init/aws-nitro: support partial read/write ethernet packet forwarding#616
init/aws-nitro: support partial read/write ethernet packet forwarding#616jakecorrenti wants to merge 1 commit intocontainers:mainfrom
Conversation
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
2 times, most recently
from
7a1bbf4 to
0f318f1
Compare
jakecorrenti
requested review from
MatiasVara,
dorindabassey,
mtjhrc and
slp
as code owners
|
/gemini review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces read_exact and write_all utility functions to ensure robust I/O operations by handling partial reads/writes and EINTR signals. These utilities are integrated into the packet forwarding logic between the vsock and TAP device. Feedback highlights a critical buffer overflow risk where incoming packet lengths are not validated against the MTU. Additionally, improvements are suggested for read_exact to set errno on partial reads and for write_all to handle zero-length writes to avoid infinite loops.
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
0f318f1 to
a7b5239
Compare
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
a7b5239 to
59b5885
Compare
|
/gemini review |
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
59b5885 to
1f0c166
Compare
There was a problem hiding this comment.
Code Review
This pull request enhances the reliability of the TAP-to-vsock forwarding mechanism by implementing read_exact and write_all functions to handle partial reads/writes and system call interruptions. It also updates the buffer allocation to include the Ethernet header length and adds validation for incoming frame sizes. Review feedback suggests using standard exit codes instead of negative values, replacing hardcoded sizes with sizeof(uint32_t), and using ntohl for network-to-host conversion. Additionally, a concern was raised regarding the use of write_all on packet-oriented TAP devices, which could lead to fragmented packets.
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
1f0c166 to
49c412e
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request improves the reliability of the AWS Nitro TAP-to-vsock forwarder by introducing read_exact and write_all helper functions to handle partial I/O and signal interruptions. It also updates buffer allocation to include Ethernet headers and adds validation for incoming frame sizes. Review feedback recommends standardizing exit codes to EXIT_FAILURE instead of errno and refining error checks to explicitly handle partial writes and unexpected EOF during frame reads.
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
49c412e to
1ffa237
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request enhances the AWS Nitro TAP-to-vsock forwarder by implementing robust I/O helpers for partial transfers and EINTR handling, adjusting buffer sizes for Ethernet headers, and adding frame validation. Review feedback suggests using fixed-width uint32_t types for protocol headers to ensure portability and recommends handling EINTR for TAP device reads to maintain consistency.
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
1ffa237 to
dd79d2d
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request improves the robustness of network packet forwarding in net_tap_afvsock.c by implementing helper functions for complete I/O operations and handling signal interruptions. Key changes include correcting buffer allocations for Ethernet headers, fixing byte-order handling for frame lengths, and enhancing error management. Feedback suggests further improving portability and type safety by using uint32_t for variables used in network size exchanges to avoid platform-dependent issues.
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
dd79d2d to
de85041
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request improves the reliability of network packet forwarding between the TAP device and vsock by introducing read_exact and write_all helpers to handle partial I/O and EINTR signals. It also expands the internal buffer to accommodate the Ethernet header. Feedback indicates that the MTU value sent to the host may be insufficient as it excludes the Ethernet header, potentially causing buffer overflows or stream corruption on the host side. Furthermore, a lack of error handling for TAP device reads could result in an infinite busy-loop if a persistent error occurs.
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
de85041 to
396a9f5
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request improves the robustness of the Nitro enclave network proxy by implementing helper functions for exact reads and writes, enhancing error handling, and ensuring proper memory management. It also updates the communication protocol to account for the Ethernet header length. Review feedback highlights an inconsistency in endianness during the initial MTU exchange, recommending the use of network byte order to match the subsequent packet framing.
Ensure the total requested number of bytes is forwarded to/from the host vsock providing the network access and the guest TAP device routing the application network traffic. To write this code I used Cursor and the claude-4.6-opus-high model. Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
jakecorrenti
force-pushed
the
fix-nitro-partial-read-write
branch
from
396a9f5 to
5f8024a
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request enhances the network TAP-to-vsock forwarding mechanism by implementing robust I/O handling and cross-endian compatibility. Key improvements include the introduction of read_exact and write_all helper functions to manage partial reads/writes and system interrupts, the use of network byte order for frame size communication, and the addition of proper memory cleanup on error paths to prevent leaks. Feedback was provided regarding type consistency, specifically suggesting the use of uint32_t for the frame length variable to match the return type of network byte order conversion functions.
| } | ||
|
|
||
| unsigned int len = htonl(sz); | ||
| unsigned int len = ntohl(sz); |
There was a problem hiding this comment.
Similar to the sz variable, len should be defined as uint32_t to match the expected return type of ntohl and ensure consistent behavior when comparing against eth_frame_size. This ensures the code is explicit and portable, aligning with best practices for network protocol implementation.
uint32_t len = ntohl(sz);References
- Prioritize code readability and focused commits over micro-optimizations. Refactoring for minor efficiency gains may be rejected if it harms readability or expands the scope of a change.
2 participants
Ensure the requested number of bytes is forwarded to/from the host vsock providing the network access and the guest TAP device routing the application network traffic.
To write this code I used Cursor and the claude-4.6-opus-high model.
Reproducer
To reproduce the issue, have the
examples/nitro.cexample execute the following:Without the above, about 90% of the time the final
curlcommand will take about 15 seconds before failing because the client connection is closed. With the new diff, it should work 100% of the time.