vmbus_client: don't request confidential channel support. (#917)

The vmbus client requested all feature flags, which includes
confidential channels, which it doesn't actually support. This was
harmless, as the host cannot support confidential channels, but it would
cause the host to log a warning that unsupported feature flags were
requested.

Author: SvenGroot

vm/devices/vmbus/vmbus_client/src/lib.rs

@@ -58,7 +58,11 @@ use zerocopy::KnownLayout;
 const SINT: u8 = 2;
 const VTL: u8 = 0;
 const SUPPORTED_VERSIONS: &[Version] = &[Version::Iron, Version::Copper];
-const SUPPORTED_FEATURE_FLAGS: FeatureFlags = FeatureFlags::all();
+const SUPPORTED_FEATURE_FLAGS: FeatureFlags = FeatureFlags::new()
+    .with_guest_specified_signal_parameters(true)
+    .with_channel_interrupt_redirection(true)
+    .with_modify_connection(true)
+    .with_client_id(true);
 
 /// The client interface synic events.
 pub trait SynicEventClient: Send + Sync {
@@ -1842,13 +1846,13 @@ mod tests {
                         padding: 0,
                         selected_version_or_connection_id: 0,
                     },
-                    supported_features: FeatureFlags::all().into(),
+                    supported_features: SUPPORTED_FEATURE_FLAGS.into(),
                 },
             ));
 
             let version = recv.await.unwrap().unwrap();
             assert_eq!(version.version, Version::Copper);
-            assert_eq!(version.feature_flags, FeatureFlags::all());
+            assert_eq!(version.feature_flags, SUPPORTED_FEATURE_FLAGS);
         }
 
         async fn get_channel(&mut self, client: &mut VmbusClient) -> OfferInfo {
@@ -2009,7 +2013,7 @@ mod tests {
                     interrupt_page_or_target_info: TargetInfo::new()
                         .with_sint(2)
                         .with_vtl(0)
-                        .with_feature_flags(FeatureFlags::all().into())
+                        .with_feature_flags(SUPPORTED_FEATURE_FLAGS.into())
                         .into(),
                     parent_to_child_monitor_page_gpa: 0,
                     child_to_parent_monitor_page_gpa: 0,
@@ -2036,7 +2040,7 @@ mod tests {
                     interrupt_page_or_target_info: TargetInfo::new()
                         .with_sint(2)
                         .with_vtl(0)
-                        .with_feature_flags(FeatureFlags::all().into())
+                        .with_feature_flags(SUPPORTED_FEATURE_FLAGS.into())
                         .into(),
                     parent_to_child_monitor_page_gpa: 0,
                     child_to_parent_monitor_page_gpa: 0,
@@ -2054,14 +2058,14 @@ mod tests {
                     padding: 0,
                     selected_version_or_connection_id: 0,
                 },
-                supported_features: FeatureFlags::all().into_bits(),
+                supported_features: SUPPORTED_FEATURE_FLAGS.into_bits(),
             },
         ));
 
         let version = recv.await.unwrap().unwrap();
 
         assert_eq!(version.version, Version::Copper);
-        assert_eq!(version.feature_flags, FeatureFlags::all());
+        assert_eq!(version.feature_flags, SUPPORTED_FEATURE_FLAGS);
     }
 
     #[async_test]
@@ -2081,7 +2085,7 @@ mod tests {
                     interrupt_page_or_target_info: TargetInfo::new()
                         .with_sint(2)
                         .with_vtl(0)
-                        .with_feature_flags(FeatureFlags::all().into())
+                        .with_feature_flags(SUPPORTED_FEATURE_FLAGS.into())
                         .into(),
                     parent_to_child_monitor_page_gpa: 0,
                     child_to_parent_monitor_page_gpa: 0,
@@ -2135,7 +2139,7 @@ mod tests {
                     interrupt_page_or_target_info: TargetInfo::new()
                         .with_sint(2)
                         .with_vtl(0)
-                        .with_feature_flags(FeatureFlags::all().into())
+                        .with_feature_flags(SUPPORTED_FEATURE_FLAGS.into())
                         .into(),
                     parent_to_child_monitor_page_gpa: 0,
                     child_to_parent_monitor_page_gpa: 0,
@@ -2162,7 +2166,7 @@ mod tests {
                     interrupt_page_or_target_info: TargetInfo::new()
                         .with_sint(2)
                         .with_vtl(0)
-                        .with_feature_flags(FeatureFlags::all().into())
+                        .with_feature_flags(SUPPORTED_FEATURE_FLAGS.into())
                         .into(),
                     parent_to_child_monitor_page_gpa: 0,
                     child_to_parent_monitor_page_gpa: 0,

