containers · jakecorrenti · May 18, 2026 · May 18, 2026 · May 18, 2026 · May 18, 2026
@@ -1,13 +1,15 @@
 [package]
 name = "krun-sys"
 version = "1.11.1"
-edition = "2021"
-rust-version = "1.77.0"
+edition = "2024"
+rust-version = "1.85.0"
 description = "Rust bindings for libkrun"
 repository = "https://github.com/containers/libkrun"
 license = "Apache-2.0"
 links = "krun"
 
+[workspace]
+
 [build-dependencies]
 bindgen = { version = "0.72.1", default-features = false }
 pkg-config = { version = "0.3", default-features = false }

@@ -2,7 +2,7 @@
 name = "krun-arch"
 version = "0.1.0-1.18.0"
 authors = ["The libkrun Authors"]
-edition = "2021"
+edition = "2024"
 description = "Architecture-specific VM support for libkrun"
 license = "Apache-2.0"
 repository = "https://github.com/containers/libkrun"

@@ -10,11 +10,11 @@ use std::{mem, mem::offset_of, num::TryFromIntError, result};
 use crate::ArchMemoryInfo;
 
 use kvm_bindings::{
-    kvm_regs, user_pt_regs, KVM_REG_ARM64, KVM_REG_ARM64_SYSREG, KVM_REG_ARM64_SYSREG_CRM_MASK,
+    KVM_REG_ARM_CORE, KVM_REG_ARM64, KVM_REG_ARM64_SYSREG, KVM_REG_ARM64_SYSREG_CRM_MASK,
     KVM_REG_ARM64_SYSREG_CRM_SHIFT, KVM_REG_ARM64_SYSREG_CRN_MASK, KVM_REG_ARM64_SYSREG_CRN_SHIFT,
     KVM_REG_ARM64_SYSREG_OP0_MASK, KVM_REG_ARM64_SYSREG_OP0_SHIFT, KVM_REG_ARM64_SYSREG_OP1_MASK,
     KVM_REG_ARM64_SYSREG_OP1_SHIFT, KVM_REG_ARM64_SYSREG_OP2_MASK, KVM_REG_ARM64_SYSREG_OP2_SHIFT,
-    KVM_REG_ARM_CORE, KVM_REG_SIZE_U64,
+    KVM_REG_SIZE_U64, kvm_regs, user_pt_regs,
 };
 use kvm_ioctls::VcpuFd;
 

@@ -18,10 +18,10 @@ pub use self::macos::*;
 use std::fmt::Debug;
 
 use crate::{
+    ArchMemoryInfo,
     aarch64::layout::{
         DRAM_MEM_MAX_SIZE, DRAM_MEM_START_EFI, DRAM_MEM_START_KERNEL, FIRMWARE_START,
     },
-    ArchMemoryInfo,
 };
 use vm_memory::{GuestAddress, GuestMemoryMmap};
 use vmm_sys_util::align_upwards;

@@ -29,8 +29,8 @@ pub mod aarch64;
 
 #[cfg(target_arch = "aarch64")]
 pub use aarch64::{
-    arch_memory_regions, configure_system, layout::CMDLINE_MAX_SIZE, layout::IRQ_BASE,
-    layout::IRQ_MAX, layout::RESET_VECTOR, Error, MMIO_MEM_START,
+    Error, MMIO_MEM_START, arch_memory_regions, configure_system, layout::CMDLINE_MAX_SIZE,
+    layout::IRQ_BASE, layout::IRQ_MAX, layout::RESET_VECTOR,
 };
 
 /// Module for riscv64 related functionality.
@@ -39,8 +39,8 @@ pub mod riscv64;
 
 #[cfg(target_arch = "riscv64")]
 pub use riscv64::{
-    arch_memory_regions, configure_system, layout::CMDLINE_MAX_SIZE, layout::IRQ_BASE,
-    layout::IRQ_MAX, layout::RESET_VECTOR, Error, MMIO_MEM_START,
+    Error, MMIO_MEM_START, arch_memory_regions, configure_system, layout::CMDLINE_MAX_SIZE,
+    layout::IRQ_BASE, layout::IRQ_MAX, layout::RESET_VECTOR,
 };
 
 /// Module for x86_64 related functionality.
@@ -49,9 +49,9 @@ pub mod x86_64;
 
 #[cfg(target_arch = "x86_64")]
 pub use crate::x86_64::{
-    arch_memory_regions, configure_system, layout::CMDLINE_MAX_SIZE, layout::FIRMWARE_SIZE,
+    Error, arch_memory_regions, configure_system, layout::CMDLINE_MAX_SIZE, layout::FIRMWARE_SIZE,
     layout::FIRMWARE_START, layout::IRQ_BASE, layout::IRQ_MAX, layout::MMIO_MEM_START,
-    layout::RESET_VECTOR, Error,
+    layout::RESET_VECTOR,
 };
 
 /// Type for returning public functions outcome.

