From eb90962b277e70ac037e380d861e82fa10437a70 Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Mon, 27 Nov 2023 15:06:58 +0800 Subject: [PATCH 1/8] runtime-rs: introduce a new function generate_vhost_vsock_cid. Introduce a new function generate_vhost_vsock_cid to generate a guest CID and set guest CID for vsock fd. Also this commit wouldn't introduce functional change and it's just splited from the previous VsockDevice::new(). Fixes: #8474 Signed-off-by: alex.lyn --- .../src/device/driver/virtio_vsock.rs | 85 ++++++++++--------- 1 file changed, 46 insertions(+), 39 deletions(-) diff --git a/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs b/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs index 6ca8879536..76ca9dabc2 100644 --- a/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs +++ b/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs @@ -121,46 +121,53 @@ const CID_RETRY_COUNT: u32 = 50; impl VsockDevice { pub async fn new(id: String) -> Result { - let vhost_fd = OpenOptions::new() - .read(true) - .write(true) - .open(VHOST_VSOCK_DEVICE) + let (guest_cid, vhost_fd) = generate_vhost_vsock_cid() .await - .context(format!( - "failed to open {}, try to run modprobe vhost_vsock.", - VHOST_VSOCK_DEVICE - ))?; - let mut rng = rand::thread_rng(); + .context("generate vhost vsock cid failed")?; - // Try 50 times to find a context ID that is not in use. - for _ in 0..CID_RETRY_COUNT { - // First usable CID above VMADDR_CID_HOST (see vsock(7)) - let first_usable_cid = 3; - let rand_cid = rng.gen_range(first_usable_cid..=(u32::MAX)); - let guest_cid = - unsafe { vhost_vsock_set_guest_cid(vhost_fd.as_raw_fd(), &(rand_cid as u64)) }; - match guest_cid { - Ok(_) => { - return Ok(VsockDevice { - id, - config: VsockConfig { - guest_cid: rand_cid, - vhost_fd, - }, - }); - } - Err(nix::Error::EADDRINUSE) => { - // The CID is already in use. Try another one. - } - Err(err) => { - return Err(err).context("failed to set guest CID"); - } - } - } - - anyhow::bail!( - "failed to find a free vsock context ID after {} attempts", - CID_RETRY_COUNT - ); + Ok(Self { + id, + config: VsockConfig { + guest_cid, + vhost_fd, + }, + }) } } + +pub async fn generate_vhost_vsock_cid() -> Result<(u32, File)> { + let vhost_fd = OpenOptions::new() + .read(true) + .write(true) + .open(VHOST_VSOCK_DEVICE) + .await + .context(format!( + "failed to open {}, try to run modprobe vhost_vsock.", + VHOST_VSOCK_DEVICE + ))?; + let mut rng = rand::thread_rng(); + + // Try 50 times to find a context ID that is not in use. + for _ in 0..CID_RETRY_COUNT { + // First usable CID above VMADDR_CID_HOST (see vsock(7)) + let first_usable_cid = 3; + let rand_cid = rng.gen_range(first_usable_cid..=(u32::MAX)); + let guest_cid = + unsafe { vhost_vsock_set_guest_cid(vhost_fd.as_raw_fd(), &(rand_cid as u64)) }; + match guest_cid { + Ok(_) => return Ok((rand_cid, vhost_fd)), + Err(nix::Error::EADDRINUSE) => { + // The CID is already in use. Try another one. + continue; + } + Err(err) => { + return Err(err).context("failed to set guest CID"); + } + }; + } + + anyhow::bail!