vm/devices/vmbus/vmbus_client/src/saved_state.rs

@@ -4,6 +4,7 @@
 use crate::OfferInfo;
 use crate::RestoreError;
 use crate::RestoredChannel;
+use crate::SUPPORTED_FEATURE_FLAGS;
 use guid::Guid;
 use mesh::payload::Protobuf;
 use vmbus_channel::bus::OfferKey;
@@ -241,7 +242,7 @@ impl TryFrom<ClientState> for super::ClientState {
                     .ok_or(RestoreError::UnsupportedVersion(version))?;
 
                 let feature_flags = FeatureFlags::from(feature_flags);
-                if feature_flags.contains_unsupported_bits() {
+                if !SUPPORTED_FEATURE_FLAGS.contains(feature_flags) {
                     return Err(RestoreError::UnsupportedFeatureFlags(feature_flags.into()));
                 }
 

vm/devices/vmbus/vmbus_core/src/protocol.rs

@@ -175,17 +175,9 @@ pub struct FeatureFlags {
 }
 
 impl FeatureFlags {
-    pub const fn all() -> Self {
-        Self::new()
-            .with_guest_specified_signal_parameters(true)
-            .with_channel_interrupt_redirection(true)
-            .with_modify_connection(true)
-            .with_client_id(true)
-            .with_confidential_channels(true)
-    }
-
-    pub fn contains_unsupported_bits(&self) -> bool {
-        u32::from(*self) & !u32::from(Self::all()) != 0
+    /// Returns true if `other` contains only flags that are also set in `self`.
+    pub fn contains(&self, other: FeatureFlags) -> bool {
+        self.into_bits() & other.into_bits() == other.into_bits()
     }
 }
 

vm/devices/vmbus/vmbus_server/src/channels.rs

@@ -1193,6 +1193,14 @@ static SUPPORTED_VERSIONS: &[Version] = &[
     Version::Copper,
 ];
 
+// Feature flags that are always supported.
+// N.B. Confidential channels are conditionally supported if running in the paravisor.
+const SUPPORTED_FEATURE_FLAGS: FeatureFlags = FeatureFlags::new()
+    .with_guest_specified_signal_parameters(true)
+    .with_channel_interrupt_redirection(true)
+    .with_modify_connection(true)
+    .with_client_id(true);
+
 /// Trait for sending requests to devices and the guest.
 pub trait Notifier: Send {
     /// Requests a channel action.
@@ -2233,16 +2241,17 @@ impl<'a, N: 'a + Notifier> ServerWithNotifier<'a, N> {
             // The max version and features may be limited in order to test older protocol versions.
             //
             // N.B. Confidential channels should only be enabled if the connection is trusted.
+            let max_supported_flags =
+                SUPPORTED_FEATURE_FLAGS.with_confidential_channels(request.trusted);
+
             if let Some(max_version) = self.inner.max_version {
                 if version as u32 > max_version.version {
                     return None;
                 }
 
-                max_version.feature_flags.with_confidential_channels(
-                    max_version.feature_flags.confidential_channels() && request.trusted,
-                )
+                max_supported_flags & max_version.feature_flags
             } else {
-                FeatureFlags::all().with_confidential_channels(request.trusted)
+                max_supported_flags
             }
         } else {
             FeatureFlags::new()
@@ -3917,7 +3926,7 @@ mod tests {
             server.with_notifier(notifier).complete_initiate_contact(
                 ModifyConnectionResponse::Supported(
                     protocol::ConnectionState::SUCCESSFUL,
-                    FeatureFlags::all(),
+                    SUPPORTED_FEATURE_FLAGS,
                 ),
             );
 
@@ -4182,7 +4191,7 @@ mod tests {
             .with_notifier(&mut notifier)
             .complete_initiate_contact(ModifyConnectionResponse::Supported(
                 protocol::ConnectionState::SUCCESSFUL,
-                FeatureFlags::all(),
+                SUPPORTED_FEATURE_FLAGS,
             ));
 
         let version_response = protocol::VersionResponse {
@@ -4380,7 +4389,7 @@ mod tests {
             .with_notifier(&mut notifier)
             .complete_initiate_contact(ModifyConnectionResponse::Supported(
                 protocol::ConnectionState::SUCCESSFUL,
-                FeatureFlags::all(),
+                SUPPORTED_FEATURE_FLAGS,
             ));
 
         // Discard the version response message.
@@ -4466,7 +4475,7 @@ mod tests {
             self.c()
                 .complete_modify_connection(ModifyConnectionResponse::Supported(
                     protocol::ConnectionState::SUCCESSFUL,
-                    FeatureFlags::all(),
+                    SUPPORTED_FEATURE_FLAGS,
                 ));
         }
 
