Open
Conversation
luigix25
commented
Jul 28, 2025
stefano-garzarella
added
the
needs-rebase
Member
stefano-garzarella
left a comment
stefano-garzarella
left a comment
There was a problem hiding this comment.
Thanks for this PR, I did a quick review and left some comments.
I'll think a bit more about Transport implementation and Vsock, since I'd like to have more abstraction (e.g. be ready to support a new driver for HyperV vsock)
luigix25
force-pushed
the
vsock_attestation
branch
from
e0d157e to
82976c4
Compare
Collaborator
Author
|
v2:
TODO:
|
luigix25
force-pushed
the
vsock_attestation
branch
from
82976c4 to
08ff85f
Compare
Collaborator
Author
|
v3:
TODO:
|
luigix25
force-pushed
the
vsock_attestation
branch
from
08ff85f to
9f5553e
Compare
Collaborator
Author
|
v4:
TODO:
|
germag
reviewed
Aug 4, 2025
germag
reviewed
Aug 4, 2025
germag
reviewed
Aug 5, 2025
germag
reviewed
Aug 5, 2025
germag
reviewed
Aug 6, 2025
germag
reviewed
Aug 6, 2025
stefano-garzarella
added
in-review
stefano-garzarella
added
the
needs-rebase
luigix25
force-pushed
the
vsock_attestation
branch
3 times, most recently
from
ca7e076 to
3bc1d0b
Compare
Collaborator
Author
|
v5:
TODO:
|
Collaborator
Author
|
Looks like CI runner fails to create a vsock listening socket using ncat |
luigix25
force-pushed
the
vsock_attestation
branch
from
3bc1d0b to
f9a59be
Compare
Collaborator
Author
|
Fixed CI failure. |
luigix25
force-pushed
the
vsock_attestation
branch
from
f9a59be to
31df19c
Compare
Collaborator
Author
|
luigix25
changed the title
stefano-garzarella
added
wait-for-update
luigix25
force-pushed
the
vsock_attestation
branch
from
ef04aef to
a14dca2
Compare
Collaborator
Author
|
Addressed all @stefano-garzarella comments:
|
luigix25
commented
Mar 2, 2026
| for _ in 0..MAX_RETRIES { | ||
| let candidate_port = | ||
| self.first_free_port | ||
| .fetch_update(Ordering::Relaxed, Ordering::Relaxed, |port| { |
Collaborator
Author
There was a problem hiding this comment.
I'm not sure about this, I'd like some feedback from someone with more experience
luigix25
removed
the
wait-for-update
germag
reviewed
Mar 2, 2026
luigix25
force-pushed
the
vsock_attestation
branch
from
a14dca2 to
0dd8620
Compare
Collaborator
Author
|
luigix25
force-pushed
the
vsock_attestation
branch
2 times, most recently
from
3dcc259 to
831ed1c
Compare
Collaborator
Author
|
Fixed CI failure because no-cc by default is now run as non-root and |
stefano-garzarella
added
the
needs-rebase
Define a VsockTransport trait to abstract vsock operations and enable multiple backend implementations. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Commit c4719d3 dropped driver support for virtio-vsock because it was not being used. This reverts this commit because we are introducing vsock support. This revert does not add back the examples/aarch64/main.rs file as it is not needed. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Apply lints suggested by clippy. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
The connection status is not tracked in the `Connection` struct, so there is no way to check whether the handshake has completed. Introduce the `established` field and set it when a `Connected` or `ConnectionRequest` event is successfully handled. Expose it via `is_connection_established()`. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
`send()` and `update_credit()` do not check whether the peer has requested shutdown, allowing operations on a connection that the peer considers closed. Check `peer_requested_shutdown` before proceeding in both methods. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Add a function that checks if a local port is in use, either for listening or for a connection. This will be used by VsockDriver to allocate local ports when creating new streams. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
luigix25
force-pushed
the
vsock_attestation
branch
from
831ed1c to
6283c7c
Compare
luigix25
removed
the
needs-rebase
00xc
reviewed
Apr 2, 2026
| /// - The VSOCK device is not available (`VsockError::DriverError`) | ||
| /// - The connection is already shutdown (`VsockError::SocketShutdown`) | ||
| /// - The shutdown operation fails | ||
| pub fn shutdown(&mut self) -> Result<(), SvsmError> { |
Member
There was a problem hiding this comment.
Are there any users that require manually shutting down the stream? If not, then I would suggest moving all of this into Drop. This would make it impossible to use the stream after it is closed. This should also help deduplicate the logic that is already present in Drop and in this method (e.g. VSOCK_DEVICE.shutdown()).
Collaborator
Author
There was a problem hiding this comment.
My idea was to replicate this https://docs.rs/vsock/latest/vsock/struct.VsockStream.html
But yes, it would simplify the logic indeed.
Member
There was a problem hiding this comment.
I guess it's also a matter of taste, but a big thing in Rust is to make invalid states unrepresentable. Another option would be to make shutdown() take self instead of &mut self, having the method consume the type. But then again, I don't know if there are any valid use cases where you want to use again the struct after shutdown.
Collaborator
Author
There was a problem hiding this comment.
I'll keep this open for now, so other reviewers can share their feedback
luigix25
force-pushed
the
vsock_attestation
branch
from
6283c7c to
2e119f4
Compare
Collaborator
Author
|
Addressed comments from @00xc
|
Add a virtio-vsock wrapper around virtio-drivers. It provides blocking functions for connect, send, recv, shutdown and force_shutdown. To use it you need the `vsock` feature. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Add VsockStream struct that provides a high-level stream-oriented interface over the vsock driver API. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Add an optional `--vsock cid` parameter. This will attach a virtio-vsock device to the VM. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
In preparation to vsock support, QEMU needs to be configured with vhost support enabled. Without the flag `--enable-vhost-kernel`, QEMU would fail to launch with error: `qemu-system-x86_64: -device vhost-vsock-device,guest-cid=3: 'vhost-vsock-device' is not a valid device model name` This flag is disabled by default because of `--without-default-features` Because no-cc is run as non-root, this causes QEMU to fail with the error: `vhost-vsock: failed to open vhost device: Permission denied"` To fix this, setup permissions to /dev/vhost-vsock for non-root. Add the flag to enable support for vsock in QEMU and install netcat Co-Developed-by: Luigi Leonardi <leonardi@redhat.com> Signed-off-by: Luigi Leonardi <leonardi@redhat.com> Signed-off-by: Nicola Ramacciotti <niko.ramak@gmail.com>
Add a test that performs some basic checks on vsock functionalities: - double connection - recv a buffer from the host - send a buffer to the host - recv a buffer after local shutdown - send a buffer after local shutdown The vsock server is created on the host using ncat. Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
luigix25
force-pushed
the
vsock_attestation
branch
from
2e119f4 to
97efe54
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces a wrapper to the virtio-drivers crate like what has been done for virtio-blk. This provides blocking calls to
connectclosesendandrecv.Vsock is more flexible than the serial port as it has the concept of port, and we can reuse vsock for anything else.
I had to make 2 changes to the virtio-drivers crate, the idea is to open a PR in that repo. Before proceeding with the PR, I'd like to take some feedback here, maybe more changes are needed.
To compile it you need to enable the feature
vsockandvirtio-drivers.To test it you can use
make test-in-svsmNote: If a vsock device is not attached, svsm will not crash.