From 55227bc768e1608725d88c3ee00bd048da1e8cae Mon Sep 17 00:00:00 2001
From: Kirtana Ashok <kiashok@microsoft.com>
Date: Tue, 28 Jan 2025 12:47:33 -0800
Subject: [PATCH] move sidecar into uvm and remove hacks

Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
---
 cmd/gcs-sidecar/main.go     | 36 +++++++++++++------------
 internal/uvm/create_wcow.go | 52 +++++++++++++++++++++++--------------
 internal/uvm/start.go       | 46 ++++++++++++++++----------------
 3 files changed, 73 insertions(+), 61 deletions(-)

diff --git a/cmd/gcs-sidecar/main.go b/cmd/gcs-sidecar/main.go
index 1590a31ef8..8549b52778 100644
--- a/cmd/gcs-sidecar/main.go
+++ b/cmd/gcs-sidecar/main.go
@@ -170,16 +170,31 @@ func main() {
 		log.Printf("unexpected num of args: %v", len(os.Args))
 		return
 	}
-	uvmID, err := guid.FromString(os.Args[1])
+	/*
+		uvmID, err := guid.FromString(os.Args[1])
+		if err != nil {
+			log.Printf("error getting guid from string %v", os.Args[1])
+			return
+		}
+	*/
+
+	ctx := context.Background()
+	// 2. Setup connection with hcsshim external gcs connection
+	hvsockAddr := &winio.HvsockAddr{
+		VMID:      gcs.HV_GUID_PARENT,
+		ServiceID: gcs.WindowsSidecarGcsHvsockServiceID,
+	}
+	log.Printf("Dialing to hcsshim external bridge at address %v", hvsockAddr)
+
+	shimCon, err := winio.Dial(ctx, hvsockAddr)
 	if err != nil {
-		log.Printf("error getting guid from string %v", os.Args[1])
+		log.Printf("Error dialing hcsshim external bridge at address %v", hvsockAddr)
 		return
 	}
 
-	ctx := context.Background()
 	// 1. Start external server to connect with inbox GCS
 	listener, err := winio.ListenHvsock(&winio.HvsockAddr{
-		VMID: uvmID,
+		VMID: gcs.HV_GUID_LOOPBACK, // uvmID,
 		// TODO: Following line is commented out only for POC as we want to
 		// start gcs-sidecar.exe on the host (external to uvm).
 		// The VMID needs to be replaces with HV_GUID_PARENT in the
@@ -201,19 +216,6 @@ func main() {
 		return
 	}
 
-	// 2. Setup connection with hcsshim external gcs connection
-	hvsockAddr := &winio.HvsockAddr{
-		VMID:      gcs.HV_GUID_LOOPBACK,
-		ServiceID: gcs.WindowsSidecarGcsHvsockServiceID,
-	}
-	log.Printf("Dialing to hcsshim external bridge at address %v", hvsockAddr)
-
-	shimCon, err := winio.Dial(ctx, hvsockAddr)
-	if err != nil {
-		log.Printf("Error dialing hcsshim external bridge at address %v", hvsockAddr)
-		return
-	}
-
 	// set up our initial stance policy enforcer
 	var initialEnforcer windowssecuritypolicy.SecurityPolicyEnforcer
 	initialPolicyStance := "allow"
diff --git a/internal/uvm/create_wcow.go b/internal/uvm/create_wcow.go
index 77c32b3e41..e1ae44cdcb 100644
--- a/internal/uvm/create_wcow.go
+++ b/internal/uvm/create_wcow.go
@@ -66,27 +66,39 @@ func NewDefaultOptionsWCOW(id, owner string) *OptionsWCOW {
 func (uvm *UtilityVM) startExternalGcsListener(ctx context.Context) error {
 	log.G(ctx).WithField("vmID", uvm.runtimeID).Debug("Using external GCS bridge")
 
