RE: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock dev/hyperv/include dev/hyperv/vmbus modules/hyperv modules/hyperv/hvsock sys
> -Original Message- > From: Shawn Webb > Sent: Wednesday, May 20, 2020 11:11 PM > To: Wei Hu > Cc: src-committ...@freebsd.org; svn-src-...@freebsd.org; svn-src- > h...@freebsd.org > Subject: Re: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock > dev/hyperv/include dev/hyperv/vmbus modules/hyperv > modules/hyperv/hvsock sys > > On Wed, May 20, 2020 at 11:03:59AM +, Wei Hu wrote: > > Author: whu > > Date: Wed May 20 11:03:59 2020 > > New Revision: 361275 > > URL: https://svnweb.freebsd.org/changeset/base/361275 > > > > Log: > > HyperV socket implementation for FreeBSD > > > > This change adds Hyper-V socket feature in FreeBSD. New socket address > > family AF_HYPERV and its kernel support are added. > > > > Submitted by: Wei Hu > > Reviewed by: Dexuan Cui > > Relnotes: yes > > Sponsored by: Microsoft > > Differential Revision:https://reviews.freebsd.org/D24061 > > Hey Wei Hu, > > Would it be good to bump __FreeBSD_version after a change like this? > Hi Shawn, I was not familiar to the mechanism of __FreeBSD_version. But it looks like a good idea. However I am not sure if I have the right to update the chapter.xml file. Can you help on what I need to do the update this version number? Thanks, Wei ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
RE: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock dev/hyperv/include dev/hyperv/vmbus modules/hyperv modules/hyperv/hvsock sys
> -Original Message- > From: Enji Cooper > Sent: Wednesday, May 20, 2020 11:58 PM > To: Shawn Webb > Cc: Wei Hu ; src-committ...@freebsd.org; svn-src- > a...@freebsd.org; svn-src-head@freebsd.org > Subject: Re: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock > dev/hyperv/include dev/hyperv/vmbus modules/hyperv > modules/hyperv/hvsock sys > > > > On May 20, 2020, at 08:54, Enji Cooper wrote: > > > >>> On May 20, 2020, at 08:11, Shawn Webb > wrote: > >>> > >>> On Wed, May 20, 2020 at 11:03:59AM +, Wei Hu wrote: > >>> Author: whu > >>> Date: Wed May 20 11:03:59 2020 > >>> New Revision: 361275 > >>> URL: > >>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsv > >>> > nweb.freebsd.org%2Fchangeset%2Fbase%2F361275&data=02%7C01%7C > weh% > >>> > 40microsoft.com%7Cd6ff3617bffa43d10a7708d7fcd68470%7C72f988bf86f141 > a > >>> > f91ab2d7cd011db47%7C1%7C0%7C637255870581110888&sdata=mzz6R > ILCVBk > >>> q06RI1PAfVNKWZO2y7jBO0C1E%2F%2FEJwUY%3D&reserved=0 > >>> > >>> Log: > >>> HyperV socket implementation for FreeBSD > >>> > >>> This change adds Hyper-V socket feature in FreeBSD. New socket > >>> address family AF_HYPERV and its kernel support are added. > > > > Hi Wei, > >Could you please further describe what this feature is/does? > > I realize after looking at the review that it contains the content I was > hoping > for. It would have been helpful to folks if this context had been included in > the > commit message. Hi Enji, I thought I just keep it simple for the commit log message while people can refer to the review site for details. Sorry about that. Let me know if there is anyway to make up for it. Wei ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
RE: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock dev/hyperv/include dev/hyperv/vmbus modules/hyperv modules/hyperv/hvsock sys
