From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C2702D3A9E for ; Tue, 16 Sep 2025 23:43:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066235; cv=none; b=DxSZ6PMHGeNhrWGfXuc++IHqXOJGbN2bR/sDrdvdTtNUit5pZmG36L704LpbLl56gR1r2x0OcAbEZRts0ItWLdi6rhL7tBySoUi8RlUs1y/TSWW/8hZAWUPk1spvPWOVSsgX1aXMRxOUfUaZiQoTliB7paIV2AH5jP+vtnkpCLg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066235; c=relaxed/simple; bh=Dk9VyxyIvtP0F39UJUil8ovVHs626DJUG8k2vLMbeOM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=iSDOK1hxWXe7MOeNrepWMmby1pnxES4+oUVLNBHt489/XPesJtsMbdC0her+5+7jAEkIGb+XyD6q3bZt9u92uvaVM9IcEWom1DKKCVVv0qQVN0N8iKEFlb6PfW49gDyIayuPjYzsXFkZPkMj25G3gAc82bxnDcrC1Wkdho2W6qU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=geLP9Gaa; arc=none smtp.client-ip=209.85.215.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="geLP9Gaa" Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-b4ee87cc81eso5370660a12.1 for ; Tue, 16 Sep 2025 16:43:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066232; x=1758671032; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=WDgkQGQUryaMm+zGaxUKsUJp0YtqeKJ83wvvsePh8vI=; b=geLP9GaaFDs1OAlbxZ7kVHCV70wjqIwYzGS6jPCSlWq2ZSTedJrZU28bmJw/tVs4H4 pXN5yieWmXRdydWRwggOu5WRNM8aC3Hf1HCc07lNlcMtzwDZCylkIT2IvjXE9V97pQ5b oboA7Wi/ykIWu5rp+hYAhYVKb0vrVdvHWTj+xwJhFYx/WOK2oP1GHVVPjYZmCfdSXlJK sQhk0bn0AnCkBEJY3r5JAsYyGCpancqmQGoFNi+2/FooJu0VgUm+ItYTvbiPxRfYvRBo N4OqPnBX8/4u3iuz/qASk9FocD07oP9m9+yrSxfKypzLYcJarZmYBhGGP1h1+Keb+Xw4 TvJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066232; x=1758671032; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WDgkQGQUryaMm+zGaxUKsUJp0YtqeKJ83wvvsePh8vI=; b=h1FDNEePvhIRcEUaIzMzYUpPUFW4Z3dWQgv+omj0G4OBcexQglijAuXPU1uI/z5ir9 ffa1ZG3kwhahYLHpzgMZq3H5dhEfMlX5+SlOMQJ8WZe4bJHZUqri1m4TAVb2hQY7MGW5 I67jV87Pvsu6Ure90/FmAGbO6VNGfK5lUdhIy0yz5JRe2dYyN4hzydU9XqSWGEAbcY/1 KR2dFF2HFbz9TqYI6R8RQHYQiZ5qEZFZU95GRy5w1pnUg/I3JCG35mPB2V6mA9+Qe4QM CjFQI8Lip4zhaoTcl/glQ/52aq0nO4WXxABmtQsT7CduJH1Yvq8B/GZwEg9ik8nCdoLL Tkag== X-Forwarded-Encrypted: i=1; AJvYcCWJyCn1Dsqd8NlpcHu2+tVpcjH2MBq1LzYSyTjKxts0Qw5gRQIfBuEygfz523k2Y2yo11N687XZsuzBY3w=@vger.kernel.org X-Gm-Message-State: AOJu0YzfApWGWwRmou3oIyXgjgIZKzGpxyFq9IIw0CjM4sTnQybBgy+a OLH+OctIhfyTydnX6SAaEuT4ywmbbiGf5+yQ7O4FqwRvaO7LrAiopmb7 X-Gm-Gg: ASbGncvgfecyq5pMldSyfZGXkbgd3nc8hy0QNWqxZNavEp/BTdt657dPHT6ii7tnubg Era8oZ5FdTJkNWtVFsCgQXDDBl1tdWSFSS/5NUfG9azhWmjndEqp78x3KtX2BSSftBnMW0bBGvt bxnhridWS8xciEMbCXFN+v316PFkgxVBPpSLInY9JFrA9XMn7Xif0uWduAmx0P1dsXUUcuG7/UT cwKrBLKSZ+cto0Lb2VplmgQM7e6e4zQrxpz8nxB0u9+XHlN/e6PCR1fP+2h6L8Pa7ySwoZYDqZq XjbjKguhhLaJfSVn7N7r9jvUDAUrqfo1y9rvOwKWnaODUfBd/wcLSAA7e1koZioiewhEHlfRNez 0oXV2ijvHkdFq77UDP2w9iwyvk4eogmdBYf9Uq1zBHQ== X-Google-Smtp-Source: AGHT+IFVbvXLxgO62dbzANopztRHZ7d+Af+r5jTnwntikynxpQfHrSD3pfyEQgBGsXER4rBG1QRrKQ== X-Received: by 2002:a17:903:120f:b0:265:604c:17e7 with SMTP id d9443c01a7336-26813dfe930mr588135ad.60.1758066232359; Tue, 16 Sep 2025 16:43:52 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:4b::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-25c3b0219f9sm169999425ad.123.2025.09.16.16.43.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:43:51 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:45 -0700 Subject: [PATCH net-next v6 1/9] vsock: a per-net vsock NS mode state Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-1-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Add the per-net vsock NS mode state. This only adds the structure for holding the mode and some of the functions for setting/getting and checking the mode, but does not integrate the functionality yet. Signed-off-by: Bobby Eshleman --- Changes in v6: - add orig_net_mode to store mode at creation time which will be used to avoid breakage when namespace changes mode during socket/VM lifespan Changes in v5: - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - change from net->vsock.ns_mode to net->vsock.mode - change vsock_net_set_mode() to vsock_net_write_mode() - vsock_net_write_mode() returns bool for write success to avoid need to use vsock_net_mode_can_set() - remove vsock_net_mode_can_set() --- MAINTAINERS | 1 + include/net/af_vsock.h | 55 +++++++++++++++++++++++++++++++++++++++++= ++++ include/net/net_namespace.h | 4 ++++ include/net/netns/vsock.h | 20 +++++++++++++++++ 4 files changed, 80 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 47bc35743f22..bc53c67e0926 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -26634,6 +26634,7 @@ L: netdev@vger.kernel.org S: Maintained F: drivers/vhost/vsock.c F: include/linux/virtio_vsock.h +F: include/net/netns/vsock.h F: include/uapi/linux/virtio_vsock.h F: net/vmw_vsock/virtio_transport.c F: net/vmw_vsock/virtio_transport_common.c diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index d40e978126e3..2857e97699de 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -10,6 +10,7 @@ =20 #include #include +#include #include #include =20 @@ -65,6 +66,7 @@ struct vsock_sock { u32 peer_shutdown; bool sent_request; bool ignore_connecting_rst; + enum vsock_net_mode orig_net_mode; =20 /* Protected by lock_sock(sk) */ u64 buffer_size; @@ -256,4 +258,57 @@ static inline bool vsock_msgzerocopy_allow(const struc= t vsock_transport *t) { return t->msgzerocopy_allow && t->msgzerocopy_allow(); } + +static inline enum vsock_net_mode vsock_net_mode(struct net *net) +{ + enum vsock_net_mode ret; + + spin_lock_bh(&net->vsock.lock); + ret =3D net->vsock.mode; + spin_unlock_bh(&net->vsock.lock); + return ret; +} + +static inline bool vsock_net_write_mode(struct net *net, u8 mode) +{ + bool ret; + + spin_lock_bh(&net->vsock.lock); + + if (net->vsock.written) { + ret =3D false; + goto skip; + } + + net->vsock.mode =3D mode; + net->vsock.written =3D true; + ret =3D true; + +skip: + spin_unlock_bh(&net->vsock.lock); + return ret; +} + +/* Return true if vsock_sock passes the mode rules for a given net and + * orig_net_mode. Otherwise, return false. + * + * net is the current net namespace of the object being checked. orig_net_= mode + * is the mode of net when the object was created. + * + * orig_net_mode is the mode of arg 'net' at the time of creation for the + * object being checked. For example, if searching for a vsock_sock then + * orig_net_mode is arg net's mode at the time the vsock_sock was created. + * + * Read more about modes in the comment header of net/vmw_vsock/af_vsock.c. + */ +static inline bool vsock_net_check_mode(struct vsock_sock *vsk, struct net= *net, + enum vsock_net_mode orig_net_mode) +{ + struct net *vsk_net =3D sock_net(sk_vsock(vsk)); + + if (net_eq(vsk_net, net)) + return true; + + return orig_net_mode =3D=3D VSOCK_NET_MODE_GLOBAL && vsk->orig_net_mode = =3D=3D VSOCK_NET_MODE_GLOBAL; +} #endif /* __AF_VSOCK_H__ */ diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 025a7574b275..005c0da4fb62 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -196,6 +197,9 @@ struct net { /* Move to a better place when the config guard is removed. */ struct mutex rtnl_mutex; #endif +#if IS_ENABLED(CONFIG_VSOCKETS) + struct netns_vsock vsock; +#endif } __randomize_layout; =20 #include diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h new file mode 100644 index 000000000000..d4593c0b8dc4 --- /dev/null +++ b/include/net/netns/vsock.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __NET_NET_NAMESPACE_VSOCK_H +#define __NET_NET_NAMESPACE_VSOCK_H + +#include + +enum vsock_net_mode { + VSOCK_NET_MODE_GLOBAL, + VSOCK_NET_MODE_LOCAL, +}; + +struct netns_vsock { + struct ctl_table_header *vsock_hdr; + spinlock_t lock; + + /* protected by lock */ + enum vsock_net_mode mode; + bool written; +}; +#endif /* __NET_NET_NAMESPACE_VSOCK_H */ --=20 2.47.3 From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BAFE42D836A for ; Tue, 16 Sep 2025 23:43:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066236; cv=none; b=ctoX+Vnca/0GKTdgUmgyLIhM0ndQz917933HwvL0ghpZc/7Aiq0PCJ69IY1o9715LLXkvSHS+3SV9d2Qi71WBZftBWSVeNi4nHqrRSeBU47tC+SgrXjOTvniMWyIkZkgsjgYXGzBnX36SBE2w3vfIZCxPpnBaKE7KbGFc/tOQdk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066236; c=relaxed/simple; bh=W8gd6XhWQ6pvri0xbAF1EAgDb4RZn2xcu5cNNgZFNfY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XsgSKt/2mNuwakJjZcjxR/yPG4zY2ViA7BvtHN4ZV81V3sdtrNvOTI7W3eGvDLdLhGgDqD8HZj/r2Nf5j8BU7XTExP0B0RfBoOfVFxvITI/xLz48iZUKNPVoMZB7L9pUahilrsgC0lG6xoPBdt/KMTIRbSkwFcQHq/BOm8SI0jQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CFDCioro; arc=none smtp.client-ip=209.85.210.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CFDCioro" Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-77786498b5fso2415226b3a.1 for ; Tue, 16 Sep 2025 16:43:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066234; x=1758671034; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=rJb7YbnroGsFtLz5T9G1lwB92kjtyMi3xE/F7vK5JjQ=; b=CFDCiorouBgrTtHADayhVGin8siFjn9RXQTl6LQ5IEBv65PSBsrOMVLddUYCO2gv6S SpSK+2+/J4Ndv8/onlVkAJtF++c+FmUGVplPAi6XwrqHTI0UpTSPuHXSkhKvmErilHUe GNTBDFCdyzSC2LR2YZojmo/DiLSAf6Q6JzIZcCqb4GZ1cOIWY1QiNPZkgFtmrm30QOCq WZlJdpiSXeX/rtB3XwG98VVVXp8NvmMtssvV5In/KCOq+lYwbPnj4WLRpt/3b2hWKjyi elDtaa4Yfh4WeSAI4grmazua+vRUqDHdJPrvbsqT4JOauddLfwkTi1cN4uqQt/fvWbPE deWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066234; x=1758671034; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rJb7YbnroGsFtLz5T9G1lwB92kjtyMi3xE/F7vK5JjQ=; b=tCVK+BgAHkQZA4rFbusc0G/UNHRIU4SOtKtfELFlBH+1NFwRcjfy1nMpUh53RkezlA Y06c4kdarzmWwQTh4YnKz6JtFmZlVxWubhT5NNnCdLEEeIYO5zbEW+DeaBh2QX5IcdhE ebHxfnAkBwQZnWtHMJoQK+v5XNU7cL2W11MZF+XV5plDxabnldOn3QS5hT1xFZTbbHXC tJ0VPI3rXC9GwpfO8PrHWzDeckISPRBw+dC96Hn8fHKwkKf9EZmAfniZlba5pEVTRYfP Rvl/MZZeLvErHj5U0vJf2dUK0lf5fiXUFb8HC6e0U+MwOWBWMZfj18sGbpvFXt7mrbIh ffxg== X-Forwarded-Encrypted: i=1; AJvYcCWVD9G7vbrnc5P1QZaYF7v7KAjLpLBhFJf4GTerxjdS3wqpL5YeX4jv9Ecc2AleAvc99+2iLIG34DjwUF4=@vger.kernel.org X-Gm-Message-State: AOJu0Yw+5lIzXVYnxcx1iB/AJ0++0wxSePmMTP2dUqky8V2yHRgEPEd/ l5eUfiLg+bmGvsIFZ5KxFrQHp8hzYag7K9+oJnKbk6iidqC7jIQJ8lQU X-Gm-Gg: ASbGncueeKc3ckwbWQMWXdm2knUqutftqOBRyb+e8F3H2WeIOpledoZYph9Kcx77idO MyBReqe1uxqHQSAjY1h4JDJxdhFLdE0vZ3jIeZpeCawSMQ7HwDFiM7SAc40GoHy8AApJHFgmomY dEAxZjZHKWSH0HjmXbQQoLR26kqUHdC03VC6piR8nbHRWgpaDqFaE8kFY45VdVJYse2HdOr1X3p X8qXg78XJBIQzm7hpCdGUtZNWj/qCQtey2t46lTqsdgu9XXequH5Co4MnCpjP4naSlxApZ/IbyY LilI3iP+49gWa38Pm5zpwZHGAQugaKT19qLJ226Yr0lzOwtt3mDAq1xKdP0k0vzj5/ugnNLm5f+ x/SyDR/+KK5iNIeNup8xo X-Google-Smtp-Source: AGHT+IF/xw2akPqfiTx346iDoeH7Z1/kqJEVjbR3GnSIaOpGaqTCjMLhCHfObu3TSyZ9Zry5A1RkkQ== X-Received: by 2002:a17:902:ec91:b0:267:b357:9450 with SMTP id d9443c01a7336-26812179838mr1096375ad.17.1758066234099; Tue, 16 Sep 2025 16:43:54 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:73::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2679423db7fsm59353765ad.70.2025.09.16.16.43.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:43:53 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:46 -0700 Subject: [PATCH net-next v6 2/9] vsock: add net to vsock skb cb Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-2-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Add a net pointer and orig_net_mode to the vsock skb and helpers for getting/setting them. This is in preparation for adding vsock NS support. Signed-off-by: Bobby Eshleman --- Changes in v5: - some diff context change due to rebase to current net-next --- include/linux/virtio_vsock.