Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752744AbdHVVkU (ORCPT ); Tue, 22 Aug 2017 17:40:20 -0400 Received: from mail-sg2apc01on0093.outbound.protection.outlook.com ([104.47.125.93]:54044 "EHLO APC01-SG2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752303AbdHVVkS (ORCPT ); Tue, 22 Aug 2017 17:40:18 -0400 From: Dexuan Cui To: Stefan Hajnoczi CC: "davem@davemloft.net" , "netdev@vger.kernel.org" , "devel@linuxdriverproject.org" , KY Srinivasan , "Haiyang Zhang" , Stephen Hemminger , George Zhang , Jorgen Hansen , Michal Kubecek , Vitaly Kuznetsov , Cathy Avery , "jasowang@redhat.com" , Rolf Neugebauer , Dave Scott , Marcelo Cerri , "apw@canonical.com" , "olaf@aepfle.de" , "joe@perches.com" , "linux-kernel@vger.kernel.org" , Dan Carpenter Subject: RE: [PATCH net-next 3/3] hv_sock: implements Hyper-V transport for Virtual Sockets (AF_VSOCK) Thread-Topic: [PATCH net-next 3/3] hv_sock: implements Hyper-V transport for Virtual Sockets (AF_VSOCK) Thread-Index: AdMWFGQ8Y3X/Q87vRRyut4fx304pkwBVIa6AAEEmG8AAsHvlgAAXT1Zg Date: Tue, 22 Aug 2017 21:40:01 +0000 Message-ID: References: <20170817145551.GI5539@stefanha-x1.localdomain> <20170822101433.GC16799@stefanha-x1.localdomain> In-Reply-To: <20170822101433.GC16799@stefanha-x1.localdomain> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=decui@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-08-22T14:39:57.4652776-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General authentication-results: spf=none (sender IP is ) smtp.mailfrom=decui@microsoft.com; x-originating-ip: [167.220.1.111] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;PS1P15301MB0028;6:nnQa+tXyp3AbRmKgs39ueuaSKdyZGC6DbazzeUIYfYOsoPmqbAHdqCBV/qGtJcNjGRP9v1WJBf0GAdhD0cIf5keJOw0qzVhkzuHMu98M+kvn6t4rDrlMqt/3ShEQlBxIJjfmpG97CZuJtjDnLBEm1jAuhe7kXDCRSk1Vf5YkNRlYsqt2bRpdkyWh/TUYkaLdYzFj7JHdMz3tBqlmMFcDMY+nPqqOl+hQTCoSp46r+ASWXPMqXf0Z8fLmUTK5Klf+vTuZ0gD+H1mIO0GVAd/eslAoEVWTACVNWJEF/UK/exBd8JHmWPEXCz7pNtHorQS3D3weQ1i3lPjYu/fb5Ulgaw==;5:jYYCkm3rdcaqMylmHb07kaFq4mlvEux1T73UZsZGPSTXjd8tY5QGZICnFwCoTawGzyds9g8l2A8NhCMChJ2WWAeHID3UG8yqi0KAT4gdSI6BWWdCDA6aGGK+Y0SUPIIEOavY5fRNIuYNgTedEOC7EA==;24:FeNhmO13CHW5qcCVBr7r506HPQcQ+tYhfZd7YX0iuf+FIsCTeUiME2uqtoZM4uZEU8EkOOSkexQ27L4Q08IpI+q/cnejEI3C4PCWl7friIE=;7:F5RQni8C35xWaFAj54M0ZBIRxR43ld2jFSxnav5vCylPYp6PiNVxnhbCwFpEVUCXEEuO7zKhnPSMK1vkgBYnVmvYUi4Lj8MbUqBz7llWaNACiceVQA4CPCgWYhIqfWUG7u/otCaANOzAjD8GxIEbOQptp8fgm5OHDqNHGZzqhqrHR70pWdF2pV03YOpnHhbqurZSW6UFs367u8NmNiT0ossH3Bu1eOtOshOLCrH5tpc= x-ms-office365-filtering-correlation-id: 16963177-a7af-4a15-c50c-08d4e9a6581e x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(48565401081)(2017052603174)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:PS1P15301MB0028; x-ms-traffictypediagnostic: PS1P15301MB0028: x-exchange-antispam-report-test: UriScan:(21532816269658); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:PS1P15301MB0028;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:PS1P15301MB0028; x-forefront-prvs: 04073E895A