( + "failed to find a free vsock context ID after {} attempts", + CID_RETRY_COUNT + ); +} From e31dbc94a585fcca2a88c0b7305d9ff02cbff118 Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Mon, 27 Nov 2023 15:11:21 +0800 Subject: [PATCH 2/8] runtime-rs: remove vhost_fd from VsockConfig and make it cloneable. Currently encounters difficulty in utilizing the clone operation on VsockConfig due to the implicit management of the vhost fd within the runtime-rs. This responsibility should be delegated to the VMM(especially QEMU) child process, as it's not runtime-rs core responsibilities. We'll remove the member vhost_fd from VsockConfig and make the VsockConfig/VsockDevice Cloneable. Fixes: #8474 Signed-off-by: alex.lyn --- .../hypervisor/src/device/driver/virtio_vsock.rs | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs b/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs index 76ca9dabc2..c4d4664041 100644 --- a/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs +++ b/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs @@ -84,16 +84,13 @@ impl Device for HybridVsockDevice { } } -#[derive(Debug)] +#[derive(Clone, Debug)] pub struct VsockConfig { /// A 32-bit Context Identifier (CID) used to identify the guest. pub guest_cid: u32, - - /// Vhost vsock fd. Hold to ensure CID is not used by other VM. - pub vhost_fd: File, } -#[derive(Debug)] +#[derive(Clone, Debug)] pub struct VsockDevice { /// Unique identifier of the device pub id: String, @@ -121,16 +118,13 @@ const CID_RETRY_COUNT: u32 = 50; impl VsockDevice { pub async fn new(id: String) -> Result { - let (guest_cid, vhost_fd) = generate_vhost_vsock_cid() + let (guest_cid, _vhost_fd) = generate_vhost_vsock_cid() .await .context("generate vhost vsock cid failed")?; Ok(Self { id, - config: VsockConfig { - guest_cid, - vhost_fd, - }, + config: VsockConfig { guest_cid }, }) } } From 1a6b45d3b758752a030b261ce257bd9e5561dd5a Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Mon, 27 Nov 2023 15:12:44 +0800 Subject: [PATCH 3/8] runtime-rs: Reintroduce Vsock and add it to the DeviceType enum As vsock device will be used in Qemu or other VMMs, the Vsoock is reintroduced to DeviceType enum. Fixes: #8474 Signed-off-by: Pavel Mores Signed-off-by: alex.lyn --- src/runtime-rs/crates/hypervisor/src/device/mod.rs | 3 ++- .../crates/hypervisor/src/dragonball/inner_device.rs | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/runtime-rs/crates/hypervisor/src/device/mod.rs b/src/runtime-rs/crates/hypervisor/src/device/mod.rs index b40f784ddb..71b9575dbe 100644 --- a/src/runtime-rs/crates/hypervisor/src/device/mod.rs +++ b/src/runtime-rs/crates/hypervisor/src/device/mod.rs @@ -10,7 +10,7 @@ use crate::device::driver::vhost_user_blk::VhostUserBlkDevice; use crate::{ BlockConfig, BlockDevice, HybridVsockConfig, HybridVsockDevice, Hypervisor as hypervisor, NetworkConfig, NetworkDevice, ShareFsConfig, ShareFsDevice, VfioConfig, VfioDevice, - VhostUserConfig, VsockConfig, + VhostUserConfig, VsockConfig, VsockDevice, }; use anyhow::Result; use async_trait::async_trait; @@ -38,6 +38,7 @@ pub enum DeviceType { Network(NetworkDevice), ShareFs(ShareFsDevice), HybridVsock(HybridVsockDevice), + Vsock(VsockDevice), } impl fmt::Display for DeviceType { diff --git a/src/runtime-rs/crates/hypervisor/src/dragonball/inner_device.rs b/src/runtime-rs/crates/hypervisor/src/dragonball/inner_device.rs index 7f86b4d3a8..9484d3dc42 100644 --- a/src/runtime-rs/crates/hypervisor/src/dragonball/inner_device.rs +++ b/src/runtime-rs/crates/hypervisor/src/dragonball/inner_device.rs @@ -67,6 +67,7 @@ impl DragonballInner { DeviceType::ShareFs(sharefs) => self .add_share_fs_device(&sharefs.config) .context("add share fs device"), + DeviceType::Vsock(_) => todo!