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 0c67543a45c8..ea955892488a 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -13,6 +13,8 @@ struct virtio_vsock_skb_cb { bool reply; bool tap_delivered; u32 offset; + struct net *net; + enum vsock_net_mode orig_net_mode; }; =20 #define VIRTIO_VSOCK_SKB_CB(skb) ((struct virtio_vsock_skb_cb *)((skb)->cb= )) @@ -130,6 +132,27 @@ static inline size_t virtio_vsock_skb_len(struct sk_bu= ff *skb) return (size_t)(skb_end_pointer(skb) - skb->head); } =20 +static inline struct net *virtio_vsock_skb_net(struct sk_buff *skb) +{ + return VIRTIO_VSOCK_SKB_CB(skb)->net; +} + +static inline void virtio_vsock_skb_set_net(struct sk_buff *skb, struct ne= t *net) +{ + VIRTIO_VSOCK_SKB_CB(skb)->net =3D net; +} + +static inline enum vsock_net_mode virtio_vsock_skb_orig_net_mode(struct sk= _buff *skb) +{ + return VIRTIO_VSOCK_SKB_CB(skb)->orig_net_mode; +} + +static inline void virtio_vsock_skb_set_orig_net_mode(struct sk_buff *skb, + enum vsock_net_mode orig_net_mode) +{ + VIRTIO_VSOCK_SKB_CB(skb)->orig_net_mode =3D orig_net_mode; +} + /* Dimension the RX SKB so that the entire thing fits exactly into * a single 4KiB page. This avoids wasting memory due to alloc_skb() * rounding up to the next page order and also means that we --=20 2.47.3 From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BDEE2F25F7 for ; Tue, 16 Sep 2025 23:43:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066239; cv=none; b=eTiWbr0SIxs1w/g7Pnp2DmxvkLRnklTlKDI9XFouwdVLQtD6zS+uSKkFGFGWNovoYnETV1dkzTYbMOz7/rLqvgDVi8TShBJUGCSszSQRiOlj4JzatRadXG4+A0d9RxNCvvHnyveHTA//YFrsmY9Smcsacl4hRbdx78nezK0WRgY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066239; c=relaxed/simple; bh=cCZ0k3gZPrNiKGPQFG75e6ZmTzrOXxGRT6BolLyEjaQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hrdW//7sD4fYTihThYsWvLz03Lbg35NS/scT7Vwo5PUaAO4qGgTZx+feXn7JES//3uh8pH2GAzYpbEql5jjH6I2i0zwSQLUC6bwoRgc4Gy6GEJPhNkQQH44MWFsnGb0/5xI9hvbly5FJejC7pi5VbE4o7bsawy4FxUtDzzXxT1Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WB4sfwNJ; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WB4sfwNJ" Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-772627dd50aso350569b3a.1 for ; Tue, 16 Sep 2025 16:43:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066236; x=1758671036; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Nvqg6WCyfUTNgvIlAPY+rCUqJCQezm1KPFWgjZl14m0=; b=WB4sfwNJBiv6qrF4jNseKQ7RoMYQPmJIPsKp9U9qwo03Tqy9WynfuOH37ShamD9MQc U25f7aLdcHHQBiVV0hj+KiK0r/dBjwthNCObByGaDIJXfk0AdlRXQTr5uak9RAkeQTb7 S2gs6vQSs/yP5ljPJ2cJcb0FTFJyAyMD2BJWmnQ8BLlNF2hHuKTQ1fjCj7xk3aLIZPtU ydLd1YYuX1ZyMtgAwQ0ZgQuE76RwXcP+fN9LLKql0gqPWYFT94HlOn6Oa8NaI92ns3bc o8I0/J6uvBElMM8YrThLcXrXEKYsTVydiIhbD3WDe86Y5hq9vcs/NQdou357C6tCCeSs kRjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066236; x=1758671036; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nvqg6WCyfUTNgvIlAPY+rCUqJCQezm1KPFWgjZl14m0=; b=uN1MeCCFSesNheTb78NtYVVUumfxDjvARGBp9V1SIktW0WZgxIRn6qFL/fLk6+SSgK roUVi7qMOM52pRf1OZ8x8z9JODS4e4/FJxCWs/TWTAtseaAbERRq7A7ENKZfO9k4XsNl iY9NDUDWJ4xg++TY2qqJuKK1dL1S55/7HN5k1SB/XnemBiudtU1/yeHjvZcwmHmI9sBp 6ecuzERLiXrNlhMj5ynwZgMlb+ibdt1Zp+aoB/47fbIoAOJTI3ItS1K6/AEku4w/ft+S 7e1yaC3KMrstgVgcGpAi7Yy8tkhYWHfSeGdmrcHjJ6FNliAgKGK4EtrJVcY2Hug6Ig5V nukw== X-Forwarded-Encrypted: i=1; AJvYcCWsbnnMhpf+glYgIiEY0ae4qjCstv4ALdPe1w00Rg8SfM6P0zD/lv/jPFWHAe5+qVELfgHkWZViqBK3oyU=@vger.kernel.org X-Gm-Message-State: AOJu0YxCNZ0vlvuD2q4G7HRMDxILRyPULvII8Lw9brbp9zKE1iQdG/nG LEN9ngZbemIm3OqgBQE2SgSvd7P5e0Tr3HgUMfJQXcnXJs6PfZPQ9ZpS X-Gm-Gg: ASbGncsuCtceiaNdipLQ3Ywr0rdCkrdI2b9kPSZ5L/nQfhh6JHAbil/mXCYpRedpIUC vS091zIpU+929k1wL8uvPPkIntz14IEUH/+f6udxxY12YCWNng4oU+gGqSZL6tCQooAqoXX9DyO /v8VJAutjhuFBGkcTWB40dD5YNyv9cNs7NJw0yCuZkB2eu3dr41pgpgXPzYkhDlrdRdmu+lHWCj INAzjudeYLZK4m71Oce7k8ng0VNSTAchSl+3ZEGzyObb2WLpdn62yfDMUUHUcySnO1flTbkhSOc aUPrc422qYmP/IbWZwimTdUYiZOPUeluwJ2CbOUgWtUKVawD9BLcMsX8JSzcJOkSdGdUIAd6PZP Kb/5PTZx6pN1Umq2XcAHT8QuhGQ+RVA== X-Google-Smtp-Source: AGHT+IEXGEK2G7kXyiczsAodRLU1pih71p06gfVspnbFVCz1eOF0ku+EtnGblEkgSQpDZ6Y2hFEqCg== X-Received: by 2002:a05:6a20:7d9b:b0:247:55a7:695a with SMTP id adf61e73a8af0-27a2df7cac8mr167917637.15.1758066235644; Tue, 16 Sep 2025 16:43:55 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:8::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-77607b17e23sm17370169b3a.55.2025.09.16.16.43.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:43:54 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:47 -0700 Subject: [PATCH net-next v6 3/9] vsock: add netns to vsock core Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-3-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Add netns to logic to vsock core. Additionally, modify transport hook prototypes to be used by later transport-specific patches (e.g., *_seqpacket_allow()). Namespaces are supported primarily by changing socket lookup functions (e.g., vsock_find_connected_socket()) to take into account the socket namespace and the namespace mode before considering a candidate socket a "match". Introduce a dummy namespace struct, __vsock_global_dummy_net, to be used by transports that do not support namespacing. This dummy always has mode "global" to preserve previous CID behavior. This patch also introduces the sysctl /proc/sys/net/vsock/ns_mode that accepts the "global" or "local" mode strings. The transports (besides vhost) are modified to use the global dummy. Add netns functionality (initialization, passing to transports, procfs, etc...) to the af_vsock socket layer. Later patches that add netns support to transports depend on this patch. Signed-off-by: Bobby Eshleman --- Changes in v6: - unregister sysctl ops in vsock_exit() - af_vsock: clarify description of CID behavior - af_vsock: fix buf vs buffer naming, and length checking - af_vsock: fix length checking w/ correct ctl_table->maxlen Changes in v5: - vsock_global_net() -> vsock_global_dummy_net() - update comments for new uAPI - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - add prototype changes so patch remains compilable --- drivers/vhost/vsock.c | 4 +- include/net/af_vsock.h | 15 ++- net/vmw_vsock/af_vsock.c | 219 ++++++++++++++++++++++++++++= ++-- net/vmw_vsock/hyperv_transport.c | 2 +- net/vmw_vsock/virtio_transport.c | 6 +- net/vmw_vsock/virtio_transport_common.c | 4 +- net/vmw_vsock/vmci_transport.c | 6 +- net/vmw_vsock/vsock_loopback.c | 4 +- 8 files changed, 234 insertions(+), 26 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index ae01457ea2cd..34adf0cf9124 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -404,7 +404,7 @@ static bool vhost_transport_msgzerocopy_allow(void) return true; } =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid); +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 re= mote_cid); =20 static struct virtio_transport vhost_transport =3D { .transport =3D { @@ -460,7 +460,7 @@ static struct virtio_transport vhost_transport =3D { .send_pkt =3D vhost_transport_send_pkt, }; =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid) +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 re= mote_cid) { struct vhost_vsock *vsock; bool seqpacket_allow =3D false; diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index 2857e97699de..628e35ae9d00 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -145,7 +145,7 @@ struct vsock_transport { int flags); int (*seqpacket_enqueue)(struct vsock_sock *vsk, struct msghdr *msg, size_t len); - bool (*seqpacket_allow)(u32 remote_cid); + bool (*seqpacket_allow)(struct vsock_sock *vsk, u32 remote_cid); u32 (*seqpacket_has_data)(struct vsock_sock *vsk); =20 /* Notification. */ @@ -215,9 +215,12 @@ void vsock_enqueue_accept(struct sock *listener, struc= t sock *connected); void vsock_insert_connected(struct vsock_sock *vsk); void vsock_remove_bound(struct vsock_sock *vsk); void vsock_remove_connected(struct vsock_sock *vsk); -struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr); +struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr, struct net = *net, + enum vsock_net_mode orig_net_mode); struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst); + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode orig_net_mode); void vsock_remove_sock(struct vsock_sock *vsk); void vsock_for_each_connected_socket(struct vsock_transport *transport, void (*fn)(struct sock *sk)); @@ -259,6 +262,12 @@ static inline bool vsock_msgzerocopy_allow(const struc= t vsock_transport *t) return t->msgzerocopy_allow && t->msgzerocopy_allow(); } =20 +extern struct net __vsock_global_dummy_net; +static inline struct net *vsock_global_dummy_net(void) +{ + return &__vsock_global_dummy_net; +} + static inline enum vsock_net_mode vsock_net_mode(struct net *net) { enum vsock_net_mode ret; diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 0538948d5fd9..c78aba9cd20e 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -83,6 +83,35 @@ * TCP_ESTABLISHED - connected * TCP_CLOSING - disconnecting * TCP_LISTEN - listening + * + * - Namespaces in vsock support two different modes configured + * through /proc/sys/net/vsock/ns_mode. The modes are "local" and "globa= l". + * Each mode defines how the namespace interacts with CIDs. + * /proc/sys/net/vsock/ns_mode is write-once, so that it may be configur= ed + * and locked down by a namespace manager. The default is "global". The = mode + * is set per-namespace. + * + * The modes affect the allocation and accessibility of CIDs as follows: + + * - global - access and allocation are all system-wide + * - all CID allocation from global namespaces draw from the same + * system-wide pool + * - if one global namespace has already allocated some CID, another + * global namespace will not be able to allocate the same CID + * - global mode AF_VSOCK sockets can reach any VM or socket in any g= lobal + * namespace, they are not contained to only their own namespace + * - AF_VSOCK sockets in a global mode namespace cannot reach VMs or + * sockets in any local mode namespace + * - local - access and allocation are contained within the namespace + * - CID allocation draws only from a private pool local only to the + * namespace, and does not affect the CIDs available for allocation = in any + * other namespace (global or local) + * - VMs in a local namespace do not collide with CIDs in any other lo= cal + * namespace or any global namespace. For example, if a VM in a loca= l mode + * namespace is given CID 10, then CID 10 is still available for + * allocation in any other namespace, but not in the same namespace + * - AF_VSOCK sockets in a local mode namespace can connect only to VM= s or + * other sockets within their own namespace. */ =20 #include @@ -100,6 +129,7 @@ #include #include #include +#include #include #include #include @@ -111,9 +141,14 @@ #include #include #include +#include #include #include =20 +#define VSOCK_NET_MODE_STR_GLOBAL "global" +#define VSOCK_NET_MODE_STR_LOCAL "local" +#define VSOCK_NET_MODE_STR_MAX 8 + static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr); static void vsock_sk_destruct(struct sock *sk); static int vsock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); @@ -149,6 +184,9 @@ static const struct vsock_transport *transport_dgram; static const struct vsock_transport *transport_local; static DEFINE_MUTEX(vsock_register_mutex); =20 +struct net __vsock_global_dummy_net; +EXPORT_SYMBOL_GPL(__vsock_global_dummy_net); + /**** UTILS ****/ =20 /* Each bound VSocket is stored in the bind hash table and each connected @@ -235,17 +273,21 @@ static void __vsock_remove_connected(struct vsock_soc= k *vsk) sock_put(&vsk->sk); } =20 -static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr) +static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode orig_net_mode) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_bound_sockets(addr), bound_table) { - if (vsock_addr_equals_addr(addr, &vsk->local_addr)) + if (vsock_addr_equals_addr(addr, &vsk->local_addr) && + vsock_net_check_mode(vsk, net, orig_net_mode)) return sk_vsock(vsk); =20 if (addr->svm_port =3D=3D vsk->local_addr.svm_port && (vsk->local_addr.svm_cid =3D=3D VMADDR_CID_ANY || - addr->svm_cid =3D=3D VMADDR_CID_ANY)) + addr->svm_cid =3D=3D VMADDR_CID_ANY) && + vsock_net_check_mode(vsk, net, orig_net_mode)) return sk_vsock(vsk); } =20 @@ -253,14 +295,17 @@ static struct sock *__vsock_find_bound_socket(struct = sockaddr_vm *addr) } =20 static struct sock *__vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode orig_net_mode) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_connected_sockets(src, dst), connected_table) { if (vsock_addr_equals_addr(src, &vsk->remote_addr) && - dst->svm_port =3D=3D vsk->local_addr.svm_port) { + dst->svm_port =3D=3D vsk->local_addr.svm_port && + vsock_net_check_mode(vsk, net, orig_net_mode)) { return sk_vsock(vsk); } } @@ -304,12 +349,13 @@ void vsock_remove_connected(struct vsock_sock *vsk) } EXPORT_SYMBOL_GPL(vsock_remove_connected); =20 -struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr, struct net = *net, + enum vsock_net_mode orig_net_mode) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_bound_socket(addr); + sk =3D __vsock_find_bound_socket(addr, net, orig_net_mode); if (sk) sock_hold(sk); =20 @@ -320,12 +366,14 @@ struct sock *vsock_find_bound_socket(struct sockaddr_= vm *addr) EXPORT_SYMBOL_GPL(vsock_find_bound_socket); =20 struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode orig_net_mode) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_connected_socket(src, dst); + sk =3D __vsock_find_connected_socket(src, dst, net, orig_net_mode); if (sk) sock_hold(sk); =20 @@ -528,7 +576,7 @@ int vsock_assign_transport(struct vsock_sock *vsk, stru= ct vsock_sock *psk) =20 if (sk->sk_type =3D=3D SOCK_SEQPACKET) { if (!new_transport->seqpacket_allow || - !new_transport->seqpacket_allow(remote_cid)) { + !new_transport->seqpacket_allow(vsk, remote_cid)) { module_put(new_transport->module); return -ESOCKTNOSUPPORT; } @@ -676,6 +724,7 @@ static void vsock_pending_work(struct work_struct *work) static int __vsock_bind_connectible(struct vsock_sock *vsk, struct sockaddr_vm *addr) { + struct net *net =3D sock_net(sk_vsock(vsk)); static u32 port; struct sockaddr_vm new_addr; =20 @@ -695,7 +744,8 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, =20 new_addr.svm_port =3D port++; =20 - if (!__vsock_find_bound_socket(&new_addr)) { + if (!__vsock_find_bound_socket(&new_addr, net, + vsk->orig_net_mode)) { found =3D true; break; } @@ -712,7 +762,8 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, return -EACCES; } =20 - if (__vsock_find_bound_socket(&new_addr)) + if (__vsock_find_bound_socket(&new_addr, net, + vsk->orig_net_mode)) return -EADDRINUSE; } =20 @@ -2552,6 +2603,7 @@ static int vsock_create(struct net *net, struct socke= t *sock, return -ENOMEM; =20 vsk =3D vsock_sk(sk); + vsk->orig_net_mode =3D vsock_net_mode(net); =20 if (sock->type =3D=3D SOCK_DGRAM) { ret =3D vsock_assign_transport(vsk, NULL); @@ -2636,6 +2688,139 @@ static struct miscdevice vsock_device =3D { .fops =3D &vsock_device_ops, }; =20 +static int vsock_net_mode_string(const struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + char data[VSOCK_NET_MODE_STR_MAX] =3D {0}; + enum vsock_net_mode mode; + struct ctl_table tmp; + struct net *net; + int ret; + + if (!table->data || !table->maxlen || !