Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752744AbdHVVkU (ORCPT <rfc822;w@1wt.eu>);
        Tue, 22 Aug 2017 17:40:20 -0400
Received: from mail-sg2apc01on0093.outbound.protection.outlook.com ([104.47.125.93]:54044
        "EHLO APC01-SG2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1752303AbdHVVkS (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 22 Aug 2017 17:40:18 -0400
From: Dexuan Cui <decui@microsoft.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
CC: "davem@davemloft.net" <davem@davemloft.net>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "devel@linuxdriverproject.org" <devel@linuxdriverproject.org>,
        KY Srinivasan <kys@microsoft.com>,
        "Haiyang Zhang" <haiyangz@microsoft.com>,
        Stephen Hemminger <sthemmin@microsoft.com>,
        George Zhang <georgezhang@vmware.com>,
        Jorgen Hansen <jhansen@vmware.com>, Michal Kubecek <mkubecek@suse.cz>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Cathy Avery <cavery@redhat.com>,
        "jasowang@redhat.com" <jasowang@redhat.com>,
        Rolf Neugebauer <rolf.neugebauer@docker.com>,
        Dave Scott <dave.scott@docker.com>,
        Marcelo Cerri <marcelo.cerri@canonical.com>,
        "apw@canonical.com" <apw@canonical.com>,
        "olaf@aepfle.de" <olaf@aepfle.de>, "joe@perches.com" <joe@perches.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Dan Carpenter <dan.carpenter@oracle.com>
Subject: RE: [PATCH net-next 3/3] hv_sock: implements Hyper-V transport for
 Virtual Sockets (AF_VSOCK)
Thread-Topic: [PATCH net-next 3/3] hv_sock: implements Hyper-V transport for
 Virtual Sockets (AF_VSOCK)
Thread-Index: AdMWFGQ8Y3X/Q87vRRyut4fx304pkwBVIa6AAEEmG8AAsHvlgAAXT1Zg
Date: Tue, 22 Aug 2017 21:40:01 +0000
Message-ID: <PS1P15301MB0011D3F00204245172E8150EBF840@PS1P15301MB0011.APCP153.PROD.OUTLOOK.COM>
References: <KL1P15301MB00086EF58514BFD08F66B6C4BF8D0@KL1P15301MB0008.APCP153.PROD.OUTLOOK.COM>
 <20170817145551.GI5539@stefanha-x1.localdomain>
 <KL1P15301MB0008C56CCD01B69186EF3A93BF800@KL1P15301MB0008.APCP153.PROD.OUTLOOK.COM>
 <20170822101433.GC16799@stefanha-x1.localdomain>
In-Reply-To: <20170822101433.GC16799@stefanha-x1.localdomain>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=decui@microsoft.com;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-08-22T14:39:57.4652776-07:00;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure
 Information Protection;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic;
 Sensitivity=General
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=decui@microsoft.com; 
x-originating-ip: [167.220.1.111]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;PS1P15301MB0028;6:nnQa+tXyp3AbRmKgs39ueuaSKdyZGC6DbazzeUIYfYOsoPmqbAHdqCBV/qGtJcNjGRP9v1WJBf0GAdhD0cIf5keJOw0qzVhkzuHMu98M+kvn6t4rDrlMqt/3ShEQlBxIJjfmpG97CZuJtjDnLBEm1jAuhe7kXDCRSk1Vf5YkNRlYsqt2bRpdkyWh/TUYkaLdYzFj7JHdMz3tBqlmMFcDMY+nPqqOl+hQTCoSp46r+ASWXPMqXf0Z8fLmUTK5Klf+vTuZ0gD+H1mIO0GVAd/eslAoEVWTACVNWJEF/UK/exBd8JHmWPEXCz7pNtHorQS3D3weQ1i3lPjYu/fb5Ulgaw==;5:jYYCkm3rdcaqMylmHb07kaFq4mlvEux1T73UZsZGPSTXjd8tY5QGZICnFwCoTawGzyds9g8l2A8NhCMChJ2WWAeHID3UG8yqi0KAT4gdSI6BWWdCDA6aGGK+Y0SUPIIEOavY5fRNIuYNgTedEOC7EA==;24:FeNhmO13CHW5qcCVBr7r506HPQcQ+tYhfZd7YX0iuf+FIsCTeUiME2uqtoZM4uZEU8EkOOSkexQ27L4Q08IpI+q/cnejEI3C4PCWl7friIE=;7:F5RQni8C35xWaFAj54M0ZBIRxR43ld2jFSxnav5vCylPYp6PiNVxnhbCwFpEVUCXEEuO7zKhnPSMK1vkgBYnVmvYUi4Lj8MbUqBz7llWaNACiceVQA4CPCgWYhIqfWUG7u/otCaANOzAjD8GxIEbOQptp8fgm5OHDqNHGZzqhqrHR70pWdF2pV03YOpnHhbqurZSW6UFs367u8NmNiT0ossH3Bu1eOtOshOLCrH5tpc=
x-ms-office365-filtering-correlation-id: 16963177-a7af-4a15-c50c-08d4e9a6581e
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(48565401081)(2017052603174)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:PS1P15301MB0028;
x-ms-traffictypediagnostic: PS1P15301MB0028:
x-exchange-antispam-report-test: UriScan:(21532816269658);
x-microsoft-antispam-prvs: <PS1P15301MB0028841FE9FF59FCC850BCF1BF840@PS1P15301MB0028.APCP153.PROD.OUTLOOK.COM>
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:PS1P15301MB0028;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:PS1P15301MB0028;
x-forefront-prvs: 04073E895A
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(979002)(6009001)(39860400002)(47760400005)(199003)(24454002)(189002)(110136004)(86362001)(7416002)(5250100002)(6246003)(229853002)(3280700002)(3660700001)(2906002)(2950100002)(66066001)(6916009)(5660300001)(9686003)(478600001)(86612001)(53936002)(4326008)(101416001)(10290500003)(33656002)(6506006)(6436002)(7696004)(54906002)(76176999)(54356999)(50986999)(25786009)(10090500001)(55016002)(2900100001)(106356001)(189998001)(105586002)(81166006)(81156014)(8676002)(14454004)(8936002)(74316002)(8990500004)(3846002)(97736004)(93886005)(102836003)(6116002)(5005710100001)(68736007)(7736002)(305945005)(969003)(989001)(999001)(1009001)(1019001);DIR:OUT;SFP:1102;SCL:1;SRVR:PS1P15301MB0028;H:PS1P15301MB0011.APCP153.PROD.OUTLOOK.COM;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Aug 2017 21:40:01.2087
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS1P15301MB0028
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id v7MLeQnV020702
Content-Length: 2874
Lines: 79

