From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 860B234AAF2 for ; Thu, 23 Oct 2025 18:28:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244087; cv=none; b=Vh6q8EiVpmrAy6DJh9XvI5uMClaB2G+BMmPPiDlYw5r9pDgkdlmVartcAQqM5cGvkQn6eiEDYKwsqKLndSs0p3hZwY/yBzaFbIyIg1IuOC+nx0UnlbhxP9RIXJNG+oEVMtusV4Gnxf/cnTJWyd7KnegQGjRGZLPFPssNwCzslSg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244087; c=relaxed/simple; bh=DiDrb1BokArJE32Lh27GZlJPhGF6a+qvcuLYVDPWq/I=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=u8fasfEf8Di3f3lHc8tUzVPJSzeEQYLwC0HTTuKgLrAf9PDDuQL1vMYy7Kslnv679MSmRkcfhQBRaQ+XVC8Rh9lYKJp0/Rybh2aSJ4d3n+GeZLT7pKazRbxZQ8Gu932ZN5o/CKFi1meB82FCFETnuDk/pz/tMl2MX8A6mFIsScU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bTTAcvJc; arc=none smtp.client-ip=209.85.216.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bTTAcvJc" Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-339c9bf3492so1496964a91.2 for ; Thu, 23 Oct 2025 11:28:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244085; x=1761848885; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=zFTV345Uxjg8NO2N6HSXl0oNvQ4licLKHdUY0ZmDF6U=; b=bTTAcvJcPOuUichYxopxjkFdlouuc078rC4slf+Y6vqS1V6KYG004KLikpk8xlw4iZ qdfzOn2XUXhBMnqNt9SpxjvWPogKIcGc1StidBzpE+HlFNTu+zJQdmRLYy7XJzSYluH7 YCECEZg+mR6iUZXxu0y43gMTlIVYjPzHuGbP0r+pNACRIStRrFBgHUlhh6hlvebwh+PF I0zFjl9zkLVIIySTUqvU24rXhA+ldZ/f/F05p/BxCFoLHDnqf1jIMUx7deTe6L7xEBo6 Yhl2d95VunXf2kk/UxhFqyBvzoTRezbFgNXYJftu09dQthF9Ht28QuCDse4hh8dNraG+ mHOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244085; x=1761848885; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zFTV345Uxjg8NO2N6HSXl0oNvQ4licLKHdUY0ZmDF6U=; b=AraLHdKDVfK11MeFlZVBANY83eCMD0mJ8qAPv2muIRPxo5rrcJK91OJX2PFLOGUEIJ ywtkR41X52JpjKzuO4SSlS05wNGl31QhECCCeCyGsZevCgbqheAZDT8RVJ4yv2JIozWL PYLVy0WOvZOrkY8/cyR4Zsj1xiAbgpWckQiUnLtr3eTMqca1zlkvBGMqyG9WsaMd8bsL wr+HpnTNS9ABQR0BOxfPbQxvUmCirsE3GZEe1QkUkSNiEgkeqiXg+uw7qxEBG4mmNxza 8uobhuENka+U+9v2+FDdKK6GHueKFkJHs1QBwozDt5QIOppP5plISS9IuW3HbZyYR9AW PMJw== X-Forwarded-Encrypted: i=1; AJvYcCUDcNvWJ29fME2VqyemPsbZguTBjKctz9bU1rTrHfayB6fjPzZmSFdciBNYI8sQyAGm/HsdcjCpktr50HE=@vger.kernel.org X-Gm-Message-State: AOJu0Yx2wb4zvgKyQZXWQ5QKobPFQTLud0YRzYoAwcoo0rs9YOfpXD+D y9oNC5cN0ulyTCcF2/PJAG9Ttvx7oJZTuDXHY6pSiu3ghVfyP6Maj68O X-Gm-Gg: ASbGncsb8mKPVRAZ0c2A5Peq2oTL3uuO0m2mWwhxQweS2rgeCMerGOImonXaBRG5007 /yRuXLSj6da9CamXMjbOeAqbNrcey4ZEW/sO9p4yCL3Ims9xv/7ayZj4/b5WjXt9VUCivZ6czxo 2ai1hpGnDCppGKIkMR8opza28KFsMUWl9yqrC4tbPopj/Vnwy6vrwEHaQ04c41QJfPRI0vYRyVA b85YBWdEA5rOe/jL3Thld2oxmKeEAptmtBn9lbz5IiOrOL61HmNk71wP7KcVTozhURW10+e+T0a Xh9Fuvv6PNTRbAgG57Q94lAPr/49GLG6CwP/dx1hcZgLjzDXwGmXrT70IpuZ0gUiqLlxi9+8nHP ZCxA0C4c2BgEutsiMEoHZe2IYURpD38xFYt1QfKpKFM9wy0Er8dyjFQl1CN2F58ZWf7D84/egM6 si9HyB/IquXr5oct8PAQ== X-Google-Smtp-Source: AGHT+IF5gCB8PDbjBmaJRaXuLaNEfiH+8q7bEw4A0Za+n8p2aXh1gbRC1f7GemMYYIIeYwiqsz/RpA== X-Received: by 2002:a17:90b:35cc:b0:32e:43ae:e7e9 with SMTP id 98e67ed59e1d1-33bcf8ec899mr35313668a91.17.1761244084653; Thu, 23 Oct 2025 11:28:04 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:6::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fb00500b8sm3093014a91.6.2025.10.23.11.28.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:04 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:40 -0700 Subject: [PATCH net-next v8 01/14] vsock: a per-net vsock NS mode state Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-1-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add the per-net vsock NS mode state. This only adds the structure for holding the mode and some of the functions for setting/getting and checking the mode, but does not integrate the functionality yet. A "net_mode" field is added to vsock_sock to store the mode of the namespace when the vsock_sock was created. In order to evaluate namespace mode rules we need to know both a) which namespace the endpoints are in, and b) what mode that namespace had when the endpoints were created. This allows us to handle the changing of modes from global to local *after* a socket has been created by remembering that the mode was global when the socket was created. If we were to use the current net's mode instead, then the lookup would fail and the socket would break. Signed-off-by: Bobby Eshleman --- Changes in v7: - clarify vsock_net_check_mode() comments - change to `orig_net_mode =3D=3D VSOCK_NET_MODE_GLOBAL && orig_net_mode = =3D=3D vsk->orig_net_mode` - remove extraneous explanation of `orig_net_mode` - rename `written` to `mode_locked` - rename `vsock_hdr` to `sysctl_hdr` - change `orig_net_mode` to `net_mode` - make vsock_net_check_mode() more generic by taking just net pointers and modes, instead of a vsock_sock ptr, for reuse by transports (e.g., vhost_vsock) Changes in v6: - add orig_net_mode to store mode at creation time which will be used to avoid breakage when namespace changes mode during socket/VM lifespan Changes in v5: - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - change from net->vsock.ns_mode to net->vsock.mode - change vsock_net_set_mode() to vsock_net_write_mode() - vsock_net_write_mode() returns bool for write success to avoid need to use vsock_net_mode_can_set() - remove vsock_net_mode_can_set() --- MAINTAINERS | 1 + include/net/af_vsock.h | 56 +++++++++++++++++++++++++++++++++++++++++= ++++ include/net/net_namespace.h | 4 ++++ include/net/netns/vsock.h | 20 ++++++++++++++++ 4 files changed, 81 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index ea72b3bd2248..dd765bbf79ab 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -27070,6 +27070,7 @@ L: netdev@vger.kernel.org S: Maintained F: drivers/vhost/vsock.c F: include/linux/virtio_vsock.h +F: include/net/netns/vsock.h F: include/uapi/linux/virtio_vsock.h F: net/vmw_vsock/virtio_transport.c F: net/vmw_vsock/virtio_transport_common.c diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index d40e978126e3..bce5389ef742 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -10,6 +10,7 @@ =20 #include #include +#include #include #include =20 @@ -65,6 +66,7 @@ struct vsock_sock { u32 peer_shutdown; bool sent_request; bool ignore_connecting_rst; + enum vsock_net_mode net_mode; =20 /* Protected by lock_sock(sk) */ u64 buffer_size; @@ -256,4 +258,58 @@ static inline bool vsock_msgzerocopy_allow(const struc= t vsock_transport *t) { return t->msgzerocopy_allow && t->msgzerocopy_allow(); } + +static inline enum vsock_net_mode vsock_net_mode(struct net *net) +{ + enum vsock_net_mode ret; + + spin_lock_bh(&net->vsock.lock); + ret =3D net->vsock.mode; + spin_unlock_bh(&net->vsock.lock); + return ret; +} + +static inline bool vsock_net_write_mode(struct net *net, u8 mode) +{ + bool ret; + + spin_lock_bh(&net->vsock.lock); + + if (net->vsock.mode_locked) { + ret =3D false; + goto skip; + } + + net->vsock.mode =3D mode; + net->vsock.mode_locked =3D true; + ret =3D true; + +skip: + spin_unlock_bh(&net->vsock.lock); + return ret; +} + +/* Return true if two namespaces and modes pass the mode rules. Otherwise, + * return false. + * + * ns0 and ns1 are the namespaces being checked. + * mode0 and mode1 are the vsock namespace modes of ns0 and ns1. + * + * Read more about modes in the comment header of net/vmw_vsock/af_vsock.c. + */ +static inline bool vsock_net_check_mode(struct net *ns0, enum vsock_net_mo= de mode0, + struct net *ns1, enum vsock_net_mode mode1) +{ + /* Any vsocks within the same network namespace are always reachable, + * regardless of the mode. + */ + if (net_eq(ns0, ns1)) + return true; + + /* + * If the network namespaces differ, vsocks are only reachable if both + * were created in VSOCK_NET_MODE_GLOBAL mode. + */ + return mode0 =3D=3D VSOCK_NET_MODE_GLOBAL && mode0 =3D=3D mode1; +} #endif /* __AF_VSOCK_H__ */ diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index cb664f6e3558..66d3de1d935f 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -196,6 +197,9 @@ struct net { /* Move to a better place when the config guard is removed. */ struct mutex rtnl_mutex; #endif +#if IS_ENABLED(CONFIG_VSOCKETS) + struct netns_vsock vsock; +#endif } __randomize_layout; =20 #include diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h new file mode 100644 index 000000000000..c9a438ad52f2 --- /dev/null +++ b/include/net/netns/vsock.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __NET_NET_NAMESPACE_VSOCK_H +#define __NET_NET_NAMESPACE_VSOCK_H + +#include + +enum vsock_net_mode { + VSOCK_NET_MODE_GLOBAL, + VSOCK_NET_MODE_LOCAL, +}; + +struct netns_vsock { + struct ctl_table_header *sysctl_hdr; + spinlock_t lock; + + /* protected by lock */ + enum vsock_net_mode mode; + bool mode_locked; +}; +#endif /* __NET_NET_NAMESPACE_VSOCK_H */ --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77BFA34B1A7 for ; Thu, 23 Oct 2025 18:28:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244088; cv=none; b=ULYjR9zWwcF8merbnOghDXximyDKL4YlnPjH0Be4KoFjkZhL9wJ579A9kVPWHEXLu+SylPDdTN95iQYExaPsvfEZ4df6i0aBm2ZJAZmZHfjcJ0ljHAZuewQBbaVEnfxzV5SK6sAAKL2QxXvHRKacpuOMEIjDOlK+tFcERf6mHEM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244088; c=relaxed/simple; bh=5ZnZPrVDfdO+Z9/UM3e8BCikhyLuP+zNDA80rKqdbMY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=JgkVFkbBePtc0lSwq1l4WfXwGbXGXErErWzlNgAZAB+ftTX7oREJNjHycoaAKxPwUSzSDgFWNH+ObnbFUdagNcvbeEWmlpyxaOdFrQzgc2+mKm4BXnmIToEClPC0Def6hx1Ni+PUaWhfXHX65MdTBpNIQsz0W+V+negXw/csBtY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZluPI/AT; arc=none smtp.client-ip=209.85.214.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZluPI/AT" Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-269639879c3so10484555ad.2 for ; Thu, 23 Oct 2025 11:28:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244086; x=1761848886; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=j0IJv9dMDzYNAhk3DeojEckJoVGEYAGQr1mrX7CZmVI=; b=ZluPI/ATyLxWxTZnYtnR1Q+2uqTB8mTBDQVYynXfkdJqsa6A9Txt9/KjUi4mCfhZ/Y 6XLP/aLF5CVY9ezJucDQCws4m1PpC0+ulGf2zweCjxbvf6bfEKR1MiMTRXJQ0wPXrTTx leva9rnWFR43CoZ2ATmAEOtOJrCAkQQ+pfX59nKs1bNb4NWM52FTWeXJLq/gLHHr+wFS 5whdVdBitUm2RU7sV+qHkbRjyemuJ+TfwBgvHIITwc7W7uIkYNSSmWLUjjTPoQHSguef +1s1PKqKYefGRIu/7tV2+Gd61SpbNP06SvCt5aOZgzKxwzM4ARH1o65DylVHpdAR7/tY cbhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244086; x=1761848886; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j0IJv9dMDzYNAhk3DeojEckJoVGEYAGQr1mrX7CZmVI=; b=k66qlrI2gC62csoL4DBhzJnqZOf5nY125Sb+8g54zYCaxRcBhtm6S5Zk99ViEREclX Oq2B5iNbMM1zSWSbEnrq2VrjNKXbuLb0Te02RSBFNF66JBGnkOOJhZKmhR/pjSZqh7KR uQhU/taGw209SiAMsECEehvPab5SXwLQPVMbZcjBwPl5qQKDFGXSjbqqMV5q6BqOGYpj k02trOgfVOm8Ki6oqdwcQwPPwBEnI9vwf/5AYMrKWtfPprvhwkDUcKMBpo9n/5YZg7ta rjmlWwxP4BGJ1gSkfr/HVY7QbiN2s7+NDPjkfMETIS8KLBNN9l3TzVbze13o9PTFM0t8 u+YQ== X-Forwarded-Encrypted: i=1; AJvYcCXqeMUpoMbYnkGYaR59YDzZIBnFar4Eu0cQjCyPmPvgbPwV7DrGnFgA1M/pYq0+St0t2hbGaUW+ni/nvZI=@vger.kernel.org X-Gm-Message-State: AOJu0YwiPbF1t8vlD1PUwq+4cEsRMrfQFbFEKLrujRHhJeGbgZ2Hhem6 hGEG4aMkURKZM98ZBwRo6rTJKfi7wssHs0BNqaAAtm5X9JpSPEXeXisr X-Gm-Gg: ASbGncug7K+9c/m4nqfMpN8G7bH92J6MqXoGn3Ob4m5OV7AruPIPnhJA20lhJYZWmAV Ne3BPREjYa4pWMGrCkcbvfNt3/wsvuaTfkAFqTNmg9ddXpaUxDhQDrdSmTYPWK+X0FUE3h8sjZn b6imxhmOpWP/M96D00ar7F+Hj9Z5lP2dwTa4qFuQP1gocTcem0PNYUc13Wch3r93DaEptbdn3np 8itAdNDV+KfOIBvd8rC0+7BMMBL5b6y+/2zTKerky/g8VKoTglznwBqIc/UoLB68yVsa/RuWrR4 43hsh+7vLFvgm7L8uKD9AlqyFB0cUnEnOjY9b0z7JH1JLWjLW9M9NfEURmLUCMdzhT44dy2XcY5 Vu9wba+7pcxyIFcXBVKADf6SoQINGMKelrSgDKe+tvuf/Lhd/dGCDYq5tze6LnSVIYBykXdle6X 5cWg/ViK3E3TYpb1DEduA= X-Google-Smtp-Source: AGHT+IHuF0nGiLuYIY7bEPnV/kWChQOzz0OHyllyc5LZQHhWV90GhBaf/if/KbPVYud5pvRswtc0Ww== X-Received: by 2002:a17:902:ebc6:b0:290:9a74:a8ad with SMTP id d9443c01a7336-290cba41dc7mr337313795ad.53.1761244085636; Thu, 23 Oct 2025 11:28:05 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:42::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2946de152e7sm30294645ad.29.2025.10.23.11.28.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:05 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:41 -0700 Subject: [PATCH net-next v8 02/14] vsock/virtio: pack struct virtio_vsock_skb_cb Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-2-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Reduce holes in struct virtio_vsock_skb_cb. As this struct continues to grow, we want to keep it trimmed down so it doesn't exceed the size of skb->cb (currently 48 bytes). Eliminating the 2 byte hole provides an additional two bytes for new fields at the end of the structure. It does not shrink the total size, however. Future work could include combining fields like reply and tap_delivered into a single bitfield, but currently doing so will not make the total struct size smaller (although, would extend the tail-end padding area by one byte). Before this patch: struct virtio_vsock_skb_cb { bool reply; /* 0 1 */ bool tap_delivered; /* 1 1 */ /* XXX 2 bytes hole, try to pack */ u32 offset; /* 4 4 */ /* size: 8, cachelines: 1, members: 3 */ /* sum members: 6, holes: 1, sum holes: 2 */ /* last cacheline: 8 bytes */ }; ; After this patch: struct virtio_vsock_skb_cb { u32 offset; /* 0 4 */ bool reply; /* 4 1 */ bool tap_delivered; /* 5 1 */ /* size: 8, cachelines: 1, members: 3 */ /* padding: 2 */ /* last cacheline: 8 bytes */ }; Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella --- include/linux/virtio_vsock.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 0c67543a45c8..87cf4dcac78a 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -10,9 +10,9 @@ #define VIRTIO_VSOCK_SKB_HEADROOM (sizeof(struct virtio_vsock_hdr)) =20 struct virtio_vsock_skb_cb { + u32 offset; bool reply; bool tap_delivered; - u32 offset; }; =20 #define VIRTIO_VSOCK_SKB_CB(skb) ((struct virtio_vsock_skb_cb *)((skb)->cb= )) --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 443A734C13F for ; Thu, 23 Oct 2025 18:28:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244092; cv=none; b=eBTGUzbnbU84bVifVbDqWuXhGX8Pg9vRe/r+9vvXOSIQaifEEpqQ3dpdLITZLSItOPm1XwRLs++v2KzKlU4RMJ3r6jZ4GVK84f9+tqwRIm4CarfjdPXBQkufZTgDix34508FRzsB6gsYNVZvoCbNbDvjfCXvVc+6hci3PITTQvs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244092; c=relaxed/simple; bh=/NnsC3/kyQkEuJK5iOUFqzrZwSnxBzzrLIV6TJlSX58=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=lS6wJ5YC08G0JKvlsBlINilVC/L4xgr3LJU85fkEPIpSnNxiKfCwHnKl06MamAH+B5LAxZuokUGIWWRHDueQZQuxLmilPVFwExjz8IEtfHc9qQcdYzPi8oUhiIsdg98e80by+Xp2eU0uSma690MkGLVb2ap1JmHo37MDGSOUM5g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TPRKKDH8; arc=none smtp.client-ip=209.85.215.