x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(979002)(6009001)(39860400002)(47760400005)(199003)(24454002)(189002)(110136004)(86362001)(7416002)(5250100002)(6246003)(229853002)(3280700002)(3660700001)(2906002)(2950100002)(66066001)(6916009)(5660300001)(9686003)(478600001)(86612001)(53936002)(4326008)(101416001)(10290500003)(33656002)(6506006)(6436002)(7696004)(54906002)(76176999)(54356999)(50986999)(25786009)(10090500001)(55016002)(2900100001)(106356001)(189998001)(105586002)(81166006)(81156014)(8676002)(14454004)(8936002)(74316002)(8990500004)(3846002)(97736004)(93886005)(102836003)(6116002)(5005710100001)(68736007)(7736002)(305945005)(969003)(989001)(999001)(1009001)(1019001);DIR:OUT;SFP:1102;SCL:1;SRVR:PS1P15301MB0028;H:PS1P15301MB0011.APCP153.PROD.OUTLOOK.COM;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Aug 2017 21:40:01.2087 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PS1P15301MB0028 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id v7MLeQnV020702 Content-Length: 2874 Lines: 79 > From: Stefan Hajnoczi [mailto:stefanha@redhat.com] > On Fri, Aug 18, 2017 at 10:23:54PM +0000, Dexuan Cui wrote: > > > > +static bool hvs_stream_allow(u32 cid, u32 port) > > > > +{ > > > > + static const u32 valid_cids[] = { > > > > + VMADDR_CID_ANY, > > > > > > Is this for loopback? > > > > No, we don't support lookback in Linux VM, at least for now. > > In our Linux implementation, Linux VM can only connect to the host, and > > here when Linux VM calls connect(), I treat VMADDR_CID_ANY > > the same as VMADDR_CID_HOST. > > VMCI and virtio-vsock do not treat connect(VMADDR_CID_ANY) the same as > connect(VMADDR_CID_HOST). It is an error to connect to VMADDR_CID_ANY. Ok. Then I'll only allow VMADDR_CID_HOST as the destination CID, since we don't support loopback mode. > > > > + /* The host's port range [MIN_HOST_EPHEMERAL_PORT, 0xFFFFFFFF) > > > is > > > > + * reserved as ephemeral ports, which are used as the host's ports > > > > + * when the host initiates connections. > > > > + */ > > > > + if (port > MAX_HOST_LISTEN_PORT) > > > > + return false; > > > > > > Without this if statement the guest will attempt to connect. I guess > > > there will be no listen sockets above MAX_HOST_LISTEN_PORT, so the > > > connection attempt will fail. > > > > You're correct. > > To use the vsock common infrastructure, we have to map Hyper-V's > > GUID to int , and hence we must limit > > the port range we can listen() on to [0, MAX_LISTEN_PORT], i.e. > > we can only use half of the whole 32-bit port space for listen(). > > This is detailed in the long comments starting at about Line 100. > > > > > ...but hardcode this knowledge into the guest driver? > > I'd like the guest's connect() to fail immediately here. > > IMO this is better than a connect timeout. :-) > > Thanks for explaining. Perhaps the comment could be updated: > > /* The host's port range [MIN_HOST_EPHEMERAL_PORT, 0xFFFFFFFF) is > * reserved as ephemeral ports, which are used as the host's ports when > * the host initiates connections. > * > * Perform this check in the guest so an immediate error is produced > * instead of a timeout. > */ > > Stefan Thank you, Stefan! Please see the below for the updated version of the function: static bool hvs_stream_allow(u32 cid, u32 port) { /* The host's port range [MIN_HOST_EPHEMERAL_PORT, 0xFFFFFFFF) is * reserved as ephemeral ports, which are used as the host's ports * when the host initiates connections. * * Perform this check in the guest so an immediate error is produced * instead of a timeout. */ if (port > MAX_HOST_LISTEN_PORT) return false; if (cid == VMADDR_CID_HOST) return true; return false; } I'll send a v2 of the patch later today. -- Dexuan