Skip to content

Firecracker exits with 148 when adding vsock. #897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
xibz opened this issue Jan 28, 2019 · 5 comments
Closed

Firecracker exits with 148 when adding vsock. #897

xibz opened this issue Jan 28, 2019 · 5 comments
Assignees
@alexandruag
Labels
Priority: High Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled Type: Bug Indicates an unexpected problem or unintended behavior
Milestone
vsock Support

Comments

@xibz
Copy link
Contributor

xibz commented Jan 28, 2019

using v0.14.0 on Ubuntu 18.04. Get 148 exit code when trying to add vsocks.

[    0.099002] loop: module loaded                                                                                                                                                                              
[    0.100526] tun: Universal TUN/TAP device driver, 1.6                                                                                                                                                        
[    0.102212] hidraw: raw HID events driver (C) Jiri Kosina                                                                                                                                                    
[    0.103293] nf_conntrack version 0.5.0 (2048 buckets, 8192 max)                                                                                                                                              
[    0.104480] ip_tables: (C) 2000-2006 Netfilter Core Team                                                                                                                                                     
[    0.105722] Initializing XFRM netlink socket                                                                                                                                                                 
[    0.106590] NET: Registered protocol family 10                                                                                                                                                               
[    0.107988] Segment Routing with IPv6                                                                                                                                                                        
[    0.108518] NET: Registered protocol family 17
[    0.109102] Bridge firewalling registered
[    0.110027] NET: Registered protocol family 40
2019-01-28T13:27:21.593360060 [anonymous-instance:ERROR:vmm/src/sigsys_handler.rs:70] Shutting down VM after intercepting a bad syscall (16).
@andreeaflorescu
Copy link
Member

It looks like we forgot to whitelist a system call for the vsock feature. As a temporary workaround you can set the seccomp level to none when starting Firecracker?

./target/x86_64-unknown-linux-musl/debug/firecracker --context='{"id": "fc1", "jailed": false, "seccomp_level": 0, "start_time_us": 0, "start_time_cpu_us": 0}

This is a rather dummy context, but it can be adjusted.

If you are running with the jailer, you can pass the --secomp-level parameter from command line.

We will get back with a fix.

@xibz
Copy link
Contributor Author

xibz commented Jan 29, 2019

@andreeaflorescu - Awesome, thank you for the temporary fix and the information.

@xibz xibz mentioned this issue Jan 29, 2019
Closed
@mcastelino
Copy link
Contributor

@xibz does vsock work for you with --seccomp-level 0. It does not work for me.

@mcastelino mcastelino mentioned this issue Jan 31, 2019
Closed
@xibz
Copy link
Contributor Author

xibz commented Jan 31, 2019

@mcastelino - From what I can tell it works as in I don't get the exit code. However, this isn't with the use of the jailer. I don't think #911 is related to this at least.

@andreeaflorescu andreeaflorescu mentioned this issue Jan 31, 2019
Closed
@samuelkarp samuelkarp mentioned this issue Feb 1, 2019
Closed
@raduweiss raduweiss added the Type: Bug Indicates an unexpected problem or unintended behavior label Feb 3, 2019
@raduweiss raduweiss added this to the vsock Support milestone Feb 15, 2019
@raduweiss raduweiss added the Priority: High Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled label Feb 15, 2019
@acatangiu
Copy link
Contributor

Fixed by #918

andreeaflorescu referenced this issue in sboeuf/firecracker Feb 19, 2019
main: Disable seccomp for proper vhost socket communication
684794b 
When seccomp is enabled, several system calls such as sendmsg() and
recvmsg() will not be allowed. This is a problem since the vhost-user
protocol assumes that we can send some file descriptors out-of-band
to other processes running on the same host.

Signed-off-by: Sebastien Boeuf <[email protected]>
@alxiord alxiord closed this as completed Feb 26, 2019
@sipsma sipsma mentioned this issue Dec 6, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexandruag alexandruag

Labels
Priority: High Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled Type: Bug Indicates an unexpected problem or unintended behavior
Projects
None yet
Milestone
vsock Support
Development

No branches or pull requests
7 participants
@xibz @alxiord @andreeaflorescu @mcastelino @alexandruag @raduweiss @acatangiu