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TPRKKDH8" Received: by mail-pg1-f174.google.com with SMTP id 41be03b00d2f7-b4755f37c3eso910360a12.3 for ; Thu, 23 Oct 2025 11:28:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244087; x=1761848887; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=t/1b6yRMCqBZzs7tcE4MzTOrQu/agnNRge7CXTKa+MI=; b=TPRKKDH8XrBk5rLrPo62mWYsMVyGUT1Dap05tyaLhbEe8BhVhGFYgWX94whDYZI987 5sXL8jHFGMqdCUXNCoTIWrgxnSWyYN2tctS/AW53U1pKM+VkR1hl1O38k0UCk+PLd7Ik Gg1EQh0C80BhpMx8ST+tiQA4O2UIxt5k3lN+gAB4A5+AvPEcrgMLOyb000M3Kz6fcmGY qGpSzUtCOVtP1zxyuBsp2y/ywXm/162dCEUpH1+bgZUWRpEeqjk/iN6ClpCNrCrs2WYH jIg6eaVV3v4V0EBZOG8LtOABMzphoh9ZYmDdG0O76yF0pqQWnyEUGk6d4DEENKsHh/w8 6k7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244087; x=1761848887; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=t/1b6yRMCqBZzs7tcE4MzTOrQu/agnNRge7CXTKa+MI=; b=SPcudM1LW7PpM1Kkb8mhbNKyzrtAYXwSm+02U3jifE62Ghj8qZuBDTzyYxqeIDGkFL Wd3YT6ozh0rE7bQHJvF+XlQnsZFcIBqbkqpzeb8SPYViJC9NMQ10bEI4l090SwbgIFfo HZTLs1jD6hLqcBEHbII7tCAGEzGu28MNSTWwEoO97q8NcUgb8togVRUxgywXKEW+5TVr ygcjVYNNfNQIE7VEOje9bH3sdOm87ix8nLmQeJsaXl2JQU4cXNYjrkZqBkgvNwhae8rb 9Wbcy7megby4nXldeldaQcT0BYJEwtw74qluhJqhkH9nB1N5Qi2UlnclVdiYiYlALMij j/ug== X-Forwarded-Encrypted: i=1; AJvYcCWrjorgjLM9mTUBYXqMGCSC8+L8Zuzb8Y7vQvBlQrNKYoylAhmbjPuAn8/s1nQg/pDIZ1XnT//ZuuvnjnQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzEODa0OOdzjc2LQQJdB9JRzhNFzPrGMFq1/EKT690M0gqzeWsA H1qiRyRKzxGfWEeGBiKnHUyGmo0qL0RxX2r3GWSVX/JQfR5S2RbUXOQs X-Gm-Gg: ASbGncsr406SqaFhHMMQGfLMdK0iRZbz5TRub6RaVHG0zO+uezgyBwENniXO/d9XiR6 AxK3VTNoOZROpBEjZGE+ReSQyHHqdlqIdZaNQ3o2GJKBqWpdrcf3nhPm8QUkJDHi7Qjh4Ecl0mD hRwMDdGmF+CKCepednW+85TPb50i78qf1YOvc/YIMhnQ4almaLAJ7H4V3pvCZg8LERUdoxg8s92 drFdpDbrna6hTbtEbviPaJboMlk0OfDJsalgDThz0gboAJNVrGMNvm/S6e4PhHsCtUtBQlBXnZW No4mVfblr0PEdjgX9dKXqXaWXy2Iw5pEgFxY5PxAsos/l75KDdsZ4DY1Ln8t/3sC90gLRgdAbmM poNzwUqXS+tJqqF7DeOkDE9t960xfvrffX1zOR/K7Bq9hg5w+BMIYoA4H2qxvRVUR7gTYLGE/eS k56SjFc5hV X-Google-Smtp-Source: AGHT+IGRrKHIe8i2PewhMjRBhP1W+eQCJR1uY99As6NL8XQQmuNG2L450IKTPePeAvu2qClkS7Jbsg== X-Received: by 2002:a17:902:dad2:b0:293:e5f:85b7 with SMTP id d9443c01a7336-2930e5f9113mr89467435ad.11.1761244086676; Thu, 23 Oct 2025 11:28:06 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:73::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2946e0f06d5sm30959555ad.82.2025.10.23.11.28.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:06 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:42 -0700 Subject: [PATCH net-next v8 03/14] vsock: add netns to vsock skb cb Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-3-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add a net pointer and net_mode to the vsock skb and helpers for getting/setting them. When skbs are received the transport needs a way to tell the vsock layer and/or virtio common layer which namespace and what namespace mode the packet belongs to. This will be used by those upper layers for finding the correct socket object. This patch stashes these fields in the skb control buffer. This extends virtio_vsock_skb_cb to 24 bytes: struct virtio_vsock_skb_cb { struct net * net; /* 0 8 */ enum vsock_net_mode net_mode; /* 8 4 */ u32 offset; /* 12 4 */ bool reply; /* 16 1 */ bool tap_delivered; /* 17 1 */ /* size: 24, cachelines: 1, members: 5 */ /* padding: 6 */ /* last cacheline: 24 bytes */ }; Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella --- Changes in v7: - rename `orig_net_mode` to `net_mode` - update commit message with a more complete explanation of changes Changes in v5: - some diff context change due to rebase to current net-next --- include/linux/virtio_vsock.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 87cf4dcac78a..7f334a32133c 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -10,6 +10,8 @@ #define VIRTIO_VSOCK_SKB_HEADROOM (sizeof(struct virtio_vsock_hdr)) =20 struct virtio_vsock_skb_cb { + struct net *net; + enum vsock_net_mode net_mode; u32 offset; bool reply; bool tap_delivered; @@ -130,6 +132,27 @@ static inline size_t virtio_vsock_skb_len(struct sk_bu= ff *skb) return (size_t)(skb_end_pointer(skb) - skb->head); } =20 +static inline struct net *virtio_vsock_skb_net(struct sk_buff *skb) +{ + return VIRTIO_VSOCK_SKB_CB(skb)->net; +} + +static inline void virtio_vsock_skb_set_net(struct sk_buff *skb, struct ne= t *net) +{ + VIRTIO_VSOCK_SKB_CB(skb)->net =3D net; +} + +static inline enum vsock_net_mode virtio_vsock_skb_net_mode(struct sk_buff= *skb) +{ + return VIRTIO_VSOCK_SKB_CB(skb)->net_mode; +} + +static inline void virtio_vsock_skb_set_net_mode(struct sk_buff *skb, + enum vsock_net_mode net_mode) +{ + VIRTIO_VSOCK_SKB_CB(skb)->net_mode =3D net_mode; +} + /* Dimension the RX SKB so that the entire thing fits exactly into * a single 4KiB page. This avoids wasting memory due to alloc_skb() * rounding up to the next page order and also means that we --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4F2434C809 for ; Thu, 23 Oct 2025 18:28:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244095; cv=none; b=eJRxnUMBUrVYD0HzDCQBia2hW+bW/U/GBeN29lg+ayzBO2YUm4Bl+13NAQB91FtTfM6ejtREp5hLbSwyOzp1JgeaZ2MoKVz0g4nwoYI4R77YBBKIR3BJzByJA4S5n1sV8t4AfjCtrX+m4rIYNipRfIsk1yIKC76yM9BNOr7lt/g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244095; c=relaxed/simple; bh=3NRLY5qthbgDAGkepC0qQM3EQ/z7/OMO4DumvE8qIYg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=l9rfcZNqjwBz6Uwg+QurctMdRGNG5Iu1zLA4lBLhOXBmWlymfkrMaIkKnI8vfSNtRbW0loloA+7CFoKeLuWcetEUIlRirio2wyFNpf2sAM3319oZVoxusoTN7atjYylepFAIm6c86L/pUmFiXyUkKn3aQi7GakimTp0pJM3ra3E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KOWiAmEl; arc=none smtp.client-ip=209.85.216.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KOWiAmEl" Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-33bbeec2ed7so1134184a91.1 for ; Thu, 23 Oct 2025 11:28:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244088; x=1761848888; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=E6bY3Agg0dMqaYp+AVOXgvCUNZv+6xXjChTG+ERZTWM=; b=KOWiAmElNzDeyuDNfsj235Q7WD7ZD4pasbIItn6/1MoDDRo4+LezLloAfg563DKsww wUB6/evMXuWL+rC4WihtjOi3CrWYsXdvIx9frOqSqNIEMvwRPD26yPYUHLQa1Smw8dbl tUlOztLP3NJL1CCYtuA0Tq8aRZ+wTLVgRZVHc328f34FR9xdwemIfxdbWNUwijnN9n38 4ettU97WwP00jzb7Pep8T16so5Q+9ue2oHvsHl7nmGsnaIxu0SF0LavNPYlQe1/wgwYr 4se95e45CtN9e4vnwHsCAquLLc1W/dkuSiorhlsbIEtU0P+7h3u/yqtwyNRW6RMI8Akx PZBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244088; x=1761848888; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E6bY3Agg0dMqaYp+AVOXgvCUNZv+6xXjChTG+ERZTWM=; b=TDcEl6D9KS7InACPvSpnDsg1l+5EbHug1RF/ctuqT8AZvtRUu/fgj/HtVs2cifuC6k cKvkd9Xpu9WB6mG3meXT3ZUjBylLOAoFndYNOWF+MI1iBbZI9f08zDEgd/3dOLTyzVKZ JjulUjy9ZuNpk64UgMcdO2mdEc0fGkdw6hGb76pRasSlokPQh6Vgd7gGLtZf0ht3MHKM jcgxYiVZBMdv9b5APU9xfCJFG5zQhlnqnMvm43IXDgRhrv2yYKdj3mwy6pEO8QDoiOiC zbnjVz1bqf99As6kuVVtKH8+V3VXBsrg00oYTzsTSD3E9HaQsDl+vQygv3XDTdVhjNwF R8Lw== X-Forwarded-Encrypted: i=1; AJvYcCXTtutZn1CbqXUJeeOE+vMPWYZuAe0ALf1is/m6r/72PiE1ZduMbBK+UPyJZFjL6uJWw8GhdKtd4qeRqrA=@vger.kernel.org X-Gm-Message-State: AOJu0Yy27ecpdbA46FqJVOB7V6Km05XFirXhEbTWlftfutWvviE4pS6P tdlUVy6Kt/Q/LtW/dG9eeCNYh/+YlNctVYn/oXung+4kfOwxzxG1wYgR X-Gm-Gg: ASbGncvBWB6pIQg43ZkMiKw6Xtt+wv26VnE6TAfdsGU7ljrrp0y68Wtw7e4sSc8Rb6G T9r/Yhc/1ah6IqBnCKAY8/PWlc8tXbxgEM7ykm5ovLF8MOK/rMiRFjgp3uH026XtdCcCDXnh+K/ XeCJkuBpoEW7AcqxavFt3RORP+eAnzdpb6BCibMSCaBbnGF5nXgah0UMBoSTtJAYSPDpXDMH5Wf 5ZR2yR332PrPsfO2KsM9MssqStf02YYeiuQNOgA91chYiHNUGFLEWOOvW9+D6dJbp1CmkyM8t9O hpC7yFd6imrNqYFW7llqXaTmqYXYEwvo+u3SiyX/gYBs+WFFUmZe7LSU0QqzBnSy8pXQxlQgLdl GT4WvyyYZNZ/tjNFTks+5oPcW3JuC4ANUNRvP4fosYd/im8BNw8GPM3miYiZU/qA8lVQNd/NLOp NyMrkZePIS X-Google-Smtp-Source: AGHT+IHKkKdCtBopMvQpaWNPRF+3tb6avAKNc2uxv1TMelz7Yb1/inaRx07BtLot72ToIsuk9oBjJA== X-Received: by 2002:a17:90b:2788:b0:33b:c995:5d92 with SMTP id 98e67ed59e1d1-33fafc44ab6mr4186165a91.32.1761244087781; Thu, 23 Oct 2025 11:28:07 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:72::]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b6cf4e2d81dsm2774888a12.30.2025.10.23.11.28.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:07 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:43 -0700 Subject: [PATCH net-next v8 04/14] vsock: add netns to vsock core Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-4-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add netns logic to vsock core. Additionally, modify transport hook prototypes to be used by later transport-specific patches (e.g., *_seqpacket_allow()). Namespaces are supported primarily by changing socket lookup functions (e.g., vsock_find_connected_socket()) to take into account the socket namespace and the namespace mode before considering a candidate socket a "match". Introduce a dummy namespace struct, __vsock_global_dummy_net, to be used by transports that do not support namespacing. This dummy always has mode "global" to preserve previous CID behavior. This patch also introduces the sysctl /proc/sys/net/vsock/ns_mode that accepts the "global" or "local" mode strings. The transports (besides vhost) are modified to use the global dummy, which makes them behave as if always in the global namespace. Vhost is an exception because it inherits its namespace from the process that opens the vhost device. Add netns functionality (initialization, passing to transports, procfs, etc...) to the af_vsock socket layer. Later patches that add netns support to transports depend on this patch. seqpacket_allow() callbacks are modified to take a vsk so that transport implementations can inspect sock_net(sk) and vsk->net_mode when performing lookups (e.g., vhost does this in its future netns patch). Because the API change affects all transports, it seemed more appropriate to make this internal API change in the "vsock core" patch then in the "vhost" patch. Signed-off-by: Bobby Eshleman --- Changes in v7: - hv_sock: fix hyperv build error - explain why vhost does not use the dummy - explain usage of __vsock_global_dummy_net - explain why VSOCK_NET_MODE_STR_MAX is 8 characters - use switch-case in vsock_net_mode_string() - avoid changing transports as much as possible - add vsock_find_{bound,connected}_socket_net() - rename `vsock_hdr` to `sysctl_hdr` - add virtio_vsock_alloc_linear_skb() wrapper for setting dummy net and global mode for virtio-vsock, move skb->cb zero-ing into wrapper - explain seqpacket_allow() change - move net setting to __vsock_create() instead of vsock_create() so that child sockets also have their net assigned upon accept() Changes in v6: - unregister sysctl ops in vsock_exit() - af_vsock: clarify description of CID behavior - af_vsock: fix buf vs buffer naming, and length checking - af_vsock: fix length checking w/ correct ctl_table->maxlen Changes in v5: - vsock_global_net() -> vsock_global_dummy_net() - update comments for new uAPI - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - add prototype changes so patch remains compilable --- drivers/vhost/vsock.c | 4 +- include/linux/virtio_vsock.h | 21 ++++ include/net/af_vsock.h | 14 ++- net/vmw_vsock/af_vsock.c | 264 +++++++++++++++++++++++++++++++++++= +--- net/vmw_vsock/virtio_transport.c | 7 +- net/vmw_vsock/vsock_loopback.c | 4 +- 6 files changed, 288 insertions(+), 26 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index ae01457ea2cd..34adf0cf9124 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -404,7 +404,7 @@ static bool vhost_transport_msgzerocopy_allow(void) return true; } =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid); +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 re= mote_cid); =20 static struct virtio_transport vhost_transport =3D { .transport =3D { @@ -460,7 +460,7 @@ static struct virtio_transport vhost_transport =3D { .send_pkt =3D vhost_transport_send_pkt, }; =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid) +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 re= mote_cid) { struct vhost_vsock *vsock; bool seqpacket_allow =3D false; diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 7f334a32133c..29290395054c 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -153,6 +153,27 @@ static inline void virtio_vsock_skb_set_net_mode(struc= t sk_buff *skb, VIRTIO_VSOCK_SKB_CB(skb)->net_mode =3D net_mode; } =20 +static inline struct sk_buff * +virtio_vsock_alloc_rx_skb(unsigned int size, gfp_t mask) +{ + struct sk_buff *skb; + + skb =3D virtio_vsock_alloc_linear_skb(size, mask); + if (!skb) + return NULL; + + memset(skb->head, 0, VIRTIO_VSOCK_SKB_HEADROOM); + + /* virtio-vsock does not yet support namespaces, so on receive + * we force legacy namespace behavior using the global dummy net + * and global net mode. + */ + virtio_vsock_skb_set_net(skb, vsock_global_dummy_net()); + virtio_vsock_skb_set_net_mode(skb, VSOCK_NET_MODE_GLOBAL); + + return skb; +} + /* Dimension the RX SKB so that the entire thing fits exactly into * a single 4KiB page. This avoids wasting memory due to alloc_skb() * rounding up to the next page order and also means that we diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index bce5389ef742..69bb70c3c0fd 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -145,7 +145,7 @@ struct vsock_transport { int flags); int (*seqpacket_enqueue)(struct vsock_sock *vsk, struct msghdr *msg, size_t len); - bool (*seqpacket_allow)(u32 remote_cid); + bool (*seqpacket_allow)(struct vsock_sock *vsk, u32 remote_cid); u32 (*seqpacket_has_data)(struct vsock_sock *vsk); =20 /* Notification. */ @@ -218,6 +218,12 @@ void vsock_remove_connected(struct vsock_sock *vsk); struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr); struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, struct sockaddr_vm *dst); +struct sock *vsock_find_bound_socket_net(struct sockaddr_vm *addr, struct = net *net, + enum vsock_net_mode net_mode); +struct sock *vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode net_mode); void vsock_remove_sock(struct vsock_sock *vsk); void vsock_for_each_connected_socket(struct vsock_transport *transport, void (*fn)(struct sock *sk)); @@ -259,6 +265,12 @@ static inline bool vsock_msgzerocopy_allow(const struc= t vsock_transport *t) return t->msgzerocopy_allow && t->msgzerocopy_allow(); } =20 +extern struct net __vsock_global_dummy_net; +static inline struct net *vsock_global_dummy_net(void) +{ + return &__vsock_global_dummy_net; +} + static inline enum vsock_net_mode vsock_net_mode(struct net *net) { enum vsock_net_mode ret; diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 4c2db6cca557..656a78810c68 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -83,6 +83,35 @@ * TCP_ESTABLISHED - connected * TCP_CLOSING - disconnecting * TCP_LISTEN - listening + * + * - Namespaces in vsock support two different modes configured + * through /proc/sys/net/vsock/ns_mode. The modes are "local" and "globa= l". + * Each mode defines how the namespace interacts with CIDs. + * /proc/sys/net/vsock/ns_mode is write-once, so that it may be configur= ed + * and locked down by a namespace manager. The default is "global". The = mode + * is set per-namespace. + * + * The modes affect the allocation and accessibility of CIDs as follows: + * + * - global - access and allocation are all system-wide + * - all CID allocation from global namespaces draw from the same + * system-wide pool + * - if one global namespace has already allocated some CID, another + * global namespace will not be able to allocate the same CID + * - global mode AF_VSOCK sockets can reach any VM or socket in any g= lobal + * namespace, they are not contained to only their own namespace + * - AF_VSOCK sockets in a global mode namespace cannot reach VMs or + * sockets in any local mode namespace + * - local - access and allocation are contained within the namespace + * - CID allocation draws only from a private pool local only to the + * namespace, and does not affect the CIDs available for allocation = in any + * other namespace (global or local) + * - VMs in a local namespace do not collide with CIDs in any other lo= cal + * namespace or any global namespace. For example, if a VM in a loca= l mode + * namespace is given CID 10, then CID 10 is still available for + * allocation in any other namespace, but not in the same namespace + * - AF_VSOCK sockets in a local mode namespace can connect only to VM= s or + * other sockets within their own namespace. */ =20 #include @@ -100,6 +129,7 @@ #include #include #include +#include #include #include #include @@ -111,9 +141,18 @@ #include #include #include +#include #include #include =20 +#define VSOCK_NET_MODE_STR_GLOBAL "global" +#define VSOCK_NET_MODE_STR_LOCAL "local" + +/* 6 chars for "global", 1 for null-terminator, and 1 more for '\n'. + * The newline is added by proc_dostring() for read operations. + */ +#define VSOCK_NET_MODE_STR_MAX 8 + static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr); static void vsock_sk_destruct(struct sock *sk); static int vsock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); @@ -149,6 +188,15 @@ static const struct vsock_transport *transport_dgram; static const struct vsock_transport *transport_local; static DEFINE_MUTEX(vsock_register_mutex); =20 +/* This net is used only for transports that do support namespaces. It is = never + * registered with the namespace subsystem and always has + * VSOCK_NET_MODE_GLOBAL. Pass this net to the net lookup functions (e.g., + * vsock_find_bound_socket_net()) when you want to force global-mode or the + * same behavior as before namespaces were supported. + */ +struct net __vsock_global_dummy_net; +EXPORT_SYMBOL_GPL(__vsock_global_dummy_net); + /**** UTILS ****/ =20 /* Each bound VSocket is stored in the bind hash table and each connected @@ -235,33 +283,44 @@ static void __vsock_remove_connected(struct vsock_soc= k *vsk) sock_put(&vsk->sk); } =20 -static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr) +static struct sock *__vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode net_mode) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_bound_sockets(addr), bound_table) { - if (vsock_addr_equals_addr(addr, &vsk->local_addr)) - return sk_vsock(vsk); + struct sock *sk =3D sk_vsock(vsk); + + if (vsock_addr_equals_addr(addr, &vsk->local_addr) && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, net_mode)) + return sk; =20 if (addr->svm_port =3D=3D vsk->local_addr.svm_port && (vsk->local_addr.svm_cid =3D=3D VMADDR_CID_ANY || - addr->svm_cid =3D=3D VMADDR_CID_ANY)) - return sk_vsock(vsk); + addr->svm_cid =3D=3D VMADDR_CID_ANY) && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, net_mode)) + return sk; } =20 return NULL; } =20 -static struct sock *__vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) +static struct sock *__vsock_find_connected_socket_net(struct sockaddr_vm *= src, + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode net_mode) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_connected_sockets(src, dst), connected_table) { + struct sock *sk =3D sk_vsock(vsk); + if (vsock_addr_equals_addr(src, &vsk->remote_addr) && - dst->svm_port =3D=3D vsk->local_addr.svm_port) { - return sk_vsock(vsk); + dst->svm_port =3D=3D vsk->local_addr.svm_port && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, net_mode)) { + return sk; } } =20 @@ -304,12 +363,14 @@ void vsock_remove_connected(struct vsock_sock *vsk) } EXPORT_SYMBOL_GPL(vsock_remove_connected); =20 -struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +struct sock *vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode net_mode) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_bound_socket(addr); + sk =3D __vsock_find_bound_socket_net(addr, net, net_mode); if (sk) sock_hold(sk); =20 @@ -317,15 +378,24 @@ struct sock *vsock_find_bound_socket(struct sockaddr_= vm *addr) =20 return sk; } +EXPORT_SYMBOL_GPL(vsock_find_bound_socket_net); + +struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +{ + return vsock_find_bound_socket_net(addr, vsock_global_dummy_net(), + VSOCK_NET_MODE_GLOBAL); +} EXPORT_SYMBOL_GPL(vsock_find_bound_socket); =20 -struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) +struct sock *vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode net_mode) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_connected_socket(src, dst); + sk =3D __vsock_find_connected_socket_net(src, dst, net, net_mode); if (sk) sock_hold(sk); =20 @@ -333,6 +403,15 @@ struct sock *vsock_find_connected_socket(struct sockad= dr_vm *src, =20 return sk; } +EXPORT_SYMBOL_GPL(vsock_find_connected_socket_net); + +struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, + struct sockaddr_vm *dst) +{ + return vsock_find_connected_socket_net(src, dst, + vsock_global_dummy_net(), + VSOCK_NET_MODE_GLOBAL); +} EXPORT_SYMBOL_GPL(vsock_find_connected_socket); =20 void vsock_remove_sock(struct vsock_sock *vsk) @@ -528,7 +607,7 @@ int vsock_assign_transport(struct vsock_sock *vsk, stru= ct vsock_sock *psk) =20 if (sk->sk_type =3D=3D SOCK_SEQPACKET) { if (!new_transport->seqpacket_allow || - !new_transport->seqpacket_allow(remote_cid)) { + !new_transport->seqpacket_allow(vsk, remote_cid)) { module_put(new_transport->module); return -ESOCKTNOSUPPORT; } @@ -676,6 +755,7 @@ static void vsock_pending_work(struct work_struct *work) static int __vsock_bind_connectible(struct vsock_sock *vsk, struct sockaddr_vm *addr) { + struct net *net =3D sock_net(sk_vsock(vsk)); static u32 port; struct sockaddr_vm new_addr; =20 @@ -695,7 +775,8 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, =20 new_addr.svm_port =3D port++; =20 - if (!__vsock_find_bound_socket(&new_addr)) { + if (!__vsock_find_bound_socket_net(&new_addr, net, + vsk->net_mode)) { found =3D true; break; } @@ -712,7 +793,8 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, return -EACCES; } =20 - if (__vsock_find_bound_socket(&new_addr)) + if (__vsock_find_bound_socket_net(&new_addr, net, + vsk->net_mode)) return -EADDRINUSE; } =20 @@ -836,6 +918,8 @@ static struct sock *__vsock_create(struct net *net, vsk->buffer_max_size =3D VSOCK_DEFAULT_BUFFER_MAX_SIZE; } =20 + vsk->net_mode =3D vsock_net_mode(net); + return sk; } =20 @@ -2636,6 +2720,142 @@ static struct miscdevice vsock_device =3D { .fops =3D &vsock_device_ops, }; =20 +static int vsock_net_mode_string(const struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + char data[VSOCK_NET_MODE_STR_MAX] =3D {0}; + enum vsock_net_mode mode; + struct ctl_table tmp; + struct net *net; + int ret; + + if (!table->data || !table->maxlen || !*lenp) { + *lenp =3D 0; + return 0; + } + + net =3D current->nsproxy->net_ns; + tmp =3D *table; + tmp.data =3D data; + + if (!write) { + const char *p; + + mode =3D vsock_net_mode(net); + + switch (mode) { + case VSOCK_NET_MODE_GLOBAL: + p =3D VSOCK_NET_MODE_STR_GLOBAL; + break; + case VSOCK_NET_MODE_LOCAL: + p =3D VSOCK_NET_MODE_STR_LOCAL; + break; + default: + WARN_ONCE(true, "netns has invalid vsock mode"); + *lenp =3D 0; + return 0; + } + + strscpy(data, p, sizeof(data)); + tmp.maxlen =3D strlen(p); + } + + ret =3D proc_dostring(&tmp, write, buffer, lenp, ppos); + if (ret) + return ret; + + if (write) { + if (*lenp >=3D sizeof(data)) + return -EINVAL; + + if (!strncmp(data, VSOCK_NET_MODE_STR_GLOBAL, sizeof(data))) + mode =3D VSOCK_NET_MODE_GLOBAL; + else if (!strncmp(data, VSOCK_NET_MODE_STR_LOCAL, sizeof(data))) + mode =3D VSOCK_NET_MODE_LOCAL; + else + return -EINVAL; + + if (!vsock_net_write_mode(net, mode)) + return -EPERM; + } + + return 0; +} + +static struct ctl_table vsock_table[] =3D { + { + .procname =3D "ns_mode", + .data =3D &init_net.vsock.mode, + .maxlen =3D VSOCK_NET_MODE_STR_MAX, + .mode =3D 0644, + .proc_handler =3D vsock_net_mode_string + }, +}; + +static int __net_init vsock_sysctl_register(struct net *net) +{ + struct ctl_table *table; + + if (net_eq(net, &init_net)) { + table =3D vsock_table; + } else { + table =3D kmemdup(vsock_table, sizeof(vsock_table), GFP_KERNEL); + if (!table) + goto err_alloc; + + table[0].data =3D &net->vsock.mode; + } + + net->vsock.sysctl_hdr =3D register_net_sysctl_sz(net, "net/vsock", table, + ARRAY_SIZE(vsock_table)); + if (!net->vsock.sysctl_hdr) + goto err_reg; + + return 0; + +err_reg: + if (!net_eq(net, &init_net)) + kfree(table); +err_alloc: + return -ENOMEM; +} + +static void vsock_sysctl_unregister(struct net *net) +{ + const struct ctl_table *table; + + table =3D net->vsock.sysctl_hdr->ctl_table_arg; + unregister_net_sysctl_table(net->vsock.sysctl_hdr); + if (!net_eq(net, &init_net)) + kfree(table); +} + +static void vsock_net_init(struct net *net) +{ + spin_lock_init(&net->vsock.lock); + net->vsock.mode =3D VSOCK_NET_MODE_GLOBAL; +} + +static __net_init int vsock_sysctl_init_net(struct net *net) +{ + vsock_net_init(net); + + if (vsock_sysctl_register(net)) + return -ENOMEM; + + return 0; +} + +static __net_exit void vsock_sysctl_exit_net(struct net *net) +{ + vsock_sysctl_unregister(net); +} + +static struct pernet_operations vsock_sysctl_ops __net_initdata =3D { + .init =3D vsock_sysctl_init_net, + .exit =3D vsock_sysctl_exit_net, +}; + static int __init vsock_init(void) { int err =3D 0; @@ -2663,10 +2883,19 @@ static int __init vsock_init(void) goto err_unregister_proto; } =20 + if (register_pernet_subsys(&vsock_sysctl_ops)) { + err =3D -ENOMEM; + goto err_unregister_sock; + } + + vsock_net_init(&init_net); + vsock_net_init(vsock_global_dummy_net()); vsock_bpf_build_proto(); =20 return 0; =20 +err_unregister_sock: + sock_unregister(AF_VSOCK); err_unregister_proto: proto_unregister(&vsock_proto); err_deregister_misc: @@ -2680,6 +2909,7 @@ static void __exit vsock_exit(void) misc_deregister(&vsock_device); sock_unregister(AF_VSOCK); proto_unregister(&vsock_proto); + unregister_pernet_subsys(&vsock_sysctl_ops); } =20 const struct vsock_transport *vsock_core_get_transport(struct vsock_sock *= vsk) diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index 8c867023a2e5..6abec6b9b5bc 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -316,11 +316,10 @@ static void virtio_vsock_rx_fill(struct virtio_vsock = *vsock) vq =3D vsock->vqs[VSOCK_VQ_RX]; =20 do { - skb =3D virtio_vsock_alloc_linear_skb(total_len, GFP_KERNEL); + skb =3D virtio_vsock_alloc_rx_skb(total_len, GFP_KERNEL); if (!skb) break; =20 - memset(skb->head, 0, VIRTIO_VSOCK_SKB_HEADROOM); sg_init_one(&pkt, virtio_vsock_hdr(skb), total_len); p =3D &pkt; ret =3D virtqueue_add_sgs(vq, &p, 0, 1, skb, GFP_KERNEL); @@ -536,7 +535,7 @@ static bool virtio_transport_msgzerocopy_allow(void) return true; } =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid); +static bool virtio_transport_seqpacket_allow(struct vsock_sock *vsk, u32 r= emote_cid); =20 static struct virtio_transport virtio_transport =3D { .transport =3D { @@ -593,7 +592,7 @@ static struct virtio_transport virtio_transport =3D { .can_msgzerocopy =3D virtio_transport_can_msgzerocopy, }; =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid) +static bool virtio_transport_seqpacket_allow(struct vsock_sock *vsk, u32 r= emote_cid) { struct virtio_vsock *vsock; bool seqpacket_allow; diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index bc2ff918b315..a8f218f0c5a3 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -46,7 +46,7 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *v= sk) return 0; } =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid); +static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 rem= ote_cid); static bool vsock_loopback_msgzerocopy_allow(void) { return true; @@ -106,7 +106,7 @@ static struct virtio_transport loopback_transport =3D { .send_pkt =3D vsock_loopback_send_pkt, }; =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid) +static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 rem= ote_cid) { return true; } --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CABBE34C98D for ; Thu, 23 Oct 2025 18:28:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244097; cv=none; b=PkkMHeRbll47OBdzGPSVWr75OeeadMzF8j0sJlLbDUxFSc7shKKafo2gRcv5goA/RrlnbTica0cBfQCps6HCBiAIyf4L44kwEHj4JXWzxYrjo+QN6wXD92hVUZ62mwcgOGz8to/RnCzW1H1R1Kkl2vSYTzYMlr7b9faUNbXq4bQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244097; c=relaxed/simple; bh=2vOt3aqHsLlIKGuCeQI+QOWfaN9kYAWHryQIZjKv6ek=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=QZh3yYkPNa/vxIVYSok9hMg7gqY6Tvl9sfzkvfmEI/zLcY/ihszmT4XFSbouWXvjY0YsCaJxShl9+RAuIOo9ACRZZ4tr2EhQaAb3SGlduUT0BEgYFEWQYy/p3PEE+F80gp7rgiX1aUnTx42gAasKkOHhVFaDokbCApcLfJnlGeg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YYmKKNkB; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YYmKKNkB" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-29488933a91so2174875ad.2 for ; Thu, 23 Oct 2025 11:28:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244089; x=1761848889; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=rOnGwOJEogF4rPu54JUeb1SIxyq0svOAnIcOq7OsOBA=; b=YYmKKNkBccxWrc8puz4bMInZ7NThXENnsok/JGjbVLPP0r8M06izo0ibpDAD4naTvF pmFwEsKRC6s4US6nNejOG08ZhA4/bv3jNDHiH7PAhB6e3eLK8R+dFW6BQpikST4RfM3K CrCS5RBe+z/NmiVaN1TSyCBeYGTUxPEOXN9ZvziMTAXJcZQUhx+QZr1cSZvW33DqpNfj 3DpOiBsvjfHIHgVl5HoL6a3zG7RwaI3dsyL/t18L9TIkEreUYAr4X7S96QJPvU/DtOY/ E5kqt9vLREJeUl2RdDkdIrHp9xbt8pDg9gJZqtvIWHbcE7HNcTncm0bDkyxbp2wxacNP RIrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244089; x=1761848889; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rOnGwOJEogF4rPu54JUeb1SIxyq0svOAnIcOq7OsOBA=; b=b7ytMiOAWXMW9Q0HuyNmAu/ZzOzbeRYJm/5J4jaQ7/L/QvulKZj1XFXXH4O8vOkilk aubbHQTL8MosQZXrAtd30cDg53Xxa5sFw471UBEomYfo6srxiTfnD3Fg5aWk3hBd+H5t UZxQVecEb/gfij3c9FzSYiFKZKlTn7Y1eHNzHKyN4+RYkcBJboTISWsbwPkmlDaOsGGk dleSRXDxKvDhuhe6ZeyLvg7oroTU6vxxnaxUefFJ6sxRxDezgWK/ojMm+RLgtMZoFGeO ypP9eiH99Slc0WmNmLwRBWayTPnbms2RR3TZfq12Z49qfXXFgJdfQlSu1Crt/REOUsMf TJAQ== X-Forwarded-Encrypted: i=1; AJvYcCV+SLJlza9o0oohNVGAKUwQv8SAHIwL+NR/XCzux7OER/Yrn4hIOkyobw16chehp+523twvs03G9scyqNI=@vger.kernel.org X-Gm-Message-State: AOJu0YxdFMERBr6Xi5mohiMwdlG423RaSNBTtjdlJXpqNLFqK0E2FXdz iG2tsVDSbZiH61V7MyAHZRpZ3nnq7GIFWrxDWhxRQzNpt+0DfJ1w66U3 X-Gm-Gg: ASbGncuR8IqbmtLQ5oIn4EsPjMRof/MO8cchnbVWNsJr0AhpIxWY6GogQmeuvflvCQQ sAPZOkFJH1PiCG3ra2prRQLdbSzLbev+g35uGXuw4iqoioTNtX8ZJ4fQTd6Wc0jhJPt0nYMlB4w mPbR5SgnN7JaTwiKSyJNWuKuCVNMyUPX/hZrYtgN8ELPDwHyml8hhfxyAxcpC9yNWHJdV5Kgv6q dYhF0hBvGs4IOAY4aI8U0cAT8edwhXq12jO8WrtFayQ6W2/c9cpyUlVgqS26sB+cozoWVA5Bm0h /5qYmcXnqHLPz9MB2eiyuoFl2rjcZtB8/UaMAx2nZzSog8Zy9Nj11NoMtmKk2I1Lde4yKGdIMSz SFzDbjNAIxko51CRkK5lekwU9csiW6i/DSNd5yuIEmbXg+1Dczn2A7CHICBG5OEMkk/ONCixDQ5 5nB6OVe8sB X-Google-Smtp-Source: AGHT+IFYpBBCCR720vuYSBRzPxT9Qu4/uM6zyCgPCDeVP26zw3QtdfGDA/4zRrKoUcEuv8sd3K898A== X-Received: by 2002:a17:902:dad0:b0:24c:d0b3:3b20 with SMTP id d9443c01a7336-290ca12180emr327840225ad.37.1761244088774; Thu, 23 Oct 2025 11:28:08 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:74::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2946ddec426sm30419245ad.34.2025.10.23.11.28.