erts: implement AF_VSOCK

[devsnek]

From #7719, i've rebased it, made some small changes, and started to add tests.

Context

VSock is a mechanism for socket communication between virtual machines and their host operating system. The host and each VM are assigned a 32-bit CID (Context IDentifier) and may connect or bind to a 32-bit port number.

The Linux kernel provides support for AF_VSOCK sockets in the linux/vm_sockets.h header and is documented in the vsock(7) manual page.

AWS EC2 Nitro Enclaves rely on AF_VSOCK as the sole communication channel between the parent instance and its secure enclaves.

Implementation

My approach was to introduce a new vsock Domain in the socket module, which is supported by the prim_socket NIF. The vsock Domain exposes the port and cid fields of the sockaddr_vm struct. Otherwise, this PR generally follows the existing patterns established by the other domains.

Known limitations

AF_VSOCK is only supported on Linux at this time:

* VMware (VMCI) has been supported since Linux 3.9

* KVM (virtio) has been supported since Linux 4.8

* Hyper-V has been supported since Linux 4.14

* Local communication using `VMADDR_CID_LOCAL` has been supported since Linux 5.6

XNU kernel provides low-level AF_VSOCK support in sys/vsock.h, however macOS requires the use of a higher-level Virtualization framework that manages VZVirtioSocketDevice objects to work with VSock connections. This PR makes no attempt to interface with macOS's Virtualization framework.

[github-actions]

CT Test Results

    4 files    202 suites   1h 54m 16s ⏱️
3 217 tests 2 819 ✅ 396 💤 2 ❌
4 198 runs  3 721 ✅ 475 💤 2 ❌

For more details on these failures, see this check.

Results for commit 3922639.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

• Complete CT logs (Download Logs)
• HTML Documentation (Download HTML Docs)
• Windows Installer

// Erlang/OTP Github Action Bot

[bmk]

And by the way, our dialyzer checks fail with:

[2025-07-28T09:23:36.787Z] socket.erl:2371:5: Guard test
[2025-07-28T09:23:36.787Z] string() =:=
[2025-07-28T09:23:36.787Z] Cid :: non_neg_integer() can never succeed
[2025-07-28T09:23:36.787Z] done in 1m27.25s
[2025-07-28T09:23:36.787Z] done (warnings were emitted)

[RaimoNiskanen]

The implementation looks good overall!

@bmk's comment about the Cid badmatch must be fixed - it is a bug, visible in the PR check "Run static analysis".

The test suite should jog that formatting function, just to get code coverage and verify that it doesn't crash, e.g by printing the socket address to the test log.

The failed PR check "Create SBOM" can be ignored.

The PR check "CT Test Results" fails on testcase socket_SUITE:reg_s_single_open_and_close_and_count/1, with {badmatch,{error,eperm}}, probably when creating a socket in domain vsock. On my laptop the testcase has no permission problems, so this may be related to the docker installation on GitHub. Nevertheless the question is if socket:is_supported(vsock) should verify permissions before returning true , or if the test suite should have an extended test for eperm in has_support_vsock/0.

The same test case doesn't verify the number of vsock sockets, that needs to be added a'la local sockets.

Many more test cases needs to be added, but that is known already...

[devsnek]

thanks for taking a look. I'm kind of lost with the test suite, I'm not really sure where anything should go or how it's meant to be structured. if I wanted to add a unit test for address formatting, where should I put it?

[RaimoNiskanen]

I will try to come up with a starting direction for you, soon...

[RaimoNiskanen]

I duplicated one AF_LOCAL testcase to also run for AF_VSOCK.

The first 3 diff hunks are the added test case. The rest of the diff should be common code for all/many vsock test cases.

I hope you can use this commit as a template...