diff --git a/Cargo.lock b/Cargo.lock index e0a1cb040..065acb094 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1292,6 +1292,7 @@ dependencies = [ "byteorder", "libc", "log", + "net_gen", "thiserror", "vmm-sys-util", ] diff --git a/tpm/Cargo.toml b/tpm/Cargo.toml index b915deee8..2bee810b7 100644 --- a/tpm/Cargo.toml +++ b/tpm/Cargo.toml @@ -10,5 +10,6 @@ anyhow = "1.0.66" byteorder = "1.4.3" libc = "0.2.138" log = "0.4.17" +net_gen = { path = "../net_gen" } thiserror = "1.0.37" vmm-sys-util = "0.11.0" diff --git a/tpm/src/emulator.rs b/tpm/src/emulator.rs index 6398ce730..86422de9e 100644 --- a/tpm/src/emulator.rs +++ b/tpm/src/emulator.rs @@ -143,6 +143,27 @@ impl Emulator { self.run_control_cmd(Commands::CmdSetDatafd, &mut res, 0, mem::size_of::())?; debug!("data fd in cloud-hypervisor = {:?}", fds[0]); self.data_fd = fds[0]; + + // SAFETY: FFI calls and return value of the unsafe call is checked + unsafe { + let tv = net_gen::iff::timeval { + tv_sec: 0, + tv_usec: 100000, // Set recv timeout to 100ms + }; + let ret = net_gen::setsockopt( + fds[0], + net_gen::iff::SOL_SOCKET as i32, + net_gen::iff::SO_RCVTIMEO as i32, + &tv as *const _ as *const libc::c_void, + std::mem::size_of::() as u32, + ); + if ret == -1 { + return Err(Error::PrepareDataFd(anyhow!( + "Failed to set receive timeout on data fd socket. Error Code {:?}", + std::io::Error::last_os_error() + ))); + } + } self.control_socket.set_datafd(fds[0]); Ok(()) } diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs index 69558cc03..b782319d4 100644 --- a/vmm/src/seccomp_filters.rs +++ b/vmm/src/seccomp_filters.rs @@ -584,6 +584,7 @@ fn vmm_thread_rules( (libc::SYS_sendto, vec![]), (libc::SYS_set_robust_list, vec![]), (libc::SYS_setsid, vec![]), + (libc::SYS_setsockopt, vec![]), (libc::SYS_shutdown, vec![]), (libc::SYS_sigaltstack, vec![]), (