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:08 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:44 -0700 Subject: [PATCH net-next v8 05/14] vsock/loopback: add netns support Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-5-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add NS support to vsock loopback. Sockets in a global mode netns communicate with each other, regardless of namespace. Sockets in a local mode netns may only communicate with other sockets within the same namespace. Use pernet_ops to install a vsock_loopback for every namespace that is created (to be used if local mode is enabled). Retroactively call init/exit on every namespace when the vsock_loopback module is loaded in order to initialize the per-ns device. Signed-off-by: Bobby Eshleman --- Changes in v7: - drop for_each_net() init/exit, drop net_rwsem, the pernet registration handles this automatically and race-free - flush workqueue before destruction, purge pkt list - remember net_mode instead of current net mode - keep space after INIT_WORK() - change vsock_loopback in netns_vsock to ->priv void ptr - rename `orig_net_mode` to `net_mode` - remove useless comment - protect `register_pernet_subsys()` with `net_rwsem` - do cleanup before releasing `net_rwsem` when failure happens - call `unregister_pernet_subsys()` in `vsock_loopback_exit()` - call `vsock_loopback_deinit_vsock()` in `vsock_loopback_exit()` Changes in v6: - init pernet ops for vsock_loopback module - vsock_loopback: add space in struct to clarify lock protection - do proper cleanup/unregister on vsock_loopback_exit() - vsock_loopback: use virtio_vsock_skb_net() Changes in v5: - add callbacks code to avoid reverse dependency - add logic for handling vsock_loopback setup for already existing namespaces --- include/net/netns/vsock.h | 2 + net/vmw_vsock/vsock_loopback.c | 85 ++++++++++++++++++++++++++++++++++++--= ---- 2 files changed, 75 insertions(+), 12 deletions(-) diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h index c9a438ad52f2..9d0d8e2fbc37 100644 --- a/include/net/netns/vsock.h +++ b/include/net/netns/vsock.h @@ -16,5 +16,7 @@ struct netns_vsock { /* protected by lock */ enum vsock_net_mode mode; bool mode_locked; + + void *priv; }; #endif /* __NET_NET_NAMESPACE_VSOCK_H */ diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index a8f218f0c5a3..474083d4cfcb 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -28,8 +28,16 @@ static u32 vsock_loopback_get_local_cid(void) =20 static int vsock_loopback_send_pkt(struct sk_buff *skb) { - struct vsock_loopback *vsock =3D &the_vsock_loopback; + struct vsock_loopback *vsock; int len =3D skb->len; + struct net *net; + + net =3D virtio_vsock_skb_net(skb); + + if (virtio_vsock_skb_net_mode(skb) =3D=3D VSOCK_NET_MODE_LOCAL) + vsock =3D (struct vsock_loopback *)net->vsock.priv; + else + vsock =3D &the_vsock_loopback; =20 virtio_vsock_skb_queue_tail(&vsock->pkt_queue, skb); queue_work(vsock->workqueue, &vsock->pkt_work); @@ -134,11 +142,8 @@ static void vsock_loopback_work(struct work_struct *wo= rk) } } =20 -static int __init vsock_loopback_init(void) +static int vsock_loopback_init_vsock(struct vsock_loopback *vsock) { - struct vsock_loopback *vsock =3D &the_vsock_loopback; - int ret; - vsock->workqueue =3D alloc_workqueue("vsock-loopback", WQ_PERCPU, 0); if (!vsock->workqueue) return -ENOMEM; @@ -146,15 +151,73 @@ static int __init vsock_loopback_init(void) skb_queue_head_init(&vsock->pkt_queue); INIT_WORK(&vsock->pkt_work, vsock_loopback_work); =20 + return 0; +} + +static void vsock_loopback_deinit_vsock(struct vsock_loopback *vsock) +{ + if (vsock->workqueue) { + flush_work(&vsock->pkt_work); + virtio_vsock_skb_queue_purge(&vsock->pkt_queue); + destroy_workqueue(vsock->workqueue); + vsock->workqueue =3D NULL; + } +} + +static int vsock_loopback_init_net(struct net *net) +{ + int ret; + + net->vsock.priv =3D kzalloc(sizeof(struct vsock_loopback), GFP_KERNEL); + if (!net->vsock.priv) + return -ENOMEM; + + ret =3D vsock_loopback_init_vsock((struct vsock_loopback *)net->vsock.pri= v); + if (ret < 0) { + kfree(net->vsock.priv); + net->vsock.priv =3D NULL; + return ret; + } + + return 0; +} + +static void vsock_loopback_exit_net(struct net *net) +{ + vsock_loopback_deinit_vsock(net->vsock.priv); + kfree(net->vsock.priv); + net->vsock.priv =3D NULL; +} + +static struct pernet_operations vsock_loopback_net_ops =3D { + .init =3D vsock_loopback_init_net, + .exit =3D vsock_loopback_exit_net, +}; + +static int __init vsock_loopback_init(void) +{ + struct vsock_loopback *vsock =3D &the_vsock_loopback; + int ret; + + ret =3D vsock_loopback_init_vsock(vsock); + if (ret < 0) + return ret; + + ret =3D register_pernet_subsys(&vsock_loopback_net_ops); + if (ret < 0) + goto out_deinit_vsock; + ret =3D vsock_core_register(&loopback_transport.transport, VSOCK_TRANSPORT_F_LOCAL); if (ret) - goto out_wq; + goto out_unregister_pernet_subsys; =20 return 0; =20 -out_wq: - destroy_workqueue(vsock->workqueue); +out_unregister_pernet_subsys: + unregister_pernet_subsys(&vsock_loopback_net_ops); +out_deinit_vsock: + vsock_loopback_deinit_vsock(vsock); return ret; } =20 @@ -164,11 +227,9 @@ static void __exit vsock_loopback_exit(void) =20 vsock_core_unregister(&loopback_transport.transport); =20 - flush_work(&vsock->pkt_work); - - virtio_vsock_skb_queue_purge(&vsock->pkt_queue); + unregister_pernet_subsys(&vsock_loopback_net_ops); =20 - destroy_workqueue(vsock->workqueue); + vsock_loopback_deinit_vsock(vsock); } =20 module_init(vsock_loopback_init); --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 929F534C9B4 for ; Thu, 23 Oct 2025 18:28:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244097; cv=none; b=HAjJnytvZMR4BLAY1HWWIlqluc2FUrIPPCwX1dCvz6gy+Mwv0GZjJJ0NT7Kkwm3GJiYNKIHzx/CURho0XpF5/wv54tevpKRN+0uoYv8KfdHtkUJMHJlFyHrcuxm5hcJsLgne4aic9UQkHtwLItHvH762MekZxHeplrGcl1n+6GU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244097; c=relaxed/simple; bh=kUefiKfkicMX8tmziLXEi//+t8csN8furvqT9U5IgCE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=WUTfgBN6w7w66OuMSfHjPz9rWwyTy2Bq5A692mkE0vxhc2F+9yW7+CyTJV0V0VVrWRV1S6+HxTO1hB6bvz5VK67S9/I2eQJTwF8/Mx/U2vtz1E7SR+XzebJIzqPeisfGYE+weZ/TV8yCDLyHtrUFsSngzXSr/r5lS/9pImLbFck= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=cAe+IZ07; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cAe+IZ07" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-33ba5d8f3bfso1005566a91.3 for ; Thu, 23 Oct 2025 11:28:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244090; x=1761848890; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ENceTHQQLbApf5YaDY/ZTac12ozK8h8RipNYM83YVxY=; b=cAe+IZ07igbq+BkPU5qd+wVGpHzBGx1pBdllSZR/VonoXlggQ3aJeJsqd+mEjZpvhI 4m0eyW70hHmZ2aNrQaaTqk+UgOVDRc8K9cVvAevIR3tAKDXIx+H6qMCvIr0isQlDXREN wHGA4UC+WvDqiuC2+sdMGBBySqkANDJ2TuuyHupRn5XWQ3IC+/p5+eJqgRRW9It3bpWW CenuUolDtzE3y2wYcOggBUzYSKWZv2BKqNbzPQoV2Zswg464V8DPzGlKBmCKhsKp3Slj Oc2P/qvcV6vbmGGbFHSjf0Nh2sjCFjEEAhIvHXPQ/sJbl5JCf26oocvNPLqRn6rVXo4z LwEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244090; x=1761848890; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ENceTHQQLbApf5YaDY/ZTac12ozK8h8RipNYM83YVxY=; b=rd/mV7ffVSLY0kx4nEAIqsYiVkMAHNr2+L8vjY52gmup64HezOJdGk0LHQIcusGOyY Kqrb/5KtlFS4xn/bt7l4uJOo8At66MJ0VMZGDR+l+QpLm8JJutbNI3OjAuLIUHxD66PC hCGd6y696p0H7t1xzR1bHWflrVf8pfIPIcXe5jw5MvZwZYHTyKUZO3ZiEEnUQ2+B0Ix/ 4osTIgkV7bNiiJvquzu1vEKCzwNSUgh3AQVzJI776m5SWpNPUMjHaVot92GcrScyVjmW IhIXxH3O39WxHM2Y9NxhyfutyNCg5Q7+YKCxRZ2Kok6WLw4ev6s449PWDxetlXROCd6+ w3dg== X-Forwarded-Encrypted: i=1; AJvYcCXOwj+fujfYqtIoWFXRk2+A1R1fsXXk/8Y50Mm0ke5UDY6V104VybKjWdrUDUele7wd8IKmWFDIgnyPvWc=@vger.kernel.org X-Gm-Message-State: AOJu0YwfN11SWsjz5z0MNtY8nYUshxSFvdMfUFpa0u307nM8zOBHrtmd SLXMtXvoAKXJ13V9ZLMbamP10KRNAGkf1CvjZHnYQdpH9ggqWIUmcc63/55pUGov X-Gm-Gg: ASbGncsvCPnJ8Trz1Eu0bxqXJRjPbZZzQPP230O83fELKFYjXVVs/cgU8TAXb17CazA LWGOD1dopOfYZ6LtstKVLelEMYp6VxxbER25bQ7OrIR2QM+EQfHQXU7+o044L3uF7h6dAwkfdkO fzq1KJya+718i3T7KTalIRfTOpHqrfUlMyK8z8d7og7UWFWmI/mJedPwzfEv5xEeUAVskii77b0 m9Jfg4DD5l5jTAtQn6bATS7blrWWz8UB9XjbUfP9JUmVWJjm+f/TyfvAxCF26upzIiD9ywL5/Vq k2blreM7/Wq+7DJRs86DUCc6LD15jJHvMWP4qgfYpIrJXDYDghd7oVMe8p1UpPa4wmAn3X4oJCB ncg5lwXKcbZ8ab4sTWjOA8XqLrqU3hSpi70NVZIoLIZnxbNdIVgmY2bIDDAouo18oXBbEFR2J X-Google-Smtp-Source: AGHT+IGL+PtKUr5eZ+mANzrBQrF6tJP4JHS8yZ0mhNm5Rv4OrWq7HGiA79wb53NBZDSFfGYBMJn/Vw== X-Received: by 2002:a17:903:2443:b0:290:bd15:24ad with SMTP id d9443c01a7336-290cb65b68fmr269267885ad.45.1761244089851; Thu, 23 Oct 2025 11:28:09 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:8::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fb01915f6sm3089451a91.16.2025.10.23.11.28.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:09 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:45 -0700 Subject: [PATCH net-next v8 06/14] vsock/virtio: add netns to virtio transport common Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-6-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Enable network namespace support in the virtio-vsock common transport layer by declaring namespace pointers in the transmit and receive paths. The changes include: 1. Add a 'net' field to virtio_vsock_pkt_info to carry the namespace pointer for outgoing packets. 2. Store the namespace and namespace mode in the skb control buffer when allocating packets (except for VIRTIO_VSOCK_OP_RST packets which do not have an associated socket). 3. Retrieve namespace information from skbs on the receive path for lookups using vsock_find_connected_socket_net() and vsock_find_bound_socket_net(). This allows users of virtio transport common code (vhost-vsock/virtio-vsock) to later enable namespace support. Signed-off-by: Bobby Eshleman --- Changes in v7: - add comment explaining the !vsk case in virtio_transport_alloc_skb() --- include/linux/virtio_vsock.h | 1 + net/vmw_vsock/virtio_transport_common.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 29290395054c..f90646f82993 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -217,6 +217,7 @@ struct virtio_vsock_pkt_info { u32 remote_cid, remote_port; struct vsock_sock *vsk; struct msghdr *msg; + struct net *net; u32 pkt_len; u16 type; u16 op; diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index dcc8a1d5851e..b8e52c71920a 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -316,6 +316,15 @@ static struct sk_buff *virtio_transport_alloc_skb(stru= ct virtio_vsock_pkt_info * info->flags, zcopy); =20 + /* + * If there is no corresponding socket, then we don't have a + * corresponding namespace. This only happens For VIRTIO_VSOCK_OP_RST. + */ + if (vsk) { + virtio_vsock_skb_set_net(skb, info->net); + virtio_vsock_skb_set_net_mode(skb, vsk->net_mode); + } + return skb; out: kfree_skb(skb); @@ -527,6 +536,7 @@ static int virtio_transport_send_credit_update(struct v= sock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_CREDIT_UPDATE, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1067,6 +1077,7 @@ int virtio_transport_connect(struct vsock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_REQUEST, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1082,6 +1093,7 @@ int virtio_transport_shutdown(struct vsock_sock *vsk,= int mode) (mode & SEND_SHUTDOWN ? VIRTIO_VSOCK_SHUTDOWN_SEND : 0), .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1108,6 +1120,7 @@ virtio_transport_stream_enqueue(struct vsock_sock *vs= k, .msg =3D msg, .pkt_len =3D len, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1145,6 +1158,7 @@ static int virtio_transport_reset(struct vsock_sock *= vsk, .op =3D VIRTIO_VSOCK_OP_RST, .reply =3D !!skb, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 /* Send RST only if the original pkt is not a RST pkt */ @@ -1465,6 +1479,7 @@ virtio_transport_send_response(struct vsock_sock *vsk, .remote_port =3D le32_to_cpu(hdr->src_port), .reply =3D true, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1578,7 +1593,9 @@ static bool virtio_transport_valid_type(u16 type) void virtio_transport_recv_pkt(struct virtio_transport *t, struct sk_buff *skb) { + enum vsock_net_mode net_mode =3D virtio_vsock_skb_net_mode(skb); struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); + struct net *net =3D virtio_vsock_skb_net(skb); struct sockaddr_vm src, dst; struct vsock_sock *vsk; struct sock *sk; @@ -1606,9 +1623,9 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, /* The socket must be in connected or bound table * otherwise send reset back */ - sk =3D vsock_find_connected_socket(&src, &dst); + sk =3D vsock_find_connected_socket_net(&src, &dst, net, net_mode); if (!sk) { - sk =3D vsock_find_bound_socket(&dst); + sk =3D vsock_find_bound_socket_net(&dst, net, net_mode); if (!sk) { (void)virtio_transport_reset_no_sock(t, skb); goto free_pkt; --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC0AA34CFD7 for ; Thu, 23 Oct 2025 18:28:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244101; cv=none; b=CeKq6UgiJ1w72lo/WZ8mqu7dSwWAFYkybaAykfYGPeBadGINJvKcVT57FY+MNx8csi5OWZWXVzae95dpIF9Ny9nxu8HMlmhQrmI9sZhbUIoEoHg2u6h4Iavq57RbQ445L9nrIXy49H6P5bF2rlxcuQqfBBcZlN91KkGEhBa9jXg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244101; c=relaxed/simple; bh=LTNf3zO088KcCuJY5DwlnqiVNrOCKFiVyhJKNJE5MP4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=T2Yo6YlUC0xv8Xmu+FoWprlCWz2IsYQuUJ7KyDIK4v9AtnW5Yhnl+MCQ50ffZmydF7PyQaxtTFAc2wDCH+X7/yf+MBgcZLXwoA0Xr6eTRYEeIsnEEc5O+h1PmSTFzr+11vo5oM/nH7olr8X85Xa4vrm3Mzgu9mm+dX645vzwiKM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YfjEVeHs; arc=none smtp.client-ip=209.85.210.