +1,64 @@ +/* SPDX-License-Identifier: LGPL-3.0-or-later */ +/* Copyright (C) 2024 Intel Labs + * Michael Steiner + */ + +/*! + * \file + * + * This file contains a pseudo-device for an application to inspect the rollback protection state. + * `/dev/rollback/ pseudo-file. + * + */ + +// TODO (MST): also add pseudo file to get hash of the last seen root hash (or, better for +// atomicity, status ahd hash) + +#include "api.h" +#include "libos_fs_encrypted.h" +#include "libos_fs_pseudo.h" +#include "pal.h" +#include "toml_utils.h" + +static int path_load(struct libos_dentry* dent, char** out_data, size_t* out_size) { + // TODO (MST): implement me + // - find volume matching path + // - libos/include/libos_fs.h:int walk_mounts(int (*walk)(struct libos_mount* mount, void* + // arg), void* arg); + // - libos_mount* find_mount_from_uri(const char* uri) path_lookupat(start, path, + // - lookup_flags, &dent); + // + // - find (relative) path in map + /* + struct libos_encrypted_volume_state_map* file_state = NULL; + lock(&(enc->volume->files_state_map_lock)); + HASH_FIND_STR(enc->volume->files_state_map, norm_path, file_state); + unlock(&(enc->volume->files_state_map_lock)); + */ + // - prepare outpub buffer with map entry + /* + if (is_set) { + char* buf = malloc(sizeof(pf_key)); + if (!buf) + return -ENOMEM; + memcpy(buf, &pf_key, sizeof(pf_key)); + + *out_data = buf; + *out_size = sizeof(pf_key); + } else { + *out_data = NULL; + *out_size = 0; + } + */ + __UNUSED(dent); + __UNUSED(out_data); + __UNUSED(out_size); + return 0; +} + +int init_rollback(struct pseudo_node* dev) { + struct pseudo_node* rollback_dir = pseudo_add_dir(dev, "rollback"); + pseudo_add_str(rollback_dir, "file_status", &path_load); + + return 0; +} \ No newline at end of file diff --git a/libos/src/meson.build b/libos/src/meson.build index b9946bc2af..43e19095c2 100644 --- a/libos/src/meson.build +++ b/libos/src/meson.build @@ -19,6 +19,7 @@ libos_sources = files( 'fs/chroot/fs.c', 'fs/dev/attestation.c', 'fs/dev/fs.c', + 'fs/dev/rollback.c', 'fs/etc/fs.c', 'fs/eventfd/fs.c', 'fs/libos_dcache.c', diff --git a/libos/test/regression/meson.build b/libos/test/regression/meson.build index d5bfa56b5e..93225b98a4 100644 --- a/libos/test/regression/meson.build +++ b/libos/test/regression/meson.build @@ -102,6 +102,7 @@ tests = { 'readdir': {}, 'rename_unlink': {}, 'rename_unlink_fchown': {}, + 'rollback': {}, 'run_test': { 'include_directories': include_directories( # for `gramine_entry_api.h` diff --git a/libos/test/regression/rollback.c b/libos/test/regression/rollback.c new file mode 100644 index 0000000000..c862c91917 --- /dev/null +++ b/libos/test/regression/rollback.c @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: LGPL-3.0-or-later */ +/* Copyright (C) 2024 Intel Corporation + * Michael Steiner + */ + +/* Test for setting and reading encrypted files keys (/dev/attestation/keys). */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "rw_file.h" + +// TODO (MST): implement me +// - tests +// - handles correctly paths which are not encryped files +// - reports correctly presence/absence of files +// - for existing files, reports correct state (one for each state) + +int main(int argc, char** argv) { + return 0; +} diff --git a/libos/test/regression/tests.toml b/libos/test/regression/tests.toml index 00f1f740bc..12f0f707c6 100644 --- a/libos/test/regression/tests.toml +++ b/libos/test/regression/tests.toml @@ -101,6 +101,7 @@ manifests = [ "readdir", "rename_unlink", "rename_unlink_fchown", + "rollback", "run_test", "rwlock", "sched", diff --git a/libos/test/regression/tests_musl.toml b/libos/test/regression/tests_musl.toml index e1577fd490..3a8680291c 100644 --- a/libos/test/regression/tests_musl.toml +++ b/libos/test/regression/tests_musl.toml @@ -103,6 +103,7 @@ manifests = [ "readdir", "rename_unlink", "rename_unlink_fchown", + "rollback", "run_test", "rwlock", "sched",