*lenp) { + *lenp =3D 0; + return 0; + } + + net =3D current->nsproxy->net_ns; + tmp =3D *table; + tmp.data =3D data; + + if (!write) { + const char *p; + + mode =3D vsock_net_mode(net); + + if (mode =3D=3D VSOCK_NET_MODE_GLOBAL) { + p =3D VSOCK_NET_MODE_STR_GLOBAL; + } else if (mode =3D=3D VSOCK_NET_MODE_LOCAL) { + p =3D VSOCK_NET_MODE_STR_LOCAL; + } else { + WARN_ONCE(true, "netns has invalid vsock mode"); + *lenp =3D 0; + return 0; + } + + strscpy(data, p, sizeof(data)); + tmp.maxlen =3D strlen(p); + } + + ret =3D proc_dostring(&tmp, write, buffer, lenp, ppos); + if (ret) + return ret; + + if (write) { + if (*lenp >=3D sizeof(data)) + return -EINVAL; + + if (!strncmp(data, VSOCK_NET_MODE_STR_GLOBAL, sizeof(data))) + mode =3D VSOCK_NET_MODE_GLOBAL; + else if (!strncmp(data, VSOCK_NET_MODE_STR_LOCAL, sizeof(data))) + mode =3D VSOCK_NET_MODE_LOCAL; + else + return -EINVAL; + + if (!vsock_net_write_mode(net, mode)) + return -EPERM; + } + + return 0; +} + +static struct ctl_table vsock_table[] =3D { + { + .procname =3D "ns_mode", + .data =3D &init_net.vsock.mode, + .maxlen =3D VSOCK_NET_MODE_STR_MAX, + .mode =3D 0644, + .proc_handler =3D vsock_net_mode_string + }, +}; + +static int __net_init vsock_sysctl_register(struct net *net) +{ + struct ctl_table *table; + + if (net_eq(net, &init_net)) { + table =3D vsock_table; + } else { + table =3D kmemdup(vsock_table, sizeof(vsock_table), GFP_KERNEL); + if (!table) + goto err_alloc; + + table[0].data =3D &net->vsock.mode; + } + + net->vsock.vsock_hdr =3D register_net_sysctl_sz(net, "net/vsock", table, + ARRAY_SIZE(vsock_table)); + if (!net->vsock.vsock_hdr) + goto err_reg; + + return 0; + +err_reg: + if (!net_eq(net, &init_net)) + kfree(table); +err_alloc: + return -ENOMEM; +} + +static void vsock_sysctl_unregister(struct net *net) +{ + const struct ctl_table *table; + + table =3D net->vsock.vsock_hdr->ctl_table_arg; + unregister_net_sysctl_table(net->vsock.vsock_hdr); + if (!net_eq(net, &init_net)) + kfree(table); +} + +static void vsock_net_init(struct net *net) +{ + spin_lock_init(&net->vsock.lock); + net->vsock.mode =3D VSOCK_NET_MODE_GLOBAL; +} + +static __net_init int vsock_sysctl_init_net(struct net *net) +{ + vsock_net_init(net); + + if (vsock_sysctl_register(net)) + return -ENOMEM; + + return 0; +} + +static __net_exit void vsock_sysctl_exit_net(struct net *net) +{ + vsock_sysctl_unregister(net); +} + +static struct pernet_operations vsock_sysctl_ops __net_initdata =3D { + .init =3D vsock_sysctl_init_net, + .exit =3D vsock_sysctl_exit_net, +}; + static int __init vsock_init(void) { int err =3D 0; @@ -2663,10 +2848,19 @@ static int __init vsock_init(void) goto err_unregister_proto; } =20 + if (register_pernet_subsys(&vsock_sysctl_ops)) { + err =3D -ENOMEM; + goto err_unregister_sock; + } + + vsock_net_init(&init_net); + vsock_net_init(vsock_global_dummy_net()); vsock_bpf_build_proto(); =20 return 0; =20 +err_unregister_sock: + sock_unregister(AF_VSOCK); err_unregister_proto: proto_unregister(&vsock_proto); err_deregister_misc: @@ -2680,6 +2874,7 @@ static void __exit vsock_exit(void) misc_deregister(&vsock_device); sock_unregister(AF_VSOCK); proto_unregister(&vsock_proto); + unregister_pernet_subsys(&vsock_sysctl_ops); } =20 const struct vsock_transport *vsock_core_get_transport(struct vsock_sock *= vsk) diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transp= ort.c index 432fcbbd14d4..79bc55eeecb3 100644 --- a/net/vmw_vsock/hyperv_transport.c +++ b/net/vmw_vsock/hyperv_transport.c @@ -313,7 +313,7 @@ static void hvs_open_connection(struct vmbus_channel *c= han) return; =20 hvs_addr_init(&addr, conn_from_host ? if_type : if_instance); - sk =3D vsock_find_bound_socket(&addr); + sk =3D vsock_find_bound_socket(&addr, vsock_global_dummy_net()); if (!sk) return; =20 diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index b6569b0ca2bb..4626ba0428ef 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -536,7 +536,7 @@ static bool virtio_transport_msgzerocopy_allow(void) return true; } =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid); +static bool virtio_transport_seqpacket_allow(struct vsock_sock *vsk, u32 r= emote_cid); =20 static struct virtio_transport virtio_transport =3D { .transport =3D { @@ -593,7 +593,7 @@ static struct virtio_transport virtio_transport =3D { .can_msgzerocopy =3D virtio_transport_can_msgzerocopy, }; =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid) +static bool virtio_transport_seqpacket_allow(struct vsock_sock *vsk, u32 r= emote_cid) { struct virtio_vsock *vsock; bool seqpacket_allow; @@ -659,6 +659,8 @@ static void virtio_transport_rx_work(struct work_struct= *work) if (payload_len) virtio_vsock_skb_put(skb, payload_len); =20 + virtio_vsock_skb_set_net(skb, vsock_global_dummy_net()); + virtio_vsock_skb_set_orig_net_mode(skb, VSOCK_NET_MODE_GLOBAL); virtio_transport_deliver_tap_pkt(skb); virtio_transport_recv_pkt(&virtio_transport, skb); } diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index dcc8a1d5851e..1a9129e33d51 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1606,9 +1606,9 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, /* The socket must be in connected or bound table * otherwise send reset back */ - sk =3D vsock_find_connected_socket(&src, &dst); + sk =3D vsock_find_connected_socket(&src, &dst, vsock_global_dummy_net()); if (!sk) { - sk =3D vsock_find_bound_socket(&dst); + sk =3D vsock_find_bound_socket(&dst, vsock_global_dummy_net()); if (!sk) { (void)virtio_transport_reset_no_sock(t, skb); goto free_pkt; diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c index 7eccd6708d66..aa0cd2efe561 100644 --- a/net/vmw_vsock/vmci_transport.c +++ b/net/vmw_vsock/vmci_transport.c @@ -703,9 +703,11 @@ static int vmci_transport_recv_stream_cb(void *data, s= truct vmci_datagram *dg) vsock_addr_init(&src, pkt->dg.src.context, pkt->src_port); vsock_addr_init(&dst, pkt->dg.dst.context, pkt->dst_port); =20 - sk =3D vsock_find_connected_socket(&src, &dst); + sk =3D vsock_find_connected_socket(&src, &dst, vsock_global_dummy_net(), + VSOCK_NET_MODE_GLOBAL); if (!sk) { - sk =3D vsock_find_bound_socket(&dst); + sk =3D vsock_find_bound_socket(&dst, vsock_global_dummy_net(), + VSOCK_NET_MODE_GLOBAL); if (!sk) { /* We could not find a socket for this specified * address. If this packet is a RST, we just drop it. diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index 6e78927a598e..1b2fab73e0d0 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -46,7 +46,7 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *v= sk) return 0; } =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid); +static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 rem= ote_cid); static bool vsock_loopback_msgzerocopy_allow(void) { return true; @@ -106,7 +106,7 @@ static struct virtio_transport loopback_transport =3D { .send_pkt =3D vsock_loopback_send_pkt, }; =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid) +static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 rem= ote_cid) { return true; } --=20 2.47.3 From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AD4B2F39B3 for ; Tue, 16 Sep 2025 23:43:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066240; cv=none; b=G7Idxp0m5pWxCJ+00mUnJ2wcLke9rbGMT3Xouyd3y8jTMa747UI0CVtSHOm+AodSJW1buniXs7xmC8JOw/FnyIMRxWkdVeSnP0addj251+EMvl+LA+nNjAlSnHGAI7tR//CB/zb2Tlx7rEjSRaOmAFG7Xa8wDwI46/hJJo8oqJM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066240; c=relaxed/simple; bh=9Wny9EveYUKuOodiYR//AaIkSgCmI3lCDOCST2vOIoM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=bRSMc4ToKhD6gt8NIMgjSRtw6ln5ORIq8UYIAJLmmoACV4Fq4o3IQziqUnA+7k11VMYziJwdFLpwtH8aQdfaY4Z9yi2phITMRyGnEUvTphGdJ/XjNlHJz5S2WJ6rn+cNESsfXaT6gt1Yu6mHUxNiSTTPXMIrBQ/vDZF9ufpvqNo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gLNy5qKi; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gLNy5qKi" Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-267fac63459so5079575ad.1 for ; Tue, 16 Sep 2025 16:43:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066237; x=1758671037; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=xznpXjSPg14L8u6GPVNf9rVdoH0mv1cEtj7GXHqOaxM=; b=gLNy5qKixvDygboO/M8qQ0zHZJAdHwwntcYJdmg4aCnb5nu30Vph6f7mKvTeU6wdux BVCfrKfVZlZQNvIRFZ9aldxDb4EJztv8yKRT3skDroj4APXMI2Dp+tHLuGUdD1HdWqQA PXhGOasafU3Y5uCQEWknro263trHXduupzfLpg/OBD/5O3sSwipnfUIJYB2FD35sY6kp SUyez05tf7vY6jbq2f2vKQ6iPKhHHmRoEdoLOx1Z8JTfuhvzYVtySk9x2XdXsQU0XOYU LhVQbRUH+dkwF+Mp6hJ6eB8pjA9UHkEPz1nOT+8rJtu93+IK7bzU1uV7yH7kpkoGDPJy BO4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066237; x=1758671037; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xznpXjSPg14L8u6GPVNf9rVdoH0mv1cEtj7GXHqOaxM=; b=U6rVS9eygx6gYgFk2AXDgF2+vBiiAsakZUx8NYy/+xPepL1PEpSpzxn9g+dJ8+Gl4o xhXPMxRfzP3E8aQf3s4/BBmczIn1MCwE+J3dAC1KCdtX+Jfl7eljuSnNP+znvRHiQzh/ fUqxL0DGVF8cNOjT/gfod8GJhphb7A7mwAumh8DtLx4xbrvwEOE5er+CZ6LARL06f4WW isy2Vlidao3Y80hgOUA+7kyZlpELxq7MAVhKZCR1boIu2bif906ynHU+NodxoZwgzJsj P0lhZ/nQrv4IVEW9honQgkPtxZq0EDZoOHvDLZnSzmd8cRK3IX8V5a1s2ZEHuRSEQr4b eJsQ== X-Forwarded-Encrypted: i=1; AJvYcCXEuZv00ZrD4ueDmk1AOeHyA8jKo+qCFJeL+hV7+6g5S21xQjpgADotv39d5MHSBGEJgr086qsQXpV2f2A=@vger.kernel.org X-Gm-Message-State: AOJu0YxEc2q+vtxDjH7oKlc2VfQGpSkRafAYOb95/4iH1k7DO/Bk3tv3 R0RZ6SKv9A2tZxRF2a8JvnegtN0Q5XLJCwc0h//BMQbPsM63DKJ0sSIL X-Gm-Gg: ASbGncuAQayvVVyBhy1gz20GHOO6MF0K7LV/B+5FLYEgJdx2JJFtEn0EWQQe1A5559l Yi+0z+gtld5LgK0Q9scj8XzgASq3L+JC5afGGQztJtQzWaVsZ1Mdqi2T5Gqyjv3Smkc6YYHBcC7 jikwqPld7+dtLSHuA02KcrFmYYdctzdCDTTmPM5pQuD4qZT262h4gFbUlqtMVeIU5shIZzf4Nv4 udPjHfLOfsVPNA71b9lsWETc51HW3IIW7zP/RkUUbXdGuhnUJErsFRBuTipPzDotCIAScfFPD+a uelMqQOBh54JbR72PfSuCEhLaMU7/IB6wlo3UzAUETmhZQuEDZ2nwTekz5ybvTLiw8qJ02+vyiq 5V2ad251V+N5Bdo+HlAZtwNtE/1cNtwA= X-Google-Smtp-Source: AGHT+IGgEOkn91Dg5X4PgnpAYAK6sltdoKTmbUSmUOQXkvL2vD/GIGzT/HGBTqnu8s5A/IqxmQFqpw== X-Received: by 2002:a17:902:e84f:b0:264:f3ed:ee2c with SMTP id d9443c01a7336-268119b2af4mr1220725ad.12.1758066237368; Tue, 16 Sep 2025 16:43:57 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:71::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-267f4d286aesm14613895ad.63.2025.09.16.16.43.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:43:56 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:48 -0700 Subject: [PATCH net-next v6 4/9] vsock/loopback: add netns support Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-4-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Add NS support to vsock loopback. Sockets in a global mode netns communicate with each other, regardless of namespace. Sockets in a local mode netns may only communicate with other sockets within the same namespace. Use pernet_ops to install a vsock_loopback for every namespace that is created (to be used if local mode is enabled). Retroactively call init/exit on every namespace when the vsock_loopback module is loaded in order to initialize the per-ns device. Signed-off-by: Bobby Eshleman --- Changes in v6: - init pernet ops for vsock_loopback module - vsock_loopback: add space in struct to clarify lock protection - do proper cleanup/unregister on vsock_loopback_exit() - vsock_loopback: use virtio_vsock_skb_net() Changes in v5: - add callbacks code to avoid reverse dependency - add logic for handling vsock_loopback setup for already existing namespaces --- include/net/af_vsock.h | 1 + include/net/netns/vsock.h | 6 +++ net/vmw_vsock/vsock_loopback.c | 98 ++++++++++++++++++++++++++++++++++++++= ---- 3 files changed, 97 insertions(+), 8 deletions(-) diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index 628e35ae9d00..5180b7dbb6d6 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -320,4 +320,5 @@ static inline bool vsock_net_check_mode(struct vsock_so= ck *vsk, struct net *net, =20 return orig_net_mode =3D=3D VSOCK_NET_MODE_GLOBAL && vsk->orig_net_mode = =3D=3D VSOCK_NET_MODE_GLOBAL; } + #endif /* __AF_VSOCK_H__ */ diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h index d4593c0b8dc4..a32d546793a2 100644 --- a/include/net/netns/vsock.h +++ b/include/net/netns/vsock.h @@ -9,6 +9,8 @@ enum vsock_net_mode { VSOCK_NET_MODE_LOCAL, }; =20 +struct vsock_loopback; + struct netns_vsock { struct ctl_table_header *vsock_hdr; spinlock_t lock; @@ -16,5 +18,9 @@ struct netns_vsock { /* protected by lock */ enum vsock_net_mode mode; bool written; + +#if IS_ENABLED(CONFIG_VSOCKETS_LOOPBACK) + struct vsock_loopback *loopback; +#endif }; #endif /* __NET_NET_NAMESPACE_VSOCK_H */ diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index 1b2fab73e0d0..134e0619de07 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -28,8 +28,16 @@ static u32 vsock_loopback_get_local_cid(void) =20 static int vsock_loopback_send_pkt(struct sk_buff *skb) { - struct vsock_loopback *vsock =3D &the_vsock_loopback; + struct