From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 9CE821DF75; Sat, 29 Nov 2025 13:46:53 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id DC47B1DEFF; Sat, 29 Nov 2025 13:46:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-b4-smtp.messagingengine.com (fhigh-b4-smtp.messagingengine.com [202.12.124.155]) by atuin.qyliss.net (Postfix) with ESMTPS id AC2741DEFD for ; Sat, 29 Nov 2025 13:46:49 +0000 (UTC) Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45]) by mailfhigh.stl.internal (Postfix) with ESMTP id D73467A0170; Sat, 29 Nov 2025 08:46:46 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-05.internal (MEProxy); Sat, 29 Nov 2025 08:46:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1764424006; x=1764510406; bh=PnqbYX2Ft+ 2wyWLOOSH7KQIkq9uBEE3VkFYyM0OINNw=; b=eAJu+G9v/e7CDrPWoZoDUVgapJ z7kwsCKJShoLNOKH9gYjk31C/jYZ7JWGnpEoVSmFTM0jV5n+UL/KpYF9ZC5itrKU c3pGld6TokM6H0Xnr8OIlayLUBFGDpWzaKTPRQNKR7VHCcyCCYx4u2Av+8Kl6USl 9E4uTu34p1ePrmmZOBj56PeROFReWJVjI8uPLgPJiQMNV64adf86b2ie7bPI44SC 762gOXvKWOh6PJVRjuA+PXfOYE2xBkuqIc6jvvKG5e2PXw+HZWQhdyTzB2KO+KpH 3ZCAhIk6Xxtsr7JA15DGrqhH5yF8hokXw3qvxL7lXdNhxUdbSmvHlSoOOlKw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1764424006; x=1764510406; bh=PnqbYX2Ft+2wyWLOOSH7KQIkq9uBEE3VkFY yM0OINNw=; b=eBOuYTK65Gp5hfoKa6nZgKJMo7Z8Cb2XKplGkehLavxODv6RL0i BHFN2o5arEobJnDlXhZUbCiE+ng6NnhHpqhMR+rPHL25Qh/yQEE/YCgVDwFlSG+c hFK4MzMCc1Um1gvT4QRmSQKEWpY8Dkf1VtUEFwt/g8evmL4f5hgaKSSqf0+UdHHq xOdnuZlmi2BzM5Hx3LX/nBUavTNASTWdvo3PfmICv70KoYynptb2LQy1mJ8/w+AK +nu9uFtr4IbpXmlGEaUgspRmsN0AGbXpfwGs0tNVJ9kQOmqvBYOtsLDqG4eH3j2i GUdiI/dAZQLUpK13e+QjNCtOrVPB7v3dydA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvhedviedvucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhephffvvefujghffffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcu tfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeeiudffue eilefgtefgtddttdekkeehkefgheekudefveetgeefiefftedvteeuveenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrd hishdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep hihurhgvkhgrsegthigsvghrtghhrghoshdruggvvhdprhgtphhtthhopeguvghvvghlse hsphgvtghtrhhumhdqohhsrdhorhhg X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 29 Nov 2025 08:46:46 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id 821F62DB7980; Sat, 29 Nov 2025 14:46:44 +0100 (CET) From: Alyssa Ross To: Yureka Lilian Subject: Re: [PATCH v2 5/7] host: integrate router In-Reply-To: <20251128223038.97536-6-yureka@cyberchaos.dev> References: <20251128223038.97536-1-yureka@cyberchaos.dev> <20251128223038.97536-6-yureka@cyberchaos.dev> Date: Sat, 29 Nov 2025 14:46:43 +0100 Message-ID: <87ldjp3q9o.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: AVHNGOYNTO3H3OFNROYQDTMRBTYOUCZA X-Message-ID-Hash: AVHNGOYNTO3H3OFNROYQDTMRBTYOUCZA X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: devel@spectrum-os.org X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Yureka Lilian writes: > This removes the old host bridge + taps glue, and instead connects the > apps to their net provider's router instance. > > Signed-off-by: Yureka Lilian > --- > host/rootfs/default.nix | 4 +- > host/rootfs/file-list.mk | 3 + > .../data/service/spectrum-router/down | 0 > .../template/data/service/spectrum-router/run | 13 ++++ > .../image/usr/bin/assign-driver-router-iface | 11 +++ > host/rootfs/image/usr/bin/run-vmm | 12 +-- > host/rootfs/image/usr/bin/vm-import | 13 ---- > pkgs/overlay.nix | 1 + > tools/start-vmm/ch.rs | 38 ++-------- > tools/start-vmm/lib.rs | 76 +++++++++++++------ > tools/start-vmm/meson.build | 2 +- > tools/start-vmm/net-util.c | 39 ---------- > tools/start-vmm/net-util.h | 6 -- > tools/start-vmm/net.c | 55 -------------- > tools/start-vmm/net.rs | 11 --- > tools/start-vmm/tests/meson.build | 5 -- > .../start-vmm/tests/tap_open-name-too-long.c | 20 ----- > tools/start-vmm/tests/tap_open.c | 28 ------- > 18 files changed, 89 insertions(+), 248 deletions(-) > create mode 100644 host/rootfs/image/etc/s6-linux-init/run-image/service= /vm-services/template/data/service/spectrum-router/down > create mode 100755 host/rootfs/image/etc/s6-linux-init/run-image/service= /vm-services/template/data/service/spectrum-router/run > create mode 100755 host/rootfs/image/usr/bin/assign-driver-router-iface > delete mode 100644 tools/start-vmm/net-util.c > delete mode 100644 tools/start-vmm/net-util.h > delete mode 100644 tools/start-vmm/net.c > delete mode 100644 tools/start-vmm/tests/tap_open-name-too-long.c > delete mode 100644 tools/start-vmm/tests/tap_open.c > > diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix > index 4bbbe23..3b8557c 100644 > --- a/host/rootfs/default.nix > +++ b/host/rootfs/default.nix > @@ -8,7 +8,7 @@ import ../../lib/call-package.nix ( > }: > pkgsMusl.callPackage ( >=20=20 > -{ spectrum-host-tools > +{ spectrum-host-tools, spectrum-router > , lib, stdenvNoCC, nixos, runCommand, writeClosure, erofs-utils, s6-rc > , busybox, cloud-hypervisor, cosmic-files, crosvm, cryptsetup > , dejavu_fonts, dbus, execline, foot, fuse3, iproute2, inotify-tools > @@ -27,7 +27,7 @@ let > cloud-hypervisor cosmic-files crosvm cryptsetup dbus execline > fuse3 inotify-tools iproute2 jq kmod mdevd s6 s6-linux-init s6-rc > socat spectrum-host-tools systemd util-linuxMinimal virtiofsd > - xdg-desktop-portal-spectrum-host > + xdg-desktop-portal-spectrum-host spectrum-router Usually I try to keep these sorted, but I can always fix that sort of thing up myself. > diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-ser= vices/template/data/service/spectrum-router/down b/host/rootfs/image/etc/s6= -linux-init/run-image/service/vm-services/template/data/service/spectrum-ro= uter/down > new file mode 100644 > index 0000000..e69de29 > diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-ser= vices/template/data/service/spectrum-router/run b/host/rootfs/image/etc/s6-= linux-init/run-image/service/vm-services/template/data/service/spectrum-rou= ter/run > new file mode 100755 > index 0000000..fae9d9d > --- /dev/null > +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/t= emplate/data/service/spectrum-router/run > @@ -0,0 +1,13 @@ > +#!