On 10/18/19 10:38 AM, Richard W.M. Jones wrote:
 On platforms which support it (only Linux currently) nbdkit can act
as
 a vsock server.  Guests running on the host see a raw NBD socket which
 it can connect to by opening an AF_VSOCK connection.  (Although only
 libnbd supports this).
 
 The current limitations are:
 
   * nbdkit can only act as a host (cid == VMADDR_CID_HOST == 2). 
How hard would it be to allow a different cid to run a server on the 
guest and client on the host?
 
   * There is no access control.  Any guest which has vsock enabled can
     open the socket. 
Well, there's TLS if you need it.
 
   * nbdkit can only listen on either TCP/IP or AF_VSOCK, not both at
     the same time.  (The same currently applies to TCP/IP vs AF_UNIX so
     this is not a new restriction).
 
   * Lacks a test because you cannot use vsock to communicate host to
     host. 
Yeah, this is one case where testing requires a guest.
 +If you see the error C<unable to open vhost-vsock device> then
you may
 +have to unload the VMCI transport:
 +
 + modprobe -r vmw_vsock_vmci_transport 
Is that in the host or in the guest?
 @@ -826,15 +842,22 @@ start_serving (void)
     size_t nr_socks;
     size_t i;
   
 -  /* If the user has mixed up -p/-U/-s options, then give an error.
 +  /* If the user has mixed up -p/--run/-s/-U/--vsock options, then
 +   * give an error.
      *
      * XXX Actually the server could easily be extended to handle both
      * TCP/IP and Unix sockets, or even multiple TCP/IP ports.
      */
 -  if ((port && unixsocket) || (port && listen_stdin) ||
 -      (unixsocket && listen_stdin) || (listen_stdin && run)) {
 +  if ((port && unixsocket) ||
 +      (port && listen_stdin) ||
 +      (unixsocket && listen_stdin) ||
 +      (listen_stdin && run) ||
 +      (vsock && unixsocket) ||
 +      (vsock && listen_stdin) ||
 +      (vsock && run)) { 
Lots of pairings.  I was trying to figure out if:
if (!!port + !!unixsocket + listen_stdin + run + vsock > 1)
is any easier to write, but not quite, since we DO allow port and vsock. 
  So keeping the list of pairs seems to be the best we can do.
 @@ -247,6 +252,74 @@ bind_tcpip_socket (size_t *nr_socks)
     return socks;
   }
   
 +int *
 +bind_vsock (size_t *nr_socks)
 +{
 +#ifdef AF_VSOCK
 +  uint32_t vsock_port;
 +  int sock;
 +  int *ret;
 +  struct sockaddr_vm addr;
 +
 +  if (port == NULL)
 +    vsock_port = 10809;
 +  else {
 +    /* --port parameter must be numeric for vsock, unless
 +     * /etc/services is extended but that seems unlikely. XXX
 +     */
 +    if (nbdkit_parse_uint32_t ("port", port, &vsock_port) == -1)
 +      exit (EXIT_FAILURE);
 +  }
 +
 +#ifdef SOCK_CLOEXEC
 +  sock = socket (AF_VSOCK, SOCK_STREAM|SOCK_CLOEXEC, 0);
 +#else
 +  /* Fortunately, this code is only run at startup, so there is no
 +   * risk of the fd leaking to a plugin's fork()
 +   */
 +  sock = set_cloexec (socket (AF_VSOCK, SOCK_STREAM, 0)); 
Even better, all known platforms with AF_VSOCK have SOCK_CLOEXEC.  Make 
this #else just be an #error.
 +#endif
 +  if (sock == -1) {
 +    perror ("bind_unix_socket: socket");
 +    exit (EXIT_FAILURE);
 +  } 
Also, it wouldn't be that much harder for a followup patch exposing:
nbdkit nbd vsock_cid=... vsock_port=...
to have our passthrough wrapper call into libnbd's nbd_connect_vsock, 
and let nbdkit transparently convert from vsock server to TCP/Unix client.
-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  
qemu.org | 
libvirt.org