@@ -5,7 +5,7 @@ use std::mem::offset_of;
 use std::result;
 
 use super::super::get_fdt_addr;
-use kvm_bindings::{kvm_riscv_core, KVM_REG_RISCV_CORE};
+use kvm_bindings::{KVM_REG_RISCV_CORE, kvm_riscv_core};
 use kvm_ioctls::VcpuFd;
 
 use vm_memory::GuestMemoryMmap;

@@ -11,7 +11,7 @@ pub use self::linux::*;
 
 use std::fmt::Debug;
 
-use crate::{riscv64::layout::FIRMWARE_START, ArchMemoryInfo};
+use crate::{ArchMemoryInfo, riscv64::layout::FIRMWARE_START};
 use vm_memory::{Address, GuestAddress, GuestMemory, GuestMemoryMmap};
 use vmm_sys_util::align_upwards;
 

@@ -95,7 +95,7 @@ mod tests {
 
         v.iter_mut()
             .for_each(|x| *x = set_apic_delivery_mode(*x, 2));
-        let after: Vec<u32> = v.iter().map(|x| ((*x & !0x700) | ((2) << 8))).collect();
+        let after: Vec<u32> = v.iter().map(|x| (*x & !0x700) | ((2) << 8)).collect();
         assert_eq!(v, after);
     }
 

@@ -21,7 +21,7 @@ use crate::x86_64::layout::{EBDA_START, FIRST_ADDR_PAST_32BITS, MMIO_MEM_START};
 #[cfg(feature = "tee")]
 use crate::x86_64::layout::{FIRMWARE_SIZE, FIRMWARE_START};
 use crate::{ArchMemoryInfo, InitrdConfig};
-use arch_gen::x86::bootparam::{boot_params, E820_RAM};
+use arch_gen::x86::bootparam::{E820_RAM, boot_params};
 use vm_memory::Bytes;
 use vm_memory::{Address, ByteValued, GuestAddress, GuestMemoryMmap};
 use vmm_sys_util::align_upwards;
@@ -182,10 +182,10 @@ pub fn arch_memory_regions(
     let page_size: usize = unsafe { libc::sysconf(libc::_SC_PAGESIZE).try_into().unwrap() };
 
     let size = align_upwards!(size, page_size);
-    if let Some(kernel_load_addr) = kernel_load_addr {
-        if size < (kernel_load_addr + kernel_size as u64) as usize {
-            panic!("Kernel doesn't fit in RAM");
-        }
+    if let Some(kernel_load_addr) = kernel_load_addr
+        && size < (kernel_load_addr + kernel_size as u64) as usize
+    {
+        panic!("Kernel doesn't fit in RAM");
     }
 
     // It's safe to cast MMIO_MEM_START to usize because it fits in a u32 variable
@@ -462,12 +462,14 @@ mod tests {
         // Exercise the scenario where the field storing the length of the e820 entry table is
         // is bigger than the allocated memory.
         params.e820_entries = params.e820_map.len() as u8 + 1;
-        assert!(add_e820_entry(
-            &mut params,
-            e820_map[0].addr,
-            e820_map[0].size,
-            e820_map[0].type_
-        )
-        .is_err());
+        assert!(
+            add_e820_entry(
+                &mut params,
+                e820_map[0].addr,
+                e820_map[0].size,
+                e820_map[0].type_
+            )
+            .is_err()
+        );
     }
 }
@@ -81,7 +81,7 @@ pub const MAX_SUPPORTED_CPUS: u32 = 254;
 
 // Convenience macro for making arrays of diverse character types.
 macro_rules! char_array {
-    ($t:ty; $( $c:expr ),*) => ( [ $( $c as $t ),* ] )
+    ($t:ty; $( $c:expr_2021 ),*) => ( [ $( $c as $t ),* ] )
 }
 