(), } } From 6af059227468763ac5725a1dc59c0774e2a9b81c Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Mon, 27 Nov 2023 15:21:56 +0800 Subject: [PATCH 4/8] runtime-rs: Add vsock device in device manager. (1) Implement Device Trait for vsock device. (2) add vsock device in device manager. Fixes: #8474 Signed-off-by: alex.lyn --- .../hypervisor/src/device/device_manager.rs | 9 +++-- .../src/device/driver/virtio_vsock.rs | 37 +++++++++++++++++++ 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/src/runtime-rs/crates/hypervisor/src/device/device_manager.rs b/src/runtime-rs/crates/hypervisor/src/device/device_manager.rs index 8d71ecbccd..31602a01f0 100644 --- a/src/runtime-rs/crates/hypervisor/src/device/device_manager.rs +++ b/src/runtime-rs/crates/hypervisor/src/device/device_manager.rs @@ -12,7 +12,7 @@ use tokio::sync::{Mutex, RwLock}; use crate::{ vhost_user_blk::VhostUserBlkDevice, BlockConfig, BlockDevice, HybridVsockDevice, Hypervisor, - NetworkDevice, ShareFsDevice, VfioDevice, VhostUserConfig, KATA_BLK_DEV_TYPE, + NetworkDevice, ShareFsDevice, VfioDevice, VhostUserConfig, VsockDevice, KATA_BLK_DEV_TYPE, KATA_MMIO_BLK_DEV_TYPE, KATA_NVDIMM_DEV_TYPE, VIRTIO_BLOCK_MMIO, VIRTIO_BLOCK_PCI, VIRTIO_PMEM, }; @@ -330,6 +330,10 @@ impl DeviceManager { // No need to do find device for hybrid vsock device. Arc::new(Mutex::new(HybridVsockDevice::new(&device_id, hvconfig))) } + DeviceConfig::VsockCfg(_vconfig) => { + // No need to do find device for vsock device. + Arc::new(Mutex::new(VsockDevice::new(device_id.clone()).await?)) + } DeviceConfig::ShareFsCfg(config) => { // Try to find the sharefs device. If found, just return matched device id. if let Some(device_id_matched) = @@ -346,9 +350,6 @@ impl DeviceManager { Arc::new(Mutex::new(ShareFsDevice::new(&device_id, config))) } - _ => { - return Err(anyhow!("invliad device type")); - } }; // register device to devices diff --git a/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs b/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs index c4d4664041..f3ef545a96 100644 --- a/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs +++ b/src/runtime-rs/crates/hypervisor/src/device/driver/virtio_vsock.rs @@ -129,6 +129,43 @@ impl VsockDevice { } } +#[async_trait] +impl Device for VsockDevice { + async fn attach(&mut self, h: &dyn hypervisor) -> Result<()> { + h.add_device(DeviceType::Vsock(self.clone())) + .await + .context("add vsock device.")?; + + return Ok(()); + } + + async fn detach(&mut self, _h: &dyn hypervisor) -> Result> { + // no need to do detach, just return Ok(None) + Ok(None) + } + + async fn update(&mut self, _h: &dyn hypervisor) -> Result<()> { + // There's no need to do update for vsock device + Ok(()) + } + + async fn get_device_info(&self) -> DeviceType { + DeviceType::Vsock(self.clone()) + } + + async fn increase_attach_count(&mut self) -> Result { + // vsock devices will not be attached multiple times, Just return Ok(false) + + Ok(false) + } + + async fn decrease_attach_count(&mut self) -> Result { + // vsock devices will not be detached multiple times, Just return Ok(false) + + Ok(false) + } +} + pub async fn generate_vhost_vsock_cid() -> Result<(u32, File)> { let vhost_fd = OpenOptions::new() .read(true) From c5178dd258ef7694d9e96ca946e77f22511e3bc8 Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Mon, 4 Dec 2023 14:18:46 +0800 Subject: [PATCH 5/8] runtime-rs: Introduce Capability of HybridVsockSupport. Introduce HybridVsock Cap to judge which kind of vm socket will be supported by the Hypervisor. Use `is_hybrid_vsock_supported` to tell if an hypervisor supports hybrid-vsock, if not, it supports legacy vsock. Fixes: #8474 Signed-off-by: alex.lyn --- src/libs/kata-types/src/capabilities.rs | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/libs/kata-types/src/capabilities.rs b/src/libs/kata-types/src/capabilities.rs index 15207e6136..7d24ee2c1d 100644 --- a/src/libs/kata-types/src/capabilities.rs +++ b/src/libs/kata-types/src/capabilities.rs @@ -17,6 +17,8 @@ pub enum CapabilityBits { MultiQueueSupport, /// hypervisor supports filesystem share FsSharingSupport, + /// hypervisor supports hybrid-vsock + HybridVsockSupport, } /// Capabilities describe a virtcontainers hypervisor capabilities through a bit mask. @@ -60,6 +62,11 @@ impl Capabilities { self.flags.and(CapabilityBits::MultiQueueSupport) != 0 } + /// is_hybrid_vsock_supported tells if an hypervisor supports hybrid-vsock support. + pub fn is_hybrid_vsock_supported(&self) -> bool { + self.flags.and(CapabilityBits::HybridVsockSupport) != 0 + } + /// is_fs_sharing_supported tells if an hypervisor supports host filesystem sharing. pub fn is_fs_sharing_supported(&self) -> bool { self.flags.and(CapabilityBits::FsSharingSupport) != 0 @@ -77,6 +84,9 @@ mod tests { let mut cap = Capabilities::new(); assert!(!cap.is_block_device_supported()); + // test legacy vsock support + assert!(!cap.is_hybrid_vsock_supported()); + // test set block device support cap.set(CapabilityBits::BlockDeviceSupport); assert!(cap.is_block_device_supported()); @@ -102,6 +112,10 @@ mod tests { | CapabilityBits::MultiQueueSupport | CapabilityBits::FsSharingSupport, ); - assert!(cap.is_fs_sharing_supported()) + assert!(cap.is_fs_sharing_supported()); + + // test set hybrid-vsock support + cap.set(CapabilityBits::HybridVsockSupport); + assert!(cap.is_hybrid_vsock_supported()); } } From 60f88da5e126313ae026372f944d78d7c007c1b5 Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Mon, 4 Dec 2023 14:38:06 +0800 Subject: [PATCH 6/8] runtime-rs: add Capability of HybridVsockSupport for Hypervisor. Add Cap of HybridVsockSupport for hypervisors CLH and Dragonball which use hybrid-vsock, default for Qemu, which uses legacy vsock. Fixes: #8474 Signed-off-by: alex.lyn --- src/runtime-rs/crates/hypervisor/src/ch/inner.rs | 3 ++- src/runtime-rs/crates/hypervisor/src/ch/inner_hypervisor.rs | 5 ++++- src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/runtime-rs/crates/hypervisor/src/ch/inner.rs b/src/runtime-rs/crates/hypervisor/src/ch/inner.rs index dfab644d15..fd771861cf 100644 --- a/src/runtime-rs/crates/hypervisor/src/ch/inner.rs +++ b/src/runtime-rs/crates/hypervisor/src/ch/inner.rs @@ -83,7 +83,8 @@ impl CloudHypervisorInner { capabilities.set( CapabilityBits::BlockDeviceSupport | CapabilityBits::BlockDeviceHotplugSupport - | CapabilityBits::FsSharingSupport, + | CapabilityBits::FsSharingSupport + | CapabilityBits::HybridVsockSupport, ); let (tx, rx) = channel(true); diff --git a/src/runtime-rs/crates/hypervisor/src/ch/inner_hypervisor.rs