vmbus_serial_guest: add tx only option#2404
Merged
tjones60 merged 4 commits intomicrosoft:mainfrom Feb 3, 2026
Merged
Conversation
|
This PR modifies files containing For more on why we check whole files, instead of just diffs, check out the Rustonomicon |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds a tx_only option to the VMBUS serial relay running in OpenHCL that drops all RX traffic from the host while allowing TX traffic from the guest. This enables unidirectional (guest-to-host only) serial communication.
- Added
tx_onlyboolean field throughout the configuration chain from CLI to the VMBUS serial driver - Modified
VmbusSerialDriver::poll_read()to clear the RX buffer and returnPoll::Pendingwhentx_onlyis enabled - Added test coverage for the tx_only behavior
Reviewed Changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| vm/devices/serial/vmbus_serial_guest/src/lib.rs | Core implementation: adds tx_only field to config/driver, modifies AsyncRead to drop RX data, adds test |
| vm/devices/get/guest_emulation_transport/src/lib.rs | Updates test fixtures to include tx_only field |
| vm/devices/get/guest_emulation_transport/src/client.rs | Parses tx_only from JSON config for both COM ports |
| vm/devices/get/guest_emulation_transport/src/api.rs | Adds tx_only fields to platform settings API |
| vm/devices/get/guest_emulation_device/src/test_utilities.rs | Updates test utilities with serial_tx_only field |
| vm/devices/get/guest_emulation_device/src/resolver.rs | Threads serial_tx_only through resource resolution |
| vm/devices/get/guest_emulation_device/src/lib.rs | Adds serial_tx_only to GuestConfig and propagates to HclUartSettings |
| vm/devices/get/get_resources/src/lib.rs | Adds serial_tx_only field to GED resource definition |
| vm/devices/get/get_protocol/src/dps_json.rs | Adds tx_only field to HclUartSettings protocol struct |
| petri/src/vm/openvmm/construct.rs | Initializes serial_tx_only to false in test VM config |
| openvmm/openvmm_entry/src/lib.rs | Maps CLI serial_tx_only option to guest config |
| openvmm/openvmm_entry/src/cli_args.rs | Adds --serial-tx-only CLI argument |
| openhcl/underhill_core/src/worker.rs | Opens VMBUS serial devices with tx_only setting from DPS config |
Contributor
|
Why? |
Contributor
Author
This is intended to be an option for CVMs that could be attested to, so you could enable serial output for debugging purposes without allowing interactive login to reduce risk. |
Contributor
|
Put that in the pr description? |
Collaborator
smalis-msft
previously approved these changes
Nov 13, 2025
Collaborator
|
may want to update the definition for ManagementVtlFeatureFlags, too |
Collaborator
|
need to update AttestationVmConfig as well |
tjones60
force-pushed
the
one_way_serial
branch
from
3d6d329 to
d304d7a
Compare
tjones60
added a commit
to tjones60/openvmm
that referenced
this pull request
Feb 5, 2026
Add an option to the VMBUS serial relay that runs in OpenHCL to ignore all rx traffic from the host and only allow tx traffic from the guest. This can be attested to, offering a more secure way to debug a VM using the serial console, since only allowing one-way serial traffic would greatly reduce the possible attack surface. This is useful primarily for CVMs that don't have a framebuffer and are usually configured with serial disabled completely.
mattkur
pushed a commit
that referenced
this pull request
Feb 6, 2026
Add an option to the VMBUS serial relay that runs in OpenHCL to ignore all rx traffic from the host and only allow tx traffic from the guest. This can be attested to, offering a more secure way to debug a VM using the serial console, since only allowing one-way serial traffic would greatly reduce the possible attack surface. This is useful primarily for CVMs that don't have a framebuffer and are usually configured with serial disabled completely.
Contributor
|
Backported to release/1.7.2511 in #2766 |
mattkur
added
backported_1.7.2511
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add an option to the VMBUS serial relay that runs in OpenHCL to ignore all rx traffic from the host and only allow tx traffic from the guest. This can be attested to, offering a more secure way to debug a VM using the serial console, since only allowing one-way serial traffic would greatly reduce the possible attack surface. This is useful primarily for CVMs that don't have a framebuffer and are usually configured with serial disabled completely.