-	l, err := winio.ListenHvsock(&winio.HvsockAddr{
-		// 1. TODO:
-		// Following line is only temporary for POC and ease of developement.
-		// "VMID: gcs.HV_GUID_LOOPBACK" means that we are trying to start sidecar
-		// outside of the UVM, that is in the host itself. This is only for
-		// easy developement.
-		VMID: gcs.HV_GUID_LOOPBACK,
-		// ORIGINAL: uvm.runtimeID,
-		ServiceID: gcs.WindowsSidecarGcsHvsockServiceID,
-		// 2. TODO:
-		// Following line can be uncommented after POC to ensure that
-		// hcsshim connects to gcs-sidecar.exe GUID and NOT to the windows GCS
-		// directly and this change should ONLY be for C-WCOW cases.
-		// We can base the decision of which GUID the external GCS listener should
-		// connect to based on annotations.WindowsSecurityPolicy annotation in pod.json.
-		// gcs.WindowsGcsHvsockServiceID,
-	})
-	if err != nil {
-		return err
+	if uvm.WCOWconfidentialUVMOptions.WCOWSecurityPolicy != "" {
+		l, err := winio.ListenHvsock(&winio.HvsockAddr{
+			// 1. TODO:
+			// Following line is only temporary for POC and ease of developement.
+			// "VMID: gcs.HV_GUID_LOOPBACK" means that we are trying to start sidecar
+			// outside of the UVM, that is in the host itself. This is only for
+			// easy developement.
+			VMID:      uvm.runtimeID,
+			ServiceID: gcs.WindowsSidecarGcsHvsockServiceID,
+			// 2. TODO:
+			// Following line can be uncommented after POC to ensure that
+			// hcsshim connects to gcs-sidecar.exe GUID and NOT to the windows GCS
+			// directly and this change should ONLY be for C-WCOW cases.
+			// We can base the decision of which GUID the external GCS listener should
+			// connect to based on annotations.WindowsSecurityPolicy annotation in pod.json.
+			// gcs.WindowsGcsHvsockServiceID,
+		})
+		if err != nil {
+			return err
+		}
+
+		uvm.gcListener = l
+	} else { // non confidential case
+		l, err := winio.ListenHvsock(&winio.HvsockAddr{
+			VMID:      uvm.runtimeID,
+			ServiceID: gcs.WindowsGcsHvsockServiceID,
+		})
+		if err != nil {
+			return err
+		}
+
+		uvm.gcListener = l
 	}
-	uvm.gcListener = l
 	return nil
 }
 
diff --git a/internal/uvm/start.go b/internal/uvm/start.go
index 49e03fe486..f156a0f628 100644
--- a/internal/uvm/start.go
+++ b/internal/uvm/start.go
@@ -11,9 +11,6 @@ import (
 	"fmt"
 	"io"
 	"net"
-	"os"
-	"os/exec"
-	"syscall"
 	"time"
 
 	"github.com/sirupsen/logrus"
@@ -254,28 +251,29 @@ func (uvm *UtilityVM) Start(ctx context.Context) (err error) {
 		// development. After dev work, it can be easily tested
 		// by minor tweaks to hvsockAddress to run inside the uvm
 		// + inbox gcs to listen on HV_SOCK_LOOPBACK.
-		sidecarPath := "C:\\gcs-sidecar.exe"
-		//sidecarCmd := fmt.Sprintf("%s %s", sidecarPath, uvm.runtimeID)
-		cmd := exec.Command(sidecarPath, uvm.runtimeID.String())
-
-		// Set the Pdeathsig field to 0 to prevent the subprocess from being terminated
-		// when the parent process exits
-		cmd.SysProcAttr = &syscall.SysProcAttr{
-			ParentProcess: 0,
-		}
-		// Redirect stdout to a file
-		outfile, err := os.Create("C:\\gcs-sidecar-logs-redirect.log")
-		if err != nil {
-			return fmt.Errorf("error create sidecar log file")
-		}
-		// defer outfile.Close()
-		cmd.Stdout = outfile
-
-		err = cmd.Start()
-		if err != nil {
-			return fmt.Errorf("failed to do start gcs-sidecar: %w", err)
-		}
+		/*
+			sidecarPath := "C:\\gcs-sidecar.exe"
+			//sidecarCmd := fmt.Sprintf("%s %s", sidecarPath, uvm.runtimeID)
+			cmd := exec.Command(sidecarPath, uvm.runtimeID.String())
+
+			// Set the Pdeathsig field to 0 to prevent the subprocess from being terminated
+			// when the parent process exits
+			cmd.SysProcAttr = &syscall.SysProcAttr{
+				ParentProcess: 0,
+			}
+			// Redirect stdout to a file
+			outfile, err := os.Create("C:\\gcs-sidecar-logs-redirect.log")
+			if err != nil {
+				return fmt.Errorf("error create sidecar log file")
+			}
+			// defer outfile.Close()
+			cmd.Stdout = outfile
 
+			err = cmd.Start()
+			if err != nil {
+				return fmt.Errorf("failed to do start gcs-sidecar: %w", err)
+			}
+		*/
 		// Accept the GCS connection.
 		conn, err := uvm.acceptAndClose(ctx, uvm.gcListener)
 		uvm.gcListener = nil