vsock_loopback *vsock; int len =3D skb->len; + struct net *net; + + net =3D virtio_vsock_skb_net(skb); + + if (net && net->vsock.mode =3D=3D VSOCK_NET_MODE_LOCAL) + vsock =3D net->vsock.loopback; + else + vsock =3D &the_vsock_loopback; =20 virtio_vsock_skb_queue_tail(&vsock->pkt_queue, skb); queue_work(vsock->workqueue, &vsock->pkt_work); @@ -134,27 +142,99 @@ static void vsock_loopback_work(struct work_struct *w= ork) } } =20 -static int __init vsock_loopback_init(void) +static int vsock_loopback_init_vsock(struct vsock_loopback *vsock) { - struct vsock_loopback *vsock =3D &the_vsock_loopback; - int ret; - vsock->workqueue =3D alloc_workqueue("vsock-loopback", 0, 0); if (!vsock->workqueue) return -ENOMEM; =20 skb_queue_head_init(&vsock->pkt_queue); INIT_WORK(&vsock->pkt_work, vsock_loopback_work); + return 0; +} + +static void vsock_loopback_deinit_vsock(struct vsock_loopback *vsock) +{ + if (vsock->workqueue) + destroy_workqueue(vsock->workqueue); +} + +static int vsock_loopback_init_net(struct net *net) +{ + if (WARN_ON_ONCE(net->vsock.loopback)) + return 0; + + net->vsock.loopback =3D kmalloc(sizeof(*net->vsock.loopback), GFP_KERNEL); + if (!net->vsock.loopback) + return -ENOMEM; + + return vsock_loopback_init_vsock(net->vsock.loopback); +} + +static void vsock_loopback_exit_net(struct net *net) +{ + if (net->vsock.loopback) { + vsock_loopback_deinit_vsock(net->vsock.loopback); + kfree(net->vsock.loopback); + net->vsock.loopback =3D NULL; + } +} + +static void vsock_loopback_deinit_all(void) +{ + struct net *net; + + down_read(&net_rwsem); + for_each_net(net) + vsock_loopback_exit_net(net); + up_read(&net_rwsem); +} + +static struct pernet_operations vsock_loopback_net_ops =3D { + .init =3D vsock_loopback_init_net, + .exit =3D vsock_loopback_exit_net, +}; + +static int __init vsock_loopback_init(void) +{ + struct vsock_loopback *vsock =3D &the_vsock_loopback; + struct net *net; + int ret; + + ret =3D vsock_loopback_init_vsock(vsock); + if (ret < 0) + return ret; + + ret =3D register_pernet_subsys(&vsock_loopback_net_ops); + if (ret < 0) + goto out_deinit_vsock; + + /* call callbacks on any net previously created */ + down_read(&net_rwsem); + for_each_net(net) { + ret =3D vsock_loopback_init_net(net); + if (ret < 0) + break; + } + up_read(&net_rwsem); + + /* undo any initializations that succeeded */ + if (ret < 0) + goto out_deinit_pernet_vsock; =20 ret =3D vsock_core_register(&loopback_transport.transport, VSOCK_TRANSPORT_F_LOCAL); if (ret) - goto out_wq; + goto out_deinit_pernet_vsock; + =20 return 0; =20 -out_wq: - destroy_workqueue(vsock->workqueue); +out_deinit_pernet_vsock: + vsock_loopback_deinit_all(); + unregister_pernet_subsys(&vsock_loopback_net_ops); +out_deinit_vsock: + vsock_loopback_deinit_vsock(vsock); return ret; } =20 @@ -164,6 +244,8 @@ static void __exit vsock_loopback_exit(void) =20 vsock_core_unregister(&loopback_transport.transport); =20 + vsock_loopback_deinit_all(); + flush_work(&vsock->pkt_work); =20 virtio_vsock_skb_queue_purge(&vsock->pkt_queue); --=20 2.47.3 From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB1022F3C21 for ; Tue, 16 Sep 2025 23:43:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066241; cv=none; b=KBQP0kMnq+2Tq2tWkxFVUJLyrwBMwfQ3Br6a4HKClCBcDh2DiO3HhG7/L6N6YKYIfh/bcB2ZuR1ya54y1X32L1GK/O7FsAj5VGcQIGu5POH52s+J/WX1LfrH7mLsnhZOPXC59xhfZVXVGxXXYWyLykuNdsChNU5ursP1NNHKgbY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066241; c=relaxed/simple; bh=EH9ooYSziv5KhjIFRNdY5bYLFFDgOaXRzl70F+kjAYk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Pvt0qxXgWD66h/5zWfo+TaJqCxa3MgaS2Ml17YWVid60akVnF7BCLlus6/d97x54V2vu8jBCVeGajJP6kpXWnw4cU50W0ZvDca7tkjBX6XqzJHba/vIw6h3CJrmH2GOEMHIUpHQyg351oArtKJZgWuSXoj6XbcQmTMqG57WEdlw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RsIvOElp; arc=none smtp.client-ip=209.85.210.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RsIvOElp" Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-7704f3c46ceso5338948b3a.2 for ; Tue, 16 Sep 2025 16:43:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066239; x=1758671039; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=GVUMTjnbN6eX5riUEyr4WxlmQzTb3YpJ8a1+nr7efDY=; b=RsIvOElp2Gw0bwnNvVCtO5RYXXLSqQXv3+1QCCFE3o58NRCVGzRS05scwKA/bVW18V MMuJGgsHHsRfb8GK8Ba0OlbG3BrV5hgX9ahv5ObNLaOodKLMY6iv9lEJml+SbmNSrmim JMvXvWvS0XQY2GkZ+LC/oRTBfmTnn2s2KTDS2nZdojgBQHzNSnHHnOZ1xRycoLcXlUs7 k77RA0CQwh3GE4BvuBM85XOGZflm4nK3+YzjmdHZFmn9KvYh7seKBJVX5ucBi6e60Tm5 cZLtikKT0x0UbfrCaQ1DzrQgDMTwHMz3dtd0nXFrPwZxcOk+VpbGTToV/iN4KzX46Q7f LY/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066239; x=1758671039; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GVUMTjnbN6eX5riUEyr4WxlmQzTb3YpJ8a1+nr7efDY=; b=j1ZoE2CI4MmR2Ds/jM/4yK98t45afaqx7cYcafsuLhcQbwAfzQZ74SCM95+Q5/ElEo Lpan4u2zVC32YSCz3HdzjFmPMh+2he7J0VYr00OHwQihz62WOqkYBZn3LckfdinCFxT3 GnbA2iFZ9cWC2YUIoFzTm8KJqx1/V/NKhf4TeTc1dj4DJGsaxfURTIwQupnmnNztKx+m 19Qv8C0CjFiRuG8EOhZMKj9DC141eBhiS8NC5jbsE9a+/IErw7zkjqTSBK8a9Bg99bsS JuhnXAGr7WbOWZXKi1nNTM7EypWLJU2YxeB9NrGbYSWq9m2WYXxvX9tOzaOtfTXLsk/C dUlQ== X-Forwarded-Encrypted: i=1; AJvYcCW7LCFn4izH+xmUht+xNwY3ZkNZxwwD6tLJ1tkftyN7XdzorlSVM/fxayuoTw8/JF9xXTCkc0hubNbHWtI=@vger.kernel.org X-Gm-Message-State: AOJu0YxEp3WMZNoT3WWmX12vUnliF/gCy4D//xjmg1dUu52rj1DzzgpP 6l9jmP6PUU6D4/7ETX8uctwteeLpmmivX1w8atuTd4AWpbNJwldoJRej X-Gm-Gg: ASbGncsKLXbl3vcdcdcA4CKlPpL5VY/XcIbzRFeLUTro+R4msf3ZOpJpj4cRPj1U1R5 bScKx6riMubXlG0kMMQuFFtNpHDtOgPh7j04TzSHSZ7YyZCF5+q5ed8qxcqKjdOJYJOa2tWbQ7q DBPLp/7qSCZ2ALnneYcATv2gUa985uxgOTWKhtStVtlS+KGe2zsSypcuQo5NYLajs4bTLjdt8OU Ql8UPW92UhmbI6tl9BlxmJbOawfiqoYZygC0H5w4mvEUHafmmuReavTDSZvchf9x9IZ2r+9PArm 1ZSU9ZDNmca0kCQ82kCzXHwcHA3vNgRAfHirVR0/E/i1DpjG0xNahuPuqkvzZ6aZddlBbu/DjeK redxt6wnOvFFO+Z8umi/kKXpkkITTlxbMb+QpdRqGUw== X-Google-Smtp-Source: AGHT+IHh73YIhkH04jOcSNkz8qf8UKgUb5SUQdLJktTvor8RNRMCdjI+LaMxqb5RVFwojQ7SBvQpvw== X-Received: by 2002:a05:6a00:3e1a:b0:772:260f:d7b1 with SMTP id d2e1a72fcca58-77bf8c7796emr66050b3a.16.1758066239010; Tue, 16 Sep 2025 16:43:59 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:48::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-776210c4a5bsm11338744b3a.47.2025.09.16.16.43.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:43:58 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:49 -0700 Subject: [PATCH net-next v6 5/9] vsock/virtio: add netns to virtio transport common Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-5-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Add support to the virtio-vsock common code for passing around net namespace pointers (tx and rx). The series still requires vhost/virtio transport support to be added by future patches. Signed-off-by: Bobby Eshleman --- include/linux/virtio_vsock.h | 1 + net/vmw_vsock/virtio_transport_common.c | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index ea955892488a..165157580cb8 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -196,6 +196,7 @@ struct virtio_vsock_pkt_info { u32 remote_cid, remote_port; struct vsock_sock *vsk; struct msghdr *msg; + struct net *net; u32 pkt_len; u16 type; u16 op; diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index 1a9129e33d51..8a08a5103e7c 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -316,6 +316,11 @@ static struct sk_buff *virtio_transport_alloc_skb(stru= ct virtio_vsock_pkt_info * info->flags, zcopy); =20 + virtio_vsock_skb_set_net(skb, info->net); + + if (vsk) + virtio_vsock_skb_set_orig_net_mode(skb, vsk->orig_net_mode); + return skb; out: kfree_skb(skb); @@ -527,6 +532,7 @@ static int virtio_transport_send_credit_update(struct v= sock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_CREDIT_UPDATE, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1067,6 +1073,7 @@ int virtio_transport_connect(struct vsock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_REQUEST, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1082,6 +1089,7 @@ int virtio_transport_shutdown(struct vsock_sock *vsk,= int mode) (mode & SEND_SHUTDOWN ? VIRTIO_VSOCK_SHUTDOWN_SEND : 0), .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1108,6 +1116,7 @@ virtio_transport_stream_enqueue(struct vsock_sock *vs= k, .msg =3D msg, .pkt_len =3D len, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1145,6 +1154,7 @@ static int virtio_transport_reset(struct vsock_sock *= vsk, .op =3D VIRTIO_VSOCK_OP_RST, .reply =3D !!skb, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 /* Send RST only if the original pkt is not a RST pkt */ @@ -1165,6 +1175,7 @@ static int virtio_transport_reset_no_sock(const struc= t virtio_transport *t, .op =3D VIRTIO_VSOCK_OP_RST, .type =3D le16_to_cpu(hdr->type), .reply =3D true, + .net =3D virtio_vsock_skb_net(skb), }; struct sk_buff *reply; =20 @@ -1465,6 +1476,7 @@ virtio_transport_send_response(struct vsock_sock *vsk, .remote_port =3D le32_to_cpu(hdr->src_port), .reply =3D true, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1578,7 +1590,9 @@ static bool virtio_transport_valid_type(u16 type) void virtio_transport_recv_pkt(struct virtio_transport *t, struct sk_buff *skb) { + enum vsock_net_mode orig_net_mode =3D virtio_vsock_skb_orig_net_mode(skb); struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); + struct net *net =3D virtio_vsock_skb_net(skb); struct sockaddr_vm src, dst; struct vsock_sock *vsk; struct sock *sk; @@ -1606,9 +1620,9 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, /* The socket must be in connected or bound table * otherwise send reset back */ - sk =3D vsock_find_connected_socket(&src, &dst, vsock_global_dummy_net()); + sk =3D vsock_find_connected_socket(&src, &dst, net, orig_net_mode); if (!sk) { - sk =3D vsock_find_bound_socket(&dst, vsock_global_dummy_net()); + sk =3D vsock_find_bound_socket(&dst, net, orig_net_mode); if (!sk) { (void)virtio_transport_reset_no_sock(t, skb); goto free_pkt; --=20 2.47.3 From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54B392F39C1 for ; Tue, 16 Sep 2025 23:44:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066243; cv=none; b=S+AoFyB06WBBXSGELW+zl0tdTGJ+uI836461OslFyJe4jlr6rwVjx2lGvMCXPmlbvVIha7rs/ksU/C3wUjkZQ04CmYlLvGAFfomVHuvzMz7Ei982cF717aeOjkVSjYnTGfs0o4/24qNeUFn5cUHylI1yKLysZ7Ul2jaDo7yyCew= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066243; c=relaxed/simple; bh=XsnkMyQoiDjSyscFIjDdskWFvtSk6gaKUIKj/7lSCm4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=PGcywAjk/nGd+hwWxROCEMdEf8fRRrWvWehfnon1i0U2SkY5xPi2aNXej4DYcaJI7nR9tZ94wQD8ZlsbdGBd1xOxFjUA12a34wevsNgw3VoI+QdAew5mMKpRjHOoSdFSSDBuvJEFfc13NYBCBcxusXXix3QHbLuHwDgPpkqlOZ0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YGHr+K6C; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YGHr+K6C" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-b54dd647edcso1474871a12.1 for ; Tue, 16 Sep 2025 16:44:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066241; x=1758671041; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=GbdwKehIoIHRtRqLAxQ+WKxaFmFQHmQ2pBun1Ap9hJU=; b=YGHr+K6CngRyT4HyIMqT9bKIf+qM7VFqGbFy0rdQ7YpECOCz7YcGtpc4+eReHNPf/N ebIx/XgP47NnwP3UakNk9KYGaFqE6VyaTDF0dkUrDic6SSoBn+UsOLn0swQ5AxUAXNVf Zi9oY8ysf4HeKzfmVOnfoalLY00LdoT6Ql4O2t8nhbsO1OJc24eg0N7KQWo3gr3/UIQd qIR4owAJVF0+MHROycaIwxqOeD1ueB/E1ToxWDzVLt6FMs7abNstkkW6M5fAyJvilQiF WeEDxRVu+81gLuQEwDJymIaxhyTYO8zZuD1mfkUOgnozcFOqL5PffLla3n4MWCHbzb+1 RGZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066241; x=1758671041; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GbdwKehIoIHRtRqLAxQ+WKxaFmFQHmQ2pBun1Ap9hJU=; b=U2gmI1Au0QB175GhJMHcaFIBy2VW5jk88LJst7tmp25aYFbiWNlfrmz3+Vn48uAzbn zc+ndlaizrSyRBSFu9CzeKaBYthauep+fJ704Y7bpArI2A842hVIlw5HngM1ULqJzeWW hILoonHzk/7dAwz0ZlFwSPDWmjckFCa9x6C+Xt5kLRCcxQwqhDJfLAyOmFnGVbSExOxc P9rK61fAxMaTsI4phSvihW/L3UtRsZBKbPRd9JX22uHx6WNTwGV3pO1/ntLNweLW5jrN ZGMEsVbKpZH1pf4SQRs3yHXKIGJqwHgEwyoh73aMEQHpVrmWuDsP2DW+yLF3IxMCfbrG 1ptQ== X-Forwarded-Encrypted: i=1; AJvYcCUWrDuFs3zPTwuuUzexZoXwgSQA6SgT3eZJdOWr9jRIU5t6z7qVy0SN/8veL7axGxAihnOusV+41BGho7A=@vger.kernel.org X-Gm-Message-State: AOJu0YxK+yZZHPGXu7l9r21f1mQbjAkI4gWUIZnyifqe1C8e0rkKSe3i XRozG1+0Opw7kY+ZqplSt9/GGmtvGIButomr9qUXDgruGiWYqpOD4Fqx X-Gm-Gg: ASbGncua8yXo/c2C46jhPC5O//nLaSsZChHHmUgiF6WCxonMJJizDJWitMMWKaHfnZ0 FUXf+T8LB8dg1ZQ9tnRADzeNXIqZIHYTEx0PfP1/rNa/Y/CApiKRzVXSl6D1cIbduZ5ESeO13At JHYZ6+85LWTZPCmt5OaW7DU+X/ZSkM4DiRLaeVoZ5vZ08fUDZFiCdfcPheBH0fO19BSfy2GBnbT y4yXZmaMY591HwAMp8z/8lOrwJxFnLjvdtsBbMRiTpt9vI82nSfyw5CdXy4Dyqog66tggB8KSkg VQNvNHaYR8C1WjHIg3+sZOOeS1SyjeCjW1HmrpxAFl3fNZ8izY9EV4TaZwa7mLYmUKpSe6Y0Rmi j/t1GPG3vswPjIjropFG2UeONWwDDFDM= X-Google-Smtp-Source: AGHT+IF/pyzswxNFNkRKTib2UDHppVdNz86fZjJPyjOG7e1TjRL6qmhbxP/zP+ozSDEbzUE6jX7HZg== X-Received: by 2002:a17:902:ecce:b0:24c:7bc6:7ac7 with SMTP id d9443c01a7336-2681217e503mr1123395ad.18.1758066240548; Tue, 16 Sep 2025 16:44:00 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:72::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2679423db74sm59204955ad.77.2025.09.16.16.43.