@@ -4663,7 +4672,7 @@ mod tests {
             self.c()
                 .complete_initiate_contact(ModifyConnectionResponse::Supported(
                     protocol::ConnectionState::SUCCESSFUL,
-                    FeatureFlags::all(),
+                    SUPPORTED_FEATURE_FLAGS,
                 ));
 
             let version = self.version.unwrap();
@@ -4714,7 +4723,7 @@ mod tests {
         env.c()
             .complete_initiate_contact(ModifyConnectionResponse::Supported(
                 protocol::ConnectionState::SUCCESSFUL,
-                FeatureFlags::all(),
+                SUPPORTED_FEATURE_FLAGS,
             ));
         let offer_id3 = env.offer(3);
         env.c().handle_request_offers().unwrap();
@@ -4995,7 +5004,7 @@ mod tests {
         env.c()
             .complete_modify_connection(ModifyConnectionResponse::Supported(
                 protocol::ConnectionState::SUCCESSFUL,
-                FeatureFlags::all(),
+                SUPPORTED_FEATURE_FLAGS,
             ));
 
         env.notifier
@@ -5153,7 +5162,7 @@ mod tests {
         env.c()
             .complete_modify_connection(ModifyConnectionResponse::Supported(
                 protocol::ConnectionState::FAILED_UNKNOWN_FAILURE,
-                FeatureFlags::all(),
+                SUPPORTED_FEATURE_FLAGS,
             ));
 
         env.notifier

vm/devices/vmbus/vmbus_server/src/channels/saved_state.rs

@@ -5,6 +5,7 @@ use super::OfferError;
 use super::OfferParamsInternal;
 use super::OfferedInfo;
 use super::RestoreState;
+use super::SUPPORTED_FEATURE_FLAGS;
 use guid::Guid;
 use mesh::payload::Protobuf;
 use std::fmt::Display;
@@ -315,15 +316,16 @@ impl VersionInfo {
         }
     }
 
-    fn restore(self) -> Result<vmbus_core::VersionInfo, RestoreError> {
+    fn restore(self, trusted: bool) -> Result<vmbus_core::VersionInfo, RestoreError> {
         let version = super::SUPPORTED_VERSIONS
             .iter()
             .find(|v| self.version == **v as u32)
             .copied()
             .ok_or(RestoreError::UnsupportedVersion(self.version))?;
 
         let feature_flags = FeatureFlags::from(self.feature_flags);
-        if feature_flags.contains_unsupported_bits() {
+        let supported_flags = SUPPORTED_FEATURE_FLAGS.with_confidential_channels(trusted);
+        if !supported_flags.contains(feature_flags) {
             return Err(RestoreError::UnsupportedFeatureFlags(feature_flags.into()));
         }
 
@@ -429,7 +431,7 @@ impl Connection {
                 trusted,
             } => super::ConnectionState::Connecting {
                 info: super::ConnectionInfo {
-                    version: version.restore()?,
+                    version: version.restore(trusted)?,
                     trusted,
                     interrupt_page,
                     monitor_page: monitor_page.map(MonitorPageGpas::restore),
@@ -450,7 +452,7 @@ impl Connection {
                 client_id,
                 trusted,
             } => super::ConnectionState::Connected(super::ConnectionInfo {
-                version: version.restore()?,
+                version: version.restore(trusted)?,
                 trusted,
                 offers_sent,
                 interrupt_page,
@@ -805,7 +807,9 @@ impl ReservedState {
     }
 
     fn restore(&self) -> Result<super::ReservedState, RestoreError> {
-        let version = self.version.clone().restore().map_err(|e| match e {
+        // We don't know if the connection when the channel was reserved was trusted, so assume it
+        // was for what feature flags are accepted here; it doesn't affect any actual behavior.
+        let version = self.version.clone().restore(true).map_err(|e| match e {
             RestoreError::UnsupportedVersion(v) => RestoreError::UnsupportedReserveVersion(v),
             RestoreError::UnsupportedFeatureFlags(f) => {
                 RestoreError::UnsupportedReserveFeatureFlags(f)

vm/devices/vmbus/vmbus_server/src/lib.rs

@@ -444,7 +444,7 @@ impl<'a, T: Spawn> VmbusServerBuilder<'a, T> {
                     .map(|_| {
                         ModifyConnectionResponse::Supported(
                             protocol::ConnectionState::SUCCESSFUL,
-                            protocol::FeatureFlags::all(),
+                            protocol::FeatureFlags::from_bits(u32::MAX),
                         )
                     })
                     .boxed()