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YfjEVeHs" Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-7a27bf4fbcbso803610b3a.1 for ; Thu, 23 Oct 2025 11:28:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244091; x=1761848891; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=oi6EltuDjrHL40/sPKeBo5GOQD3+wZV32ZLMdcfyakU=; b=YfjEVeHsuZ65u2Sj5Fvwglv32W6Wkez8ZScPWTnJGHSdW3WjwEFwjcWhj6dyoVOtnm dpajQATX7DRUa1fTp+iMZQ8mqTMcvSgCZDfrFNnmeoxDMNF1B73MOK9bCGtbxLaAnMMp 04kFDK4DiY1/eCdmtA7iuIKp4SaqZXWlLx33MIFZO5Nc/FKIG3DWsbPFsn+b3k82tdLJ YHmXazaQp4/B46x5GHvLr56OQ8PWE9jKYfi8Xp5QCEKcziLvzUyvTIonySFyWqi3kJds MCXN/J5sOU7tOe8dnpo38wKyPhbddk8CbZqnj/veTd1NH5O14HusArY4ovnf9Baw0soX qrqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244091; x=1761848891; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oi6EltuDjrHL40/sPKeBo5GOQD3+wZV32ZLMdcfyakU=; b=Y4EzTiE3j1AoxZNr2H1h6L+/Isy5XYRumxPCcA90UXRaCWUfo2RK5jxNUR3X9lGmN8 1gMUHrt9AZYG44MYjYSOJhSVAVvIfxdr4upbWSqlpnJtsPW4k6l1WnERh2eTQ24XN1V+ 3JFGw+mD8rmHlmnpiaMzJPpINH59DTsBsp7LKMXxV/cvSzdlkFg3u2i7UySyZubfcLX4 xrUddlzcWE2paRT5YQ9IwCegQ2gjmLyspT9N7/qles7pvNA4WQMuIL15mRko2lAZgAL9 k/9Xf1YqDYobxkieqTzj9R/5ElSZwSQloy8I0PPMLLowGzGyTpD6SYhv7WjKRknCTYEY ejfA== X-Forwarded-Encrypted: i=1; AJvYcCXb5n357o6DgR08/IsWR+Z7eg+iBfFRRz5wWa3OTDKYNb86/tbbXejcwuxUIb473ND+NKgaFZ2zBJig0hs=@vger.kernel.org X-Gm-Message-State: AOJu0YwdNzuoSijr06jGX4wvT92XZICcTWR7w1wUqfjYA0Ot028emjob o56f2yPc9ewUXLl75eB3Dwp0Cf7C4DCrPY16EGkwBm3k+wmUYJGEbqmS X-Gm-Gg: ASbGncuYxZ69au2CreAtPfkYoos7jFQZitS63eHj/Scayb4ZNc5HdWZrl3WSVB0oyOp LM9fjgPKyXSqaxdQJ5YNnFsFCHM/lixn7V450VCaQaUQKEYgKuXM5N9R5XaqBo9haMXRa3Gl1Pu aSxMlErP16+aGgZq4xqdtCbjIAz8XuNo3EsNZgTWtJFIycd6kESSFQ4NhCy6J1srrxLpSxn65m6 WUI+ftbfHGKhovGMzGw0ZGi4PABY+wl8tzdMRXTqXpKP1/iVHoL9rBHOAjcdHwmSmNqfZmNeDCx xZv1gFhShonmZhC2CXgyUmunzRDLmpMNt6vO2RTXmOGZokjSrNvsRGPDmRFAA/F3X1tZkwesjDH 2pH1DwvAJ4UNyFJmhZljfVcalM4m4C9g3OXeWpcerc5y34MEkZbnRDzKK03031N9TwYK8F0Xice zoGF1j/QZjxnneq674PA== X-Google-Smtp-Source: AGHT+IEELjFHyyABUDK0LWZlqB6sz5BNRvODMd0egUzV54kNQXVCm7c3MiRl9+V7BDlFPN8LAFPFTg== X-Received: by 2002:a17:902:e88e:b0:25c:76f1:b024 with SMTP id d9443c01a7336-290c9ceeadcmr331021865ad.25.1761244090770; Thu, 23 Oct 2025 11:28:10 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:4::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33e223e3154sm6489960a91.9.2025.10.23.11.28.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:10 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:46 -0700 Subject: [PATCH net-next v8 07/14] vhost/vsock: add netns support Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-7-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add the ability to isolate vhost-vsock flows using namespaces. The VM, via the vhost_vsock struct, inherits its namespace from the process that opens the vhost-vsock device. vhost_vsock lookup functions are modified to take into account the mode (e.g., if CIDs are matching but modes don't align, then return NULL). vhost_vsock now acquires a reference to the namespace. Signed-off-by: Bobby Eshleman --- Changes in v7: - remove the check_global flag of vhost_vsock_get(), that logic was both wrong and not necessary, reuse vsock_net_check_mode() instead - remove 'delete me' comment Changes in v5: - respect pid namespaces when assigning namespace to vhost_vsock --- drivers/vhost/vsock.c | 44 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 34adf0cf9124..df6136633cd8 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -46,6 +46,11 @@ static DEFINE_READ_MOSTLY_HASHTABLE(vhost_vsock_hash, 8); struct vhost_vsock { struct vhost_dev dev; struct vhost_virtqueue vqs[2]; + struct net *net; + netns_tracker ns_tracker; + + /* The ns mode at the time vhost_vsock was created */ + enum vsock_net_mode net_mode; =20 /* Link to global vhost_vsock_hash, writes use vhost_vsock_mutex */ struct hlist_node hash; @@ -67,7 +72,8 @@ static u32 vhost_transport_get_local_cid(void) /* Callers that dereference the return value must hold vhost_vsock_mutex o= r the * RCU read lock. */ -static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) +static struct vhost_vsock *vhost_vsock_get(u32 guest_cid, struct net *net, + enum vsock_net_mode mode) { struct vhost_vsock *vsock; =20 @@ -78,9 +84,9 @@ static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) if (other_cid =3D=3D 0) continue; =20 - if (other_cid =3D=3D guest_cid) + if (other_cid =3D=3D guest_cid && + vsock_net_check_mode(net, mode, vsock->net, vsock->net_mode)) return vsock; - } =20 return NULL; @@ -271,14 +277,16 @@ static void vhost_transport_send_pkt_work(struct vhos= t_work *work) static int vhost_transport_send_pkt(struct sk_buff *skb) { + enum vsock_net_mode mode =3D virtio_vsock_skb_net_mode(skb); struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); + struct net *net =3D virtio_vsock_skb_net(skb); struct vhost_vsock *vsock; int len =3D skb->len; =20 rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid)); + vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid), net, mode); if (!vsock) { rcu_read_unlock(); kfree_skb(skb); @@ -305,7 +313,8 @@ vhost_transport_cancel_pkt(struct vsock_sock *vsk) rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid); + vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid, + sock_net(sk_vsock(vsk)), vsk->net_mode); if (!vsock) goto out; =20 @@ -327,7 +336,7 @@ vhost_transport_cancel_pkt(struct vsock_sock *vsk) } =20 static struct sk_buff * -vhost_vsock_alloc_skb(struct vhost_virtqueue *vq, +vhost_vsock_alloc_skb(struct vhost_vsock *vsock, struct vhost_virtqueue *v= q, unsigned int out, unsigned int in) { struct virtio_vsock_hdr *hdr; @@ -353,6 +362,9 @@ vhost_vsock_alloc_skb(struct vhost_virtqueue *vq, if (!skb) return NULL; =20 + virtio_vsock_skb_set_net(skb, vsock->net); + virtio_vsock_skb_set_net_mode(skb, vsock->net_mode); + iov_iter_init(&iov_iter, ITER_SOURCE, vq->iov, out, len); =20 hdr =3D virtio_vsock_hdr(skb); @@ -462,11 +474,12 @@ static struct virtio_transport vhost_transport =3D { =20 static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 re= mote_cid) { + struct net *net =3D sock_net(sk_vsock(vsk)); struct vhost_vsock *vsock; bool seqpacket_allow =3D false; =20 rcu_read_lock(); - vsock =3D vhost_vsock_get(remote_cid); + vsock =3D vhost_vsock_get(remote_cid, net, vsk->net_mode); =20 if (vsock) seqpacket_allow =3D vsock->seqpacket_allow; @@ -520,7 +533,7 @@ static void vhost_vsock_handle_tx_kick(struct vhost_wor= k *work) break; } =20 - skb =3D vhost_vsock_alloc_skb(vq, out, in); + skb =3D vhost_vsock_alloc_skb(vsock, vq, out, in); if (!skb) { vq_err(vq, "Faulted on pkt\n"); continue; @@ -652,8 +665,10 @@ static void vhost_vsock_free(struct vhost_vsock *vsock) =20 static int vhost_vsock_dev_open(struct inode *inode, struct file *file) { + struct vhost_virtqueue **vqs; struct vhost_vsock *vsock; + struct net *net; int ret; =20 /* This struct is large and allocation could fail, fall back to vmalloc @@ -669,6 +684,14 @@ static int vhost_vsock_dev_open(struct inode *inode, s= truct file *file) goto out; } =20 + net =3D current->nsproxy->net_ns; + vsock->net =3D get_net_track(net, &vsock->ns_tracker, GFP_KERNEL); + + /* Cache the mode of the namespace so that if that netns mode changes, + * the vhost_vsock will continue to function as expected. + */ + vsock->net_mode =3D vsock_net_mode(net); + vsock->guest_cid =3D 0; /* no CID assigned yet */ vsock->seqpacket_allow =3D false; =20 @@ -708,7 +731,7 @@ static void vhost_vsock_reset_orphans(struct sock *sk) */ =20 /* If the peer is still valid, no need to reset connection */ - if (vhost_vsock_get(vsk->remote_addr.svm_cid)) + if (vhost_vsock_get(vsk->remote_addr.svm_cid, sock_net(sk), vsk->net_mode= )) return; =20 /* If the close timeout is pending, let it expire. This avoids races @@ -753,6 +776,7 @@ static int vhost_vsock_dev_release(struct inode *inode,= struct file *file) virtio_vsock_skb_queue_purge(&vsock->send_pkt_queue); =20 vhost_dev_cleanup(&vsock->dev); + put_net_track(vsock->net, &vsock->ns_tracker); kfree(vsock->dev.vqs); vhost_vsock_free(vsock); return 0; @@ -779,7 +803,7 @@ static int vhost_vsock_set_cid(struct vhost_vsock *vsoc= k, u64 guest_cid) =20 /* Refuse if CID is already in use */ mutex_lock(&vhost_vsock_mutex); - other =3D vhost_vsock_get(guest_cid); + other =3D vhost_vsock_get(guest_cid, vsock->net, vsock->net_mode); if (other && other !=3D vsock) { mutex_unlock(&vhost_vsock_mutex); return -EADDRINUSE; --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A6FB34D4CC for ; Thu, 23 Oct 2025 18:28:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244101; cv=none; b=hVeS7ZzbuEYXZvhPuyQ7o4/tT+WvBdztXHzzXjCAzQ0/VPVOf0tXPQO4r66Fv82TS+Wh8x5MzwDmCCo+WeVTDKIYSCOPv+QmKXgH7k94ZameAVVfgUSXwNjDQ9O6k8jv3RVHrbwKvUoZb7gWE+YcO2aNFq10I9wTxT/kQ5zn12w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244101; c=relaxed/simple; bh=qsdEM4mUEx6lc62dcdEXc4nlTIYZClzkDbVeOSxLeZc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=TLZEdzpQ8TfflaiffUkLjF0qJuB/roRyjd8mEr47xk5YL0AD3u1G/Eq76edS2rDqjwRss35tlFGxRbM5wg8qUQz+JJBQOfmSrwA5W3v2AW6BGoILrnrAFCmUn6Qxmp1OwyM5Q62EtHzhis61SCJouZcAGVhEHtXvf3jQ2pr/1M8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CgTxk4Pt; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CgTxk4Pt" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-29476dc9860so7557365ad.0 for ; Thu, 23 Oct 2025 11:28:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244092; x=1761848892; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=v1bBkEHiFKeL/UsD+j471vNGh5kKPPSFbcwNUOh3PyM=; b=CgTxk4PtZgzYqEwUrxug9GUWlwAOlSb/4GiXga3xzuC8xsVvOkqAma2VKwORIOW7I2 QMtsirQZM2E1Ydb3QkqIDrIat2ivOrUPcH43MbFS3SzsqWOvw9mubCVxWOVb3OIi/10r bQ1TOQpfyqn6DH8rO77mXUM/KV1CQliLqiWXhtntOTPaX6qXkLKW78hU6LgRcrx44Vkc PXKSbbmfxzqf0VlcNs2JqBsFzvvnpKzJVvgaETgKKK678wAseoGKpKLxF7VwbnerjfEK y2jJcLl3c6P0e+QoGkFum2l3IMdhkLDyJToz841o9imnGUzY6QwFJHMIBVzeo3urdrtN gcsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244092; x=1761848892; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v1bBkEHiFKeL/UsD+j471vNGh5kKPPSFbcwNUOh3PyM=; b=ba4GB1aYO4EnfQR57/hidh1iuE4rMyc0gLJJ4415t8Q8noVUTRBKCgGpYA+I3Uk4H7 0PFcEgj3Q/pHgbgCrKlUJPGBNGwJx1KnTRlqRFNfNagU9z//+ckEobNQp+EfS5aYet4J OPTjb3ix5VOjmQyH3TaUZ678aguB08T7i8ZcJo+UOYrz/Qhch5cvH30oqyi0/a6bM2jE 7r7m9fhB50mhPyAvpBmp4zoie65lk+ByIhFBCBXXePr3dgK818eq0EQrYaajnYx54DFH KWx0pz8pxVMos3E8DZP0F/+pCyYdknu2ATVQTiys/a7ELVfEIlpJXIvOPhyxbjBq+XtA hYYA== X-Forwarded-Encrypted: i=1; AJvYcCVYib8agEdf/DMm8eCrLphE2VYtj/AkGM7X3H8Ab4huCaNT818uXnGNRO4LIBn/swyZgibPaua5FcltxME=@vger.kernel.org X-Gm-Message-State: AOJu0YwrAL8BTfiokep3qVKn1X4umAokEXBEcWbtl7+sXD91gbBVGKFL mtOvf8ciQei1WQU8SKIURbOSFi0w0wp2jnbNuTNiM/iZwIV6rTvU/llw X-Gm-Gg: ASbGncsu3wXU8apwvvMKGbaq6OymOhs0Ia+0VP/ed0q0DG01dP9H8jbt+82M915JrLF 9BstvtxyIfl18eLWv5ioWirNn9KNPHCorhBx2N+n4zdsb+UaNS25ABJgdRVzQQuafXfJJ03Q2AV r7vuFKrlKJ/CgWmIYgPfmYAxih3Wlk8nIHBdR7QkXE6oUiV1DtPeO1XE9zM0N+uKhwCGgHu5jyD 84KU7nVkVcaX/jrBPzSKYQc46q1vt3aggxTiwxWHWE497WCruJh63NHdeTyba0ZqA81/afXh0rw V6uh9YRt7mH/yfHgNJtmkLB5qPlBdg6atC9tfIokpYIQ7t3aDkLGhVHARLXWl3HOaN50Y4gqJbM g9KqOTbqR7dVCO4a77LfSrko09cnrIZQ0uSSDGL2dbN6j/qIxfRBstPd3bavY94/NObXOQjA5 X-Google-Smtp-Source: AGHT+IE/dwExmoLUemuWd0Z4IzWtCnVPvukg5v4cVC/ETItw8BzfPltzLRhLMffJHMVaO6fvdpyktg== X-Received: by 2002:a17:903:24f:b0:267:a95d:7164 with SMTP id d9443c01a7336-290cba42a8bmr268233595ad.60.1761244091859; Thu, 23 Oct 2025 11:28:11 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:3::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2946ddec8d8sm30411195ad.36.2025.10.23.11.28.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:11 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:47 -0700 Subject: [PATCH net-next v8 08/14] selftests/vsock: add namespace helpers to vmtest.sh Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-8-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add functions for initializing namespaces with the different vsock NS modes. Callers can use add_namespaces() and del_namespaces() to create namespaces global0, global1, local0, and local1. The init_namespaces() function initializes global0, local0, etc... with their respective vsock NS mode. This function is separate so that tests that depend on this initialization can use it, while other tests that want to test the initialization interface itself can start with a clean slate by omitting this call. Remove namespaces upon exiting the program in cleanup(). This is unlikely to be needed for a healthy run, but it is useful for tests that are manually killed mid-test. In that case, this patch prevents the subsequent test run from finding stale namespaces with already-write-once-locked vsock ns modes. This patch is in preparation for later namespace tests. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 45 +++++++++++++++++++++++++++++= ++++ 1 file changed, 45 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 62b4f5ede9f6..5f4bae952e13 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -46,6 +46,7 @@ readonly TEST_DESCS=3D( ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly NS_MODES=3D("local" "global") =20 VERBOSE=3D0 =20 @@ -100,11 +101,55 @@ check_result() { cnt_total=3D$(( cnt_total + 1 )) } =20 +add_namespaces() { + # add namespaces local0, local1, global0, and global1 + for mode in "${NS_MODES[@]}"; do + ip netns add "${mode}0" 2>/dev/null + ip netns add "${mode}1" 2>/dev/null + done +} + +init_namespaces() { + for mode in "${NS_MODES[@]}"; do + ns_set_mode "${mode}0" "${mode}" + ns_set_mode "${mode}1" "${mode}" + + log_host "set ns ${mode}0 to mode ${mode}" + log_host "set ns ${mode}1 to mode ${mode}" + + # we need lo for qemu port forwarding + ip netns exec "${mode}0" ip link set dev lo up + ip netns exec "${mode}1" ip link set dev lo up + done +} + +del_namespaces() { + for mode in "${NS_MODES[@]}"; do + ip netns del "${mode}0" &>/dev/null + ip netns del "${mode}1" &>/dev/null + log_host "removed ns ${mode}0" + log_host "removed ns ${mode}1" + done +} + +ns_set_mode() { + local ns=3D$1 + local mode=3D$2 + + echo "${mode}" | ip netns exec "${ns}" \ + tee /proc/sys/net/vsock/ns_mode &>/dev/null +} + vm_ssh() { ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" return $? } =20 +cleanup() { + del_namespaces +} + +trap cleanup EXIT =20 check_args() { local found --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D47734D4E0 for ; Thu, 23 Oct 2025 18:28:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244101; cv=none; b=njyc1YzkcOVyCSMH9nuo5tW49E0KaZ9yasOTiebFrAwfFzWx8Ttxa5Wxb6SZ1n/vtFFqimZ1bOJLbn+JvV5U7DHzZClIbzppRPPW1BCPNlAyTGJecw+z+G7fEDS6B8DOjc3ETXWU4wakyd9D4IPfUO2ctE6ZQpGpH2V4ST+FI70= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244101; c=relaxed/simple; bh=anCqqm0H2OQb9o6cG3PzE54wXEZtduJV7GSF2BMwUsk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=JeAYNlVDgNmP2gilp4SpWPrWEo4yHr9H7tQ1NwsCpjVqSUumEluez1LqBIWQrQr8xzCTHOyecw6ZyMmo4bno4PIFHWR7tudBerlTM/IHOyofJasJIihVP0gLoafUW7+bCGMmSv0qKtznitoIKqTkmSHtodeQvMeL8ct0mBR85W8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=SkG2gLv7; arc=none smtp.client-ip=209.85.216.