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:43:59 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:50 -0700 Subject: [PATCH net-next v6 6/9] vhost/vsock: add netns support Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-6-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Add the ability to isolate vsock flows using namespaces. The VM, via the vhost_vsock struct, inherits its namespace from the process that opens the vhost-vsock device. vhost_vsock lookup functions are modified to take into account the mode (e.g., if CIDs are matching but modes don't align, then return NULL). vhost_vsock now acquires a reference to the namespace. Signed-off-by: Bobby Eshleman --- Changes in v5: - respect pid namespaces when assigning namespace to vhost_vsock --- drivers/vhost/vsock.c | 74 +++++++++++++++++++++++++++++++++++++++++++++--= ---- 1 file changed, 66 insertions(+), 8 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 34adf0cf9124..1aabe9f85503 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -46,6 +46,11 @@ static DEFINE_READ_MOSTLY_HASHTABLE(vhost_vsock_hash, 8); struct vhost_vsock { struct vhost_dev dev; struct vhost_virtqueue vqs[2]; + struct net *net; + netns_tracker ns_tracker; + + /* The ns mode at the time vhost_vsock was created */ + enum vsock_net_mode orig_net_mode; =20 /* Link to global vhost_vsock_hash, writes use vhost_vsock_mutex */ struct hlist_node hash; @@ -64,10 +69,40 @@ static u32 vhost_transport_get_local_cid(void) return VHOST_VSOCK_DEFAULT_HOST_CID; } =20 +/* Return true if the namespace net can access the vhost_vsock vsock. + * Otherwise, return false. + * + * If the netns is the same, it doesn't matter if it is local or global. T= he + * vsock sockets within a namespace can always communicate. + * + * If the netns is different, then we need to check if the current namespa= ce + * mode is global and if the namespace mode at the time of the vhost_vsock + * being created is global. If so, then we allow it. By checking the names= pace + * mode at the time of the vhost_vsock's creation we allow the flow to con= tinue + * working even if the namespace mode changes to "local" in the middle of a + * socket's lifetime. If we used the current namespace mode instead, then = any + * socket that was alive prior to the mode change would suddenly fail. + */ +static bool vhost_vsock_net_check_mode(struct net *net, + struct vhost_vsock *vsock, + bool check_global) +{ + if (net_eq(net, vsock->net)) + return true; + + return check_global && + (vsock_net_mode(net) =3D=3D VSOCK_NET_MODE_GLOBAL && + vsock->orig_net_mode =3D=3D VSOCK_NET_MODE_GLOBAL); +} + /* Callers that dereference the return value must hold vhost_vsock_mutex o= r the * RCU read lock. + * + * If check_global is true, evaluate the vhost_vsock namespace and namespa= ce + * net argument as matching if they are both in global mode. */ -static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) +static struct vhost_vsock *vhost_vsock_get(u32 guest_cid, struct net *net, + bool check_global) { struct vhost_vsock *vsock; =20 @@ -78,9 +113,9 @@ static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) if (other_cid =3D=3D 0) continue; =20 - if (other_cid =3D=3D guest_cid) + if (other_cid =3D=3D guest_cid && + vhost_vsock_net_check_mode(net, vsock, check_global)) return vsock; - } =20 return NULL; @@ -272,13 +307,14 @@ static int vhost_transport_send_pkt(struct sk_buff *skb) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); + struct net *net =3D virtio_vsock_skb_net(skb); struct vhost_vsock *vsock; int len =3D skb->len; =20 rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid)); + vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid), net, true); if (!vsock) { rcu_read_unlock(); kfree_skb(skb); @@ -305,7 +341,7 @@ vhost_transport_cancel_pkt(struct vsock_sock *vsk) rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid); + vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid, sock_net(sk_vsock(vsk= )), true); if (!vsock) goto out; =20 @@ -462,11 +498,12 @@ static struct virtio_transport vhost_transport =3D { =20 static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 re= mote_cid) { + struct net *net =3D sock_net(sk_vsock(vsk)); struct vhost_vsock *vsock; bool seqpacket_allow =3D false; =20 rcu_read_lock(); - vsock =3D vhost_vsock_get(remote_cid); + vsock =3D vhost_vsock_get(remote_cid, net, true); =20 if (vsock) seqpacket_allow =3D vsock->seqpacket_allow; @@ -526,6 +563,8 @@ static void vhost_vsock_handle_tx_kick(struct vhost_wor= k *work) continue; } =20 + virtio_vsock_skb_set_net(skb, vsock->net); + virtio_vsock_skb_set_orig_net_mode(skb, vsock->orig_net_mode); total_len +=3D sizeof(*hdr) + skb->len; =20 /* Deliver to monitoring devices all received packets */ @@ -652,10 +691,14 @@ static void vhost_vsock_free(struct vhost_vsock *vsoc= k) =20 static int vhost_vsock_dev_open(struct inode *inode, struct file *file) { + struct vhost_virtqueue **vqs; struct vhost_vsock *vsock; + struct net *net; int ret; =20 + net =3D current->nsproxy->net_ns; + /* This struct is large and allocation could fail, fall back to vmalloc * if there is no other way. */ @@ -669,6 +712,12 @@ static int vhost_vsock_dev_open(struct inode *inode, s= truct file *file) goto out; } =20 + vsock->net =3D get_net_track(net, &vsock->ns_tracker, GFP_KERNEL); + + /* Cache the mode of the namespace so that if that netns mode changes, + * the vhost_vsock will continue to function as expected. */ + vsock->orig_net_mode =3D vsock_net_mode(net); + vsock->guest_cid =3D 0; /* no CID assigned yet */ vsock->seqpacket_allow =3D false; =20 @@ -707,8 +756,16 @@ static void vhost_vsock_reset_orphans(struct sock *sk) * executing. */ =20 + /* DELETE ME: + * + * for each connected socket: + * vhost_vsock =3D vsock_sk(sk) + * + * find the peer + */ + /* If the peer is still valid, no need to reset connection */ - if (vhost_vsock_get(vsk->remote_addr.svm_cid)) + if (vhost_vsock_get(vsk->remote_addr.svm_cid, sock_net(sk), false)) return; =20 /* If the close timeout is pending, let it expire. This avoids races @@ -753,6 +810,7 @@ static int vhost_vsock_dev_release(struct inode *inode,= struct file *file) virtio_vsock_skb_queue_purge(&vsock->send_pkt_queue); =20 vhost_dev_cleanup(&vsock->dev); + put_net_track(vsock->net, &vsock->ns_tracker); kfree(vsock->dev.vqs); vhost_vsock_free(vsock); return 0; @@ -779,7 +837,7 @@ static int vhost_vsock_set_cid(struct vhost_vsock *vsoc= k, u64 guest_cid) =20 /* Refuse if CID is already in use */ mutex_lock(&vhost_vsock_mutex); - other =3D vhost_vsock_get(guest_cid); + other =3D vhost_vsock_get(guest_cid, vsock->net, true); if (other && other !=3D vsock) { mutex_unlock(&vhost_vsock_mutex); return -EADDRINUSE; --=20 2.47.3 From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E793A2F60CA for ; Tue, 16 Sep 2025 23:44:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066245; cv=none; b=PKSJ7YuSVBg0GlsnZvylOxt4w8hxjSleG5g4hSxKnxaZni9PYYmhB4ab5kXwzVuVRhxHr3yfSnDJlaOnzENnjCV8L1tFcyL0H1tbjB7ajvBPd10C7YtdHbL18u8aWAshbsfjtxdlm3SKtyJBha4zjjAnTZ///WIhCB1zv+Koq3w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066245; c=relaxed/simple; bh=EcIbGeQZlwbG2n3LwrGpP4mEJH5ftJ79PCsbYjs89dI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=aTXOwrAScF1Z7aJARIm9lM0DEuQpCWJtsKEHE9o3JZLnQYFXcOUee2be7T1WTqnOldeDEKJ3sYOSvDctIYWJMNmXmom7NWFErGa1e2kUz6kxjPoRcqVDLnK3ksQkh/luLGzRVum9bjSpmZcj7TnhgLGfpJI1GJ+TgaBgF1TVrAY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Ypfy1gnj; arc=none smtp.client-ip=209.85.210.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ypfy1gnj" Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-77251d7cca6so5709790b3a.3 for ; Tue, 16 Sep 2025 16:44:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066242; x=1758671042; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=D2evao2yHguRL1K3LeUb7zk3K6u4tPHmAj2zWCiTI2M=; b=Ypfy1gnjtI2K5v0rTj0AMhQZ5ILDP1nm8XZA20ZB5wU8GVuP6Yd63Vhnmm8Tl8Sfgs RwmcvqnI8+QqDbU38eYRwRmtmmtjk6u29gHYu8jkGt2L7gbA74YnfWHCUkZz8xGRGAjh fC6qBYk0nJjLhZmXEiBnTJnsXWwsQhDthXyLFrrr6KRNGHkCO3WJvX6PrqloDJDqWnld bIOQAfyxsCLN88etU6zVf9LuaZ72LB890AQdUIAGEwJoNFXDamoeG3Vhacqo+UdwN5lK ShAFey9dFzYFKXAjZ7R6BdcBHHCoDjWlUPoPlsIzqcNNIdyGU5eSrK1ih4DuDcjTpS7A M5ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066242; x=1758671042; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D2evao2yHguRL1K3LeUb7zk3K6u4tPHmAj2zWCiTI2M=; b=ZxPNGKmfbA6IrHiD9k9AtjkB6ln72w/TyNo22AReIwacrPCdD4DTYMfAA38JpYo4F9 k2edmOjh6DM7SRzaeHyk7qdvlyHKuGGLjJ3u7CnQja9Z2ff2+l5PORMaCMlK5XqO96Lk K2dJf+RO1vkj0T3TPXZd060/w5Avefpy+h7E6XBa0FCYYc2JNuylJ45COuC3LC3RxJ7+ hzEbwyJEVgkKhZ+R07je3ZqZvSwmXxObs5ml6yupMikwnuTbvtvM4e3Qq4fHN5ADZNLH d4VvKl+uHO98uT5aGNTxYUhxwpNMqOMyXvV9/6KpDzz6WJHLhzD7mYremmNtMGl5Ivyz oFKQ== X-Forwarded-Encrypted: i=1; AJvYcCUQ2xa2m6uV+fZiBZm7B8CR0zKFRAT7T8vLB4RJ50d+AUd2UwJ1kI8GT5TsdvKin1E5x+YVtf0f2iYWPeE=@vger.kernel.org X-Gm-Message-State: AOJu0Yw4cZHHO19sNqAUBVg1SlgqTIAwC3P70rDbw2HGXLVgQ7EyO6iX sRk/T5j4Jfs663bMJZUUtUt69t8uVUo6p7ChmrNMvzOYy9V1/dNJ5KM7 X-Gm-Gg: ASbGncsxsFFLrWaCrlayfx7toacGXGpiYvGtQqLPN9Hq4oYXGoL8U46tVZL4mf2Vb0+ vUzmXNZUJw4OFBPAxadje8uCYkSaA60nXvnUf870a3EPcjgVrGkRl/Wlre1f012DjDQUPvlEvxa VQF0MLo9s0VK1D9CIdxfaLqXjXCMw0raHiyNjPkFQg0dFl5Hi67pbN+yvVcuVpienkyeAE1JvQQ dNNR9u2kCAMtgmjbFHfAMnJ3j/wv5AONQyjE9Xw0DGen4+PnojAbuZ9TF1BVYYOur5XIyPSAT6U 6MXeLHSBrCiO4Cew0YCCu1q0IKgDXJvy39VUK3AEqj+C3hrxWvviMLWjtaY5aQS6az4/mgscEH9 dgA0yBuHKzaaLOjcL X-Google-Smtp-Source: AGHT+IFnRN2kqEQWg3F1ajCbRwtqkrji7IA+bfyA4M8oQZqQSHuWScxk3g9jwjuxm36IJwivZampNQ== X-Received: by 2002:a05:6a20:7f98:b0:250:f80d:b334 with SMTP id adf61e73a8af0-27a6fdc4458mr89552637.0.1758066242210; Tue, 16 Sep 2025 16:44:02 -0700 (PDT) Received: from localhost ([2a03:2880:2ff::]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b54dd63d5e5sm3149345a12.4.2025.09.16.16.44.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:44:01 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:51 -0700 Subject: [PATCH net-next v6 7/9] selftests/vsock: improve logging in vmtest.sh Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-7-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Improve logging by adding configurable log levels. Additionally, improve usability of logging functions. Remove the test name prefix from logging functions so that logging calls can be made deeper into the call stack without passing down the test name or setting some global. Teach log function to accept a LOG_PREFIX variable to avoid unnecessary argument shifting. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 75 ++++++++++++++++-------------= ---- 1 file changed, 37 insertions(+), 38 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index edacebfc1632..183647a86c8a 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -51,7 +51,12 @@ readonly TEST_DESCS=3D( "Run vsock_test using the loopback transport in the VM." ) =20 -VERBOSE=3D0 +readonly LOG_LEVEL_DEBUG=3D0 +readonly LOG_LEVEL_INFO=3D1 +readonly LOG_LEVEL_WARN=3D2 +readonly LOG_LEVEL_ERROR=3D3 + +VERBOSE=3D"${LOG_LEVEL_WARN}" =20 usage() { local name @@ -196,7 +201,7 @@ vm_start() { =20 qemu=3D$(command -v "${QEMU}") =20 - if [[ "${VERBOSE}" -eq 1 ]]; then + if [[ ${VERBOSE} -le ${LOG_LEVEL_DEBUG} ]]; then verbose_opt=3D"--verbose" logfile=3D/dev/stdout fi @@ -271,60 +276,56 @@ EOF =20 host_wait_for_listener() { wait_for_listener "${TEST_HOST_PORT_LISTENER}" "${WAIT_PERIOD}" "${WAIT_P= ERIOD_MAX}" -} - -__log_stdin() { - cat | awk '{ printf "%s:\t%s\n","'"${prefix}"'", $0 }' -} =20 -__log_args() { - echo "$*" | awk '{ printf "%s:\t%s\n","'"${prefix}"'", $0 }' } =20 log() { - local prefix=3D"$1" + local redirect + local prefix =20 - shift - local redirect=3D - if [[ ${VERBOSE} -eq 0 ]]; then + if [[ ${VERBOSE} -gt ${LOG_LEVEL_INFO} ]]; then redirect=3D/dev/null else redirect=3D/dev/stdout fi =20 + prefix=3D"${LOG_PREFIX:-}" + if [[ "$#" -eq 0 ]]; then - __log_stdin | tee -a "${LOG}" > ${redirect} + if [[ -n "${prefix}" ]]; then + cat | awk -v prefix=3D"${prefix}" '{printf "%s: %s\n", prefix, $0}' + else + cat + fi else - __log_args "$@" | tee -a "${LOG}" > ${redirect} - fi + if [[ -n "${prefix}" ]]; then + echo "${prefix}: " "$@" + else + echo "$@" + fi + fi | tee -a "${LOG}" > ${redirect} } =20 -log_setup() { - log "setup" "$@" +log_host() { + LOG_PREFIX=3Dhost log $@ } =20 -log_host() { - local testname=3D$1 +log_guest() { + LOG_PREFIX=3Dguest log $@ +} =20 - shift - log "test:${testname}:host" "$@" } =20 -log_guest() { - local testname=3D$1 =20 - shift - log "test:${testname}:guest" "$@" } =20 test_vm_server_host_client() { - local testname=3D"${FUNCNAME[0]#test_}" =20 vm_ssh -- "${VSOCK_TEST}" \ --mode=3Dserver \ --control-port=3D"${TEST_GUEST_PORT}" \ --peer-cid=3D2 \ - 2>&1 | log_guest "${testname}" & + 2>&1 | log_guest & =20 vm_wait_for_listener "${TEST_GUEST_PORT}" =20 @@ -332,18 +333,17 @@ test_vm_server_host_client() { --mode=3Dclient \ --control-host=3D127.0.0.1 \ --peer-cid=3D"${VSOCK_CID}" \ - --control-port=3D"${TEST_HOST_PORT}" 2>&1 | log_host "${testname}" + --control-port=3D"${TEST_HOST_PORT}" 2>&1 | log_host =20 return $? } =20 test_vm_client_host_server() { - local testname=3D"${FUNCNAME[0]#test_}" =20 ${VSOCK_TEST} \ --mode "server" \ --control-port "${TEST_HOST_PORT_LISTENER}" \ - --peer-cid "${VSOCK_CID}" 2>&1 | log_host "${testname}" & + --peer-cid "${VSOCK_CID}" 2>&1 | log_host & =20 host_wait_for_listener =20 @@ -351,19 +351,18 @@ test_vm_client_host_server() { --mode=3Dclient \ --control-host=3D10.0.2.2 \ --peer-cid=3D2 \ - --control-port=3D"${TEST_HOST_PORT_LISTENER}" 2>&1 | log_guest "${testna= me}" + --control-port=3D"${TEST_HOST_PORT_LISTENER}" 2>&1 | log_guest =20 return $? } =20 test_vm_loopback() { - local testname=3D"${FUNCNAME[0]#test_}" local port=3D60000 # non-forwarded local port =20 vm_ssh -- "${VSOCK_TEST}" \ --mode=3Dserver \ --control-port=3D"${port}" \ - --peer-cid=3D1 2>&1 | log_guest "${testname}" & + --peer-cid=3D1 2>&1 | log_guest & =20 vm_wait_for_listener "${port}" =20 @@ -371,7 +370,7 @@ test_vm_loopback() { --mode=3Dclient \ --control-host=3D"127.0.0.1" \ --control-port=3D"${port}" \ - --peer-cid=3D1 2>&1 | log_guest "${testname}" + --peer-cid=3D1 2>&1 | log_guest =20 return $? } @@ -429,7 +428,7 @@ QEMU=3D"qemu-system-$(uname -m)" while getopts :hvsq:b o do case $o in - v) VERBOSE=3D1;; + v) VERBOSE=3D$(( VERBOSE - 1 ));; b) BUILD=3D1;; q) QEMU=3D$OPTARG;; h|*) usage;; @@ -452,10 +451,10 @@ handle_build =20 echo "1..