Skip to content

fix(vmm): Forbid host API listening on non-vsock addresses #481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kvinwang merged 1 commit into from
Jan 28, 2026
Merged

fix(vmm): Forbid host API listening on non-vsock addresses #481

kvinwang merged 1 commit into from
Jan 28, 2026

Conversation

@kvinwang
Copy link
Collaborator

@kvinwang kvinwang commented Jan 28, 2026

Summary

The host API is designed for CVM-to-host communication via vsock only. When users accidentally configure TCP or Unix socket addresses, it silently falls back without proper error, making troubleshooting difficult.

Changes

  • Add validation in HostApiConfig to ensure address starts with vsock:
  • Validate config at startup and fail fast with clear error message
  • Remove TCP fallback code from run_host_api since only vsock is supported

Error Message

If a user configures a non-vsock address like 127.0.0.1:

Error: Invalid host_api configuration

Caused by:
    Host API address must be a vsock address (e.g., 'vsock:2'), got: '127.0.0.1'. 
    TCP/Unix socket listening is not supported for the host API.

Fixes #417

@kvinwang
fix(vmm): Forbid host API listening on non-vsock addresses
5851019 
The host API is designed for CVM-to-host communication via vsock only.
When users accidentally configure TCP or Unix socket addresses, it
silently falls back without proper error, making troubleshooting difficult.

Changes:
- Add validation in HostApiConfig to ensure address starts with 'vsock:'
- Validate config at startup and fail fast with clear error message
- Remove TCP fallback code from run_host_api since only vsock is supported

Fixes #417
@kvinwang kvinwang merged commit f49f228 into master Jan 28, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

vmm: Forbid the host API listening on a TCP socket

2 participants

@kvinwang