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="SkG2gLv7" Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-33db8fde85cso1318261a91.0 for ; Thu, 23 Oct 2025 11:28:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244093; x=1761848893; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Yx2j8uUaCk8810Lo4egWYFk1GDSKalZa+Z2hgltzRRY=; b=SkG2gLv7drCY/4Ez7vieGtIKORdd0CJNW1XFCvBpsJNeZyLu6gwCfJEb8+vqEGCA0z Afq6vvHif3V78cxm57cpwy9szwAx68LfcyUNCibuJ1cneG+YnWeatF+SzgmsQa9uPJi6 MpqHaLbIWdGSAQ3ZAo5H3MmLh9N8DvDW1+SFTCLkWQQx+Oc33OszuiaEdjY/DVJ0WUEi xtmA4xbAb7WmmX2jFew2YmMG18v9GBsIbVjHnvXnyC0YayaDgWZ4un6S63P65tHnuj/3 DgHh8dskc271ULIns3PMR3rW7fFqjSzGucRj56tQyeX5xpGCk9Ey8sDpScHScLQWAP+S Zdbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244093; x=1761848893; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Yx2j8uUaCk8810Lo4egWYFk1GDSKalZa+Z2hgltzRRY=; b=f3Wk7F3q0CJFpfOiYpguCAofecMTE3anwVdX0tSaCHws5Ar8pen1f+PfvkN3e78FqA tMsSMlX2ABwg0dow0TWTW+cxaR/ZnoNWnNM4dK+LMrzvrVJy1294pz100B7XNiZ16gjl PTPDUTbPfMDCVpaIALe80vfQv6etJMMDuXA3MrHZaeyn6O5AROQKNiZnxp6gUeu1n7Vx UmofhDNfTXgDoBiU4/BBjDCQJN4LnI9vdQy7a4U3wnJX+Br97R6tok8OAFYuHmFA72qG eTBKK8XuEln1SGnrdKhs2X6IZL9BytTZY3opl8E1XzgPehHD2wcfvIxAteOiU+UYk8Ht 04KQ== X-Forwarded-Encrypted: i=1; AJvYcCV1JvW9jy3kd723RXhhtwoZ09v/z1c1CQE2sP1xwyQTumtbYJYlyXM641wlvQ5EPEt2rLqKaTbU0mwFm7U=@vger.kernel.org X-Gm-Message-State: AOJu0YzGYuPMSeGeTn7ckCgxR/IewueQZiqbUuAXb7h2i5CIjpFx6CdB sov3+BZvdNQq+oiQREpPRS9UGJbKwcfgRPZSwriBplagZv7HhTmPPnkq X-Gm-Gg: ASbGncvvG842P9uOGCLuH/NYnNsw6f8GTytBpozbysJvyrsotbZxqUU8gRWbx3WTHtd a5qXYdkSBXmTduFfSIiSavBfN87zc1XG87UklruT/0P5gHylJEeRx/DVpclv22qqkfnu29ifVD9 ETsA4O8uXFGvylBh39jt85H7rVM8XqnDH/P/33jFTMuWJTbV3Euq/kOKojiYw9k3ThhNxNQ3xfu cvQyBLEVm+hbuYYPZdynI6mcIfPmEzFx0fSBj9Yrg6ifrCLUNxZffdROL3K3lscq8mbOrb+HImg Dih0zOiTFpr6RFWcykIF9I/w1pgq7OntJsojYPkxboIUdsumazfUFhbpQPnwROdwPqJe6uyepa6 sbLlVAMELF3VKOOp1sJDJdkFRiszeQ9aLmQubRy6FZC/Xs66DLJRaiei1qDtomrY4uba6EGqwa9 NkSGrCbjI= X-Google-Smtp-Source: AGHT+IEEVSI7PLtAWNEyXJZ8FHg/4Q6Y1/7c5iDEXvnzHD01A3bhw6qUhmbi6j5D7nCVkqGmbLYwyw== X-Received: by 2002:a17:90b:28c4:b0:330:852e:2bcc with SMTP id 98e67ed59e1d1-33bcf8e6348mr33077100a91.21.1761244092847; Thu, 23 Oct 2025 11:28:12 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:3::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fb01c0708sm3131526a91.21.2025.10.23.11.28.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:12 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:48 -0700 Subject: [PATCH net-next v8 09/14] selftests/vsock: prepare vm management helpers for namespaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-9-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add namespace support to vm management, ssh helpers, and vsock_test wrapper functions. This enables running VMs and test helpers in specific namespaces, which is required for upcoming namespace isolation tests. The functions still work correctly within the init ns, though the caller must now pass "init_ns" explicitly. No functional changes for existing tests. All have been updated to pass "init_ns" explicitly. Affected functions (such as vm_start() and vm_ssh()) now wrap their commands with 'ip netns exec' when executing commands in non-init namespaces. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 102 ++++++++++++++++++++++------= ---- 1 file changed, 71 insertions(+), 31 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 5f4bae952e13..d047f6d27df4 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -141,7 +141,18 @@ ns_set_mode() { } =20 vm_ssh() { - ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" + local ns_exec + + if [[ "${1}" =3D=3D init_ns ]]; then + ns_exec=3D"" + else + ns_exec=3D"ip netns exec ${1}" + fi + + shift + + ${ns_exec} ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} l= ocalhost $* + return $? } =20 @@ -254,10 +265,12 @@ terminate_pidfiles() { =20 vm_start() { local pidfile=3D$1 + local ns=3D$2 local logfile=3D/dev/null local verbose_opt=3D"" local kernel_opt=3D"" local qemu_opts=3D"" + local ns_exec=3D"" local qemu =20 qemu=3D$(command -v "${QEMU}") @@ -278,7 +291,11 @@ vm_start() { kernel_opt=3D"${KERNEL_CHECKOUT}" fi =20 - vng \ + if [[ "${ns}" !=3D "init_ns" ]]; then + ns_exec=3D"ip netns exec ${ns}" + fi + + ${ns_exec} vng \ --run \ ${kernel_opt} \ ${verbose_opt} \ @@ -293,6 +310,7 @@ vm_start() { } =20 vm_wait_for_ssh() { + local ns=3D$1 local i =20 i=3D0 @@ -300,7 +318,8 @@ vm_wait_for_ssh() { if [[ ${i} -gt ${WAIT_PERIOD_MAX} ]]; then die "Timed out waiting for guest ssh" fi - if vm_ssh -- true; then + + if vm_ssh "${ns}" -- true; then break fi i=3D$(( i + 1 )) @@ -344,28 +363,42 @@ wait_for_listener() } =20 vm_wait_for_listener() { - local port=3D$1 + local ns=3D$1 + local port=3D$2 + + log "Waiting for listener on port ${port} on vm" =20 - vm_ssh <&1 | log_host rc=3D$? else - ${VSOCK_TEST} \ + ${cmd} \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ --control-port=3D"${port}" 2>&1 | log_host & @@ -420,7 +459,7 @@ host_vsock_test() { return $rc fi =20 - host_wait_for_listener "${port}" "${WAIT_PERIOD}" "${WAIT_PERIOD_MAX}" + host_wait_for_listener "${ns}" "${port}" "${WAIT_PERIOD}" "${WAIT_PERIOD= _MAX}" rc=3D$? fi set +o pipefail @@ -464,11 +503,11 @@ log_guest() { } =20 test_vm_server_host_client() { - if ! vm_vsock_test "server" 2 "${TEST_GUEST_PORT}"; then + if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" fi =20 - if ! host_vsock_test "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}"; then + if ! host_vsock_test "init_ns" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PO= RT}"; then return "${KSFT_FAIL}" fi =20 @@ -476,11 +515,11 @@ test_vm_server_host_client() { } =20 test_vm_client_host_server() { - if ! host_vsock_test "server" "${VSOCK_CID}" "${TEST_HOST_PORT_LISTENER}"= ; then + if ! host_vsock_test "init_ns" "server" "${VSOCK_CID}" "${TEST_HOST_PORT_= LISTENER}"; then return "${KSFT_FAIL}" fi =20 - if ! vm_vsock_test "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}"; then + if ! vm_vsock_test "init_ns" "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}"; t= hen return "${KSFT_FAIL}" fi =20 @@ -490,13 +529,14 @@ test_vm_client_host_server() { test_vm_loopback() { local port=3D60000 # non-forwarded local port =20 - vm_ssh -- modprobe vsock_loopback &> /dev/null || : + vm_ssh "init_ns" -- modprobe vsock_loopback &> /dev/null || : =20 - if ! vm_vsock_test "server" 1 "${port}"; then + if ! vm_vsock_test "init_ns" "server" 1 "${port}"; then return "${KSFT_FAIL}" fi =20 - if ! vm_vsock_test "127.0.0.1" 1 "${port}"; then + + if ! vm_vsock_test "init_ns" "127.0.0.1" 1 "${port}"; then return "${KSFT_FAIL}" fi =20 @@ -554,8 +594,8 @@ run_shared_vm_test() { =20 host_oops_cnt_before=3D$(dmesg | grep -c -i 'Oops') host_warn_cnt_before=3D$(dmesg --level=3Dwarn | grep -c -i 'vsock') - vm_oops_cnt_before=3D$(vm_ssh -- dmesg | grep -c -i 'Oops') - vm_warn_cnt_before=3D$(vm_ssh -- dmesg --level=3Dwarn | grep -c -i 'vsock= ') + vm_oops_cnt_before=3D$(vm_ssh "init_ns" -- dmesg | grep -c -i 'Oops') + vm_warn_cnt_before=3D$(vm_ssh "init_ns" -- dmesg --level=3Dwarn | grep -c= -i 'vsock') =20 name=3D$(echo "${1}" | awk '{ print $1 }') eval test_"${name}" @@ -573,13 +613,13 @@ run_shared_vm_test() { rc=3D$KSFT_FAIL fi =20 - vm_oops_cnt_after=3D$(vm_ssh -- dmesg | grep -i 'Oops' | wc -l) + vm_oops_cnt_after=3D$(vm_ssh "init_ns" -- dmesg | grep -i 'Oops' | wc -l) if [[ ${vm_oops_cnt_after} -gt ${vm_oops_cnt_before} ]]; then echo "FAIL: kernel oops detected on vm" | log_host rc=3D$KSFT_FAIL fi =20 - vm_warn_cnt_after=3D$(vm_ssh -- dmesg --level=3Dwarn | grep -c -i vsock) + vm_warn_cnt_after=3D$(vm_ssh "init_ns" -- dmesg --level=3Dwarn | grep -c = -i vsock) if [[ ${vm_warn_cnt_after} -gt ${vm_warn_cnt_before} ]]; then echo "FAIL: kernel warning detected on vm" | log_host rc=3D$KSFT_FAIL @@ -623,8 +663,8 @@ cnt_total=3D0 if shared_vm_tests_requested "${ARGS[@]}"; then log_host "Booting up VM" pidfile=3D$(mktemp $PIDFILE_TEMPLATE) - vm_start "${pidfile}" - vm_wait_for_ssh + vm_start "${pidfile}" "init_ns" + vm_wait_for_ssh "init_ns" log_host "VM booted up" =20 run_shared_vm_tests "${ARGS[@]}" --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3488D34D918 for ; Thu, 23 Oct 2025 18:28:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244103; cv=none; b=jP12vPQCdKW8yRGXP3I9D7ZfnW7+/8RGWU0Uwbi+9xgxXYPYK/rUE4nMVvoPm27BBffPDktGTpZm+m5grGf544N2f5PTpy5KOdYmUvo565wNkiPsI9BQOlP0BGkA5QIliU7eN3HMoEj2HfLJNyYFzM8xCDVLJuPgpBDFVZRlyvk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244103; c=relaxed/simple; bh=kQBee9DoWSc6883yGLsxi//tyX5HHzjIliVS8SZbc0w=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=rxjM2YztKwVFivoryoa4MdDD2sCQRDvx88hvLWNrVyC9ZDC3ekZs+ONvmXsqMg4NMaueLKEsSymI2lY33mfPjVIS07SGJC7gix0N+8fho+HiDtokr5rTmloU4iXYtInTIFRfJw27ZPlMoXQj8F651JLqtTNsuKtpo5X2/9h3KgA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Tge3NCLR; arc=none smtp.client-ip=209.85.215.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Tge3NCLR" Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-b67684e2904so842559a12.2 for ; Thu, 23 Oct 2025 11:28:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244094; x=1761848894; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ukvtIuA2GTbBdDn1KeFlCInIvIk5c30LHz1pGa2sbYQ=; b=Tge3NCLRtkzCQ+jCqUZQOyaNp+loo8/G+rXlppiyrkJsyLa3KmOjBPaeOVTE777T3w Ian3aCFII+IIdvkwSFHutd5pRjp1idCDfDfM6a669EwCOjisrLkfjMJnih0JtyyhYSAN lR8i/fsQ+b0FPhI+GvEjS8GI919qut77AfSO8u/i/XAzmJ6EPIbc9nALDhziOD02CV6E Fv7Sda1NjdbCmCxeRMqY2QHOfteR8llI6n9lOrPdABjyto52cQskLHLEkt0QcBG732DR GujtI/ZrAn2yfqc2wJ7XIxspzgXDfJmu8nsUw4AYd6eTqZbSfNwEDYWKPASxs0ttuWPu S8Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244094; x=1761848894; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ukvtIuA2GTbBdDn1KeFlCInIvIk5c30LHz1pGa2sbYQ=; b=f80T9SG+TxLxCEVF9f5rEy9ZzJN9tzq+/Um1mbpz0NS3sF+WXiDL6EPD6p3y9PC9u9 i7AHNChMPVn+bZXQQJlLoNZWMNP98fWL+E6a2heOyH+lkk6u3LWrfxM+4vMcOqNSkJ77 5J65X5rplcx9XlSfw61Sbot8xuz3IHNO04AeOxHmWPun4GAHl9ZVkELpXfeDeg0wwQg/ 1vDnepSFu7Czl9esZTn6SojwkHxmfOTCv++wA7Swtf464EWaGVyJ3itVf7zvaIoHhlEp 1SWDFEae4++oTpBbRADdsESqQbHbjWwnDGkA4bopDjIDVVItCjWzGS+cWV6ZnzV6NoRm TgiA== X-Forwarded-Encrypted: i=1; AJvYcCUVyvoxXuovUNEpj+xQw5etkfpD3hU4/NCmfkMOChlDJdOak35+9atOM9UgzrkmTKFz6sxMmVOOST/fbwY=@vger.kernel.org X-Gm-Message-State: AOJu0YzoM1SjO+Z15W0KtxvIopWCqveE7YKHALMxFC8QAVcMMbXfMxAc xHS+96/ZMVM2KDDfLhjNNGxamHZYe1JPABhZpxdJdBNQapP4s1tHGQyk X-Gm-Gg: ASbGncu6/2uJM+SrBNZGaejjwq4ync1tEUwuYJsnsQCJNehml9BTfxHjPIc3Td/rvjX R9DX5X+pUtydGn5GYG1OFeQMNGIkFZOy3jJ6B56XV61vP7asgwAlw790ipsr3L8/Ykfizdzd9IO JegL9BjJerFpQsTCfhGsnt7nKzpx4iFe0E3oub22okji9PeodIWkk/ZtpQKxQ6zkeBscNRfkxLd DF26I0p+Yu0212Iom2Evi+ACQlh3onJ16pkCSSl4c+YhAsxd+YAijaZHSO0l9/aX+ebGcBcYc8Y j734k89YeLaQRo9Na43XXPEdA/FE40DEXNkZsN/Ny1Ul3GSZc9FkgkYNpQFck7FbZbjzYfPaiMH 24yq/HQCRmiEdaPl1tv1KjEU/FbrKVozwx76TD262aYfbO7QewF7UvGWLO33F4FS684UabX4POt 1arfP1Ffe6IUCy4nxN0Lg= X-Google-Smtp-Source: AGHT+IGZ1uFbSH3kISIMtcXAT6m/nUhLcNZeEGyE8hNSy9KW4xwjRKfbKytlo0lhRW4rLAUXnaGm1g== X-Received: by 2002:a17:902:f605:b0:26e:62c9:1cc4 with SMTP id d9443c01a7336-290c9c89da2mr279808105ad.4.1761244093791; Thu, 23 Oct 2025 11:28:13 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:40::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2946de03081sm30876635ad.43.2025.10.23.11.28.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:13 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:49 -0700 Subject: [PATCH net-next v8 10/14] selftests/vsock: add tests for proc sys vsock ns_mode Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-10-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests for the /proc/sys/net/vsock/ns_mode interface. Namely, that it accepts "global" and "local" strings and enforces a write-once policy. Start a convention of commenting the test name over the test description. Add test name comments over test descriptions that existed before this convention. Add a check_netns() function that checks if the test requires namespaces and if the current kernel supports namespaces. Skip tests that require namespaces if the system does not have namespace support. This patch is the first to add tests that do *not* re-use the same shared VM. For that reason, it adds a run_tests() function to run these tests and filter out the shared VM tests. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 99 +++++++++++++++++++++++++++++= +++- 1 file changed, 98 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index d047f6d27df4..b775fb0cd4ed 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -38,11 +38,28 @@ readonly KERNEL_CMDLINE=3D"\ virtme.ssh virtme_ssh_channel=3Dtcp virtme_ssh_user=3D$USER \ " readonly LOG=3D$(mktemp /tmp/vsock_vmtest_XXXX.log) -readonly TEST_NAMES=3D(vm_server_host_client vm_client_host_server vm_loop= back) +readonly TEST_NAMES=3D( + vm_server_host_client + vm_client_host_server + vm_loopback + ns_host_vsock_ns_mode_ok + ns_host_vsock_ns_mode_write_once_ok +) readonly TEST_DESCS=3D( + # vm_server_host_client "Run vsock_test in server mode on the VM and in client mode on the host." + + # vm_client_host_server "Run vsock_test in client mode on the VM and in server mode on the host." + + # vm_loopback "Run vsock_test using the loopback transport in the VM." + + # ns_host_vsock_ns_mode_ok + "Check /proc/sys/net/vsock/ns_mode strings on the host." + + # ns_host_vsock_ns_mode_write_once_ok + "Check /proc/sys/net/vsock/ns_mode is write-once on the host." ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) @@ -203,6 +220,20 @@ check_deps() { fi } =20 +check_netns() { + local tname=3D$1 + + # If the test requires NS support, check if NS support exists + # using /proc/self/ns + if [[ "${tname}" =3D~ ^ns_ ]] && + [[ ! -e /proc/self/ns ]]; then + log_host "No NS support detected for test ${tname}" + return 1 + fi + + return 0 +} + check_vng() { local tested_versions local version @@ -502,6 +533,43 @@ log_guest() { LOG_PREFIX=3Dguest log $@ } =20 +test_ns_host_vsock_ns_mode_ok() { + add_namespaces + + for mode in "${NS_MODES[@]}"; do + if ! ns_set_mode "${mode}0" "${mode}"; then + del_namespaces + return "${KSFT_FAIL}" + fi + done + + del_namespaces + + return "${KSFT_PASS}" +} + +test_ns_host_vsock_ns_mode_write_once_ok() { + add_namespaces + + for mode in "${NS_MODES[@]}"; do + local ns=3D"${mode}0" + if ! ns_set_mode "${ns}" "${mode}"; then + del_namespaces + return "${KSFT_FAIL}" + fi + + # try writing again and expect failure + if ns_set_mode "${ns}" "${mode}"; then + del_namespaces + return "${KSFT_FAIL}" + fi + done + + del_namespaces + + return "${KSFT_PASS}" +} + test_vm_server_host_client() { if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" @@ -575,6 +643,11 @@ run_shared_vm_tests() { continue fi =20 + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" + continue + fi + run_shared_vm_test "${arg}" check_result $? done @@ -628,6 +701,28 @@ run_shared_vm_test() { return "${rc}" } =20 +run_tests() { + for arg in "${ARGS[@]}"; do + if shared_vm_test "${arg}"; then + continue + fi + + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" + continue + fi + + add_namespaces + + name=3D$(echo "${arg}" | awk '{ print $1 }') + log_host "Executing test_${name}" + eval test_"${name}" + check_result $? + + del_namespaces + done +} + BUILD=3D0 QEMU=3D"qemu-system-$(uname -m)" =20 @@ -671,6 +766,8 @@ if shared_vm_tests_requested "${ARGS[@]}"; then terminate_pidfiles "${pidfile}" fi =20 +run_tests "${ARGS[@]}" + echo "SUMMARY: PASS=3D${cnt_pass} SKIP=3D${cnt_skip} FAIL=3D${cnt_fail}" echo "Log: ${LOG}" =20 --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD2B034DB58 for ; Thu, 23 Oct 2025 18:28:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244103; cv=none; b=fZLHCPq4t8Iyf9AwKk/jI7z0gvMqAI9WANpc9FyjRBV2CDLp/mzZ7ztFFYiTf/0DIEQWyFOjdnrko86WiiNB4oLxhPZAinwSUrqj6ht4FMhxMtd0IU9QXL5vvgIKqCs+A6ciD8VVhkkDGi55OCChCV0NYiqiNl5QfRD1JsjXY5s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244103; c=relaxed/simple; bh=5F5v73spaO6g7IkcyDH3GDS87tLNHAMWY+Aqa2TXZbk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZJu+gpk0Id1pfz8i+gIYVJbcAfoDkzNvB5efaRFUIhMPdqLoNXC7x06hNN5BlrmaMCfYyX5k0aS8tlK8aAKeqqR0pUfypzGZIjII/XPJtibEuityfTEMkIpCaoYHewvj7M4BRUBdXVHz5nkf9QGLmvfgh6yinWHIcBhWK619HKA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=K3mXFKU1; arc=none smtp.client-ip=209.85.216.