vsock: Fix TCP connection bug - add ConnectedUnconfirmed proxy state

Add another state to the Proxy trait called ConnectedUnconfirmed. This is used
when when the socket is connected (on the host), but confirm_connect hasn't
been called yet. Make the TCP implementation use this new transitional
state fixing the described bug:

`libkrun` connects to the TCP socket on the host (this action is done upon the
TSI_CONNECT request), but the guest is not yet connected to stream vsock socket
corresponding to the actual transport for that connection. (We have not called
`confirm_connect`). The problem is that since we assume the guest is already
connected we attempt to recv in process_event. Which can cause the
VSOCK_OP_CREDIT_REQUEST to be sent the guest, but the guest is expecting a
VSOCK_OP_RESPONSE as a response to a connection request. This makes the guest
kernel return EPROTO from the connect syscall.
(specifically EPROTO is returned from the `virtio_transport_recv_connecting`
 in `net/vmw_vsock/virtio_transport_common.c`)

Signed-off-by: Matej Hrica <[email protected]>

Author: mtjhrc

src/devices/src/virtio/vsock/proxy.rs

@@ -25,6 +25,7 @@ pub enum ProxyError {
 pub enum ProxyStatus {
     Idle,
     Connecting,
+    ConnectedUnconfirmed,
     Connected,
     Listening,
     Closed,

src/devices/src/virtio/vsock/tcp.rs

@@ -340,8 +340,7 @@ impl TcpProxy {
         push_packet(self.cid, rx, &self.rxq, &self.queue, &self.mem);
     }
 
-    fn switch_to_connected(&mut self) {
-        self.status = ProxyStatus::Connected;
+    fn switch_to_blocking(&mut self) {
         match fcntl(self.fd, FcntlArg::F_GETFL) {
             Ok(flags) => match OFlag::from_bits(flags) {
                 Some(flags) => {
@@ -374,7 +373,8 @@ impl Proxy for TcpProxy {
         ) {
             Ok(()) => {
                 debug!("vsock: connect: Connected");
-                self.switch_to_connected();
+                self.switch_to_blocking();
+                self.status = ProxyStatus::ConnectedUnconfirmed;
                 0
             }
             Err(nix::errno::Errno::EINPROGRESS) => {
@@ -395,7 +395,7 @@ impl Proxy for TcpProxy {
         if self.status == ProxyStatus::Connecting {
             update.polling = Some((self.id, self.fd, EventSet::IN | EventSet::OUT));
         } else {
-            if self.status == ProxyStatus::Connected {
+            if self.status == ProxyStatus::ConnectedUnconfirmed {
                 update.polling = Some((self.id, self.fd, EventSet::IN));
             }
             self.push_connect_rsp(result);
@@ -413,6 +413,15 @@ impl Proxy for TcpProxy {
             self.peer_port,
         );
 
+        if self.status != ProxyStatus::ConnectedUnconfirmed {
+            warn!(
+                "tcp: confirm_connect: Expected state to be {:?}, but it is {:?}",
+                ProxyStatus::ConnectedUnconfirmed,
+                self.status
+            );
+        }
+        self.status = ProxyStatus::Connected;
+
         self.peer_buf_alloc = pkt.buf_alloc();
         self.peer_fwd_cnt = Wrapping(pkt.fwd_cnt());
 
@@ -574,8 +583,6 @@ impl Proxy for TcpProxy {
         self.peer_buf_alloc = pkt.buf_alloc();
         self.peer_fwd_cnt = Wrapping(pkt.fwd_cnt());
 
-        self.status = ProxyStatus::Connected;
-
         ProxyUpdate {
             polling: Some((self.id, self.fd, EventSet::IN)),
             ..Default::default()
@@ -607,7 +614,8 @@ impl Proxy for TcpProxy {
         self.peer_buf_alloc = pkt.buf_alloc();
         self.peer_fwd_cnt = Wrapping(pkt.fwd_cnt());
 
-        self.switch_to_connected();
+        self.switch_to_blocking();
+        self.status = ProxyStatus::Connected;
 
         ProxyUpdate {
             polling: Some((self.id, self.fd, EventSet::IN)),
@@ -748,7 +756,8 @@ impl Proxy for TcpProxy {
         if evset.contains(EventSet::OUT) {
             debug!("process_event: OUT");
             if self.status == ProxyStatus::Connecting {
-                self.switch_to_connected();
+                self.switch_to_blocking();
+                self.status = ProxyStatus::ConnectedUnconfirmed;
                 self.push_connect_rsp(0);
                 update.signal_queue = true;
                 update.polling = Some((self.id(), self.fd, EventSet::IN));