 // Most of these variables are sourced from the Intel MP Spec 1.4.
@@ -376,7 +376,7 @@ mod tests {
         let mut buf: Vec<u8> = vec![0; mpc_table.0.length as usize];
         mem.write_volatile_to(mpc_offset, &mut buf, mpc_table.0.length as usize)
             .unwrap();
-        sum.write(&buf).unwrap();
+        sum.write_all(&buf).unwrap();
         assert_eq!(sum.0, 0);
     }
 

@@ -5,7 +5,7 @@
 use std::result;
 
 use arch_gen::x86::msr_index::*;
-use kvm_bindings::{kvm_msr_entry, MsrList, Msrs};
+use kvm_bindings::{MsrList, Msrs, kvm_msr_entry};
 use kvm_ioctls::{Kvm, VcpuFd};
 
 #[derive(Debug)]
@@ -55,7 +55,7 @@ const MSR_IA32_PRED_CMD: u32 = 0x0000_0049;
 
 // Creates a MsrRange of one msr given as argument.
 macro_rules! SINGLE_MSR {
-    ($msr:expr) => {
+    ($msr:expr_2021) => {
         MsrRange {
             base: $msr,
             nmsrs: 1,
@@ -65,7 +65,7 @@ macro_rules! SINGLE_MSR {
 
 // Creates a MsrRange of with msr base and count given as arguments.
 macro_rules! MSR_RANGE {
-    ($first:expr, $count:expr) => {
+    ($first:expr_2021, $count:expr_2021) => {
         MsrRange {
             base: $first,
             nmsrs: $count,

@@ -2,7 +2,7 @@
 name = "krun-arch-gen"
 version = "0.1.0-1.18.0"
 authors = ["The libkrun Authors"]
-edition = "2021"
+edition = "2024"
 description = "Generated architecture-specific definitions for libkrun"
 license = "Apache-2.0"
 repository = "https://github.com/containers/libkrun"

@@ -22,11 +22,11 @@ impl<T> __IncompleteArrayField<T> {
     }
     #[inline]
     pub unsafe fn as_slice(&self, len: usize) -> &[T] {
-        ::std::slice::from_raw_parts(self.as_ptr(), len)
+        unsafe { ::std::slice::from_raw_parts(self.as_ptr(), len) }
     }
     #[inline]
     pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] {
-        ::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len)
+        unsafe { ::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len) }
     }
 }
 impl<T> ::std::fmt::Debug for __IncompleteArrayField<T> {

@@ -1,7 +1,7 @@
 [package]
 name = "krun-aws-nitro"
 version = "0.1.0-1.18.0"
-edition = "2021"
+edition = "2024"
 description = "AWS Nitro Enclaves support for libkrun"
 license = "Apache-2.0"
 repository = "https://github.com/containers/libkrun"

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: Apache-2.0
 
-use crate::enclave::{proxy::DeviceProxyList, VsockPortOffset};
+use crate::enclave::{VsockPortOffset, proxy::DeviceProxyList};
 use libc::c_int;
 use nitro_enclaves::launch::PollTimeout;
-use nix::poll::{poll, PollFd, PollFlags, PollTimeout as NixPollTimeout};
+use nix::poll::{PollFd, PollFlags, PollTimeout as NixPollTimeout, poll};
 use std::{
     ffi::{self, CString},
     fmt,
@@ -12,7 +12,7 @@ use std::{
     os::fd::AsFd,
     str::FromStr,
 };
-use vsock::{VsockAddr, VsockListener, VsockStream, VMADDR_CID_ANY};
+use vsock::{VMADDR_CID_ANY, VsockAddr, VsockListener, VsockStream};
 
 // A known byte that libkrun-awsnitro and the enclave initramfs will exchange to confirm that startup
 // was successful and the initramfs is ready to begin reading enclave arguments.

