Open
Conversation
luigix25
commented
Jul 28, 2025
stefano-garzarella
added
the
needs-rebase
Member
stefano-garzarella
left a comment
stefano-garzarella
left a comment
There was a problem hiding this comment.
Thanks for this PR, I did a quick review and left some comments.
I'll think a bit more about Transport implementation and Vsock, since I'd like to have more abstraction (e.g. be ready to support a new driver for HyperV vsock)
luigix25
force-pushed
the
vsock_attestation
branch
from
e0d157e to
82976c4
Compare
Collaborator
Author
|
v2:
TODO:
|
luigix25
force-pushed
the
vsock_attestation
branch
from
82976c4 to
08ff85f
Compare
Collaborator
Author
|
v3:
TODO:
|
luigix25
force-pushed
the
vsock_attestation
branch
from
08ff85f to
9f5553e
Compare
Collaborator
Author
|
v4:
TODO:
|
germag
reviewed
Aug 4, 2025
germag
reviewed
Aug 4, 2025
germag
reviewed
Aug 5, 2025
germag
reviewed
Aug 5, 2025
germag
reviewed
Aug 6, 2025
germag
reviewed
Aug 6, 2025
stefano-garzarella
added
in-review
stefano-garzarella
added
the
needs-rebase
luigix25
force-pushed
the
vsock_attestation
branch
3 times, most recently
from
ca7e076 to
3bc1d0b
Compare
Collaborator
Author
|
v5:
TODO:
|
Collaborator
Author
|
Looks like CI runner fails to create a vsock listening socket using ncat |
luigix25
force-pushed
the
vsock_attestation
branch
from
3bc1d0b to
f9a59be
Compare
Collaborator
Author
|
Fixed CI failure. |
luigix25
force-pushed
the
vsock_attestation
branch
from
f9a59be to
31df19c
Compare
Collaborator
Author
|
luigix25
changed the title
luigix25
force-pushed
the
vsock_attestation
branch
2 times, most recently
from
161527b to
ef04aef
Compare
Collaborator
Author
|
stefano-garzarella
added
the
needs-rebase
Member
|
@luigix25 since we merged #948 , can you rebase this and check Merging main or rebasing on it, produces this error (I guess related to #948 changes): |
stefano-garzarella
requested changes
Feb 6, 2026
stefano-garzarella
added
wait-for-update
luigix25
force-pushed
the
vsock_attestation
branch
from
ef04aef to
a14dca2
Compare
Collaborator
Author
|
Addressed all @stefano-garzarella comments:
|
luigix25
commented
Mar 2, 2026
| for _ in 0..MAX_RETRIES { | ||
| let candidate_port = | ||
| self.first_free_port | ||
| .fetch_update(Ordering::Relaxed, Ordering::Relaxed, |port| { |
Collaborator
Author
There was a problem hiding this comment.
I'm not sure about this, I'd like some feedback from someone with more experience
luigix25
removed
the
wait-for-update
germag
reviewed
Mar 2, 2026
kernel/src/vsock/mod.rs
Outdated
Comment on lines
+44
to
+48
| if port >= u32::MAX - 1 { | ||
| Some(VSOCK_MIN_PORT) | ||
| } else { | ||
| Some(port + 1) | ||
| } |
There was a problem hiding this comment.
could you explain this logic?, is the port u32::MAX reserved?, and if all the ports are assigned, so I'll assume that also VSOCK_MIN_PORT is already assigned why is re-assigned. It's just confusing because that closure never fails (returning None I mean)
Collaborator
Author
There was a problem hiding this comment.
could you explain this logic?, is the port u32::MAX reserved?
correct!
so I'll assume that also VSOCK_MIN_PORT is already assigned why is re-assigned. It's just confusing >because that closure never fails (returning None I mean)
Ports can be reused. The idea is that we use the ports sequentially up to u32::MAX, then we start again from VSOCK_MIN_PORT. So yes, in theory port 1024 can be still in use, this is why there is a check and a retry mechanism. But in the meanwhile the connection on those ports could be ended, and it could be used again.
There was a problem hiding this comment.
up to u32::MAX
sorry, just to confirm, can you have an u32::MAX port?
Collaborator
Author
There was a problem hiding this comment.
u32::MAX is reserved
Member
There was a problem hiding this comment.
IIRC in Linux we defined VMADDR_PORT_ANY for that, can we define here those well-know port/cid and use them, instead of hard coding their values ?
luigix25
force-pushed
the
vsock_attestation
branch
from
a14dca2 to
0dd8620
Compare
Collaborator
Author
|
Define a VsockTransport trait to abstract vsock operations and enable multiple backend implementations. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Commit c4719d3 dropped driver support for virtio-vsock because it was not being used. This reverts this commit because we are introducing vsock support. This revert does not add back the examples/aarch64/main.rs file as it is not needed. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Apply lints suggested by clippy. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
The connection status is not tracked in the `Connection` struct, so there is no way to check whether the handshake has completed. Introduce the `established` field and set it when a `Connected` or `ConnectionRequest` event is successfully handled. Expose it via `is_connection_established()`. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
`send()` and `update_credit()` do not check whether the peer has requested shutdown, allowing operations on a connection that the peer considers closed. Check `peer_requested_shutdown` before proceeding in both methods. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Add a function that checks if a local port is in use, either for listening or for a connection. This will be used by VsockDriver to allocate local ports when creating new streams. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Add a virtio-vsock wrapper around virtio-drivers. It provides blocking functions for connect, send, recv, shutdown and force_shutdown. To use it you need the `vsock` feature. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Add VsockStream struct that provides a high-level stream-oriented interface over the vsock driver API. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Add an optional `--vsock cid` parameter. This will attach a virtio-vsock device to the VM. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
luigix25
force-pushed
the
vsock_attestation
branch
from
0dd8620 to
3dcc259
Compare
In preparation to vsock support, QEMU needs to be configured with vhost support enabled. Without the flag `--enable-vhost-kernel`, QEMU would fail to launch with error: `qemu-system-x86_64: -device vhost-vsock-device,guest-cid=3: 'vhost-vsock-device' is not a valid device model name` This flag is disabled by default because of `--without-default-features` Because no-cc is run as non-root, this causes QEMU to fail with the error: `vhost-vsock: failed to open vhost device: Permission denied"` To fix this, setup permissions to /dev/vhost-vsock for non-root. Add the flag to enable support for vsock in QEMU and install netcat Co-Developed-by: Luigi Leonardi <leonardi@redhat.com> Signed-off-by: Luigi Leonardi <leonardi@redhat.com> Signed-off-by: Nicola Ramacciotti <niko.ramak@gmail.com>
Add a test that performs some basic checks on vsock functionalities: - double connection - recv a buffer from the host - send a buffer to the host - recv a buffer after local shutdown - send a buffer after local shutdown The vsock server is created on the host using ncat. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
luigix25
force-pushed
the
vsock_attestation
branch
from
3dcc259 to
831ed1c
Compare
Collaborator
Author
|
Fixed CI failure because no-cc by default is now run as non-root and |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces a wrapper to the virtio-drivers crate like what has been done for virtio-blk. This provides blocking calls to
connectclosesendandrecv.Vsock is more flexible than the serial port as it has the concept of port, and we can reuse vsock for anything else.
I had to make 2 changes to the virtio-drivers crate, the idea is to open a PR in that repo. Before proceeding with the PR, I'd like to take some feedback here, maybe more changes are needed.
To compile it you need to enable the feature
vsockandvirtio-drivers.To test it you can use
make test-in-svsmNote: If a vsock device is not attached, svsm will not crash.