nitro: Reorganize and document modules#520
Merged
tylerfanelli merged 17 commits intocontainers:mainfrom Jan 28, 2026
Merged
Conversation
Signed-off-by: Tyler Fanelli <[email protected]>
tylerfanelli
requested review from
MatiasVara,
jakecorrenti,
mtjhrc and
slp
as code owners
tylerfanelli
force-pushed
the
nitro-cleanup
branch
2 times, most recently
from
bcedd53 to
b37a470
Compare
Modularize each error within its respected module. This allows for clearer messages to determine the component that the error originated. Signed-off-by: Tyler Fanelli <[email protected]>
Creating the enclave VM can be thought of as a critical section that should not be interrupted. Disable all signals while starting the enclave VM. Signed-off-by: Tyler Fanelli <[email protected]>
If an error occurs in device proxy threads, ensure they are logged. Signed-off-by: Tyler Fanelli <[email protected]>
There exists shared behavior within the device proxies such as dedicated threads for reading from and (optionally) writing to a vsock, signalling when the proxy has shut down, and more. Extract this shared behavior from the individual device proxy implementations themselves and implement them within the proxy list's method for running each proxy. Signed-off-by: Tyler Fanelli <[email protected]>
Refer to the port offset directly when creating the proxy's vsock. Signed-off-by: Tyler Fanelli <[email protected]>
Signed-off-by: Tyler Fanelli <[email protected]>
The proxy threads do not return until they are finished running. Reflect this by naming the method `run` instead of `start` which may indicate returning after starting the proxies. Signed-off-by: Tyler Fanelli <[email protected]>
Rather than direct device emulation, the proxies act as intermediaries between the guest and host device to provide device services. `device` may lead some to believe that the module refers to device emulations. Rename it to `proxy` to better reflect its/their goals. Signed-off-by: Tyler Fanelli <[email protected]>
Signed-off-by: Tyler Fanelli <[email protected]>
Signed-off-by: Tyler Fanelli <[email protected]>
Originally, the enclave's main process would sleep to give libkrun a chance to read the return code before the enclave shut down. Rather than sleep, write a 4-byte "close signal" to the enclave to notify it that libkrun has read the return code and the enclave can now exit. Signed-off-by: Tyler Fanelli <[email protected]>
tylerfanelli
force-pushed
the
nitro-cleanup
branch
from
f9d8260 to
d0cf9e0
Compare
Signed-off-by: Tyler Fanelli <[email protected]>
Signed-off-by: Tyler Fanelli <[email protected]>
Signed-off-by: Tyler Fanelli <[email protected]>
The size of the vsock buffers should be determined on a per-proxy basis. For example, the network proxy buffer must be determined by the enclave TAP device's MTU. Allocate these buffers accordingly. Signed-off-by: Tyler Fanelli <[email protected]>
tylerfanelli
force-pushed
the
nitro-cleanup
branch
from
d0cf9e0 to
14cb8cd
Compare
With this, the signal proxy can return zero bytes written and wait for a shutdown signal from the receiver thread. Signed-off-by: Tyler Fanelli <[email protected]>
tylerfanelli
force-pushed
the
nitro-cleanup
branch
from
77e5108 to
84fb54e
Compare
jakecorrenti
approved these changes
Jan 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
cc/ @jakecorrenti