fixup! [PAL] Validate entrypoint ELF file separately

Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
gramineproject · Jul 4, 2024 · e4056a1 · e4056a1
1 parent ac1a307
commit e4056a1
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 4 deletions.
diff --git a/libos/test/regression/toml_parsing.manifest.template b/libos/test/regression/toml_parsing.manifest.template
@@ -2,6 +2,9 @@
 
 {% set entrypoint = "helloworld" -%}
 
+# test deprecated loader.entrypoint syntax, TODO: remove in v1.9
+loader.entrypoint = "file:{{ gramine.libos }}"
+
 libos.entrypoint = "{{ entrypoint }}"
 
 loader.env.LD_LIBRARY_PATH = "/lib"

diff --git a/pal/src/pal_main.c b/pal/src/pal_main.c
@@ -447,7 +447,7 @@ noreturn void pal_main(uint64_t instance_id,       /* current instance id */
     if (!argv0_override) {
         /* possible in e.g. PAL regression tests, in this case use loader.entrypoint.uri */
         ret = toml_string_in(manifest_loader, "entrypoint.uri", &argv0_override);
-        if (ret < 0) {
+        if (ret < 0 || !argv0_override) {
             /* didn't find `loader.entrypoint.uri`, try deprecated `loader.entrypoint`;
              * TODO: remove this in Gramine v1.9 */
             ret = toml_string_in(manifest_loader, "entrypoint", &argv0_override);
@@ -566,7 +566,7 @@ noreturn void pal_main(uint64_t instance_id,       /* current instance id */
 
     char* entrypoint_name = NULL;
     ret = toml_string_in(manifest_loader, "entrypoint.uri", &entrypoint_name);
-    if (ret < 0) {
+    if (ret < 0 || !entrypoint_name) {
         /* didn't find `loader.entrypoint.uri`, try deprecated `loader.entrypoint`;
          * TODO: remove this in Gramine v1.9 */
         ret = toml_string_in(manifest_loader, "entrypoint", &entrypoint_name);

diff --git a/python/graminelibos/manifest.py b/python/graminelibos/manifest.py
@@ -338,10 +338,21 @@ def __init__(self, manifest_str):
 
         # for convenience, users are not required to specify `loader.entrypoint.uri` and
         # `loader.entrypoint.sha256`; replace with the default LibOS
+        loader_entrypoint_uri = f'file:{_env.globals["gramine"]["libos"]}'
+
         loader = manifest.setdefault('loader', {})
         loader_entrypoint = loader.setdefault('entrypoint', {})
+
+        # found deprecated `loader.entrypoint = "file:..."`; replace with loader.entrypoint.uri
+        # TODO: remove this in Gramine v1.9
+        if isinstance(loader_entrypoint, str):
+            print(f'WARNING: `loader.entrypoint = "file:..."` manifest syntax is deprecated, '
+                   'please switch to `loader.entrypoint.uri = "file:..."`')
+            loader_entrypoint = { 'uri': loader_entrypoint }
+            loader['entrypoint'] = loader_entrypoint
+
         if 'uri' not in loader_entrypoint:
-            loader_entrypoint['uri'] = f'file:{_env.globals["gramine"]["libos"]}'
+            loader_entrypoint['uri'] = loader_entrypoint_uri
         if 'sha256' not in loader_entrypoint:
             entrypoint_tf = TrustedFile.from_realpath(uri2path(loader_entrypoint['uri']))
             loader_entrypoint['sha256'] = entrypoint_tf.ensure_hash().sha256

diff --git a/python/graminelibos/manifest_check.py b/python/graminelibos/manifest_check.py
@@ -58,7 +58,8 @@
     },
 
     Required('loader'): {
-        Required('entrypoint'): str,
+        # TODO: validator for sha256
+        Required('entrypoint'): {'uri': _uri, 'sha256': str},
         'argv': [str],
         'argv_src_file': str,
         'env': {str: Any(str, {'value': str}, {'passthrough': True})},