Skip to content

CVM: Audit tracing and add ALLOWED/CONFIDENTIAL where appropriate #1408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

CVM: Audit tracing and add ALLOWED/CONFIDENTIAL where appropriate #1408

wants to merge 3 commits into from
+441 −173

Conversation

smalis-msft
Copy link
Contributor

@smalis-msft smalis-msft commented May 23, 2025
edited
Loading

Also includes some drive-by cleanups where I happened to see them.

Areas I did not audit because they are not relevant to CVMs:

  • trace and debug level statements
  • Non-CVM workers (debug & VNC)
  • Test only code (petri, vmm_tests, tmk*)
  • ARM-specific code
  • Non-CVM virt backends (including virt_mshv_vtl/mshv)
  • Host-only code (openvmm, GED, igvmfilegen, etc)
  • Gen 1 devices (vga, chipset, etc)
  • VirtIO

Areas that still need auditing by owners and area experts:

  • Mesh (@jstarks)
  • Networking (vm/devices/net/* & underhill_core/netvsp) (networking team)
  • Storage (vm/devices/storage/* & underhill_core/nvme_manager) (storage team)
  • VMBus (vm/devices/vmbus/*) (@SvenGroot)
  • VMGS (vm/vmgs/*) (@tjones60)

Part of #852

@smalis-msft smalis-msft requested a review from a team as a code owner May 23, 2025 21:30
@smalis-msft smalis-msft added the backport_2505 Change should be backported to the release/2505 branch label May 23, 2025
@smalis-msft smalis-msft requested a review from a team as a code owner May 23, 2025 21:30
sluck-msft
sluck-msft reviewed May 24, 2025
View reviewed changes
mebersol
mebersol reviewed May 25, 2025
View reviewed changes
openhcl/underhill_core/src/worker.rs
@@ -606,7 +614,7 @@ async fn read_device_platform_settings(

// TODO: figure out if we really need to trace this. These are too long for
// the Underhill trace buffer.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can remove?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably leave as long as we're still logging it. But this is why I downgraded it.

@mebersol
Copy link
Collaborator 

            panic!("Received unexpected SEV exit code {sev_error_code:x?}");

does this get logged in a debug-disabled CVM? If not, do we want a non-specific error message logged for this case?

Refers to: openhcl/virt_mshv_vtl/src/processor/snp/mod.rs:1575 in 8476372. [](commit_id = 8476372, deletion_comment = False)

@smalis-msft
Copy link
Contributor Author

Yes, panic messages should still get logged in a debug-disabled CVM. One of the things I'm working on this week is validating that.

jstarks
jstarks reviewed May 27, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smmalis37 smmalis37 smmalis37 left review comments

@jstarks jstarks jstarks left review comments

@mebersol mebersol mebersol left review comments

@sluck-msft sluck-msft sluck-msft left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
backport_2505 Change should be backported to the release/2505 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@smalis-msft @mebersol @smmalis37 @jstarks @sluck-msft