Re: [PATCH net-next v1 0/3] vsock: Add flag field in the vsock address
From: Stefano Garzarella <sgarzare@redhat.com>
Date: 2020-12-02 13:39:45
Also in:
lkml
Hi Andra, On Tue, Dec 01, 2020 at 05:25:02PM +0200, Andra Paraschiv wrote:
vsock enables communication between virtual machines and the host they are running on. Nested VMs can be setup to use vsock channels, as the multi transport support has been available in the mainline since the v5.5 Linux kernel has been released. Implicitly, if no host->guest vsock transport is loaded, all the vsock packets are forwarded to the host. This behavior can be used to setup communication channels between sibling VMs that are running on the same host. One example can be the vsock channels that can be established within AWS Nitro Enclaves (see Documentation/virt/ne_overview.rst). To be able to explicitly mark a connection as being used for a certain use case, add a flag field in the vsock address data structure. The "svm_reserved1" field has been repurposed to be the flag field. The value of the flag will then be taken into consideration when the vsock transport is assigned. This way can distinguish between nested VMs / local communication and sibling VMs use cases. And can also setup one or more types of communication at the same time.
Another thing worth mentioning is that for now it is not supported in vhost-vsock, since we are discarding every packet not addressed to the host. What we should do would be: - add a new IOCTL to vhost-vsock to enable sibling communication, by default I'd like to leave it disabled - allow sibling forwarding only if both guests have sibling communication enabled and we should implement some kind of filtering or network namespace support to allow the communication only between a subset of VMs Do you have plans to work on it? Otherwise I put it in my to-do list and hope I have time to do it (maybe next month). Thanks, Stefano