/bin/execlineb -P > +# SPDX-License-Identifier: EUPL-1.2+ > +# SPDX-FileCopyrightText: 2025 Yureka Lilian > + > +importas -i VM VM > + > +background { > + assign-driver-router-iface ${VM} You can just write $VM here since it's a whole word on its own. > +} > + > +export RUST_LOG debug This intentioally still here? > +spectrum-router --app-listen-path ${VM}/router-app.sock --driver-listen-= path ${VM}/router-driver.sock > + > diff --git a/host/rootfs/image/usr/bin/assign-driver-router-iface b/host/= rootfs/image/usr/bin/assign-driver-router-iface > new file mode 100755 > index 0000000..c555fb6 > --- /dev/null > +++ b/host/rootfs/image/usr/bin/assign-driver-router-iface > @@ -0,0 +1,11 @@ > +#!/bin/execlineb -S1 > +# SPDX-License-Identifier: EUPL-1.2+ > +# SPDX-FileCopyrightText: 2025 Alyssa Ross > +# SPDX-FileCopyrightText: 2025 Yureka Lilian > + > +# This script is to be called once it is known that this VM is a driver = VM > +# (net provider) AND the vmm endpoint is ready. > +# It add the interface between the router and the driver VM. add*s* > diff --git a/tools/start-vmm/ch.rs b/tools/start-vmm/ch.rs > index abe1742..56b18f4 100644 > --- a/tools/start-vmm/ch.rs > +++ b/tools/start-vmm/ch.rs > @@ -1,7 +1,7 @@ > // SPDX-License-Identifier: EUPL-1.2+ > // SPDX-FileCopyrightText: 2022-2024 Alyssa Ross > +// SPDX-FileCopyrightText: 2025 Yureka Lilian >=20=20 > -use std::convert::TryFrom; > use std::ffi::OsStr; > use std::fs::File; > use std::io::Write; > @@ -10,7 +10,6 @@ use std::num::NonZeroI32; > use std::os::unix::prelude::*; > use std::path::Path; > use std::process::{Command, Stdio}; > -use std::string::FromUtf8Error; >=20=20 > use miniserde::{Serialize, json}; >=20=20 > @@ -46,7 +45,7 @@ pub struct GpuConfig { >=20=20 > #[derive(Serialize)] > pub struct NetConfig { > - pub fd: RawFd, > + pub vhost_user_sock: String, > pub id: String, > pub mac: MacAddress, > } > @@ -137,7 +136,10 @@ pub fn create_vm(vm_dir: &Path, ready_fd: File, mut = config: VmConfig) -> Result< >=20=20 > pub fn add_net(vm_dir: &Path, net: &NetConfig) -> Result<(), NonZeroI32>= { > let mut ch_remote =3D command(vm_dir, "add-net") > - .arg(format!("fd=3D{},id=3D{},mac=3D{}", net.fd, net.id, net.mac= )) > + .arg(format!( > + "vhost_user=3Don,socket=3D{},id=3D{},mac=3D{}", > + net.vhost_user_sock, net.id, net.mac > + )) > .stdout(Stdio::piped()) > .spawn() > .or(Err(EPERM))?; If we're not sending fds any more, I think we can just get rid of this, and include network devices in the vm.create request. (vhost_user_sock will need to be changed to vhost_socket to match the Cloud Hypervisor API.) > diff --git a/tools/start-vmm/lib.rs b/tools/start-vmm/lib.rs > index 0422d85..246dd6d 100644 > --- a/tools/start-vmm/lib.rs > +++ b/tools/start-vmm/lib.rs > @@ -1,23 +1,24 @@ > // SPDX-License-Identifier: EUPL-1.2+ > // SPDX-FileCopyrightText: 2022-2024 Alyssa Ross > +// SPDX-FileCopyrightText: 2025 Yureka Lilian >=20=20 > mod ch; > mod net; > mod s6; >=20=20 > use std::borrow::Cow; > -use std::convert::TryInto; > use std::env::args_os; > use std::ffi::OsStr; > use std::fs::File; > -use std::io::{self, ErrorKind}; > +use std::hash::{Hash, Hasher}; > +use std::io::ErrorKind; > use std::path::Path; >=20=20 > use ch::{ > - ConsoleConfig, DiskConfig, FsConfig, GpuConfig, LandlockConfig, Memo= ryConfig, PayloadConfig, > - VmConfig, VsockConfig, > + ConsoleConfig, DiskConfig, FsConfig, GpuConfig, LandlockConfig, Memo= ryConfig, NetConfig, > + PayloadConfig, VmConfig, VsockConfig, > }; > -use net::net_setup; > +use net::MacAddress; >=20=20 > pub fn prog_name() -> String { > args_os() > @@ -40,8 +41,6 @@ pub fn vm_config(vm_dir: &Path) -> Result { > return Err(format!