vsock: initiate a quick handshake to avoid VSOCK_DEFAULT_CONNECT_TIMEOUT #2656
Conversation
We will suffer default two seconds timeout, when kata-runtime initiates a connection to agent server, but right now vsock transport in guest part isn't ready. Here, taking advices from Stefan Hajnoczi, we will do a quick handshake to ensure host initiating connection until vsock device is completely ready. The quick handshake follows above steps: 1. kata-runtime listens on a vsock port 2. agent.vsock_host_port=PORT is added to the kernel command-line options 3. kata-agent parses the port number and connects to the host This commit covers the 1-2 parts in kata-runtime. Fixes: kata-containers#1917 Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Pennyzct
added
the
wip
|
Hi guys |
|
Hi @stefanha |
| if err != nil { | ||
| return err | ||
| } | ||
| defer syscall.Close(socket) |
There was a problem hiding this comment.
There is a race condition here: we fetch the port number and then close the file descriptor. Now another host process can reuse the same port number before we get a chance to call vsock.Listen(). When this happens our vsock.Listen() call will fail.
Please keep the file descriptor open and use it instead of calling vsock.Listen() later on.
There was a problem hiding this comment.
okay, thanks. I'll save the server socket somewhere for later use.
| // receive a connection from agent, that is, | ||
| // vsock device in guest is ready. | ||
| return nil | ||
| case <-time.After(vsockReadyTimeOut): |
There was a problem hiding this comment.
Is it necessary to introduce a new timeout? This timeout includes guest kernel boot and kata-agent startup, so 2 seconds might be a little short on a heavily loaded host.
I think a timeout isn't needed here since the container runtime fails container startup after some time anyway.
We will suffer default two seconds timeout, when kata-runtime initiates a connection to agent server,and right now vsock transport in guest part isn't ready.
Here, taking advices from Stefan Hajnoczi, we will do a quick handshake to ensure host initiating connection until vsock device is completely ready.
The quick handshake follows below steps:
agent.vsock_host_port=PORTis added to the kernel command-line optionsThis commit here covers the 1-2 parts in kata-runtime.
Fixes: #1917
Signed-off-by: Penny Zheng penny.zheng@arm.com