Skip to main content

mmarinus

Nathaniel
The next crate is a mmarinus. And this is a crate that I actually really like a lot. So the problem we had when we need to use mmap of a variety of places in Enarx. And there are a variety of mmap crates on crates.io, and we tried to use them initially, but they basically boil it down to two different categories. One is crates that are maintained, but for which they try to abstract over operating system differences. So the only functionality that they expose is whatever is common to like Linux and FreeBSD and Mac OS and Windows. Our problem however, is that we need to use a bunch of Linux specific features. And those well maintained abstraction crates don't support those Linux features. The other category of mmap crates were crates that supported Linux features, but were very well unmaintained. And along with that, we oftentimes found that they claimed to be safe code when they were clearly doing unsafe operations. So we ended up creating this crate mmarinus. And mmarinus is a very Rustic crate, it's idiomatic Rust. And you can see from examples here, like, this first example is we want to map this file into memory. And so you have an open file. And we basically are saying, we want to map, I don't remember what 32 means, I think it's 32 bytes. Yeah, we want to map the first 32 bytes of that file, near this address. And we want it to be from this file, right, so that we give it a mutable reference at offset zero. And we want it to have known permissions. Known means specifically that the permissions are enforced by the type system of Rust. There's also an unknown variant of this where you can change permissions dynamically, but then a bunch of traits will not be implemented for the resulting mapping. For example, in this case, we say that this has this has known permissions, and the permissions are read. And it's a private mapping. And basically, what this means is that the resulting map object that's returned, will have a trait that does like as ref four bytes. And the reason for that is because the type system knows that this mapping has read permissions, and that therefore it's a safe operation for us to read those bytes. The same is true for Read Write in the next example, we can specify Read Write permissions, and now it implements not only as ref for the bytes, but also as mute. And so now you can mutate the bytes, because that's safe. So you can change permissions and all that kind of stuff. There's also unknown permissions where you know, if you specify unknown, then you can specify the number as just like a raw integer, which is the normal flags that you would pass, but then you don't get those those extra traits that allow you to read and write bytes because we can't do so safely. So overall, this supports, I think, all of the major Linux features. I don't think we've missed any major Linux mmpa feature with this. And it's all Rust idiomatic. Any questions about mmarinus?

Great question. I'm proud of this name. So mmarinus was one of the medieval mapmakers. He was a cartographer. And so the joke here is that it's mmap and Marinus, who is the cartographer and makes maps. So yeah, it's a little, it's a little fun play on some history.

Nicolas
So where exactly are we using this?

Nathaniel
All over the place, particularly in Enarx run in the backends where we're mapping stuff in and out of enclaves or VMs. All of the mappings for like when we're loading files, all of that is done with this. So it's pretty commonly used. And really, anytime you need to do an mmap, use this crate. It's pretty good crate.