Expand description
Guest entrypoint into the sallyport.
The main entrypoint into this module is a long-lived Handler
, which allocates the requests
within the untrusted sallyport block, passes control to the host for execution of the block via
sally
and reads the replies once it gets the control
back after verifying the integrity of the block.
In case the Handler
detects that integrity of the request block is not maintained, it
attempts to exit
immediately and does so in an infinite loop.
Handler
provides:
-
API for execution of an arbitrary
Call
: -
[
libc
]-like API for syscall execution using safe Rust abstractions where possible, for example:
Call lifetime phases
The crate identifies 3 distinct phases of an arbitrary call lifetime:
Stage
In this phase input references, output references and inout references are sequentially allocated within the untrusted sallyport block.
Once this phase is finished, no more allocations can be made within the untrusted sallyport block.
Commit
In this phase data is written to input references and inout references allocated in the stage phase.
This may happen concurrently for N
staged requests.
Once this phase is finished, the untrusted sallyport block is ready to be passed to the host for execution
via sally
.
Entities that can be committed implement the Commit
trait.
Collect
In this phase data is read from output references and inout references allocated in the stage phase.
This may happen concurrently for N
staged requests.
This phase starts after the control returns to the guest. Once this phase is finished, the data within block is considered to be invalid, it may be left unchanged, but it may also be overwritten or dropped depending on request implementation
Entities that can be collected implement the Collect
trait.
Re-exports
Modules
Allocation-specific functionality.
Calls executable by Handler::execute
and utilities to operate upon
them.
Structs
Thread-local storage shared between Handler
instances.