b/src/runtime-rs/crates/hypervisor/src/ch/inner_hypervisor.rs index e10a557e06..1ee84461ba 100644 --- a/src/runtime-rs/crates/hypervisor/src/ch/inner_hypervisor.rs +++ b/src/runtime-rs/crates/hypervisor/src/ch/inner_hypervisor.rs @@ -690,11 +690,14 @@ impl CloudHypervisorInner { let flags = if guest_protection_is_tdx(self.guest_protection_to_use.clone()) { // TDX does not permit the use of virtio-fs. - CapabilityBits::BlockDeviceSupport | CapabilityBits::BlockDeviceHotplugSupport + CapabilityBits::BlockDeviceSupport + | CapabilityBits::BlockDeviceHotplugSupport + | CapabilityBits::HybridVsockSupport } else { CapabilityBits::BlockDeviceSupport | CapabilityBits::BlockDeviceHotplugSupport | CapabilityBits::FsSharingSupport + | CapabilityBits::HybridVsockSupport }; caps.set(flags); diff --git a/src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs b/src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs index 68d4d7fbe2..7879f1c44a 100644 --- a/src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs +++ b/src/runtime-rs/crates/hypervisor/src/dragonball/inner.rs @@ -76,7 +76,8 @@ impl DragonballInner { capabilities.set( CapabilityBits::BlockDeviceSupport | CapabilityBits::BlockDeviceHotplugSupport - | CapabilityBits::FsSharingSupport, + | CapabilityBits::FsSharingSupport + | CapabilityBits::HybridVsockSupport, ); DragonballInner { id: "".to_string(), From 6c08cf35d5a8bd0347c91e95f5d305ba41486bee Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Mon, 4 Dec 2023 15:28:39 +0800 Subject: [PATCH 7/8] runtime-rs: Introduce prepare_vm_socket_config to VirtSandbox. Instroduce prepare_vm_socket_config to VirtSandbox for vm socket config, including Vsock and Hybrid Vsock. Use the capabilities() trait of the hypervisor to get the vm socket supported in VMM. Fixes: #8474 Signed-off-by: alex.lyn --- .../runtimes/virt_container/src/sandbox.rs | 33 +++++++++++++++---- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs index a86aa07d7c..b1b18021e9 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs +++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs @@ -102,13 +102,12 @@ impl VirtSandbox { ) -> Result> { let mut resource_configs = vec![]; - // Prepare VM hybrid vsock device config and add the hybrid vsock device first. - info!(sl!(), "prepare hybrid vsock resource for sandbox."); - let vm_hvsock = ResourceConfig::HybridVsock(HybridVsockConfig { - guest_cid: DEFAULT_GUEST_VSOCK_CID, - uds_path: get_hvsock_path(id), - }); - resource_configs.push(vm_hvsock); + info!(sl!(), "prepare vm socket config for sandbox."); + let vm_socket_config = self + .prepare_vm_socket_config() + .await + .context("failed to prepare vm socket config")?; + resource_configs.push(vm_socket_config); // prepare network config if !network_env.network_created { @@ -223,6 +222,26 @@ impl VirtSandbox { }) } + async fn prepare_vm_socket_config(&self) -> Result { + // It will check the hypervisor's capabilities to see if it supports hybrid-vsock. + let vm_socket = if self + .hypervisor + .capabilities() + .await? + .is_hybrid_vsock_supported() + { + // Firecracker/Dragonball/CLH use the hybrid-vsock device model. + ResourceConfig::HybridVsock(HybridVsockConfig { + guest_cid: DEFAULT_GUEST_VSOCK_CID, + uds_path: get_hvsock_path(&self.sid), + }) + } else { + return Err(anyhow!