${#ARGS[@]}" =20 -log_setup "Booting up VM" +log_host "Booting up VM" vm_start vm_wait_for_ssh -log_setup "VM booted up" +log_host "VM booted up" =20 cnt_pass=3D0 cnt_fail=3D0 --=20 2.47.3 From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D7EA2F5493 for ; Tue, 16 Sep 2025 23:44:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066247; cv=none; b=nmI9OB3eiSaNviS7sk9CBn0T5OX+JkTYU9s8kgb/B4MkR1mZAslHyc4rjIRZb373OnVz/yZdltuZ/JYYk8UPERPBJpwzxSZS3Y9vYS4qaSglNjJUOOKFe42pQc97ZHmHoZQobCmD11XPOdNIZfKhgz0JixOFjO2yw/o4xRtK0go= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066247; c=relaxed/simple; bh=BquwX6HjvEBxZ0NOdjFPMl3JAQrw/BuuZkbNRV5kNDE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=kVP6KIxghHx5faePxAHbkRtjMLFZkYmIf7yB+Ret8wQzCJ2Pkkj/y4abzEpDW8+n81uP1t7quK10Wsjps7z5NSL8PrATPT4VEH6cSIHPn4klTeVjzYZLusMJx0IxiMy1j5ji6+qBOtVsiQUqGsZGNJLbo/kQKBH7wHpcuY6hJeA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=LUUdTCKi; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="LUUdTCKi" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-267fac63459so5080435ad.1 for ; Tue, 16 Sep 2025 16:44:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066244; x=1758671044; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=1YyzkIGkPcN4s/5n8XbmWu5wXR7Mhh7fBZ/cTvP3v7E=; b=LUUdTCKiJEesPFtxzdNKrPM08t1j59Bcax7x4SDqh4xmTZmyGrfbEk1qUoqBRQEJ/1 7/gDLyv9CMlZm2vtGAwphO758G/U8jiFfcBwqCNn31ovEDG9dcbqFO0LOWppOXyZxPcF gJFNaJOJxb9k6gN+pGsZQ49eHDCgQLwDSAHZspxGIxba9iNI67O/gYL0QMeeRu2zPtpu 1lWKBbzhN04XsC3z/KcMCPTUjy38A2MvV/2UEujcZ3zVhaNtoeDB5GS9ahxmI+gpjjRa loGMFHCj/HBz5p1NA60rUdPixe3ujO3iicy3P6nNS3XJ45X3+0dNyacUiSjfCJMurvYR RlRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066244; x=1758671044; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1YyzkIGkPcN4s/5n8XbmWu5wXR7Mhh7fBZ/cTvP3v7E=; b=emMUT7GbFd6VZ2734xo2aWvBfNjxFERblE0ARnuXQngfeQ9GESw3ZYLfUbFsna7/nI 1AqqUfP2uNRuIGUyj61L97Q+h64ShOXTrnUyHfPnAlWlO0AunuZnbIeG4asz0tdpcgW9 xQnnIwTF6T032ev0ykCIdUOxJD0STVHJWnhnceslXFGQCJ3J6ilEQQYAQku/yNE7unhS Pjh+PONwYdGi1inIdGJ5OEC2bXlHwSKQaqLI46K05+Vr8opw1LYUotisyW7wNvkoOH7d SK5l7cx3GT6drW+bIMZjduKKbrorwsCJbQIVwAFxN9MLlWTtQWnr4p8Z6AUQpgYnyt1P OrfA== X-Forwarded-Encrypted: i=1; AJvYcCXHmhyyH7+nec2xI+pdLwYmZMqH/bgPfhd5y5Xpbq7V5AT2QoBR+lU1IHxHpgthBrPDMxmvkIDDqS5Cuvw=@vger.kernel.org X-Gm-Message-State: AOJu0YxoeApkxVIubhL3rOMNmwyOlqv/y52oxK6xgtLaPKKfXQ0TZ6fx w+q+8oFyPVEzeN4EXzqy8SaqpA3pcbZGmjw3K86d5zJh1Bn+4WnQg/if X-Gm-Gg: ASbGncswadiSKQNfZE5hD451RzXGzSoAeL/aVf30W+09WaziQwZ/tmG5sZ8fG1XaVcV yCPbLtvA0d3BsMptsMS8K8ubd2/hQR4GKo3VcMq6VEWxJOAPjXu868ak9+NSC79MGySBCfMtS3m 8zqfnPBK72QScL/fzwhICGEzFfummBk9WR6QhvPRFDu+wXroo3V0iA+u0H7S4++yJrKLGU8EAKY rcsf4af/qBNjS91eKiKpk8yLcMqu2osmafxcDH70nEvLrdcrYFKWWRcZgkAZ3NNu4naCemT1BpX KW7hgHtGYfUA4nHpduUNDnP1cVohU+rIuFT3B6F7OrNPbxyKN1vaw0LNunkP/yx02s+nbECDeBh wSf/3qjP76xu+iSpaLmBm1PdibyeSEQ== X-Google-Smtp-Source: AGHT+IGM0BGroUFsWn2Kv6PouQHNw7n3uA2Of13nBuo0577q7Fe2ucFSI7S3Oym5/xCIQAf+ZDsd3g== X-Received: by 2002:a17:902:ec88:b0:268:10a6:6d72 with SMTP id d9443c01a7336-26812586017mr965905ad.27.1758066243929; Tue, 16 Sep 2025 16:44:03 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:9::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-267e9372e86sm19646765ad.136.2025.09.16.16.44.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:44:03 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:52 -0700 Subject: [PATCH net-next v6 8/9] selftests/vsock: invoke vsock_test through helpers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-8-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Add helper calls vm_vsock_test() and host_vsock_test() to invoke the vsock_test binary. This encapsulates several items of repeat logic, such as waiting for the server to reach listening state and enabling/disabling the bash option pipefail to avoid pipe-style logging from hiding failures. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 120 ++++++++++++++++++++++++++++= ---- 1 file changed, 108 insertions(+), 12 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 183647a86c8a..5e36d1068f6f 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -248,6 +248,7 @@ wait_for_listener() local port=3D$1 local interval=3D$2 local max_intervals=3D$3 + local old_pipefail local protocol=3Dtcp local pattern local i @@ -256,6 +257,13 @@ wait_for_listener() =20 # for tcp protocol additionally check the socket state [ "${protocol}" =3D "tcp" ] && pattern=3D"${pattern}0A" + + # 'grep -q' exits on match, sending SIGPIPE to 'awk', which exits with + # an error, causing the if-condition to fail when pipefail is set. + # Instead, temporarily disable pipefail and restore it later. + old_pipefail=3D$(set -o | awk '/^pipefail[[:space:]]+(on|off)$/{print $2}= ') + set +o pipefail + for i in $(seq "${max_intervals}"); do if awk '{print $2" "$4}' /proc/net/"${protocol}"* | \ grep -q "${pattern}"; then @@ -263,6 +271,10 @@ wait_for_listener() fi sleep "${interval}" done + + if [[ "${old_pipefail}" =3D=3D on ]]; then + set -o pipefail + fi } =20 vm_wait_for_listener() { @@ -314,28 +326,112 @@ log_guest() { LOG_PREFIX=3Dguest log $@ } =20 +vm_vsock_test() { + local ns=3D$1 + local mode=3D$2 + local rc + + set -o pipefail + if [[ "${mode}" =3D=3D client ]]; then + local host=3D$3 + local cid=3D$4 + local port=3D$5 + + # log output and use pipefail to respect vsock_test errors + vm_ssh "${ns}" -- "${VSOCK_TEST}" \ + --mode=3Dclient \ + --control-host=3D"${host}" \ + --peer-cid=3D"${cid}" \ + --control-port=3D"${port}" \ + 2>&1 | log_guest + rc=3D$? + else + local cid=3D$3 + local port=3D$4 + + # log output and use pipefail to respect vsock_test errors + vm_ssh "${ns}" -- "${VSOCK_TEST}" \ + --mode=3Dserver \ + --peer-cid=3D"${cid}" \ + --control-port=3D"${port}" \ + 2>&1 | log_guest & + rc=3D$? + + if [[ $rc -ne 0 ]]; then + set +o pipefail + return $rc + fi + + vm_wait_for_listener "${ns}" "${port}" + rc=3D$? + fi + set +o pipefail + + return $rc } =20 +host_vsock_test() { + local ns=3D$1 + local mode=3D$2 + local cmd + + if [[ "${ns}" =3D=3D none ]]; then + cmd=3D"${VSOCK_TEST}" + else + cmd=3D"ip netns exec ${ns} ${VSOCK_TEST}" + fi + + # log output and use pipefail to respect vsock_test errors + set -o pipefail + if [[ "${mode}" =3D=3D client ]]; then + local host=3D$3 + local cid=3D$4 + local port=3D$5 + + ${cmd} \ + --mode=3D"${mode}" \ + --peer-cid=3D"${cid}" \ + --control-host=3D"${host}" \ + --control-port=3D"${port}" 2>&1 | log_host + rc=3D$? + else + local cid=3D$3 + local port=3D$4 + + ${cmd} \ + --mode=3D"${mode}" \ + --peer-cid=3D"${cid}" \ + --control-port=3D"${port}" 2>&1 | log_host & + rc=3D$? + + if [[ $rc -ne 0 ]]; then + return $rc + fi + + host_wait_for_listener "${ns}" "${port}" "${WAIT_PERIOD}" "${WAIT_PERIOD= _MAX}" + rc=3D$? + fi + set +o pipefail =20 + return $rc } =20 test_vm_server_host_client() { + vm_vsock_test "none" "server" 2 "${TEST_GUEST_PORT}" + host_vsock_test "none" "client" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_P= ORT}" +} =20 - vm_ssh -- "${VSOCK_TEST}" \ - --mode=3Dserver \ - --control-port=3D"${TEST_GUEST_PORT}" \ - --peer-cid=3D2 \ - 2>&1 | log_guest & +test_vm_client_host_server() { + host_vsock_test "none" "server" "${VSOCK_CID}" "${TEST_HOST_PORT_LISTENER= }" + vm_vsock_test "none" "client" "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}" +} =20 - vm_wait_for_listener "${TEST_GUEST_PORT}" +test_vm_loopback() { + vm_vsock_test "none" "server" 1 "${TEST_HOST_PORT_LISTENER}" + vm_vsock_test "none" "client" "127.0.0.1" 1 "${TEST_HOST_PORT_LISTENER}" +} =20 - ${VSOCK_TEST} \ - --mode=3Dclient \ - --control-host=3D127.0.0.1 \ - --peer-cid=3D"${VSOCK_CID}" \ - --control-port=3D"${TEST_HOST_PORT}" 2>&1 | log_host =20 - return $? } =20 test_vm_client_host_server() { --=20 2.47.3 From nobody Thu Oct 2 11:49:14 2025 Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 874DE2FA0DB for ; Tue, 16 Sep 2025 23:44:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066250; cv=none; b=JiKHnDrpCwTTLwjlMsRTeY7cpogsV4WR/yiI6ZHz4m9/nttLU74AE2HG+8xZ0ymG7f+3XvvyEIytf/GPSMmkQIAsBunSz9qc6r3qRcRF+eyL++SXzVfLhWWAfAWRstmiePmOQvv9eJO739mMtYT2izZvgDrd0Nm8yavSYwdWWYU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758066250; c=relaxed/simple; bh=9m4cWG4BpkgT72TcRgDZ7iYYFF7UIJ8xpfr38T+6gzU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=GmYHl82clalkZe64f+d4z+HCALhXKMn8wwEs4i1O3xDY6RneBPxccqrzhCp6/B7DKHTtxHtPWV7GfzV1ADYqZg3a66c2rBp/12o67XdhedV6fsp3rZozR+F5e5e9NaGMhqMevmAiEHr6BGRfx0SP/fggl9B4PPzh+FlvPn69ykc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=O3JuU30k; arc=none smtp.client-ip=209.85.216.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="O3JuU30k" Received: by mail-pj1-f42.google.com with SMTP id 98e67ed59e1d1-32e83953989so2295573a91.1 for ; Tue, 16 Sep 2025 16:44:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1758066246; x=1758671046; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Td1ZAyn4msZcwjT2il97ffZ1NfsG6+V/WWfXT5WF56k=; b=O3JuU30ke2+jYMbIoeNkRjflg+2bftuFjSCVYaFilXEFng0X29ituxT3nP/eX9HubJ Y8yovVW91AUY+dKY2qyufCuns8uPDqJYCXhfX/gCm4G8OtXR/Xq20bfZ62raXgx//y5a 8im1WSsTwo3Bp6uprbc3doEakVySJtSIuu88U/B8zhk5yrlYFG6PzMHHLLuRNkb18GXF 1UfPrJEOTZUUzTEXs9RnkZrp5VLtgWZqIrE0g0cuJiQUo8hcd9mF8+M3W6mvh2/tCBk4 XCHsf+cUIv8qck6NWvJ5yXo8t5IHhIQ5/4lJiKM5x09ca+mgja91bhCaaodDFhO+x0Pf OwTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758066246; x=1758671046; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Td1ZAyn4msZcwjT2il97ffZ1NfsG6+V/WWfXT5WF56k=; b=hG0wYXFOL2M8h9UqrxxpyQo9zGVGWZO0cBin9D73xta7M4ug8goig0gQq7PEeZkgQC 7POvu5syGOjx6SXzhVf3XKbSN6hcUXCmKheO7WMjfrWTHxgbPAZxhWovo3CBgcoausxX CpxtO3MYcBwJWYMUtB8WVh8WJqpYekRDlMnY0zPR/YfKIe/V8vihJo0qM09pYLz/+pOq 49SvHW6cQqCJ6eeabf50AhLorGTpzyFSHK1e3XSE92IvNi5rb8Ecsa+qjwsOvBi4XBlS HAQOyFAMduHX76qADdFK6/O/kfIeiKQxg0Rl3W6e5tVSo+P3hJow7Ws+3YcZKTquJzZE twZw== X-Forwarded-Encrypted: i=1; AJvYcCWZZ5342jBzSmz+l6s23iK0ZJ1OgBLCz1Xp2x65AZo94Dp+xI+BPoD/PZj9H2+9rtbzIg25At2XMBoqt3M=@vger.kernel.org X-Gm-Message-State: AOJu0Yxg/n8wRnkI5eZgIY3SWyl1WIFhYmhwFwQgk4WVE9bEXB/Dx+9b ELqSN7tM5W2UZ8ttt+ZwZ1GqCBP7h5JdJhN6lRQoQKv09E7x08aLyBr/ X-Gm-Gg: ASbGncsK9jcZLFpLjP/jwj/yWMcsrBvIvBWraslx9zqbivPa+lIBdMIqzIKxzOzZs3E xnnK09JQ95fQgSLgty8FgMN/f/7ugVzFCS6ul8cW7fsf0XMTH4+RKPk2ty05jgxKK0onfuuMY6P wnzyP8pqhHBqtNG5Z5jYoeqGCXPCmcW9pSEKqWmkowyQ5M33gheRfk+AajGnSXf77EXkRB+nkDD qP2TKAlD/UlvLVlLhfg92N/3YmqTwf4Qt8Ss/ijwZizxo7d0WBqLcxLWhRP/lwFKnxQ3C5HvkFk lsgiKE7asqBR52TZV9REsHwbdtMA1fl4Phjq4SXvAKG1wVE7VjHul/vtI78vME3K6XDjA9LOodV tFQssLMK0BDFcRFdAGG7jtzS/PPcAIw== X-Google-Smtp-Source: AGHT+IGxopyi0LrKmIsjPR0jM0XuFbdXHCSEPfpcqv1nkQcZnI4hlSriBi029oyZ0ZKsW9nZNb+WxQ== X-Received: by 2002:a17:90b:2d86:b0:329:e729:b2a1 with SMTP id 98e67ed59e1d1-32ee3f8cc13mr173457a91.35.1758066245594; Tue, 16 Sep 2025 16:44:05 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:1::]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b54de4c1c41sm3012422a12.24.2025.09.16.16.44.