lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Feb 2020 15:43:17 +0000
From:   Stefan Hajnoczi <stefanha@...hat.com>
To:     ted.h.kim@...cle.com
Cc:     sgarzare@...hat.com, netdev@...r.kernel.org,
        Ján Tomko <jtomko@...hat.com>
Subject: Re: vsock CID questions

On Tue, Feb 18, 2020 at 02:45:38PM -0800, ted.h.kim@...cle.com wrote:
> 1. Is there an API to lookup CIDs of guests from the host side (in libvirt)?

I wonder if it can be queried from libvirt (at a minimum the domain XML
might have the CID)?  I have CCed Ján Tomko who worked on the libvirt
support:

https://libvirt.org/formatdomain.html#vsock

> 2. In the vsock(7) man page, it says the CID might change upon migration, if
> it is not available.
> Is there some notification when CID reassignment happens?

All established connections are reset across live migration -
applications will notice :).

Listen sockets stay open but automatically listen on the new CID.

> 3. if CID reassignment happens, is this persistent? (i.e. will I see updated
> vsock definition in XML for the guest)

Another question for Ján.

> 4. I would like to minimize the chance of CID collision. If I understand
> correctly, the CID is a 32-bit unsigned. So for my application, it might
> work to put an IPv4 address. But if I adopt this convention, then I need to
> look forward to possibly using IPv6. Anyway, would it be hard to potentially
> expand the size of the CID to 64 bits or even 128?

A little hard, since the struct sockaddr_vm that userspace applications
use has a 32-bit CID field.  This is because the existing VMware VMCI
vsock implementation has 32-bit CIDs.

virtio-vsock is ready for 64-bit CIDs (the packet header fields are
already 64-bit) but changes to net/vmw_vsock/ core code and to the
userspace ABI would be necessary.

Stefan

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