> -Original Message- > From: Peter Holm > Sent: Thursday, May 21, 2020 8:24 PM > To: Wei Hu > Cc: src-committ...@freebsd.org; svn-src-...@freebsd.org; svn-src- > h...@freebsd.org > Subject: Re: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock > dev/hyperv/include dev/hyperv/vmbus modules/hyperv > modules/hyperv/hvsock sys > > On Wed, May 20, 2020 at 11:03:59AM +, Wei Hu wrote: > > Author: whu > > Date: Wed May 20 11:03:59 2020 > > New Revision: 361275 > > URL: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsvnweb > .freebsd.org%2Fchangeset%2Fbase%2F361275&data=02%7C01%7Cweh% > 40microsoft.com%7C61c524b5022b47b2c4e108d7fd81e75f%7C72f988bf86f14 > 1af91ab2d7cd011db47%7C1%7C0%7C637256606689750658&sdata=mw > 4IXP3DnxICnK4U%2F8MzLbvMAzCuxih2f0waDyMSCTE%3D&reserved=0 > > > > Log: > > HyperV socket implementation for FreeBSD > > > > This change adds Hyper-V socket feature in FreeBSD. New socket address > > family AF_HYPERV and its kernel support are added. > > > > Found this with a syscall fuzz test: > > panic: page fault > cpuid = 2 > time = 1590050529 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame > 0xfe033d21d530 > vpanic() at vpanic+0x182/frame 0xfe033d21d580 > panic() at panic+0x43/frame 0xfe033d21d5e0 > trap_fatal() at trap_fatal+0x387/frame 0xfe033d21d640 > trap_pfault() at trap_pfault+0x99/frame 0xfe033d21d6a0 > trap() at trap+0x2a5/frame 0xfe033d21d7b0 > calltrap() at calltrap+0x8/frame 0xfe033d21d7b0 > --- trap 0xc, rip = 0x80bcd3ba, rsp = 0xfe033d21d880, rbp = > 0xfe033d21d910 --- > _sx_xlock_hard() at _sx_xlock_hard+0x17a/frame 0xfe033d21d910 > _sx_xlock() at _sx_xlock+0xba/frame 0xfe033d21d950 > hvs_trans_close() at hvs_trans_close+0x42/frame 0xfe033d21d970 > soclose() at soclose+0x161/frame 0xfe033d21d9e0 > _fdrop() at _fdrop+0x1a/frame 0xfe033d21da00 > closef() at closef+0x1db/frame 0xfe033d21da90 > closefp() at closefp+0x96/frame 0xfe033d21dad0 > amd64_syscall() at amd64_syscall+0x159/frame 0xfe033d21dbf0 > fast_syscall_common() at fast_syscall_common+0x101/frame > 0xfe033d21dbf0 > --- syscall (6, FreeBSD ELF64, sys_close), rip = 0x8004283ca, rsp = > 0x7fffe328, > rbp = 0x7fffe460 --- > > https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fpeople.free > bsd.org%2F~pho%2Fstress%2Flog%2Fsetsockopt2- > 2.txt&data=02%7C01%7Cweh%40microsoft.com%7C61c524b5022b47b2c > 4e108d7fd81e75f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63 > 7256606689750658&sdata=RuBmWrBv7lGnhF2IHZ5NOP2rmV0c%2BJXuk > RZl260KSIw%3D&reserved=0 > > Could this be yours? Yes. Looks the lock was not initialized. The lock only gets initialized when it is running on HyperV. This type of socket only works on HyperV. How to reproduce it? Was it on HyperV? I am not sure how it can enter this state. Wei ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
RE: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock dev/hyperv/include dev/hyperv/vmbus modules/hyperv modules/hyperv/hvsock sys
> -Original Message-
> > > [... snip ...]
> > > +void
> > > +hvs_trans_init(void)
> > > +{
> > > + /* Skip initialization of globals for non-default instances. */
> > > + if (!IS_DEFAULT_VNET(curvnet))
> > > + return;
> > > +
> > > + if (vm_guest != VM_GUEST_HV)
> > > + return;
> > > +
> > > + HVSOCK_DBG(HVSOCK_DBG_VERBOSE,
> > > + "%s: HyperV Socket hvs_trans_init called\n", __func__);
> > > +
> > > + /* Initialize Globals */
> > > + previous_auto_bound_port = MAX_PORT;
> > > + sx_init(&hvs_trans_socks_sx, "hvs_trans_sock_sx");
> > > + mtx_init(&hvs_trans_socks_mtx,
> > > + "hvs_trans_socks_mtx", NULL, MTX_DEF);
> > > + LIST_INIT(&hvs_trans_bound_socks);
> > > + LIST_INIT(&hvs_trans_connected_socks);
> > > +}
> > > +
> >
> > I have a suspicion that all of these should really be per-vnet for
> > correct semantics with VIMAGE, with the IS_DEFAULT_VNET check earlier
> > dropped completely. I haven't read around the rest all that much, but
> > this would at least seem to prevent port re-use by a different vnet,
> > which is perhaps "good enough" but I think this is something that
> > should be fixed in the mid-term.
