lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3b6a1f23-bf0e-416d-8880-4556b87b5137@amazon.com>
Date: Wed, 29 May 2024 12:43:57 +0200
From: Alexander Graf <graf@...zon.com>
To: Stefano Garzarella <sgarzare@...hat.com>, Paolo Bonzini
	<pbonzini@...hat.com>
CC: Alexander Graf <agraf@...raf.de>, Dorjoy Chowdhury
	<dorjoychy111@...il.com>, <virtualization@...ts.linux.dev>,
	<kvm@...r.kernel.org>, <netdev@...r.kernel.org>, <stefanha@...hat.com>
Subject: Re: How to implement message forwarding from one CID to another in
 vhost driver


On 29.05.24 10:04, Stefano Garzarella wrote:
>
> On Tue, May 28, 2024 at 06:38:24PM GMT, Paolo Bonzini wrote:
>> On Tue, May 28, 2024 at 5:53 PM Stefano Garzarella 
>> <sgarzare@...hat.com> wrote:
>>>
>>> On Tue, May 28, 2024 at 05:49:32PM GMT, Paolo Bonzini wrote:
>>> >On Tue, May 28, 2024 at 5:41 PM Stefano Garzarella 
>>> <sgarzare@...hat.com> wrote:
>>> >> >I think it's either that or implementing virtio-vsock in userspace
>>> >> 
>>> >(https://lore.kernel.org/qemu-devel/30baeb56-64d2-4ea3-8e53-6a5c50999979@redhat.com/,
>>> >> >search for "To connect host<->guest").
>>> >>
>>> >> For in this case AF_VSOCK can't be used in the host, right?
>>> >> So it's similar to vhost-user-vsock.
>>> >
>>> >Not sure if I understand but in this case QEMU knows which CIDs are
>>> >forwarded to the host (either listen on vsock and connect to the host,
>>> >or vice versa), so there is no kernel and no VMADDR_FLAG_TO_HOST
>>> >involved.
>>>
>>> I meant that the application in the host that wants to connect to the
>>> guest cannot use AF_VSOCK in the host, but must use the one where QEMU
>>> is listening (e.g. AF_INET, AF_UNIX), right?
>>>
>>> I think one of Alex's requirements was that the application in the host
>>> continue to use AF_VSOCK as in their environment.
>>
>> Can the host use VMADDR_CID_LOCAL for host-to-host communication?
>
> Yep!
>
>> If
>> so, the proposed "-object vsock-forward" syntax can connect to it and
>> it should work as long as the application on the host does not assume
>> that it is on CID 3.
>
> Right, good point!
> We can also support something similar in vhost-user-vsock, where instead
> of using AF_UNIX and firecracker's hybrid vsock, we can redirect
> everything to VMADDR_CID_LOCAL.
>
> Alex what do you think? That would simplify things a lot to do.
> The only difference is that the application in the host has to talk to
> VMADDR_CID_LOCAL (1).


The application in the host would see an incoming connection from CID 1 
(which is probably fine) and would still be able to establish outgoing 
connections to the actual VM's CID as long as the Enclave doesn't check 
for the peer CID (I haven't seen anyone check yet). So yes, indeed, this 
should work.

The only case where I can see it breaking is when you run multiple 
Enclave VMs in parallel. In that case, each would try to listen to CID 3 
and the second that does would fail. But it's a well solvable problem: 
We could (in addition to the simple in-QEMU case) build an external 
daemon that does the proxying and hence owns CID3.

So the immediate plan would be to:

   1) Build a new vhost-vsock-forward object model that connects to 
vhost as CID 3 and then forwards every packet from CID 1 to the 
Enclave-CID and every packet that arrives on to CID 3 to CID 2.
   2) Create a machine option for -M nitro-enclave that automatically 
spawns the vhost-vsock-forward object. (default: off)


The above may need some fiddling with object creation times to ensure 
that the forward object gets CID 3, not the Enclave as auto-assigned CID.


Thanks,

Alex




Amazon Web Services Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