> From: Stefan Hajnoczi [mailto:stefanha@redhat.com]
> On Fri, Aug 18, 2017 at 10:23:54PM +0000, Dexuan Cui wrote:
> > > > +static bool hvs_stream_allow(u32 cid, u32 port)
> > > > +{
> > > > +	static const u32 valid_cids[] = {
> > > > +		VMADDR_CID_ANY,
> > >
> > > Is this for loopback?
> >
> > No, we don't support lookback in Linux VM, at least for now.
> > In our Linux implementation, Linux VM can only connect to the host, and
> > here when Linux VM calls connect(), I treat  VMADDR_CID_ANY
> > the same as VMADDR_CID_HOST.
> 
> VMCI and virtio-vsock do not treat connect(VMADDR_CID_ANY) the same as
> connect(VMADDR_CID_HOST).  It is an error to connect to VMADDR_CID_ANY.

Ok. Then I'll only allow VMADDR_CID_HOST as the destination CID, since 
we don't support loopback mode.

> > > > +	/* The host's port range [MIN_HOST_EPHEMERAL_PORT, 0xFFFFFFFF)
> > > is
> > > > +	 * reserved as ephemeral ports, which are used as the host's ports
> > > > +	 * when the host initiates connections.
> > > > +	 */
> > > > +	if (port > MAX_HOST_LISTEN_PORT)
> > > > +		return false;
> > >
> > > Without this if statement the guest will attempt to connect.  I guess
> > > there will be no listen sockets above MAX_HOST_LISTEN_PORT, so the
> > > connection attempt will fail.
> >
> > You're correct.
> > To use the vsock common infrastructure, we have to map Hyper-V's
> > GUID <VM_ID, Service_ID> to int <cid, port>, and hence we must limit
> > the port range we can listen() on to [0, MAX_LISTEN_PORT], i.e.
> > we can only use half of the whole 32-bit port space for listen().
> > This is detailed in the long comments starting at about Line 100.
> >
> > > ...but hardcode this knowledge into the guest driver?
> > I'd like the guest's connect() to fail immediately here.
> > IMO this is better than a connect timeout. :-)
> 
> Thanks for explaining.  Perhaps the comment could be updated:
> 
>  /* The host's port range [MIN_HOST_EPHEMERAL_PORT, 0xFFFFFFFF) is
>   * reserved as ephemeral ports, which are used as the host's ports when
>   * the host initiates connections.
>   *
>   * Perform this check in the guest so an immediate error is produced
>   * instead of a timeout.
>   */
> 
> Stefan

Thank you, Stefan! 
Please see the below for the updated version of the function:

static bool hvs_stream_allow(u32 cid, u32 port)
{
        /* The host's port range [MIN_HOST_EPHEMERAL_PORT, 0xFFFFFFFF) is
         * reserved as ephemeral ports, which are used as the host's ports
         * when the host initiates connections.
         *
         * Perform this check in the guest so an immediate error is produced
         * instead of a timeout.
         */
        if (port > MAX_HOST_LISTEN_PORT)
                return false;

        if (cid == VMADDR_CID_HOST)
                return true;

        return false;
}

I'll send a v2 of the patch later today.

-- Dexuan