> >
>
> I have a follow-up concern about whether this is actually going to be
> maintained... it's been a full week with not even an acknowledgement or
> rebuttal of any of the concerns I've raised, with some of them being
> completely
> trivial to address in the short-term. I don't think that we really want this
> in the
> tree in its current state given this level of engagement.
>
Sorry for my late response, Kyle. I read your comments last week. To be honest
I am
not familiar to VNET and VIMAGE, so I don't quite understand. I got distracted
into other work so my response to this was delayed.
Do you mean to drop these two lines?
if (!IS_DEFAULT_VNET(curvnet))
return
I copied these from other socket init code. If they are not necessary I can
remove them.
Thanks,
Wei
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
RE: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock dev/hyperv/include dev/hyperv/vmbus modules/hyperv modules/hyperv/hvsock sys
> -Original Message-
> From: Kyle Evans
> Sent: Saturday, May 30, 2020 2:33 AM
> To: Wei Hu
> Cc: src-committers ; svn-src-all a...@freebsd.org>; svn-src-head
> Subject: Re: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock
> dev/hyperv/include dev/hyperv/vmbus modules/hyperv
> modules/hyperv/hvsock sys
>
> On Fri, May 29, 2020 at 12:08 PM Wei Hu wrote:
> > > -Original Message-
> > > > > [... snip ...]
> > > > > +void
> > > > > +hvs_trans_init(void)
> > > > > +{
> > > > > + /* Skip initialization of globals for non-default instances.
> > > > > */
> > > > > + if (!IS_DEFAULT_VNET(curvnet))
> > > > > + return;
> > > > > +
> > > > > + if (vm_guest != VM_GUEST_HV)
> > > > > + return;
> > > > > +
> > > > > + HVSOCK_DBG(HVSOCK_DBG_VERBOSE,
> > > > > + "%s: HyperV Socket hvs_trans_init called\n",
> > > > > + __func__);
> > > > > +
> > > > > + /* Initialize Globals */
> > > > > + previous_auto_bound_port = MAX_PORT;
> > > > > + sx_init(&hvs_trans_socks_sx, "hvs_trans_sock_sx");
> > > > > + mtx_init(&hvs_trans_socks_mtx,
> > > > > + "hvs_trans_socks_mtx", NULL, MTX_DEF);
> > > > > + LIST_INIT(&hvs_trans_bound_socks);
> > > > > + LIST_INIT(&hvs_trans_connected_socks);
> > > > > +}
> > > > > +
> > > >
> > > > I have a suspicion that all of these should really be per-vnet for
> > > > correct semantics with VIMAGE, with the IS_DEFAULT_VNET check
> > > > earlier dropped completely. I haven't read around the rest all
> > > > that much, but this would at least seem to prevent port re-use by
> > > > a different vnet, which is perhaps "good enough" but I think this
> > > > is something that should be fixed in the mid-term.
> > > >
> > >
> > > I have a follow-up concern about whether this is actually going to
> > > be maintained... it's been a full week with not even an
> > > acknowledgement or rebuttal of any of the concerns I've raised, with
> > > some of them being completely trivial to address in the short-term.
> > > I don't think that we really want this in the tree in its current state
> > > given
> this level of engagement.
> > >
> > Sorry for my late response, Kyle. I read your comments last week. To
> > be honest I am not familiar to VNET and VIMAGE, so I don't quite
> > understand. I got distracted into other work so my response to this was
> delayed.
> >
> > Do you mean to drop these two lines?
