Prevent use of socat in firecracker-pilot

Do not shell out socat and use proper UnixListener/UnixStream to do this job. This version of the commit works but I stumbled across a few issues: 1. Permission denied when the UnixListener runs as user and the firecracker process was called as root (run_as: root in the flake). The former implementation ran socat via sudo in the same way as the firecracker process. Thus if you register the flake to run as root it can now also only be called as root, which is acceptable. 2. The behavior in interactive sessions differs compared to socat. When sci in the guest is called it creates a pty and all data is copied to the vsock stream. The host connects via an UDS socket to this data and we multiplex stdin->stream and stream->stdout. When doing this with socat the behavior is different in a way that e.g tabs are effectively interpreted and the pty prompt allows for input on the same line when my code now always needs a newline to renew the prompt. I did not debug further what is needed to make this look nicer.
OSInside · Apr 7, 2024 · 221f228 · 221f228
1 parent 9795131
commit 221f228
Show file tree

Hide file tree

Showing 6 changed files with 220 additions and 95 deletions.
diff --git a/firecracker-pilot/Cargo.toml b/firecracker-pilot/Cargo.toml
@@ -18,3 +18,4 @@ lazy_static = { version = "1.4" }
 serde_yaml = { version = "0.9" }
 strum = { version = "0.25", features = ["derive"] }
 flakes = { version = "3.0.10 ", path = "../common", features = ["json"] }
+libc = { version = "0.2" }
diff --git a/firecracker-pilot/guestvm-tools/sci/src/defaults.rs b/firecracker-pilot/guestvm-tools/sci/src/defaults.rs
@@ -35,6 +35,10 @@ pub const VM_QUIT: &str = "sci_quit";
 pub const VHOST_TRANSPORT: &str = "vmw_vsock_virtio_transport";
 pub const VM_PORT: u32 = 52;
 pub const GUEST_CID: u32 = 3;
+pub const RETRIES: u32 =
+    5;
+pub const VM_WAIT_TIMEOUT_MSEC: u64 =
+    100;
 
 pub fn debug(message: &str) {
     if env::var("PILOT_DEBUG").is_ok() {

diff --git a/firecracker-pilot/guestvm-tools/sci/src/main.rs b/firecracker-pilot/guestvm-tools/sci/src/main.rs
@@ -306,9 +306,9 @@ fn main() {
                             };
                             stream.shutdown(Shutdown::Both).unwrap();
                             if call_str.is_empty() {
-                                // Caused by handshake check from the
-                                // pilot, if the vsock connection between
-                                // guest and host can be established
+                                // Caused by handshake checks that connects
+                                // without sending data
+                                debug("No data received until connection end");
                                 continue
                             }
                             debug(&format!(
@@ -330,25 +330,38 @@ fn main() {
                                 }
                             }
                             debug(&format!(
-                                "CALL SCI: {}", exec_cmd
+                                "CALL SCI: string:'{}' u32:{}",
+                                exec_cmd, exec_port_num
                             ));
 
                             // Establish a VSOCK connection with the farend
                             let thread_handle = thread::spawn(move || {
-                                match VsockStream::connect_with_cid_port(
-                                    2, exec_port_num
-                                ) {
-                                    Ok(vsock_stream) => {
-                                        redirect_command(
-                                            &exec_cmd, vsock_stream
-                                        );
-                                    },
-                                    Err(error) => {
-                                        debug(&format!(
-                                            "VSOCK-CONNECT failed with: {}",
-                                            error
-                                        ));
+                                let mut retry_count = 0;
+                                loop {
+                                    if retry_count == defaults::RETRIES {
+                                        break
                                     }
+                                    match VsockStream::connect_with_cid_port(
+                                        2, exec_port_num
+                                    ) {
+                                        Ok(vsock_stream) => {
+                                            redirect_command(
+                                                &exec_cmd, vsock_stream
+                                            );
+                                            break
+                                        },
+                                        Err(error) => {
+                                            debug(&format!(
+                                                "[{}] VSOCK-CONNECT failed with: {}",
+                                                retry_count, error
+                                            ));
+                                            let some_time = time::Duration::from_millis(
+                                                defaults::VM_WAIT_TIMEOUT_MSEC
+                                            );
+                                            thread::sleep(some_time);
+                                        }
+                                    }
+                                    retry_count += 1
                                 }
                             });
                             if ! resume {

diff --git a/firecracker-pilot/src/defaults.rs b/firecracker-pilot/src/defaults.rs
@@ -45,8 +45,6 @@ pub const GC_THRESHOLD: usize = 20;
 pub const VM_CID: u32 = 3;
 pub const VM_PORT: u32 =
     52;
-pub const SOCAT: &str =
-    "/usr/bin/socat";
 pub const RETRIES: u32 =
     60;
 pub const VM_WAIT_TIMEOUT_MSEC: u64 =