("unsupported vm socket")); + }; + + Ok(vm_socket) + } + fn has_prestart_hooks( &self, prestart_hooks: Vec, From 0fabfa336d94baa98a1115acdd7a24977b6ab4c6 Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Mon, 4 Dec 2023 15:40:28 +0800 Subject: [PATCH 8/8] runtime-rs: bring support for legacy vsock device. Bring support for legacy vsock and add Vsock to the ResourceConfig enum type, and add the processing flow of the Vsock device to the prepare_before_start_vm function. Fixes: #8474 Signed-off-by: alex.lyn --- src/runtime-rs/crates/resource/src/lib.rs | 3 ++- src/runtime-rs/crates/resource/src/manager_inner.rs | 5 +++++ .../crates/runtimes/virt_container/src/sandbox.rs | 8 +++++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/runtime-rs/crates/resource/src/lib.rs b/src/runtime-rs/crates/resource/src/lib.rs index f7df9b687b..3a7524da9c 100644 --- a/src/runtime-rs/crates/resource/src/lib.rs +++ b/src/runtime-rs/crates/resource/src/lib.rs @@ -17,7 +17,7 @@ pub mod manager; mod manager_inner; pub mod network; pub mod resource_persist; -use hypervisor::{BlockConfig, HybridVsockConfig}; +use hypervisor::{BlockConfig, HybridVsockConfig, VsockConfig}; use network::NetworkConfig; pub mod rootfs; pub mod share_fs; @@ -33,6 +33,7 @@ pub enum ResourceConfig { ShareFs(SharedFsInfo), VmRootfs(BlockConfig), HybridVsock(HybridVsockConfig), + Vsock(VsockConfig), } #[derive(Debug, Clone, Copy, PartialEq)] diff --git a/src/runtime-rs/crates/resource/src/manager_inner.rs b/src/runtime-rs/crates/resource/src/manager_inner.rs index 2ee6a5a054..592b2f5d4f 100644 --- a/src/runtime-rs/crates/resource/src/manager_inner.rs +++ b/src/runtime-rs/crates/resource/src/manager_inner.rs @@ -134,6 +134,11 @@ impl ResourceManagerInner { .await .context("do handle hybrid-vsock device failed.")?; } + ResourceConfig::Vsock(v) => { + do_handle_device(&self.device_manager, &DeviceConfig::VsockCfg(v)) + .await + .context("do handle vsock device failed.")?; + } }; } diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs index b1b18021e9..e103f18d70 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs +++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs @@ -14,6 +14,7 @@ use async_trait::async_trait; use common::message::{Action, Message}; use common::{Sandbox, SandboxNetworkEnv}; use containerd_shim_protos::events::task::TaskOOM; +use hypervisor::VsockConfig; use hypervisor::{dragonball::Dragonball, BlockConfig, Hypervisor, HYPERVISOR_DRAGONBALL}; use hypervisor::{utils::get_hvsock_path, HybridVsockConfig, DEFAULT_GUEST_VSOCK_CID}; use kata_sys_util::hooks::HookStates; @@ -28,6 +29,7 @@ use tracing::instrument; use crate::health_check::HealthCheck; pub(crate) const VIRTCONTAINER: &str = "virt_container"; + pub struct SandboxRestoreArgs { pub sid: String, pub toml_config: TomlConfig, @@ -224,6 +226,7 @@ impl VirtSandbox { async fn prepare_vm_socket_config(&self) -> Result { // It will check the hypervisor's capabilities to see if it supports hybrid-vsock. + // If it does not, it'll assume that it only supports legacy vsock. let vm_socket = if self .hypervisor .capabilities() @@ -236,7 +239,10 @@ impl VirtSandbox { uds_path: get_hvsock_path(&self.sid), }) } else { - return Err(anyhow!("unsupported vm socket")); + // Qemu uses the vsock device model. + ResourceConfig::Vsock(VsockConfig { + guest_cid: libc::VMADDR_CID_ANY, + }) }; Ok(vm_socket)