Merge #349

bors[bot] · raoulstrackx · web-flow · commit 4c77b210335d · 2021-12-16T16:52:49.000Z
349: Closing `TcpListeners` in runner r=Pagten a=raoulstrackx

When a Nitro enclave closes a `TcpListener`, sockets in the runner need to be cleaned up as well. This PR introduces the required changes to the ABI and runner.

Co-authored-by: Raoul Strackx &lt;raoul.strackx@fortanix.com&gt;
diff --git a/fortanix-vme/ci-common.sh b/fortanix-vme/ci-common.sh
@@ -110,7 +110,7 @@ function cargo_test {
         fi
 	RUST_BACKTRACE=full ${elf} -- --nocapture > ${out} 2> ${err}
 
-        out=$(cat ${out} | grep -v "#" || true)
+        out=$(cat ${out} | grep -v "^#" || true)
         expected=$(cat ./out.expected)
 
         if [ "${out}" == "${expected}" ]; then
diff --git a/fortanix-vme/fortanix-vme-abi/src/lib.rs b/fortanix-vme/fortanix-vme-abi/src/lib.rs
@@ -26,7 +26,10 @@ pub enum Request {
     Accept {
         /// The Vsock port the enclave is listening on
         enclave_port: u32,
-    }
+    },
+    Close {
+        enclave_port: u32,
+    },
 }
 
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
@@ -87,7 +90,8 @@ pub enum Response {
         /// The vsock port number the runner will connect to the enclave in order to forward the
         /// incoming connection
         proxy_port: u32,
-    }
+    },
+    Closed,
 }
 
 #[cfg(test)]
diff --git a/fortanix-vme/fortanix-vme-runner/src/lib.rs b/fortanix-vme/fortanix-vme-runner/src/lib.rs
@@ -313,6 +313,10 @@ impl Server {
         self.listeners.read().unwrap().get(&addr).cloned()
     }
 
+    fn remove_listener(&self, addr: &VsockAddr) -> Option<Arc<Mutex<Listener>>> {
+        self.listeners.write().unwrap().remove(&addr)
+    }
+
     // Preliminary work for PLAT-367
     #[allow(dead_code)]
     fn connection(&self, enclave: VsockAddr, runner: VsockAddr) -> Option<ConnectionInfo> {
@@ -413,11 +417,34 @@ impl Server {
         }
     }
 
+    fn handle_request_close(self: Arc<Self>, enclave_port: u32, enclave: &mut VsockStream) -> Result<(), IoError> {
+        let cid: u32 = enclave.peer().unwrap().parse().unwrap_or(vsock::VMADDR_CID_HYPERVISOR);
+        let addr = VsockAddr::new(cid, enclave_port);
+        if let Some(listener) = self.remove_listener(&addr) {
+            // Close `TcpListener`
+            drop(listener);
+        } else {
+            println!("[warning] Can't close the connection as it can't be located.");
+        }
+        let response = Response::Closed;
+        Self::log_communication(
+            "runner",
+            enclave.local_port().unwrap_or_default(),
+            "enclave",
+            enclave.peer_port().unwrap_or_default(),
+            &format!("{:?}", &response),
+            Direction::Right,
+            "vsock");
+        enclave.write(&serde_cbor::ser::to_vec(&response).unwrap())?;
+        Ok(())
+    }
+
     fn handle_client(self: Arc<Self>, stream: &mut VsockStream) -> Result<(), IoError> {
         match Self::read_request(stream) {
             Ok(Request::Connect{ addr })             => self.handle_request_connect(&addr, stream)?,
             Ok(Request::Bind{ addr, enclave_port })  => self.handle_request_bind(&addr, enclave_port, stream)?,
             Ok(Request::Accept{ enclave_port })      => self.handle_request_accept(enclave_port, stream)?,
+            Ok(Request::Close{ enclave_port })       => self.handle_request_close(enclave_port, stream)?,
             Err(_e)                                  => return Err(IoError::new(IoErrorKind::InvalidData, "Failed to read request")),
         };
         Ok(())
diff --git a/fortanix-vme/tests/incoming_connection/out.expected b/fortanix-vme/tests/incoming_connection/out.expected
@@ -1,6 +1,15 @@
-Bind to socket to 3400
+Server run #1
+Bind TCP socket to port 3400
 Listening for incoming connections...
 Waiting for connection 1
 Connection 1: Connected
 Waiting for connection 2
 Connection 2: Connected
+Server run #2
+Bind TCP socket to port 3400
+Listening for incoming connections...
+Waiting for connection 1
+Connection 1: Connected
+Waiting for connection 2
+Connection 2: Connected
+Bye bye
diff --git a/fortanix-vme/tests/incoming_connection/src/main.rs b/fortanix-vme/tests/incoming_connection/src/main.rs
@@ -1,8 +1,8 @@
 use std::net::{IpAddr, Ipv4Addr, Shutdown, SocketAddr, TcpListener};
 use std::io::{Read, Write};
 
-fn main() {
-    println!("Bind to socket to 3400");
+fn server_run() {
+    println!("Bind TCP socket to port 3400");
     let listener = TcpListener::bind("127.0.0.1:3400").expect("Bind failed");
     assert_eq!(listener.local_addr().unwrap(), SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 3400));
 
@@ -28,3 +28,11 @@ fn main() {
         }
     }
 }
+
+fn main() {
+    for run in 1..=2 {
+        println!("Server run #{}", run);
+        server_run()
+    }
+    println!("Bye bye");
+}
diff --git a/fortanix-vme/tests/incoming_connection/test_interaction.sh b/fortanix-vme/tests/incoming_connection/test_interaction.sh
@@ -4,5 +4,5 @@ while [ true ]
 do
   echo "Interacting with test"
   timeout 1s curl -k localhost:3400 || true
-  sleep 20s
+  sleep 5s
 done