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Sep 2025 16:44:04 -0700 (PDT) From: Bobby Eshleman Date: Tue, 16 Sep 2025 16:43:53 -0700 Subject: [PATCH net-next v6 9/9] selftests/vsock: add namespace tests Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250916-vsock-vmtest-v6-9-064d2eb0c89d@meta.com> References: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, Bobby Eshleman , berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.13.0 From: Bobby Eshleman Add tests for namespace support in vsock. Use socat for basic connection failure tests and vsock_test for full functionality tests when communication is expected to succeed. vsock_test is not used for failure cases because in theory vsock_test could allow connection and some traffic flow but fail on some other case (e.g., fail on MSG_ZEROCOPY). Tests cover all cases of clients and servers being in all variants of local ns, global ns, host process, and VM process. Legacy tests are retained and executed in the init ns. Signed-off-by: Bobby Eshleman --- Changes in v6: - check for namespace support in vmtest.sh Changes in v5: - use /proc/sys/net/vsock/ns_mode - clarify logic of tests that reuse the same VM and tests that require netns setup - fix unassigned BUILD bug --- tools/testing/selftests/vsock/vmtest.sh | 954 ++++++++++++++++++++++++++++= ---- 1 file changed, 849 insertions(+), 105 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 5e36d1068f6f..59621b32cf1a 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -7,6 +7,7 @@ # * virtme-ng # * busybox-static (used by virtme-ng) # * qemu (used by virtme-ng) +# * socat =20 readonly SCRIPT_DIR=3D"$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && p= wd -P)" readonly KERNEL_CHECKOUT=3D$(realpath "${SCRIPT_DIR}"/../../../../) @@ -23,7 +24,7 @@ readonly VSOCK_CID=3D1234 readonly WAIT_PERIOD=3D3 readonly WAIT_PERIOD_MAX=3D60 readonly WAIT_TOTAL=3D$(( WAIT_PERIOD * WAIT_PERIOD_MAX )) -readonly QEMU_PIDFILE=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) +readonly WAIT_QEMU=3D5 =20 # virtme-ng offers a netdev for ssh when using "--ssh", but we also need a # control port forwarded for vsock_test. Because virtme-ng doesn't support @@ -33,23 +34,146 @@ readonly QEMU_PIDFILE=3D$(mktemp /tmp/qemu_vsock_vmtes= t_XXXX.pid) # add the kernel cmdline options that virtme-init uses to setup the interf= ace. readonly QEMU_TEST_PORT_FWD=3D"hostfwd=3Dtcp::${TEST_HOST_PORT}-:${TEST_GU= EST_PORT}" readonly QEMU_SSH_PORT_FWD=3D"hostfwd=3Dtcp::${SSH_HOST_PORT}-:${SSH_GUEST= _PORT}" -readonly QEMU_OPTS=3D"\ - -netdev user,id=3Dn0,${QEMU_TEST_PORT_FWD},${QEMU_SSH_PORT_FWD} \ - -device virtio-net-pci,netdev=3Dn0 \ - -device vhost-vsock-pci,guest-cid=3D${VSOCK_CID} \ - --pidfile ${QEMU_PIDFILE} \ -" readonly KERNEL_CMDLINE=3D"\ virtme.dhcp net.ifnames=3D0 biosdevname=3D0 \ virtme.ssh virtme_ssh_channel=3Dtcp virtme_ssh_user=3D$USER \ " readonly LOG=3D$(mktemp /tmp/vsock_vmtest_XXXX.log) -readonly TEST_NAMES=3D(vm_server_host_client vm_client_host_server vm_loop= back) +readonly TEST_NAMES=3D( + vm_server_host_client + vm_client_host_server + vm_loopback + host_vsock_ns_mode_ok + host_vsock_ns_mode_write_once_ok + global_same_cid_fails + local_same_cid_ok + global_local_same_cid_ok + local_global_same_cid_ok + diff_ns_global_host_connect_to_global_vm_ok + diff_ns_global_host_connect_to_local_vm_fails + diff_ns_global_vm_connect_to_global_host_ok + diff_ns_global_vm_connect_to_local_host_fails + diff_ns_local_host_connect_to_local_vm_fails + diff_ns_local_vm_connect_to_local_host_fails + diff_ns_global_to_local_loopback_local_fails + diff_ns_local_to_global_loopback_fails + diff_ns_local_to_local_loopback_fails + diff_ns_global_to_global_loopback_ok + same_ns_local_loopback_ok + same_ns_local_host_connect_to_local_vm_ok + same_ns_local_vm_connect_to_local_host_ok +) + readonly TEST_DESCS=3D( + # vm_server_host_client "Run vsock_test in server mode on the VM and in client mode on the host." + + # vm_client_host_server "Run vsock_test in client mode on the VM and in server mode on the host." + + # vm_loopback "Run vsock_test using the loopback transport in the VM." + + # host_vsock_ns_mode_ok + "Check /proc/sys/net/vsock/ns_mode strings on the host." + + # host_vsock_ns_mode_write_once_ok + "Check /proc/sys/net/vsock/ns_mode is write-once on the host." + + # global_same_cid_fails + "Check QEMU fails to start two VMs with same CID in two different global = namespaces." + + # local_same_cid_ok + "Check QEMU successfully starts two VMs with same CID in two different lo= cal namespaces." + + # global_local_same_cid_ok + "Check QEMU successfully starts one VM in a global ns and then another VM= in a local ns with the same CID." + + # local_global_same_cid_ok + "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." + + # diff_ns_global_host_connect_to_global_vm_ok + "Run vsock_test client in global ns with server in VM in another global n= s." + + # diff_ns_global_host_connect_to_local_vm_fails + "Run socat to test a process in a global ns fails to connect to a VM in a= local ns." + + # diff_ns_global_vm_connect_to_global_host_ok + "Run vsock_test client in VM in a global ns with server in another global= ns." + + # diff_ns_global_vm_connect_to_local_host_fails + "Run socat to test a VM in a global ns fails to connect to a host process= in a local ns." + + # diff_ns_local_host_connect_to_local_vm_fails + "Run socat to test a host process in a local ns fails to connect to a VM = in another local ns." + + # diff_ns_local_vm_connect_to_local_host_fails + "Run socat to test a VM in a local ns fails to connect to a host process = in another local ns." + + # diff_ns_global_to_local_loopback_local_fails + "Run socat to test a loopback vsock in a global ns fails to connect to a = vsock in a local ns." + + # diff_ns_local_to_global_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in a global ns." + + # diff_ns_local_to_local_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in another local ns." + + # diff_ns_global_to_global_loopback_ok + "Run socat to test a loopback vsock in a global ns successfully connects = to a vsock in another global ns." + + # same_ns_local_loopback_ok + "Run socat to test a loopback vsock in a local ns successfully connects t= o a vsock in the same ns." + + # same_ns_local_host_connect_to_local_vm_ok + "Run vsock_test client in a local ns with server in VM in same ns." + + # same_ns_local_vm_connect_to_local_host_ok + "Run vsock_test client in VM in a local ns with server in same ns." +) + +readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly USE_INIT_NETNS=3D( + global_same_cid_fails + local_same_cid_ok + global_local_same_cid_ok + local_global_same_cid_ok + diff_ns_global_host_connect_to_global_vm_ok + diff_ns_global_host_connect_to_local_vm_fails + diff_ns_global_vm_connect_to_global_host_ok + diff_ns_global_vm_connect_to_local_host_fails + diff_ns_local_host_connect_to_local_vm_fails + diff_ns_local_vm_connect_to_local_host_fails + diff_ns_global_to_local_loopback_local_fails + diff_ns_local_to_global_loopback_fails + diff_ns_local_to_local_loopback_fails + diff_ns_global_to_global_loopback_ok + same_ns_local_loopback_ok + same_ns_local_host_connect_to_local_vm_ok + same_ns_local_vm_connect_to_local_host_ok +) +readonly REQUIRES_NETNS=3D( + host_vsock_ns_mode_ok + host_vsock_ns_mode_write_once_ok + global_same_cid_fails + local_same_cid_ok + global_local_same_cid_ok + local_global_same_cid_ok + diff_ns_global_host_connect_to_global_vm_ok + diff_ns_global_host_connect_to_local_vm_fails + diff_ns_global_vm_connect_to_global_host_ok + diff_ns_global_vm_connect_to_local_host_fails + diff_ns_local_host_connect_to_local_vm_fails + diff_ns_local_vm_connect_to_local_host_fails + diff_ns_global_to_local_loopback_local_fails + diff_ns_local_to_global_loopback_fails + diff_ns_local_to_local_loopback_fails + diff_ns_global_to_global_loopback_ok + same_ns_local_loopback_ok + same_ns_local_host_connect_to_local_vm_ok + same_ns_local_vm_connect_to_local_host_ok ) +readonly MODES=3D("local" "global") =20 readonly LOG_LEVEL_DEBUG=3D0 readonly LOG_LEVEL_INFO=3D1 @@ -58,6 +182,12 @@ readonly LOG_LEVEL_ERROR=3D3 =20 VERBOSE=3D"${LOG_LEVEL_WARN}" =20 +# Test pass/fail counters +cnt_pass=3D0 +cnt_fail=3D0 +cnt_skip=3D0 +cnt_total=3D0 + usage() { local name local desc @@ -77,7 +207,7 @@ usage() { for ((i =3D 0; i < ${#TEST_NAMES[@]}; i++)); do name=3D${TEST_NAMES[${i}]} desc=3D${TEST_DESCS[${i}]} - printf "\t%-35s%-35s\n" "${name}" "${desc}" + printf "\t%-55s%-35s\n" "${name}" "${desc}" done echo =20 @@ -89,21 +219,87 @@ die() { exit "${KSFT_FAIL}" } =20 +add_namespaces() { + # add namespaces local0, local1, global0, and global1 + for mode in "${MODES[@]}"; do + ip netns add "${mode}0" 2>/dev/null + ip netns add "${mode}1" 2>/dev/null + done +} + +init_namespaces() { + for mode in "${MODES[@]}"; do + ns_set_mode "${mode}0" "${mode}" + ns_set_mode "${mode}1" "${mode}" + + log_host "set ns ${mode}0 to mode ${mode}" + log_host "set ns ${mode}1 to mode ${mode}" + + # we need lo for qemu port forwarding + ip netns exec "${mode}0" ip link set dev lo up + ip netns exec "${mode}1" ip link set dev lo up + done +} + +del_namespaces() { + for mode in "${MODES[@]}"; do + ip netns del "${mode}0" + ip netns del "${mode}1" + log_host "removed ns ${mode}0" + log_host "removed ns ${mode}1" + done &>/dev/null +} + +ns_set_mode() { + local ns=3D$1 + local mode=3D$2 + + echo "${mode}" | ip netns exec "${ns}" \ + tee /proc/sys/net/vsock/ns_mode &>/dev/null +} + vm_ssh() { - ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" + local ns_exec + + if [[ "${1}" =3D=3D none ]]; then + local ns_exec=3D"" + else + local ns_exec=3D"ip netns exec ${1}" + fi + + shift + + ${ns_exec} ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} l= ocalhost $* + return $? } =20 cleanup() { - if [[ -s "${QEMU_PIDFILE}" ]]; then - pkill -SIGTERM -F "${QEMU_PIDFILE}" > /dev/null 2>&1 - fi + del_namespaces +} =20 - # If failure occurred during or before qemu start up, then we need - # to clean this up ourselves. - if [[ -e "${QEMU_PIDFILE}" ]]; then - rm "${QEMU_PIDFILE}" - fi +terminate_pidfiles() { + local pidfile + + for pidfile in "$@"; do + if [[ -s "${pidfile}" ]]; then + pkill -SIGTERM -F "${pidfile}" 2>&1 > /dev/null + fi + + # If failure occurred during or before qemu start up, then we need + # to clean this up ourselves. + if [[ -e "${pidfile}" ]]; then + rm -f "${pidfile}" + fi + done +} + +terminate_pids() { + local pid + + for pid in "$@"; do + kill -SIGTERM "${pid}" &>/dev/null || : + done } =20 check_args() { @@ -133,7 +329,7 @@ check_args() { } =20 check_deps() { - for dep in vng ${QEMU} busybox pkill ssh; do + for dep in vng ${QEMU} busybox pkill ssh socat; do if [[ ! -x $(command -v "${dep}") ]]; then echo -e "skip: dependency ${dep} not found!\n" exit "${KSFT_SKIP}" @@ -147,6 +343,20 @@ check_deps() { fi } =20 +check_test_deps() { + local tname=3D$1 + + # If the test requires NS support, check if NS support exists + # using /proc/self/ns + if [[ "${tname}" =3D~ "${REQUIRES_NETNS[@]}" ]] && + [[ ! -e /proc/self/ns ]]; then + log_host "No NS support detected for test ${tname}" + return 1 + fi + + return 0 +} + check_vng() { local tested_versions local version @@ -170,6 +380,20 @@ check_vng() { fi } =20 +check_socat() { + local support_string + + support_string=3D"$(socat -V)" + + if [[ "${support_string}" !=3D *"WITH_VSOCK 1"* ]]; then + die "err: socat is missing vsock support" + fi + + if [[ "${support_string}" !=3D *"WITH_UNIX 1"* ]]; then + die "err: socat is missing unix support" + fi +} + handle_build() { if [[ ! "${BUILD}" -eq 1 ]]; then return @@ -194,9 +418,14 @@ handle_build() { } =20 vm_start() { + local cid=3D$1 + local ns=3D$2 + local pidfile=3D$3 local logfile=3D/dev/null local verbose_opt=3D"" + local qemu_opts=3D"" local kernel_opt=3D"" + local ns_exec=3D"" local qemu =20 qemu=3D$(command -v "${QEMU}") @@ -206,27 +435,37 @@ vm_start() { logfile=3D/dev/stdout fi =20 + qemu_opts=3D"\ + -netdev user,id=3Dn0,${QEMU_TEST_PORT_FWD},${QEMU_SSH_PORT_FWD} \ + -device virtio-net-pci,netdev=3Dn0 \ + ${QEMU_OPTS} -device vhost-vsock-pci,guest-cid=3D${cid} \ + --pidfile ${pidfile} + " + if [[ "${BUILD}" -eq 1 ]]; then kernel_opt=3D"${KERNEL_CHECKOUT}" fi =20 - vng \ + if [[ "${ns}" !=3D "none" ]]; then + ns_exec=3D"ip netns exec ${ns}" + fi + + ${ns_exec} vng \ --run \ ${kernel_opt} \ ${verbose_opt} \ - --qemu-opts=3D"${QEMU_OPTS}" \ + --qemu-opts=3D"${qemu_opts}" \ --qemu=3D"${qemu}" \ --user root \ --append "${KERNEL_CMDLINE}" \ --rw &> ${logfile} & =20 - if ! timeout ${WAIT_TOTAL} \ - bash -c 'while [[ ! -s '"${QEMU_PIDFILE}"' ]]; do sleep 1; done; exit 0'= ; then - die "failed to boot VM" - fi + timeout "${WAIT_QEMU}" \ + bash -c 'while [[ ! -s '"${pidfile}"' ]]; do sleep 1; done; exit 0' } =20 vm_wait_for_ssh() { + local ns=3D$1 local i =20 i=3D0 @@ -234,7 +473,8 @@ vm_wait_for_ssh() { if [[ ${i} -gt ${WAIT_PERIOD_MAX} ]]; then die "Timed out waiting for guest ssh" fi - if vm_ssh -- true; then + + if vm_ssh "${ns}" -- true; then break fi i=3D$(( i + 1 )) @@ -269,6 +509,7 @@ wait_for_listener() grep -q "${pattern}"; then break fi + sleep "${interval}" done =20 @@ -278,17 +519,29 @@ wait_for_listener() } =20 vm_wait_for_listener() { - local port=3D$1 + local ns=3D$1 + local port=3D$2 + + log "Waiting for listener on port ${port} on vm" =20 - vm_ssh <&1 | log_host & + for mode in "${MODES[@]}"; do + local ns=3D"${mode}0" + if ! ns_set_mode "${ns}" "${mode}"; then + del_namespaces + return "${KSFT_FAIL}" + fi =20 - host_wait_for_listener + # try writing again and expect failure + if ns_set_mode "${ns}" "${mode}"; then + del_namespaces + return "${KSFT_FAIL}" + fi + done =20 - vm_ssh -- "${VSOCK_TEST}" \ - --mode=3Dclient \ - --control-host=3D10.0.2.2 \ - --peer-cid=3D2 \ - --control-port=3D"${TEST_HOST_PORT_LISTENER}" 2>&1 | log_guest + del_namespaces =20 - return $? + return "${KSFT_PASS}" } =20 -test_vm_loopback() { - local port=3D60000 # non-forwarded local port +namespaces_can_boot_same_cid() { + local ns0=3D$1 + local ns1=3D$2 + local pidfile1 pidfile2 + local cid=3D20 + readonly cid + local rc =20 - vm_ssh -- "${VSOCK_TEST}" \ - --mode=3Dserver \ - --control-port=3D"${port}" \ - --peer-cid=3D1 2>&1 | log_guest & + pidfile1=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + vm_start "${cid}" "${ns0}" "${pidfile1}" =20 - vm_wait_for_listener "${port}" + pidfile2=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + vm_start "${cid}" "${ns1}" "${pidfile2}" =20 - vm_ssh -- "${VSOCK_TEST}" \ - --mode=3Dclient \ - --control-host=3D"127.0.0.1" \ - --control-port=3D"${port}" \ - --peer-cid=3D1 2>&1 | log_guest + rc=3D$? + terminate_pidfiles "${pidfile1}" "${pidfile2}" =20 - return $? + return $rc +} + +test_global_same_cid_fails() { + if namespaces_can_boot_same_cid "global0" "global1"; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_local_global_same_cid_ok() { + if namespaces_can_boot_same_cid "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_global_local_same_cid_ok() { + if namespaces_can_boot_same_cid "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_local_same_cid_ok() { + if namespaces_can_boot_same_cid "local0" "local0"; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_diff_ns_global_host_connect_to_global_vm_ok() { + local pids pid pidfile + local ns0 ns1 port + declare -a pids + local unixfile + ns0=3D"global0" + ns1=3D"global1" + port=3D1234 + local rc + + pidfile=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + + if ! vm_start "${VSOCK_CID}" "${ns0}" "${pidfile}"; then + return "${KSFT_FAIL}" + fi + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + ip netns exec "${ns1}" \ + socat TCP-LISTEN:"${TEST_HOST_PORT}",fork \ + UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + host_wait_for_listener "${ns1}" "${TEST_HOST_PORT}" + + ip netns exec "${ns0}" socat UNIX-LISTEN:"${unixfile}",fork \ + TCP-CONNECT:localhost:"${TEST_HOST_PORT}" & + pids+=3D($!) + + vm_vsock_test "${ns0}" "server" 2 "${TEST_GUEST_PORT}" + vm_wait_for_listener "${ns0}" "${TEST_GUEST_PORT}" + host_vsock_test "${ns1}" "client" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST= _PORT}" + rc=3D$? + + for pid in "${pids[@]}"; do + if [[ "$(jobs -p)" =3D *"${pid}"* ]]; then + kill -SIGTERM "${pid}" &>/dev/null + fi + done + + terminate_pidfiles "${pidfile}" + + if [[ $rc -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_diff_ns_global_host_connect_to_local_vm_fails() { + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local pidfile + local result + local pid + + outfile=3D$(mktemp) + + pidfile=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + if ! vm_start "${VSOCK_CID}" "${ns1}" "${pidfile}"; then + log_host "failed to start vm (cid=3D${VSOCK_CID}, ns=3D${ns0})" + return $KSFT_FAIL + fi + + vm_wait_for_ssh "${ns1}" + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + terminate_pidfiles "${pidfile}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]]; then + return $KSFT_PASS + fi + + return $KSFT_FAIL +} + +test_diff_ns_global_vm_connect_to_global_host_ok() { + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local unixfile + local pidfile + local pids + + declare -a pids + + log_host "Setup socat bridge from ns ${ns0} to ns ${ns1} over port ${port= }" + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + + ip netns exec "${ns0}" \ + socat TCP-LISTEN:"${port}" UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + + ip netns exec "${ns1}" \ + socat UNIX-LISTEN:"${unixfile}" TCP-CONNECT:127.0.0.1:"${port}" & + pids+=3D($!) + + log_host "Launching ${VSOCK_TEST} in ns ${ns1}" + host_vsock_test "${ns1}" "server" "${VSOCK_CID}" "${port}" + + pidfile=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + if ! vm_start "${VSOCK_CID}" "${ns0}" "${pidfile}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + return $KSFT_FAIL + fi + + vm_wait_for_ssh "${ns0}" + vm_vsock_test "${ns0}" "client" "10.0.2.2" 2 "${port}" + rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + + if [[ ! $rc -eq 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" + +} + +test_diff_ns_global_vm_connect_to_local_host_fails() { + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local pidfile + local result + local pid + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:${port} STDOUT &> "${outfile}" & + pid=3D$! + + pidfile=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + if ! vm_start "${VSOCK_CID}" "${ns0}" "${pidfile}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pid}" + rm -f "${outfile}" + return $KSFT_FAIL + fi + + vm_wait_for_ssh "${ns0}" + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_diff_ns_local_host_connect_to_local_vm_fails() { + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local pidfile + local result + local pid + + outfile=3D$(mktemp) + + pidfile=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + if ! vm_start "${VSOCK_CID}" "${ns1}" "${pidfile}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + return $KSFT_FAIL + fi + + vm_wait_for_ssh "${ns1}" + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + terminate_pidfiles "${pidfile}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]]; then + return $KSFT_PASS + fi + + return $KSFT_FAIL +} + +test_diff_ns_local_vm_connect_to_local_host_fails() { + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local pidfile + local result + local pid + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT &> "${outfile}= " & + pid=3D$! + + pidfile=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + if ! vm_start "${VSOCK_CID}" "${ns0}" "${pidfile}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + rm -f "${outfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +__test_loopback_two_netns() { + local ns0=3D$1 + local ns1=3D$2 + local port=3D12345 + local result + local pid + + modprobe vsock_loopback &> /dev/null || : + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}"= 2>/dev/null & + pid=3D$! + + log_host "Launching socat in ns ${ns0}" + echo TEST | ip netns exec "${ns0}" socat STDIN VSOCK-CONNECT:1:"${port}" = 2>/dev/null + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" =3D=3D TEST ]]; then + return 0 + fi + + return 1 +} + +test_diff_ns_global_to_local_loopback_local_fails() { + if ! __test_loopback_two_netns "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_diff_ns_local_to_global_loopback_fails() { + if ! __test_loopback_two_netns "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_diff_ns_local_to_local_loopback_fails() { + if ! __test_loopback_two_netns "local0" "local1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_diff_ns_global_to_global_loopback_ok() { + if __test_loopback_two_netns "global0" "global1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_same_ns_local_loopback_ok() { + if __test_loopback_two_netns "local0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_same_ns_local_host_connect_to_local_vm_ok() { + local ns=3D"local0" + local port=3D1234 + local pidfile + local rc + + pidfile=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + + if ! vm_start "${VSOCK_CID}" "${ns}" "${pidfile}"; then + return "${KSFT_FAIL}" + fi + + vm_vsock_test "${ns}" "server" 2 "${TEST_GUEST_PORT}" + host_vsock_test "${ns}" "client" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_= PORT}" + rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ $rc -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_same_ns_local_vm_connect_to_local_host_ok() { + local ns=3D"local0" + local port=3D1234 + local pidfile + local rc + + pidfile=3D$(mktemp /tmp/qemu_vsock_vmtest_XXXX.pid) + + if ! vm_start "${VSOCK_CID}" "${ns}" "${pidfile}"; then + return "${KSFT_FAIL}" + fi + + vm_vsock_test "${ns}" "server" 2 "${TEST_GUEST_PORT}" + host_vsock_test "${ns}" "client" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_= PORT}" + rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ $rc -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +shared_vm_test() { + local tname + + tname=3D"${1}" + + for testname in "${USE_SHARED_VM[@]}"; do + if [[ "${tname}" =3D=3D "${testname}" ]]; then + return 0 + fi + done + + return 1 +} + + +init_netns_test() { + local tname + + tname=3D"${1}" + + for testname in "${USE_INIT_NETNS[@]}"; do + if [[ "${tname}" =3D=3D "${testname}" ]]; then + return 0 + fi + done + + return 1 +} + +check_result() { + local rc num + + rc=3D$1 + num=3D$(( cnt_total + 1 )) + + if [[ ${rc} -eq $KSFT_PASS ]]; then + cnt_pass=3D$(( cnt_pass + 1 )) + echo "ok ${num} ${arg}" + elif [[ ${rc} -eq $KSFT_SKIP ]]; then + cnt_skip=3D$(( cnt_skip + 1 )) + echo "ok ${num} ${arg} # SKIP" + elif [[ ${rc} -eq $KSFT_FAIL ]]; then + cnt_fail=3D$(( cnt_fail + 1 )) + echo "not ok ${num} ${arg} # exit=3D$rc" + fi + + cnt_total=3D$(( cnt_total + 1 )) } =20 -run_test() { +run_shared_vm_tests() { + local start_shared_vm pidfile local host_oops_cnt_before local host_warn_cnt_before local vm_oops_cnt_before @@ -483,42 +1191,99 @@ run_test() { local name local rc =20 - host_oops_cnt_before=3D$(dmesg | grep -c -i 'Oops') - host_warn_cnt_before=3D$(dmesg --level=3Dwarn | wc -l) - vm_oops_cnt_before=3D$(vm_ssh -- dmesg | grep -c -i 'Oops') - vm_warn_cnt_before=3D$(vm_ssh -- dmesg --level=3Dwarn | wc -l) + start_shared_vm=3D0 =20 - name=3D$(echo "${1}" | awk '{ print $1 }') - eval test_"${name}" - rc=3D$? + for arg in "${ARGS[@]}"; do + if shared_vm_test "${arg}"; then + start_shared_vm=3D1 + break + fi + done =20 - host_oops_cnt_after=3D$(dmesg | grep -i 'Oops' | wc -l) - if [[ ${host_oops_cnt_after} -gt ${host_oops_cnt_before} ]]; then - echo "FAIL: kernel oops detected on host" | log_host "${name}" - rc=3D$KSFT_FAIL + pidfile=3D"" + if [[ "${start_shared_vm}" =3D=3D 1 ]]; then + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + log_host "Booting up VM" + vm_start "${VSOCK_CID}" "none" "${pidfile}" + vm_wait_for_ssh "none" + log_host "VM booted up" fi =20 - host_warn_cnt_after=3D$(dmesg --level=3Dwarn | wc -l) - if [[ ${host_warn_cnt_after} -gt ${host_warn_cnt_before} ]]; then - echo "FAIL: kernel warning detected on host" | log_host "${name}" - rc=3D$KSFT_FAIL - fi + for arg in "${ARGS[@]}"; do + if ! shared_vm_test "${arg}"; then + continue + fi =20 - vm_oops_cnt_after=3D$(vm_ssh -- dmesg | grep -i 'Oops' | wc -l) - if [[ ${vm_oops_cnt_after} -gt ${vm_oops_cnt_before} ]]; then - echo "FAIL: kernel oops detected on vm" | log_host "${name}" - rc=3D$KSFT_FAIL - fi + if ! check_test_deps "${arg}"; then + log_host "Skipping ${arg}" + check_result "${KSFT_SKIP}" + continue + fi + + host_oops_cnt_before=3D$(dmesg | grep -c -i 'Oops') + host_warn_cnt_before=3D$(dmesg --level=3Dwarn | wc -l) + vm_oops_cnt_before=3D$(vm_ssh none -- dmesg | grep -c -i 'Oops') + vm_warn_cnt_before=3D$(vm_ssh none -- dmesg --level=3Dwarn | wc -l) + + name=3D$(echo "${arg}" | awk '{ print $1 }') + log_host "Executing test_${name}" + eval test_"${name}" + rc=3D$? + + host_oops_cnt_after=3D$(dmesg | grep -i 'Oops' | wc -l) + if [[ ${host_oops_cnt_after} -gt ${host_oops_cnt_before} ]]; then + echo "FAIL: kernel oops detected on host" | log_host "${name}" + rc=3D$KSFT_FAIL + fi =20 - vm_warn_cnt_after=3D$(vm_ssh -- dmesg --level=3Dwarn | wc -l) - if [[ ${vm_warn_cnt_after} -gt ${vm_warn_cnt_before} ]]; then - echo "FAIL: kernel warning detected on vm" | log_host "${name}" - rc=3D$KSFT_FAIL + host_warn_cnt_after=3D$(dmesg --level=3Dwarn | wc -l) + if [[ ${host_warn_cnt_after} -gt ${host_warn_cnt_before} ]]; then + echo "FAIL: kernel warning detected on host" | log_host "${name}" + rc=3D$KSFT_FAIL + fi + + vm_oops_cnt_after=3D$(vm_ssh none -- dmesg | grep -i 'Oops' | wc -l) + if [[ ${vm_oops_cnt_after} -gt ${vm_oops_cnt_before} ]]; then + echo "FAIL: kernel oops detected on vm" | log_host "${name}" + rc=3D$KSFT_FAIL + fi + + vm_warn_cnt_after=3D$(vm_ssh none -- dmesg --level=3Dwarn | wc -l) + if [[ ${vm_warn_cnt_after} -gt ${vm_warn_cnt_before} ]]; then + echo "FAIL: kernel warning detected on vm" | log_host "${name}" + rc=3D$KSFT_FAIL + fi + + check_result "${rc}" + done + + if [[ -n "${pidfile}" ]]; then + log_host "VM terminate" + terminate_pidfiles "${pidfile}" fi +} + +run_isolated_vm_tests() { + for arg in "${ARGS[@]}"; do + if shared_vm_test "${arg}"; then + continue + fi + + add_namespaces + if init_netns_test "${arg}"; then + init_namespaces + fi =20 - return "${rc}" + name=3D$(echo "${arg}" | awk '{ print $1 }') + log_host "Executing test_${name}" + eval test_"${name}" + check_result $? + + del_namespaces + done } =20 +BUILD=3D0 QEMU=3D"qemu-system-$(uname -m)" =20 while getopts :hvsq:b o @@ -543,34 +1308,13 @@ fi check_args "${ARGS[@]}" check_deps check_vng +check_socat handle_build =20 echo "1..${#ARGS[@]}" =20 -log_host "Booting up VM" -vm_start -vm_wait_for_ssh -log_host "VM booted up" - -cnt_pass=3D0 -cnt_fail=3D0 -cnt_skip=3D0 -cnt_total=3D0 -for arg in "${ARGS[@]}"; do - run_test "${arg}" - rc=3D$? - if [[ ${rc} -eq $KSFT_PASS ]]; then - cnt_pass=3D$(( cnt_pass + 1 )) - echo "ok ${cnt_total} ${arg}" - elif [[ ${rc} -eq $KSFT_SKIP ]]; then - cnt_skip=3D$(( cnt_skip + 1 )) - echo "ok ${cnt_total} ${arg} # SKIP" - elif [[ ${rc} -eq $KSFT_FAIL ]]; then - cnt_fail=3D$(( cnt_fail + 1 )) - echo "not ok ${cnt_total} ${arg} # exit=3D$rc" - fi - cnt_total=3D$(( cnt_total + 1 )) -done +run_shared_vm_tests +run_isolated_vm_tests =20 echo "SUMMARY: PASS=3D${cnt_pass} SKIP=3D${cnt_skip} FAIL=3D${cnt_fail}" echo "Log: ${LOG}" --=20 2.47.3