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="K3mXFKU1" Received: by mail-pj1-f48.google.com with SMTP id 98e67ed59e1d1-3307de086d8so1252251a91.2 for ; Thu, 23 Oct 2025 11:28:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244095; x=1761848895; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=edpWGMd9VbWpBkt/1Y+NJ91tcxlgSe0i7beuNiNUjc4=; b=K3mXFKU1z8DIYxbpDKyktLYsC/hgT6Bvk5OrT5VySiqYV7V/79Ov1oDZSzNH1b62mG Hxp6rJy1jAY/7hVXibbWe1UFc/MvRkM1k5mHCYGDpC74WNKWwV8eYaYz3lr0kzE6p1tG DFepQjfMGH/K54xapxNktsHKS7Tm2lEsRW9Aha+yMUawDSqmMb7betN2QVpmoADlRqSI JEflOzK/A2WqCv1v+JKeS0596yhIqZ4kwVsK3s4qs0V3VXWyk3aNIqxl5oWHZjV44Q7f iiqBn56AagoeQHjtFsunyKzWTDc7qL4d2EZJzu/ytv9Zlvr9lKBhjDUG2CuwkTa58obc F89g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244095; x=1761848895; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=edpWGMd9VbWpBkt/1Y+NJ91tcxlgSe0i7beuNiNUjc4=; b=XSoNmydkGwCMMcNe6GuZpI1RvLfJb2i5LhnmemwagE2H+jYpK0fPsxPrw8RV0Y7jmQ 6KDAl/eN15NKNNDHAamPfhLLvbQRLzmKGFbcc4XAwE9Cfu/uBEc15dUJO66RIjRU30zU mvOpx7RTaOSf5YDfIRVfb73wZn7KykPV65DP1+wxZV8rPeOm1vZwb0D9mc4C4oLZDuFJ OzoVjxCGWhi9qFnft0INb0H1szjy4mx9HzC6pJIPnHk+ZFaLDZiu5EqmItSWGnTcdjwI UbdUG+u8hTIjoxti7ZsvsAdRJIZ/bbC0Z/arIAPIcyxM5ulQAnJj0+CMOFIwQOZtHKkJ yUwg== X-Forwarded-Encrypted: i=1; AJvYcCWkozUuhtGTLycJExHD/wRpNvYgkeWzvf5xW6Bf068NczhGcxeHkerGbTp4B0nXhN5dQ+p9NLDyvvkQzH4=@vger.kernel.org X-Gm-Message-State: AOJu0YxX4O4fKSIOvoUrz9EaPxGVYLPDQQTlIclQIN1VA7zxv9z8GoWb RIx4c8NYR45F14pntvM9DB9CFxKeL92RWiKUkN7U/SDdIbyTHP4cMJNN X-Gm-Gg: ASbGncvnHkiWwel6Qy/KbN6OPz9YoGp+HaUZUYuAUU//sPqXX3rHgCKMgf1g6VGSZAr bhcpEp/GBF6GDpn7WeP1AVj1MJyDHbcLRkdwiW+yjpJy/aCS3gs5n0TPrdqvrt4hPUduIX9zN10 OeDomXpPpz2mNglj82O4xqFxGFxDV2M1NjTobmuXsUGWPoCegr50SHHejFubYRaZuUsskP7aTeu N7dvWhLpU0EmM5d1biy6L5exCk9aGOibXYh9v5ThQ+ZtA/5lEZLesrBKqptoJZ+olIH3GnG0uH6 ZbAyRdIPFBD6YuGTckHXb/zTGjE6pvAl4bjob1vVAkPGHREc2I4P17xS5VQeJuAc+kHLvFhbrrg Qe8x6gRYFCH40uKlR2fgIvzMcWlD3DeFSeQRvd7STbqsOhuFtNstDq342cnIF8mXbjONKn3ggbZ w9tOxCsKI= X-Google-Smtp-Source: AGHT+IHqGJGfE7/AR7EEKGb5aGT4lYi4Q0CdcUhFDN32WBMZZ/a+b4mtH/4xEGFnf/S5gHM7f9sTTQ== X-Received: by 2002:a17:90b:2789:b0:329:e703:d00b with SMTP id 98e67ed59e1d1-33bcf8f769fmr34761255a91.19.1761244094881; Thu, 23 Oct 2025 11:28:14 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:2::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33dff46d539sm3689641a91.13.2025.10.23.11.28.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:14 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:50 -0700 Subject: [PATCH net-next v8 11/14] selftests/vsock: add namespace tests for CID collisions Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-11-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to verify CID collision rules across different vsock namespace modes. 1. Two VMs with the same CID cannot start in different global namespaces (ns_global_same_cid_fails) 2. Two VMs with the same CID can start in different local namespaces (ns_local_same_cid_ok) 3. VMs with the same CID can coexist when one is in a global namespace and another is in a local namespace (ns_global_local_same_cid_ok and ns_local_global_same_cid_ok) The tests ns_global_local_same_cid_ok and ns_local_global_same_cid_ok make sure that ordering does not matter. The tests use a shared helper function namespaces_can_boot_same_cid() that attempts to start two VMs with identical CIDs in the specified namespaces and verifies whether VM initialization failed or succeeded. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 74 +++++++++++++++++++++++++++++= ++++ 1 file changed, 74 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index b775fb0cd4ed..f2a99cde9fb4 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -44,6 +44,10 @@ readonly TEST_NAMES=3D( vm_loopback ns_host_vsock_ns_mode_ok ns_host_vsock_ns_mode_write_once_ok + ns_global_same_cid_fails + ns_local_same_cid_ok + ns_global_local_same_cid_ok + ns_local_global_same_cid_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -60,6 +64,18 @@ readonly TEST_DESCS=3D( =20 # ns_host_vsock_ns_mode_write_once_ok "Check /proc/sys/net/vsock/ns_mode is write-once on the host." + + # ns_global_same_cid_fails + "Check QEMU fails to start two VMs with same CID in two different global = namespaces." + + # ns_local_same_cid_ok + "Check QEMU successfully starts two VMs with same CID in two different lo= cal namespaces." + + # ns_global_local_same_cid_ok + "Check QEMU successfully starts one VM in a global ns and then another VM= in a local ns with the same CID." + + # ns_local_global_same_cid_ok + "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) @@ -548,6 +564,64 @@ test_ns_host_vsock_ns_mode_ok() { return "${KSFT_PASS}" } =20 +namespaces_can_boot_same_cid() { + local ns0=3D$1 + local ns1=3D$2 + local pidfile1 pidfile2 + local rc + + pidfile1=3D$(mktemp $PIDFILE_TEMPLATE) + vm_start "${pidfile1}" "${ns0}" + + pidfile2=3D$(mktemp $PIDFILE_TEMPLATE) + vm_start "${pidfile2}" "${ns1}" + + rc=3D$? + terminate_pidfiles "${pidfile1}" "${pidfile2}" + + return $rc +} + +test_ns_global_same_cid_fails() { + init_namespaces + + if namespaces_can_boot_same_cid "global0" "global1"; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_local_global_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_global_local_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_local_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "local0" "local0"; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + test_ns_host_vsock_ns_mode_write_once_ok() { add_namespaces =20 --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF86534BA3B for ; Thu, 23 Oct 2025 18:28:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244108; cv=none; b=nUPrcjwjHfna1ZDPd0saJTwHaf5nAjX3ldPG+urJx1cADoA/ObnF/6HkPtSfzgYt1YwxxhF5053eSwqUTAZzgs2woSVKda9kAz6cObwdyC2T/P5Ic8vuQiE1zbRvKAZU9ZThb4NGYo3HA4hMStQDGFdsg3LTTyAqJZi6HwQ71XU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244108; c=relaxed/simple; bh=DATVn9l78Ucxc/Ezbj4GwTvu1QidY9Q1CcIHZV7CW9M=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=u9pSctkcxdTYqNjwLKGWgG0tg2mUSMvZi+skVFsEv2QLbowfeLy9vmd8QdEVklDghTQ/QZM0HivInXTtoUM4SU3vSaTfV7P5G219PuxAvCbe9ceCXpApakmpSyGzmRk5RGr+lXRm1s0XGZUrW3XW/GHyOy8ZlmhSdlwKUlDw/D0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=UFOh5Mll; arc=none smtp.client-ip=209.85.216.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="UFOh5Mll" Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-33d962c0e9aso1035417a91.0 for ; Thu, 23 Oct 2025 11:28:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244096; x=1761848896; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=y4fh+9NF1cRg3HMz6qh1HzeidsHHUAmb+OlygIaMiAQ=; b=UFOh5MllyWGVfKmVkB9VGn5sf998NSeRFXj3X+o5pivYG0vfy448WETNn9SWadIdcO mJDXb1zfQqPlHDgcgX3WOh2UtJMjrV2Sq9+/Z47/sCK29GSAKI49xV1vV3mtCOhUUjE8 5rA7zEoEpZznNrOe6jTO2J3XrGV0ESPj3cGXApjIq302BGZkAVeoBIVw5Tf3ou16KCvy 5axr0qrdpyoB2O/poyISpMPZ5611/x2wKaOgsUViqY3r8lOkNEWZH+a5DEsi5V/3iiex 9it7Y0xL09xPLCzU5ZMUZCmLEotvL7yXAbzV6CemXZk+LkI839v+wrXk2net7e90bmgF 8Lmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244096; x=1761848896; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y4fh+9NF1cRg3HMz6qh1HzeidsHHUAmb+OlygIaMiAQ=; b=u2dJa/bEfC03kzoL5IUZYZyQtzLEwbqtYRqwC1EGxL3yL4P2CoGP5fynW32Qr1R6uO p2KCoHeOFF4IHq6FJXrJjafi5SCfQ7xWkAqxSIw07SJdnvWXJcvV7LU8oMjKh4OMpgrK mkHH15+oPXusWP4fxiw3FAum1eMS9Kk30rrkz8Z9yuSkp6+8vv5sdIv47WPOHxe4SFCM IhawFtW72xA053eaw+0c8PUSqNU6a4qfHg7Sd+5yIbrZRjlTxAacdJf/75tsC7hz7tds nGgURmgqdyO7AzrMYp77DRMsYbhBnRuyaXlvB69kfVaFc53+etaGmpX2Wc649mwIG2EQ Xp9A== X-Forwarded-Encrypted: i=1; AJvYcCVfQUxIGTXGPJXHGa+0BjXYjpt/c5gskjpdSS3IQF2+BLHjyHsrOGk9OBXrv8QDeLBxNtqanVwMx1TEJhw=@vger.kernel.org X-Gm-Message-State: AOJu0Yw8NmiLrE/pTu8z1AmeR/91oQlPTl0NxME6w47Z8uZ0JbEQCGGX HHRwn7bfC1F9gDoc+Jvl78ThGYgtjqKgLB5453QefGdL5z82Tkfvr9uu X-Gm-Gg: ASbGncvp73Kxw1kIairhg1/l2qREcWz5cQCXqXhYQU5l2mUOQwGmBFmFyjtu/8Zahyv sIjY9BX1bp2Uty7981O4qB1E//ScHqFsX59qnt5ZvGpd77kcFQ/U140q+Sr+3J+SOscOIACUjlW KX4RwGpa8SCufZfU51TjG+9WKF9219pgMbzozGgaUk/3olSnLrcmqeYoOn2ClrPvWZA9gbUmosZ SGXIFNQk0ppTVOZOl1pyffqKtIEe/yRcba1iHVbhFTa/ASjOCY8YKgc4X+MrraBNPc/Uy4E1rHw aTY+lfJe/bY3sMsIF9itxDSqzpu7ca4uXe2rg5uO7NW2PHvmmfEz8gcjLDLnawWHqJwDmPEPZ6j nKldurs+grE9k5bb4EwMk2lAJybBVbNr6d92AbvLn1hLZ0iW+A6ZYDjEranPdLCYDZm0oWoZvid 0RefwTqd/L X-Google-Smtp-Source: AGHT+IErXfajXn2q4WAhMlSSu24gGUGVa+Ixo3wfJM8ssxCRXe6Ps1rHX+A8RwbvKc5b0HMQ1l6Rpg== X-Received: by 2002:a17:90b:57ed:b0:32e:2fa7:fe6b with SMTP id 98e67ed59e1d1-33e21f2c090mr10011442a91.14.1761244095910; Thu, 23 Oct 2025 11:28:15 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:40::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33dfb67f151sm4572658a91.2.2025.10.23.11.28.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:15 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:51 -0700 Subject: [PATCH net-next v8 12/14] selftests/vsock: add tests for host <-> vm connectivity with namespaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-12-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to validate namespace correctness using vsock_test and socat. The vsock_test tool is used to validate expected success tests, but socat is used for expected failure tests. socat is used to ensure that connections are rejected outright instead of failing due to some other socket behavior (as tested in vsock_test). Additionally, socat is already required for tunneling TCP traffic from vsock_test. Using only one of the vsock_test tests like 'test_stream_client_close_client' would have yielded a similar result, but doing so wouldn't remove the socat dependency. Additionally, check for the dependency socat. socat needs special handling beyond just checking if it is on the path because it must be compiled with support for both vsock and unix. The function check_socat() checks that this support exists. Add more padding to test name printf strings because the tests added in this patch would otherwise overflow. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 463 ++++++++++++++++++++++++++++= +++- 1 file changed, 461 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index f2a99cde9fb4..60d349c80153 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -7,6 +7,7 @@ # * virtme-ng # * busybox-static (used by virtme-ng) # * qemu (used by virtme-ng) +# * socat =20 readonly SCRIPT_DIR=3D"$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && p= wd -P)" readonly KERNEL_CHECKOUT=3D$(realpath "${SCRIPT_DIR}"/../../../../) @@ -48,6 +49,19 @@ readonly TEST_NAMES=3D( ns_local_same_cid_ok ns_global_local_same_cid_ok ns_local_global_same_cid_ok + ns_diff_global_host_connect_to_global_vm_ok + ns_diff_global_host_connect_to_local_vm_fails + ns_diff_global_vm_connect_to_global_host_ok + ns_diff_global_vm_connect_to_local_host_fails + ns_diff_local_host_connect_to_local_vm_fails + ns_diff_local_vm_connect_to_local_host_fails + ns_diff_global_to_local_loopback_local_fails + ns_diff_local_to_global_loopback_fails + ns_diff_local_to_local_loopback_fails + ns_diff_global_to_global_loopback_ok + ns_same_local_loopback_ok + ns_same_local_host_connect_to_local_vm_ok + ns_same_local_vm_connect_to_local_host_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -76,6 +90,45 @@ readonly TEST_DESCS=3D( =20 # ns_local_global_same_cid_ok "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." + + # ns_diff_global_host_connect_to_global_vm_ok + "Run vsock_test client in global ns with server in VM in another global n= s." + + # ns_diff_global_host_connect_to_local_vm_fails + "Run socat to test a process in a global ns fails to connect to a VM in a= local ns." + + # ns_diff_global_vm_connect_to_global_host_ok + "Run vsock_test client in VM in a global ns with server in another global= ns." + + # ns_diff_global_vm_connect_to_local_host_fails + "Run socat to test a VM in a global ns fails to connect to a host process= in a local ns." + + # ns_diff_local_host_connect_to_local_vm_fails + "Run socat to test a host process in a local ns fails to connect to a VM = in another local ns." + + # ns_diff_local_vm_connect_to_local_host_fails + "Run socat to test a VM in a local ns fails to connect to a host process = in another local ns." + + # ns_diff_global_to_local_loopback_local_fails + "Run socat to test a loopback vsock in a global ns fails to connect to a = vsock in a local ns." + + # ns_diff_local_to_global_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in a global ns." + + # ns_diff_local_to_local_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in another local ns." + + # ns_diff_global_to_global_loopback_ok + "Run socat to test a loopback vsock in a global ns successfully connects = to a vsock in another global ns." + + # ns_same_local_loopback_ok + "Run socat to test a loopback vsock in a local ns successfully connects t= o a vsock in the same ns." + + # ns_same_local_host_connect_to_local_vm_ok + "Run vsock_test client in a local ns with server in VM in same ns." + + # ns_same_local_vm_connect_to_local_host_ok + "Run vsock_test client in VM in a local ns with server in same ns." ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) @@ -102,7 +155,7 @@ usage() { for ((i =3D 0; i < ${#TEST_NAMES[@]}; i++)); do name=3D${TEST_NAMES[${i}]} desc=3D${TEST_DESCS[${i}]} - printf "\t%-35s%-35s\n" "${name}" "${desc}" + printf "\t%-55s%-35s\n" "${name}" "${desc}" done echo =20 @@ -222,7 +275,7 @@ check_args() { } =20 check_deps() { - for dep in vng ${QEMU} busybox pkill ssh; do + for dep in vng ${QEMU} busybox pkill ssh socat; do if [[ ! -x $(command -v "${dep}") ]]; then echo -e "skip: dependency ${dep} not found!\n" exit "${KSFT_SKIP}" @@ -273,6 +326,20 @@ check_vng() { fi } =20 +check_socat() { + local support_string + + support_string=3D"$(socat -V)" + + if [[ "${support_string}" !=3D *"WITH_VSOCK 1"* ]]; then + die "err: socat is missing vsock support" + fi + + if [[ "${support_string}" !