Skip to content

Update eventlog.rs #770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update eventlog.rs #770

wants to merge 1 commit into from

Conversation

gcoon151
Copy link

Ignore invalid events that can cause problems (as discussed on slack)

@gcoon151 gcoon151 requested a review from a team as a code owner April 17, 2025 17:47
@fitzthum
Copy link
Member

fitzthum commented Apr 17, 2025
edited
Loading

Can you add a bit more info in the commit message and do you have a link to this slack thread so I can check it out?

Let's let the linter run, but looks like you may have added some extra spaces.

@gcoon151 gcoon151 force-pushed the patch-1 branch 2 times, most recently from 72238f1 to 09cb71e Compare April 17, 2025 19:42
@gcoon151
Copy link
Author

Can you add a bit more info in the commit message and do you have a link to this slack thread so I can check it out?

Let's let the linter run, but looks like you may have added some extra spaces.

I think I fixed both the commit message and spacing.

@gcoon151
event handling workaround for unrelated event types
d91e833 
During testing of a TDX KBS -> Trustee conversation eventlog.rs panicked. This
workaround simply discards the events that aren't the size we expect.

Signed-off-by: Gerald Coon <[email protected]>
@Xynnn007
Copy link
Member

Thanks for the fix. Could you share some test cases or the ccel binary file you met the error?

cc @mythi

@gcoon151
Copy link
Author

gcoon151 commented Apr 18, 2025
edited
Loading

Thanks for the fix. Could you share some test cases or the ccel binary file you met the error?

cc @mythi

Frank put a lot of the details including the event entry that caused it to panic in the CNCF #confidential-containers-peerpod slack channel here https://cloud-native.slack.com/archives/C04A2EJ70BX/p1743708184751959?thread_ts=1743444129.613059&cid=C04A2EJ70BX (the relevant part starts "There are several "EV_EFI...")

This was running the peer pod on an IBM cloud TDX VSI for purpose of testing/developing the cloud-api-adaptor kata-remote/peer pod talking to a compose version of the trustee.

@gcoon151
Copy link
Author

Relevant comments from Mikko that I think answer what you're looking for, "Might be a bug in my code that parses CCEL with OVMF" ... "az-vtpm-tdx does not include the CC eventlog"
... therefore eventlog.rs panics.

@gcoon151
Copy link
Author

gcoon151 commented Apr 18, 2025
edited
Loading

We recognize this is a partial fix also for the specific thing that IBM Cloud TDX VSIs do. I suspect a better fix would be to do more comprehensive input parsing to avoid DDoS. One thing at a time though.

fitzthum
fitzthum approved these changes Apr 18, 2025
View reviewed changes
Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine. Note that the next line is trying to index into the buffer, so this is really just a bounds check. Possibly would be better to move onto its own line and log an error if we have this type of event but it is short. It sounds like there is some root cause still to be understood, but this seems reasonable. I would like to hear from @mythi tho

@mythi
Copy link
Contributor

mythi commented Apr 21, 2025

I was working on a better fix for this. Let me get that PR asap

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fitzthum fitzthum fitzthum approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gcoon151 @fitzthum @Xynnn007 @mythi