> >if (!IS_DEFAULT_VNET(curvnet))
> >return
> > I copied these from other socket init code. If they are not necessary I can
> remove them.
> >
>
> Alright, let's rewind a little bit here. =-) Consider while reading the below
> that I
> have no idea what the host-side of these sockets look like beyond what I just
> very quickly skimmed from [0].
>
> It's a little more involved than that; consider each vnet as its own
> independent
> network stack that's largely isolated from other vnets.
> The host starts out with a vnet, vnet0 (the default vnet), and root may spawn
> additional vnets attached to jails to allow the jail to operate its own
> network
> stack as well. Your pr_init will get called once per vnet spawned, including
> the
> obvious default vnet, which is why the check is there in the first place --
> you
> may have some global state that only needs to be initialized once, at which
> point you would exclude non-default vnets from executing those bits.
>
> The more I think about it, though, the more I wonder if hvsock makes sense at
> all in non-default vnet contexts and whether hvs_trans_attach should really be
> attaching to sockets outside of the default vnet. You can bind in your FreeBSD
> HyperV guest to a port, and a host service's option for connecting is
> specifying
> guest GUID + port; there's not really any wiggle room for multiple entities
> within a guest to be binding to a given port anyways. It may very well be the
> case that the status quo is the optimal outcome.
>
> Given that, does it make sense that the host connects via the guest GUID and
> can potentially end up connected to some jail of unknown trust operating its
> own network stack?
>
> As a final scattered thought for the hour, does the Linux implementation of
> this
> stuff do anything to give a guest admin visibility into existing HyperV
> sockets on
> the system? AFAICT here, there's no sockstat integration or anything else that
> might export hvsock information to userland, so one's only option to tracking
> down whether a HyperV socket even exists and to which process it belongs
> would appear to be probing around in the kernel.
>
The HyperV host only connects to guest using the guest unique GUID and a port
number. Once connection is requested, host sends a virtualized vmbus device
offer
to guest using different mechanism. On the guest side when the device office is
in,
it checks if the port is bound, then a communication channel on vmbus is
established
RE: svn commit: r361360 - head/sys/dev/hyperv/hvsock
> -Original Message-
> From: Kyle Evans
> Sent: Saturday, May 30, 2020 4:34 AM
> To: Wei Hu
> Cc: src-committers ; svn-src-all a...@freebsd.org>; svn-src-head
> Subject: Re: svn commit: r361360 - head/sys/dev/hyperv/hvsock
>
> On Fri, May 22, 2020 at 10:51 AM Kyle Evans wrote:
> >
> > On Fri, May 22, 2020 at 4:17 AM Wei Hu wrote:
> > >
> > > Author: whu
> > > Date: Fri May 22 09:17:07 2020
> > > New Revision: 361360
> > > URL:
> > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsv
> > >
> nweb.freebsd.org%2Fchangeset%2Fbase%2F361360&data=02%7C01%7C
> weh%
> > >
> 40microsoft.com%7Cc97d223b440a8f1708d8040f9563%7C72f988bf86f1
> 41a
> > >
> f91ab2d7cd011db47%7C1%7C0%7C637263812262686264&sdata=xPJ95
> nVsWPV
> > > f8qxlxSyMplJXuaFcbp5bd9FiGgvHhao%3D&reserved=0
> > >
> > > Log:
> > > Socket AF_HYPERV should return failure when it is not running on
> > > HyperV
> > >
> > > [... snip ...]
> > > @@ -354,6 +354,9 @@ hvs_trans_attach(struct socket *so, int proto,
> > > struct {
> > > struct hvs_pcb *pcb = so2hvspcb(so);
> > >
> > > + if (vm_guest != VM_GUEST_HV)
> > > + return (ESOCKTNOSUPPORT);
> > > +
> > > HVSOCK_DBG(HVSOCK_DBG_VERBOSE,
> > > "%s: HyperV Socket hvs_trans_attach called\n",
> > > __func__);
> > >
> >
> > This one may be OK, but none of these other methods should be able to
> > be invoked if the attach failed. See this comment at around
> > ^/sys/kern/uipc_socket.c#50:
> >
> > 50 * pru_detach() disassociates protocol layer state from an attached
> > socket,
> > 51 * and will be called exactly once for sockets in which pru_attach()
> > has
> > 52 * been successfully called. If pru_attach() returned an error,
> > 53 * pru_detach() will not be called. Socket layer private.
