vmm: Kill vhost-user self-spawned process on failure

If after the creation of the self-spawned backend, the VMM cannot create
the corresponding vhost-user frontend, the VMM must kill the freshly
spawned process in order to ensure the error propagation can happen.

In case the child process would still be around, the VMM cannot return
the error as it waits onto the child to terminate.

This should help us identify when self-spawned failures are caused by a
connection being refused between the VMM and the backend.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

vmm/src/device_manager.rs

@@ -1647,17 +1647,26 @@ impl DeviceManager {
                 self.start_block_backend(disk_cfg)?
             };
             let vu_cfg = VhostUserConfig {
-                socket,
+                socket: socket.clone(),
                 num_queues: disk_cfg.num_queues,
                 queue_size: disk_cfg.queue_size,
             };
             let vhost_user_block_device = Arc::new(Mutex::new(
-                virtio_devices::vhost_user::Blk::new(
+                match virtio_devices::vhost_user::Blk::new(
                     id.clone(),
                     vu_cfg,
                     self.seccomp_action.clone(),
-                )
-                .map_err(DeviceManagerError::CreateVhostUserBlk)?,
+                ) {
+                    Ok(vub_device) => vub_device,
+                    Err(e) => {
+                        for vub in self.vhost_user_backends.iter_mut() {
+                            if vub._socket_file.path().to_str().unwrap() == socket {
+                                let _ = vub.child.kill();
+                            }
+                        }
+                        return Err(DeviceManagerError::CreateVhostUserBlk(e));
+                    }
+                },
             ));
 
             // Fill the device tree with a new node. In case of restore, we
@@ -1884,18 +1893,27 @@ impl DeviceManager {
                 self.start_net_backend(net_cfg)?
             };
             let vu_cfg = VhostUserConfig {
-                socket,
+                socket: socket.clone(),
                 num_queues: net_cfg.num_queues,
                 queue_size: net_cfg.queue_size,
             };
             let vhost_user_net_device = Arc::new(Mutex::new(
-                virtio_devices::vhost_user::Net::new(
+                match virtio_devices::vhost_user::Net::new(
                     id.clone(),
                     net_cfg.mac,
                     vu_cfg,
                     self.seccomp_action.clone(),
-                )
-                .map_err(DeviceManagerError::CreateVhostUserNet)?,
+                ) {
+                    Ok(vun_device) => vun_device,
+                    Err(e) => {
+                        for vun in self.vhost_user_backends.iter_mut() {
+                            if vun._socket_file.path().to_str().unwrap() == socket {
+                                let _ = vun.child.kill();
+                            }
+                        }
+                        return Err(DeviceManagerError::CreateVhostUserNet(e));
+                    }
+                },
             ));
 
             // Fill the device tree with a new node. In case of restore, we

vmm/src/seccomp_filters.rs

@@ -318,6 +318,7 @@ fn vmm_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
         allow_syscall(SYS_IO_URING_ENTER),
         allow_syscall(SYS_IO_URING_SETUP),
         allow_syscall(SYS_IO_URING_REGISTER),
+        allow_syscall(libc::SYS_kill),
         allow_syscall(libc::SYS_listen),
         allow_syscall(libc::SYS_lseek),
         allow_syscall(libc::SYS_madvise),