lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 Feb 2020 17:09:12 +0100
From:   Ján Tomko <jtomko@...hat.com>
To:     Stefan Hajnoczi <stefanha@...hat.com>
Cc:     ted.h.kim@...cle.com, sgarzare@...hat.com, netdev@...r.kernel.org
Subject: Re: vsock CID questions

On Wed, Feb 19, 2020 at 03:43:17PM +0000, Stefan Hajnoczi wrote:
>On Tue, Feb 18, 2020 at 02:45:38PM -0800, ted.h.kim@...cle.com wrote:
>> 1. Is there an API to lookup CIDs of guests from the host side (in libvirt)?
>
>I wonder if it can be queried from libvirt (at a minimum the domain XML
>might have the CID)?  I have CCed Ján Tomko who worked on the libvirt
>support:
>
>https://libvirt.org/formatdomain.html#vsock
>

Yes, libvirt has to know the CIDs of the guest and presents them in the
domain XML:
<domain type='kvm'>
   <name>test</name>
   ...
   <devices>
     ...
     <vsock model='virtio'>
       <cid auto='no' address='4'/>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
     </vsock>
   </devices>
</domain>

>> 2. In the vsock(7) man page, it says the CID might change upon migration, if
>> it is not available.
>> Is there some notification when CID reassignment happens?
>
>All established connections are reset across live migration -
>applications will notice :).
>
>Listen sockets stay open but automatically listen on the new CID.
>
>> 3. if CID reassignment happens, is this persistent? (i.e. will I see updated
>> vsock definition in XML for the guest)
>
>Another question for Ján.

Depends on the setting.
For <cid auto='yes'/>, libvirt will try to acquire the first available CID
for the guest and pass it to QEMU.
For <cid auto='no'/>, no reassignment should happend and the CID
requested in the domain XML on the source will be used (or fail to be
used) on the destination.

Jano

>
>> 4. I would like to minimize the chance of CID collision. If I understand
>> correctly, the CID is a 32-bit unsigned. So for my application, it might
>> work to put an IPv4 address. But if I adopt this convention, then I need to
>> look forward to possibly using IPv6. Anyway, would it be hard to potentially
>> expand the size of the CID to 64 bits or even 128?
>
>A little hard, since the struct sockaddr_vm that userspace applications
>use has a 32-bit CID field.  This is because the existing VMware VMCI
>vsock implementation has 32-bit CIDs.
>
>virtio-vsock is ready for 64-bit CIDs (the packet header fields are
>already 64-bit) but changes to net/vmw_vsock/ core code and to the
>userspace ABI would be necessary.
>
>Stefan



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