> >
> > That said, I wonder if VNET_DOMAIN_SET provides the correct semantics
> > here at all. You can't fail domain_init, but I don't think there's any
> > value in this domain actually getting registered on non-HyperV guests,
> > a fact which presumably won't change at runtime.
> >
>
> I'm considering the patch below, which is almost certainly going to be mangled
> by my mail client, for solving this style of problem. It gives the domain a
> chance
> to probe the system and opt out, for cases like hvsock where leaving the
> domain around and fully-initialized when there's no way it can work is both
> wasteful and a bit of an accident waiting to happen -- IMO it's much less
> error
> prone and more comforting if we just reject it early on, since we can. The
> vm_guest detection and hyperv's false-positive aversion stuff in hyperv_init
> should run much earlier than this.
>
> diff --git a/sys/dev/hyperv/hvsock/hv_sock.c
> b/sys/dev/hyperv/hvsock/hv_sock.c index d212c2d8c2d..d3bc1ab0f2c 100644
> --- a/sys/dev/hyperv/hvsock/hv_sock.c
> +++ b/sys/dev/hyperv/hvsock/hv_sock.c
> @@ -74,6 +74,8 @@ SYSCTL_INT(_net_hvsock, OID_AUTO, hvs_dbg_level,
> CTLFLAG_RWTUN, &hvs_dbg_level,
>
> MALLOC_DEFINE(M_HVSOCK, "hyperv_socket", "hyperv socket control
> structures");
>
> +static int hvs_dom_probe(void);
> +
> /* The MTU is 16KB per host side's design */
> #define HVSOCK_MTU_SIZE(1024 * 16)
> #define HVSOCK_SEND_BUF_SZ (PAGE_SIZE - sizeof(struct
> vmpipe_proto_header))
> @@ -124,6 +126,7 @@ static struct protosw hv_socket_protosw[] =
> {
> static struct domain hv_socket_domain = {
> .dom_family = AF_HYPERV,
> .dom_name = "hyperv",
> + .dom_probe =hvs_dom_probe,
> .dom_protosw = hv_socket_protosw,
> .dom_protoswNPROTOSW =
> &hv_socket_protosw[nitems(hv_socket_protosw)]
> };
> @@ -322,6 +325,16 @@ hvs_trans_unlock(void)
> sx_xunlock(&hvs_trans_socks_sx); }
>
> +static int
> +hvs_dom_probe(void)
> +{
> +
> + /* Don't even give us a chance to attach on non-HyperV. */
> + if (vm_guest != VM_GUEST_HV)
> + return (ENXIO);
> + return (0);
> +}
> +
> void
> hvs_trans_init(void)
> {
> @@ -329,9 +342,6 @@ hvs_trans_init(void)
> if (!IS_DEFAULT_VNET(curvnet))
> return;
>
> - if (vm_guest != VM_GUEST_HV)
> - return;
> -
> HVSOCK_DBG(HVSOCK_DBG_VERBOSE,
> "%s: HyperV Socket hvs_trans_init called\n", __func__);
>
> @@ -354,9 +364,6 @@ hvs_trans_attach(struct socket *so, int proto, struct
> thread *td) {
> struct hvs_pcb *pcb = so2hvspcb(so);
>
> - if (vm_guest != VM_GUEST_HV)
> - return (ESOCKTNOSUPPORT);
> -
> HVSOCK_DBG(HVSOCK_DBG_VERBOSE,
> "%s: HyperV Socket hvs_trans_attach called\n", __func__);
>
> @@ -383,9 +390,6 @@ hvs_trans_detach(struct socket *so) {
> struct hvs_pcb *pcb;
>
> - if (vm_guest != VM_GUEST_HV)
> - return;
> -
> HVSOCK_DBG(HVSOCK_DBG_VERBOSE,
> "%s: HyperV Socket hvs_trans_detach called\n", __func__);
>
>
