vsock: delay listening for events in TCP socket

As indicated in 3bd3b98, when a client
in the guest attempts to send data to the server immediately after
connecting to it, we might receive data in the TCP socket before we're
able to actually process it.

To avoid this situation, delay setting EventSet::IN until the vsock
transport has been established in confirm_connect.

Signed-off-by: Sergio Lopez <[email protected]>

Author: slp

src/devices/src/virtio/vsock/muxer.rs

@@ -498,7 +498,9 @@ impl VsockMuxer {
         let mut proxy_map = self.proxy_map.write().unwrap();
 
         if let Some(proxy) = proxy_map.get(&id) {
-            proxy.lock().unwrap().confirm_connect(pkt)
+            if let Some(update) = proxy.lock().unwrap().confirm_connect(pkt) {
+                self.process_proxy_update(id, update);
+            }
         } else if let Some(ref mut ipc_map) = &mut self.unix_ipc_port_map {
             if let Some((path, listen)) = ipc_map.get(&pkt.dst_port()) {
                 let mem = self.mem.as_ref().unwrap();

src/devices/src/virtio/vsock/proxy.rs

@@ -69,7 +69,9 @@ pub trait Proxy: Send + AsRawFd {
     #[allow(dead_code)]
     fn status(&self) -> ProxyStatus;
     fn connect(&mut self, pkt: &VsockPacket, req: TsiConnectReq) -> ProxyUpdate;
-    fn confirm_connect(&mut self, _pkt: &VsockPacket) {}
+    fn confirm_connect(&mut self, _pkt: &VsockPacket) -> Option<ProxyUpdate> {
+        None
+    }
     fn getpeername(&mut self, pkt: &VsockPacket);
     fn sendmsg(&mut self, pkt: &VsockPacket) -> ProxyUpdate;
     fn sendto_addr(&mut self, req: TsiSendtoAddr) -> ProxyUpdate;

src/devices/src/virtio/vsock/tcp.rs

@@ -393,7 +393,7 @@ impl Proxy for TcpProxy {
         };
 
         if self.status == ProxyStatus::Connecting {
-            update.polling = Some((self.id, self.fd, EventSet::IN | EventSet::OUT));
+            update.polling = Some((self.id, self.fd, EventSet::OUT));
         } else {
             if self.status == ProxyStatus::Connected {
                 update.polling = Some((self.id, self.fd, EventSet::IN));
@@ -404,7 +404,7 @@ impl Proxy for TcpProxy {
         update
     }
 
-    fn confirm_connect(&mut self, pkt: &VsockPacket) {
+    fn confirm_connect(&mut self, pkt: &VsockPacket) -> Option<ProxyUpdate> {
         debug!(
             "tcp: confirm_connect: local_port={} peer_port={}, src_port={}, dst_port={}",
             pkt.dst_port(),
@@ -425,6 +425,13 @@ impl Proxy for TcpProxy {
             peer_port: pkt.src_port(),
         };
         push_packet(self.cid, rx, &self.rxq, &self.queue, &self.mem);
+
+        // Now that the vsock transport is fully established, start listening
+        // for events in the TCP socket again.
+        Some(ProxyUpdate {
+            polling: Some((self.id, self.fd, EventSet::IN)),
+            ..Default::default()
+        })
     }
 
     fn getpeername(&mut self, pkt: &VsockPacket) {
@@ -751,7 +758,9 @@ impl Proxy for TcpProxy {
                 self.switch_to_connected();
                 self.push_connect_rsp(0);
                 update.signal_queue = true;
-                update.polling = Some((self.id(), self.fd, EventSet::IN));
+                // Stop listening for events in the TCP socket until we receive
+                // OP_REQUEST and the vsock transport is fully established.
+                update.polling = Some((self.id(), self.fd, EventSet::empty()));
             } else {
                 error!("vsock::tcp: EventSet::OUT while not connecting");
             }

src/devices/src/virtio/vsock/unix.rs

@@ -356,7 +356,7 @@ impl Proxy for UnixProxy {
         update
     }
 
-    fn confirm_connect(&mut self, pkt: &VsockPacket) {
+    fn confirm_connect(&mut self, pkt: &VsockPacket) -> Option<ProxyUpdate> {
         debug!(
             "tcp: confirm_connect: local_port={} peer_port={}, src_port={}, dst_port={}",
             pkt.dst_port(),
@@ -377,6 +377,8 @@ impl Proxy for UnixProxy {
             peer_port: pkt.src_port(),
         };
         push_packet(self.cid, rx, &self.rxq, &self.queue, &self.mem);
+
+        None
     }
 
     fn getpeername(&mut self, _pkt: &VsockPacket) {