("VM name may not contain a colon: {vm_name:?}= ")); > } >=20=20 > - let name_bytes =3D vm_name.as_bytes(); > - > let config_dir =3D vm_dir.join("config"); > let blk_dir =3D config_dir.join("blk"); > let kernel_path =3D config_dir.join("vmlinux"); > @@ -97,24 +96,51 @@ pub fn vm_config(vm_dir: &Path) -> Result { > shared: true, > }, > net: match net_providers_dir.read_dir() { > - Ok(_) =3D> { > - // SAFETY: we check the result. > - let net =3D unsafe { > - net_setup( > - name_bytes.as_ptr().cast(), > - name_bytes > - .len() > - .try_into() > - .map_err(|e| format!("VM name too long: {e}"= ))?, > - ) > - }; > - if net.fd =3D=3D -1 { > - let e =3D io::Error::last_os_error(); > - return Err(format!("setting up networking failed: {e= }")); > - } > - > - vec![net.try_into().unwrap()] > - } > + Ok(entries) =3D> entries > + .into_iter() > + .map(|result| { > + Ok(result > + .map_err(|e| format!("examining directory entry:= {e}"))? > + .path()) > + }) > + .map(|result: Result<_, String>| { > + let provider_name =3D result?.file_name().ok_or("una= ble to get net provider name".to_string())?.to_str().unwrap().to_string(); > + > + if provider_name.contains(',') { > + return Err(format!("illegal ',' character in net= provider name {provider_name:?}")); > + } > + > + let mut hasher =3D std::hash::DefaultHasher::new(); > + vm_name.hash(&mut hasher); > + let id_hashed =3D hasher.finish(); > + > + let mac =3D MacAddress::new([ > + 0x02, // IEEE 802c administratively assigned > + 0x00, // Spectrum client > + (id_hashed >> 24) as u8, > + (id_hashed >> 16) as u8, > + (id_hashed >> 8) as u8, > + id_hashed as u8, > + ]); > + > + let provider_id =3D std::fs::read_link(format!("/run= /vm/by-name/{provider_name}")).map_err(|e| format!("unable to get net provi= der id: {e}"))?.file_name().ok_or("unable to get net provider id".to_string= ())?.to_str().unwrap().to_string(); > + > + let svc_dir =3D format!("/run/service/vm-services/in= stance/{provider_id}/data/service/spectrum-router"); > + let svc_status =3D std::process::Command::new("s6-sv= c") > + .args(["-U", &svc_dir]) > + .status() > + .expect("setting up the upstream router via s6-s= vc failed"); > + if !svc_status.success() { > + return Err(format!("setting up the upstream rout= er via s6-svc failed with exit code {svc_status}")); > + } I'd prefer this was in run-vmm, since it's a bit surprising to stop in the middle of constructing a Cloud Hypervisor API request to do service management. > diff --git a/tools/start-vmm/meson.build b/tools/start-vmm/meson.build > index d07c5a0..aa9f6f3 100644 > --- a/tools/start-vmm/meson.build > +++ b/tools/start-vmm/meson.build > @@ -1,7 +1,7 @@ > # SPDX-License-Identifier: EUPL-1.2+ > # SPDX-FileCopyrightText: 2022-2024 Alyssa Ross >=20=20 > -c_lib =3D static_library('start-vmm', 'net.c', 'net-util.c', > +c_lib =3D static_library('start-vmm', > c_args : '-D_GNU_SOURCE') C_lib is now completely empty, so can be removed. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaSr5QwAKCRCZddwkt31p FYK7AP9V1rHsRopAe2F75HyDLu3NmC7w/u8TIf0WhzOQ/0NSCwD/caE/bYUSdALw NqICorK+kcDJH+aj2HK4/UVVnH1e7gs= =ocO3 -----END PGP SIGNATURE----- --=-=-=--