Skip to content

nitro: Reorganize and document modules #520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tylerfanelli merged 17 commits into from
Jan 28, 2026
Merged

nitro: Reorganize and document modules #520

tylerfanelli merged 17 commits into from
Jan 28, 2026

Conversation

@tylerfanelli
Copy link
Member

@tylerfanelli tylerfanelli commented Jan 27, 2026
edited
Loading

@tylerfanelli
nitro: Allow u64 rootfs buffer sizes
52c0a39 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli tylerfanelli force-pushed the nitro-cleanup branch 2 times, most recently from bcedd53 to b37a470 Compare January 27, 2026 07:18
jakecorrenti
jakecorrenti reviewed Jan 27, 2026
View reviewed changes
@tylerfanelli
nitro: Overhaul error return implementation
b05fae1 
Modularize each error within its respected module. This allows for
clearer messages to determine the component that the error originated.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Block signals while creating enclave VM
a1c05ca 
Creating the enclave VM can be thought of as a critical section that
should not be interrupted. Disable all signals while starting the
enclave VM.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Add error logging for proxy threads
d342902 
If an error occurs in device proxy threads, ensure they are logged.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Extract shared behavior in device proxies
09120f1 
There exists shared behavior within the device proxies such as dedicated
threads for reading from and (optionally) writing to a vsock, signalling
when the proxy has shut down, and more. Extract this shared behavior
from the individual device proxy implementations themselves and
implement them within the proxy list's method for running each proxy.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Remove vsock port offset proxy method
82e509c 
Refer to the port offset directly when creating the proxy's vsock.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Rename enclave_arg method to arg
190ca84 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Rename device start method to run
718d607 
The proxy threads do not return until they are finished running. Reflect
this by naming the method `run` instead of `start` which may indicate
returning after starting the proxies.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Rename device, devices modules
a51fbd1 
Rather than direct device emulation, the proxies act as intermediaries
between the guest and host device to provide device services. `device`
may lead some to believe that the module refers to device emulations.
Rename it to `proxy` to better reflect its/their goals.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Document code with comments
2159a0a 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
init/nitro: Close vsock device before error check
0fdfe14 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Write close signal to app return code vsock
e8a86fd 
Originally, the enclave's main process would sleep to give libkrun a
chance to read the return code before the enclave shut down. Rather than
sleep, write a 4-byte "close signal" to the enclave to notify it that
libkrun has read the return code and the enclave can now exit.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
init/nitro: Reorganize and document module
bbd6698 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Create constants for EIF path strings
dbf3093 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Remove aliasing of error types
1e8ecf6 
Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Calculate vsock buffers on proxy basis
14cb8cd 
The size of the vsock buffers should be determined on a per-proxy basis.
For example, the network proxy buffer must be determined by the
enclave TAP device's MTU. Allocate these buffers accordingly.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli
nitro: Return 0 bytes written on signal proxy err
84fb54e 
With this, the signal proxy can return zero bytes written and wait for
a shutdown signal from the receiver thread.

Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
@tylerfanelli tylerfanelli merged commit 4d9b499 into containers:main Jan 28, 2026
11 checks passed
@tylerfanelli tylerfanelli deleted the nitro-cleanup branch January 29, 2026 01:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jakecorrenti jakecorrenti jakecorrenti approved these changes

@MatiasVara MatiasVara Awaiting requested review from MatiasVara MatiasVara is a code owner

@mtjhrc mtjhrc Awaiting requested review from mtjhrc mtjhrc is a code owner

@slp slp Awaiting requested review from slp slp is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tylerfanelli @jakecorrenti