nitro: Forward return code from application

tylerfanelli · tylerfanelli · commit b8fda5742cc3 · 2026-02-03T17:50:30.000-05:00
Forward the application return code to the caller of krun_start_enter
to gauge application exit status.

Signed-off-by: Tyler Fanelli &lt;tfanelli@redhat.com&gt;
diff --git a/src/aws_nitro/src/enclave/mod.rs b/src/aws_nitro/src/enclave/mod.rs
@@ -61,7 +61,7 @@ pub struct NitroEnclave {
 
 impl NitroEnclave {
     /// Run an application within a nitro enclave.
-    pub fn run(mut self) -> Result<(), Error> {
+    pub fn run(mut self) -> Result<i32, Error> {
         // Collect all launch parameters (rootfs, execution arguments, device proxies) and establish
         // an enclave argument writer to write this data to the nitro enclave when started.
         let rootfs_archive = self.rootfs_archive().map_err(Error::RootFsArchive)?;
@@ -98,21 +98,11 @@ impl NitroEnclave {
         // terminated by the enclave (by closing the vsock connection).
         proxies.run(cid).map_err(Error::DeviceProxy)?;
 
-        // In debug mode, the console device doesn't shut down until the enclave itself exits. Thus,
-        // libkrun will be unable to retrieve the shutdown code from the enclave.
-        if !self.debug {
-            // Retrieve the application return code from the enclave.
-            let ret = self
-                .shutdown_ret(retcode_listener)
-                .map_err(Error::ReturnCodeListener)?;
-
-            // A non-zero return code indicates an error. Wrap this code within an Error object.
-            if ret != 0 {
-                return Err(Error::AppReturn(ret));
-            }
-        }
+        let ret = self
+            .shutdown_ret(retcode_listener)
+            .map_err(Error::ReturnCodeListener)?;
 
-        Ok(())
+        Ok(ret)
     }
 
     /// Start a nitro enclave.
diff --git a/src/aws_nitro/src/error.rs b/src/aws_nitro/src/error.rs
@@ -6,8 +6,6 @@ use std::{fmt, io};
 /// Error in the running of a nitro enclave.
 #[derive(Debug)]
 pub enum Error {
-    // Application running within the enclave returned a non-zero return code.
-    AppReturn(i32),
     // Argument writing process.
     ArgsWrite(args_writer::Error),
     // Error in device proxy execution.
@@ -23,7 +21,6 @@ pub enum Error {
 impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         let msg = match self {
-            Self::AppReturn(ret) => format!("app returned non-zero return code: {ret}"),
             Self::ArgsWrite(e) => format!("enclave VM argument writer error: {e}"),
             Self::DeviceProxy(e) => format!("device proxy error: {e}"),
             Self::ReturnCodeListener(e) => {
diff --git a/src/libkrun/src/lib.rs b/src/libkrun/src/lib.rs
@@ -2703,7 +2703,7 @@ fn krun_start_enter_nitro(ctx_id: u32) -> i32 {
     };
 
     match enclave.run() {
-        Ok(()) => KRUN_SUCCESS,
+        Ok(ret) => ret,
         Err(e) => {
             error!("Error running nitro enclave: {e}");
 
