From 33643797adeb88676d410642a8036561f7db6436 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Wed, 25 Jul 2018 09:45:24 -0500
Subject: [PATCH] virtcontainers: Use vsock if host support it

When the hypervisor option `use_vsock` is true the runtime will check for vsock
support. If vsock is supported, not proxy will be used and the shims
will connect to the VM using VSOCKS. This flag is true by default, so will use
VSOCK when possible and no proxy will be started.

fixes #383

Signed-off-by: Jose Carlos Venegas Munoz jose.carlos.venegas.munoz@intel.com
Signed-off-by: Julio Montes <julio.montes@intel.com>
---
 cli/kata-env.go              |  4 ++++
 virtcontainers/hypervisor.go |  3 +++
 virtcontainers/kata_agent.go | 29 +++++++++++++++++++++--------
 3 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/cli/kata-env.go b/cli/kata-env.go
index 6f9a864cb7..0cfeb70e3b 100644
--- a/cli/kata-env.go
+++ b/cli/kata-env.go
@@ -214,6 +214,10 @@ func getHostInfo() (HostInfo, error) {
 }
 
 func getProxyInfo(config oci.RuntimeConfig) (ProxyInfo, error) {
+	if config.ProxyType == vc.NoProxyType {
+		return ProxyInfo{Type: string(config.ProxyType)}, nil
+	}
+
 	version, err := getCommandVersion(defaultProxyPath)
 	if err != nil {
 		version = unknown
diff --git a/virtcontainers/hypervisor.go b/virtcontainers/hypervisor.go
index 3346584712..991b7dfd3d 100644
--- a/virtcontainers/hypervisor.go
+++ b/virtcontainers/hypervisor.go
@@ -68,6 +68,9 @@ const (
 	// SerialPortDev is the serial port device type.
 	serialPortDev
 
+	// vSockPCIDev is the vhost vsock PCI device type.
+	vSockPCIDev
+
 	// VFIODevice is VFIO device type
 	vfioDev
 
diff --git a/virtcontainers/kata_agent.go b/virtcontainers/kata_agent.go
index 069354baea..65c56a1286 100644
--- a/virtcontainers/kata_agent.go
+++ b/virtcontainers/kata_agent.go
@@ -47,13 +47,16 @@ var (
 	kataGuestSandboxDir   = "/run/kata-containers/sandbox/"
 	type9pFs              = "9p"
 	vsockSocketScheme     = "vsock"
-	kata9pDevType         = "9p"
-	kataBlkDevType        = "blk"
-	kataSCSIDevType       = "scsi"
-	sharedDir9pOptions    = []string{"trans=virtio,version=9p2000.L", "nodev"}
-	shmDir                = "shm"
-	kataEphemeralDevType  = "ephemeral"
-	ephemeralPath         = filepath.Join(kataGuestSandboxDir, kataEphemeralDevType)
+	// port numbers below 1024 are called privileged ports. Only a process with
+	// CAP_NET_BIND_SERVICE capability may bind to these port numbers.
+	vSockPort            = 1024
+	kata9pDevType        = "9p"
+	kataBlkDevType       = "blk"
+	kataSCSIDevType      = "scsi"
+	sharedDir9pOptions   = []string{"trans=virtio,version=9p2000.L", "nodev"}
+	shmDir               = "shm"
+	kataEphemeralDevType = "ephemeral"
+	ephemeralPath        = filepath.Join(kataGuestSandboxDir, kataEphemeralDevType)
 )
 
 // KataAgentConfig is a structure storing information needed
@@ -66,6 +69,7 @@ type KataAgentConfig struct {
 type kataVSOCK struct {
 	contextID uint32
 	port      uint32
+	vhostFd   *os.File
 }
 
 func (s *kataVSOCK) String() string {
@@ -203,7 +207,16 @@ func (k *kataAgent) configure(h hypervisor, id, sharePath string, builtin bool,
 			return err
 		}
 	case kataVSOCK:
-		// TODO Add an hypervisor vsock
+		var err error
+		s.vhostFd, s.contextID, err = utils.FindContextID()
+		if err != nil {
+			return err
+		}
+		s.port = uint32(vSockPort)
+		if err := h.addDevice(s, vSockPCIDev); err != nil {
+			return err
+		}
+		k.vmSocket = s
 	default:
 		return fmt.Errorf("Invalid config type")
 	}