lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Feb 2020 11:44:34 +0100
From:   Stefano Garzarella <sgarzare@...hat.com>
To:     ted.h.kim@...cle.com
Cc:     stefanha@...hat.com, netdev@...r.kernel.org
Subject: Re: vsock CID questions

On Tue, Feb 18, 2020 at 02:45:38PM -0800, ted.h.kim@...cle.com wrote:
> Hi Stefano (and Stefan),

Hi Ted,

> 
> I have some questions about vsock CIDs, particularly when migration happens.
> 
> 1. Is there an API to lookup CIDs of guests from the host side (in libvirt)?

I don't know if there is a specific API, but looking at the xml, you can see
the assigned CID:

$ virsh dumpxml fedora31 | grep cid
      <cid auto='yes' address='3'/>

I'm not sure that's what you were asking, if you meant a list of all the
guest CIDs, I don't think there's an API for that.

> 
> 2. In the vsock(7) man page, it says the CID might change upon migration, if
> it is not available.
> Is there some notification when CID reassignment happens?

Connected stream sockets will receive an error after the migration and then
they'll be closed.

Usually it is not recommended to bind the guest's cid, it is preferable
to use VMADDR_CID_ANY.

> 
> 3. if CID reassignment happens, is this persistent? (i.e. will I see updated
> vsock definition in XML for the guest)

I guess so, but I didn't try.

> 
> 4. I would like to minimize the chance of CID collision. If I understand
> correctly, the CID is a 32-bit unsigned.

Right. 'struct sockaddr_vm' supports 32-bit unsigned CID.

>                                          So for my application, it might
> work to put an IPv4 address. But if I adopt this convention, then I need to
> look forward to possibly using IPv6. Anyway, would it be hard to potentially
> expand the size of the CID to 64 bits or even 128?

virtio-vsock specification [1] supports up to 64-bit CID.
The 'svm_cid' field in the 'struct sockaddr_vm' is the last one, before
the zero section, and we have 16-bit reserved on top that we can use for
some flags.
Maybe extending it to 64 bit might be feasible, but we need to check
other transports (vmci, hyperv).

Cheers,
Stefano

[1] https://docs.oasis-open.org/virtio/virtio/v1.1/csprd01/virtio-v1.1-csprd01.html#x1-3960006

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