@@ -3,14 +3,14 @@
 pub(crate) mod args_writer;
 pub(crate) mod proxy;
 
-use super::error::{return_code, start, Error};
+use super::error::{Error, return_code, start};
 use args_writer::EnclaveArgsWriter;
 use nitro_enclaves::{
-    launch::{ImageType, Launcher, MemoryInfo, PollTimeout, StartFlags},
     Device,
+    launch::{ImageType, Launcher, MemoryInfo, PollTimeout, StartFlags},
 };
 use proxy::{
-    net::NetProxy, output::OutputProxy, signal_handler::SignalHandler, DeviceProxy, DeviceProxyList,
+    DeviceProxy, DeviceProxyList, net::NetProxy, output::OutputProxy, signal_handler::SignalHandler,
 };
 use std::{
     env,
@@ -22,7 +22,7 @@ use std::{
     thread::{self, JoinHandle},
 };
 use tar::HeaderMode;
-use vsock::{VsockAddr, VsockListener, VMADDR_CID_ANY};
+use vsock::{VMADDR_CID_ANY, VsockAddr, VsockListener};
 
 const KRUN_NITRO_EIF_PATH_ENV_VAR: &str = "KRUN_NITRO_EIF_PATH";
 const KRUN_NITRO_EIF_PATH_DEFAULT: &str = "/krun-awsnitro/krun-awsnitro.eif";
@@ -255,8 +255,10 @@ impl NitroEnclave {
     fn start_console_debug(&self, cid: u32) -> Result<(), proxy::Error> {
         let mut output = OutputProxy::new(&self.output_path, true)?;
         let mut vsock_rcv = output.vsock(cid)?;
-        let _: JoinHandle<Result<(), proxy::Error>> = thread::spawn(move || loop {
-            output.rcv(&mut vsock_rcv)?;
+        let _: JoinHandle<Result<(), proxy::Error>> = thread::spawn(move || {
+            loop {
+                output.rcv(&mut vsock_rcv)?;
+            }
         });
 
         Ok(())

@@ -57,22 +57,24 @@ impl DeviceProxyList {
 
                 // Receiver thread. Receive data from the vsock and perform some proxy-dependent
                 // action with the data.
-                let rcv: JoinHandle<Result<()>> = thread::spawn(move || loop {
-                    // Proxy rcv method returns the number of bytes read from the vsock.
-                    match proxy.rcv(&mut vsock_rcv) {
-                        // Zero bytes read indicates the enclave has closed the vsock connection.
-                        // Notify the sender thread that the vsock was closed.
-                        Ok(0) => {
-                            let _ = tx.send(());
-                            return Ok(());
-                        }
-                        // Bytes were read, continue the receive process.
-                        Ok(_) => continue,
-                        // An error occured, exit the receiver thread and notify the sender thread to
-                        // also exit.
-                        Err(e) => {
-                            let _ = tx.send(());
-                            return Err(e);
+                let rcv: JoinHandle<Result<()>> = thread::spawn(move || {
+                    loop {
+                        // Proxy rcv method returns the number of bytes read from the vsock.
+                        match proxy.rcv(&mut vsock_rcv) {
+                            // Zero bytes read indicates the enclave has closed the vsock connection.
+                            // Notify the sender thread that the vsock was closed.
+                            Ok(0) => {
+                                let _ = tx.send(());
+                                return Ok(());
+                            }
+                            // Bytes were read, continue the receive process.
+                            Ok(_) => continue,
+                            // An error occured, exit the receiver thread and notify the sender thread to
+                            // also exit.
+                            Err(e) => {
+                                let _ = tx.send(());
+                                return Err(e);
+                            }
                         }
                     }
                 });

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::enclave::{
+    VsockPortOffset,
     args_writer::EnclaveArg,
     proxy::{DeviceProxy, Error, Result},
-    VsockPortOffset,
 };
 use std::{
     io::{ErrorKind, Read, Write},
@@ -14,7 +14,7 @@ use std::{
     },
     time::Duration,
 };
-use vsock::{VsockAddr, VsockListener, VsockStream, VMADDR_CID_ANY};
+use vsock::{VMADDR_CID_ANY, VsockAddr, VsockListener, VsockStream};
 
 /// Network proxy. Forwards data to/from a UNIX socket and vsock within an enclave to provide
 /// network access.

@@ -1,17 +1,17 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::enclave::{
+    VsockPortOffset,
     args_writer::EnclaveArg,
     proxy::{DeviceProxy, Error},
-    VsockPortOffset,
 };
 use std::{
     fs::File,
     fs::OpenOptions,
     io::{Read, Write},
     path::PathBuf,
 };
-use vsock::{VsockAddr, VsockListener, VsockStream, VMADDR_CID_ANY, VMADDR_CID_HYPERVISOR};
+use vsock::{VMADDR_CID_ANY, VMADDR_CID_HYPERVISOR, VsockAddr, VsockListener, VsockStream};
 
 type Result<T> = std::result::Result<T, Error>;