=3D *"WITH_UNIX 1"* ]]; then + die "err: socat is missing unix support" + fi +} + handle_build() { if [[ ! "${BUILD}" -eq 1 ]]; then return @@ -310,6 +377,14 @@ terminate_pidfiles() { done } =20 +terminate_pids() { + local pid + + for pid in "$@"; do + kill -SIGTERM "${pid}" &>/dev/null || : + done +} + vm_start() { local pidfile=3D$1 local ns=3D$2 @@ -564,6 +639,389 @@ test_ns_host_vsock_ns_mode_ok() { return "${KSFT_PASS}" } =20 +test_ns_diff_global_host_connect_to_global_vm_ok() { + local pids pid pidfile + local ns0 ns1 port + declare -a pids + local unixfile + ns0=3D"global0" + ns1=3D"global1" + port=3D1234 + local rc + + init_namespaces + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + + if ! vm_start "${pidfile}" "${ns0}"; then + return "${KSFT_FAIL}" + fi + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + ip netns exec "${ns1}" \ + socat TCP-LISTEN:"${TEST_HOST_PORT}",fork \ + UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + host_wait_for_listener "${ns1}" "${TEST_HOST_PORT}" + + ip netns exec "${ns0}" socat UNIX-LISTEN:"${unixfile}",fork \ + TCP-CONNECT:localhost:"${TEST_HOST_PORT}" & + pids+=3D($!) + + vm_vsock_test "${ns0}" "server" 2 "${TEST_GUEST_PORT}" + vm_wait_for_listener "${ns0}" "${TEST_GUEST_PORT}" + host_vsock_test "${ns1}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" + rc=3D$? + + for pid in "${pids[@]}"; do + if [[ "$(jobs -p)" =3D *"${pid}"* ]]; then + kill -SIGTERM "${pid}" &>/dev/null + fi + done + + terminate_pidfiles "${pidfile}" + + if [[ $rc -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_diff_global_host_connect_to_local_vm_fails() { + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local pidfile + local result + local pid + + init_namespaces + + outfile=3D$(mktemp) + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + if ! vm_start "${pidfile}" "${ns1}"; then + log_host "failed to start vm (cid=3D${VSOCK_CID}, ns=3D${ns0})" + return $KSFT_FAIL + fi + + vm_wait_for_ssh "${ns1}" + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + terminate_pidfiles "${pidfile}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]]; then + return $KSFT_PASS + fi + + return $KSFT_FAIL +} + +test_ns_diff_global_vm_connect_to_global_host_ok() { + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local unixfile + local pidfile + local pids + + init_namespaces + + declare -a pids + + log_host "Setup socat bridge from ns ${ns0} to ns ${ns1} over port ${port= }" + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + + ip netns exec "${ns0}" \ + socat TCP-LISTEN:"${port}" UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + + ip netns exec "${ns1}" \ + socat UNIX-LISTEN:"${unixfile}" TCP-CONNECT:127.0.0.1:"${port}" & + pids+=3D($!) + + log_host "Launching ${VSOCK_TEST} in ns ${ns1}" + host_vsock_test "${ns1}" "server" "${VSOCK_CID}" "${port}" + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + return $KSFT_FAIL + fi + + vm_wait_for_ssh "${ns0}" + vm_vsock_test "${ns0}" "10.0.2.2" 2 "${port}" + rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + + if [[ ! $rc -eq 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" + +} + +test_ns_diff_global_vm_connect_to_local_host_fails() { + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local pidfile + local result + local pid + + init_namespaces + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:${port} STDOUT &> "${outfile}" & + pid=3D$! + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pid}" + rm -f "${outfile}" + return $KSFT_FAIL + fi + + vm_wait_for_ssh "${ns0}" + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_host_connect_to_local_vm_fails() { + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local pidfile + local result + local pid + + init_namespaces + + outfile=3D$(mktemp) + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + if ! vm_start "${pidfile}" "${ns1}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + return $KSFT_FAIL + fi + + vm_wait_for_ssh "${ns1}" + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + terminate_pidfiles "${pidfile}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]]; then + return $KSFT_PASS + fi + + return $KSFT_FAIL +} + +test_ns_diff_local_vm_connect_to_local_host_fails() { + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local pidfile + local result + local pid + + init_namespaces + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT &> "${outfile}= " & + pid=3D$! + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + rm -f "${outfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +__test_loopback_two_netns() { + local ns0=3D$1 + local ns1=3D$2 + local port=3D12345 + local result + local pid + + modprobe vsock_loopback &> /dev/null || : + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}"= 2>/dev/null & + pid=3D$! + + log_host "Launching socat in ns ${ns0}" + echo TEST | ip netns exec "${ns0}" socat STDIN VSOCK-CONNECT:1:"${port}" = 2>/dev/null + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" =3D=3D TEST ]]; then + return 0 + fi + + return 1 +} + +test_ns_diff_global_to_local_loopback_local_fails() { + init_namespaces + + if ! __test_loopback_two_netns "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_to_global_loopback_fails() { + init_namespaces + + if ! __test_loopback_two_netns "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_to_local_loopback_fails() { + init_namespaces + + if ! __test_loopback_two_netns "local0" "local1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_global_to_global_loopback_ok() { + init_namespaces + + if __test_loopback_two_netns "global0" "global1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_same_local_loopback_ok() { + init_namespaces + + if __test_loopback_two_netns "local0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_same_local_host_connect_to_local_vm_ok() { + local ns=3D"local0" + local port=3D1234 + local pidfile + local rc + + init_namespaces + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + + if ! vm_start "${pidfile}" "${ns}"; then + return "${KSFT_FAIL}" + fi + + vm_vsock_test "${ns}" "server" 2 "${TEST_GUEST_PORT}" + host_vsock_test "${ns}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" + rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ $rc -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_same_local_vm_connect_to_local_host_ok() { + local ns=3D"local0" + local port=3D1234 + local pidfile + local rc + + init_namespaces + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + + if ! vm_start "${pidfile}" "${ns}"; then + return "${KSFT_FAIL}" + fi + + vm_vsock_test "${ns}" "server" 2 "${TEST_GUEST_PORT}" + host_vsock_test "${ns}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" + rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ $rc -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + namespaces_can_boot_same_cid() { local ns0=3D$1 local ns1=3D$2 @@ -820,6 +1278,7 @@ fi check_args "${ARGS[@]}" check_deps check_vng +check_socat handle_build =20 echo "1..${#ARGS[@]}" --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 103CF34E768 for ; Thu, 23 Oct 2025 18:28:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244109; cv=none; b=gCkdv+6rs9jGFoiDJKxrGcXBuQq0I59buDPhBiLWL3oiCw4TjASNTEOPDYBUjOqKxFQpVI2R3cfL81rBaqdFnjiSYv+EAxSb8MHU/0U6vkQ6VjjYKOZodk4i0HnFHU9TC7xJfLcdmJvXu5qEBli/TvDSS/CLGi+KI6F5LwkGpmk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244109; c=relaxed/simple; bh=nCwFeZ8diIl+Vmg31T+GDQCeQIxohZr7CtqwP+S/5mU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XGHxSWg6dn2WxoouR0EZ/Q/zW1rIEULY+hSwXsv0Gwt6wlPnz2yxeshKg7sCPC8c8SPqtzON0pqHchhnBvMP5U/2irh5Cqftv7N7R3U5ZsDgZYvjiOHON7gXAGRPKj09W4fwUHXj9LSn/l+r1CP+woSxHsa+bqh59N4JfuDrang= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MQWhhgZy; arc=none smtp.client-ip=209.85.215.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MQWhhgZy" Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-b6cee846998so760104a12.1 for ; Thu, 23 Oct 2025 11:28:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244097; x=1761848897; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=PTSoHMa1ECvViVefFGUUb5Kl2E+j9pc5hHuWE2XXc6Y=; b=MQWhhgZynm0v+4efubT77xG/483p6T6H6EOO+0nw5WSVSbZrfADAiTFmdTlwEUqE2h gsagKmxvns59AZI2jhEZJJ1/nNT3cw+Dpo1hZRLCUwQCVeYivjTnsQOZOhC4xIHUvPtK yf7r/rlPFu4sA71Ww2qCeQPxQzC5owyRD166c6pTsM6u++xx+dc1YhMobKz2WN2egRBL gK/UInaF6f9TpQ//h/NYxyjhj8bu9QC691lZcidDCWWig13cYMcGIXGVMdSIxMVqB/E/ 6GPjL1XAJylML2z7SS58QEM0yTL8MUtR8dqg9OHC17R7UdJPbJjFpFpft5Ilh9/VQxza 1b8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244097; x=1761848897; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PTSoHMa1ECvViVefFGUUb5Kl2E+j9pc5hHuWE2XXc6Y=; b=BRvZvGaoAZHm1I96W7iRf+kLYDRhn7PHeNL2JPpcOOGghddFlhOwVrwttmqB7VJeD2 gbxj2O8P71aqx7DMBVT5PsQr/DQ8UIiRJvsdMihyx3z9OobOXfxS6y7swEk6mIuRunAl odhyXetnAK6WGoR55Om2EqL4rUJBBExJI5crzjytkc344U2UD4kADOA8THC7HK4g5Uws pxR+9/V5nB1WT6cQJYs11IbMwmmiNasUxkH50bojtviBhEXzs9JEr6I3AK3BhLEVM+PX LjgR3SCfLP4QtHkTmGTRQvjAxqvIbWqYlDeiN5T3BX1vcUd4OA3afdzHSCZyLPjulRJL yRFQ== X-Forwarded-Encrypted: i=1; AJvYcCVMDE2Afw+6GYtvs3Amzlhzt3rwzE9B4OXBFBiLmXwWsvmA9jUbgypkWViDLtuqB8bUDV/ZBv7y1amaaqY=@vger.kernel.org X-Gm-Message-State: AOJu0YyUNfGDC6lwmvuS3FuAVhQ5nnquAQfIMhouUEphGTTAXV2HAPUM gP0vYajO8LW1QXz3M+pN/mB7GjJkNEQunh2O5eItQeQLZ1BKZAI7Z02g X-Gm-Gg: ASbGncvwEDQre9d32o54G8UdFDCLDhlYGYlCc/2hY/GHQH/RoBl9xFfZDnfemXgDXfg J9EvI8s45nvt2/7MRcIyyhdnoSzpUEi4vKiSegET/nu2Ygr99KNxS5z6rFBOt+WhBv/jEBn5hq7 svqtjbi73S4eBwdh66ZprFPHxTLAIPxNuBdC363WfvAngUFfiD+DlU8V7SPjUT489V0HvP9iA2y XKVuC3NziSpiMuB5u+HOXWk7son4D9H9O9LGK/hAhYmshoRU4Y6q0MCSq0Ou+D51Y2Gc6wbalWm vo9b/EkIfmGn8hzdrANHGXrnNWUNPd8puNxsw+7O9UbHhmuzmx5id97e9sJzzVsuFXpIpv1I2Vo u5CV38WI90FFlJs2eiLjsiNvsR/4JrmphvOmTFE891nXz/XY7mSXaPh8WJNVyqwDVZD5QFCkAcx PBlhmExkw= X-Google-Smtp-Source: AGHT+IEfA/bSltyjOG9wZ+WmbSBtdgfkQrMpjZ6PQb1xglAEmOrL+4zgNNCU9qQD5oAa9hkC0DmEfg== X-Received: by 2002:a17:903:2884:b0:266:3098:666 with SMTP id d9443c01a7336-290ca121a21mr213942785ad.32.1761244096855; Thu, 23 Oct 2025 11:28:16 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:7::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2946dde9880sm30458105ad.26.2025.10.23.11.28.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:16 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:52 -0700 Subject: [PATCH net-next v8 13/14] selftests/vsock: add tests for namespace deletion and mode changes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-13-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests that validate vsock sockets are resilient to deleting namespaces or changing namespace modes from global to local. The vsock sockets should still function normally. The function check_ns_changes_dont_break_connection() is added to re-use the step-by-step logic of 1) setup connections, 2) do something that would maybe break the connections, 3) check that the connections are still ok. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 123 ++++++++++++++++++++++++++++= ++++ 1 file changed, 123 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 60d349c80153..014cecd93858 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -62,6 +62,12 @@ readonly TEST_NAMES=3D( ns_same_local_loopback_ok ns_same_local_host_connect_to_local_vm_ok ns_same_local_vm_connect_to_local_host_ok + ns_mode_change_connection_continue_vm_ok + ns_mode_change_connection_continue_host_ok + ns_mode_change_connection_continue_both_ok + ns_delete_vm_ok + ns_delete_host_ok + ns_delete_both_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -129,6 +135,24 @@ readonly TEST_DESCS=3D( =20 # ns_same_local_vm_connect_to_local_host_ok "Run vsock_test client in VM in a local ns with server in same ns." + + # ns_mode_change_connection_continue_vm_ok + "Check that changing NS mode of VM namespace from global to local after a= connection is established doesn't break the connection" + + # ns_mode_change_connection_continue_host_ok + "Check that changing NS mode of host namespace from global to local after= a connection is established doesn't break the connection" + + # ns_mode_change_connection_continue_both_ok + "Check that changing NS mode of host and VM namespaces from global to loc= al after a connection is established doesn't break the connection" + + # ns_delete_vm_ok + "Check that deleting the VM's namespace does not break the socket connect= ion" + + # ns_delete_host_ok + "Check that deleting the host's namespace does not break the socket conne= ction" + + # ns_delete_both_ok + "Check that deleting the VM and host's namespaces does not break the sock= et connection" ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) @@ -1143,6 +1167,105 @@ test_vm_loopback() { return "${KSFT_PASS}" } =20 +check_ns_changes_dont_break_connection() { + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local pidfile + local outfile + local pids=3D() + local rc=3D0 + + init_namespaces + + pidfile=3D$(mktemp $PIDFILE_TEMPLATE) + if ! vm_start "${pidfile}" "${ns0}"; then + return "${KSFT_FAIL}" + fi + vm_wait_for_ssh "${ns0}" + + outfile=3D$(mktemp) + vm_ssh "${ns0}" -- \ + socat VSOCK-LISTEN:"${port}",fork STDOUT > "${outfile}" 2>/dev/null & + pids+=3D($!) + + # wait_for_listener() does not work for vsock because vsock does not + # export socket state to /proc/net/. Instead, we have no choice but to + # sleep for some hardcoded time. + sleep ${WAIT_PERIOD} + + # We use a pipe here so that we can echo into the pipe instead of + # using socat and a unix socket file. + local pipefile=3D$(mktemp -u /tmp/vmtest_pipe_XXXX) + ip netns exec "${ns1}" \ + socat PIPE:"${pipefile}" VSOCK-CONNECT:"${VSOCK_CID}":"${port}" & + pids+=3D($!) + + timeout ${WAIT_PERIOD} \ + bash -c 'while [[ ! -e '"${pipefile}"' ]]; do sleep 1; done; exit 0' + + if [[ $2 =3D=3D "delete" ]]; then + if [[ "$1" =3D=3D "vm" ]]; then + ip netns del "${ns0}" + elif [[ "$1" =3D=3D "host" ]]; then + ip netns del "${ns1}" + elif [[ "$1" =3D=3D "both" ]]; then + ip netns del "${ns0}" + ip netns del "${ns1}" + fi + elif [[ $2 =3D=3D "change_mode" ]]; then + if [[ "$1" =3D=3D "vm" ]]; then + ns_set_mode "${ns0}" "local" + elif [[ "$1" =3D=3D "host" ]]; then + ns_set_mode "${ns1}" "local" + elif [[ "$1" =3D=3D "both" ]]; then + ns_set_mode "${ns0}" "local" + ns_set_mode "${ns1}" "local" + fi + fi + + echo "TEST" > "${pipefile}" + + timeout ${WAIT_PERIOD} \ + bash -c 'while [[ ! -s '"${outfile}"' ]]; do sleep 1; done; exit 0' + + if grep -q "TEST" "${outfile}"; then + rc=3D"${KSFT_PASS}" + else + rc=3D"${KSFT_FAIL}" + fi + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${outfile}" + + return "${rc}" +} + +test_ns_mode_change_connection_continue_vm_ok() { + check_ns_changes_dont_break_connection "vm" "change_mode" +} + +test_ns_mode_change_connection_continue_host_ok() { + check_ns_changes_dont_break_connection "host" "change_mode" +} + +test_ns_mode_change_connection_continue_both_ok() { + check_ns_changes_dont_break_connection "both" "change_mode" +} + +test_ns_delete_vm_ok() { + check_ns_changes_dont_break_connection "vm" "delete" +} + +test_ns_delete_host_ok() { + check_ns_changes_dont_break_connection "host" "delete" +} + +test_ns_delete_both_ok() { + check_ns_changes_dont_break_connection "both" "delete" +} + shared_vm_test() { local tname =20 --=20 2.47.3 From nobody Mon Dec 15 21:12:23 2025 Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F9A134B19C for ; Thu, 23 Oct 2025 18:28:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244109; cv=none; b=bFZejsZFKGSEOTDqc22oTd10sOc8aAYPcObDin1p7O7H1Gj5qR5BMOoVyECk/s+9JuMoTWeTk07apm8RbSfmAFvq4uI4eu3flYnogvnbSmY4VbHwg8glf5IEb2B7qbpyAJ0arFd6g+MbusJTXcWHIe/blE+zVwso8lDVt6dcoLY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761244109; c=relaxed/simple; bh=bXxBLfs7zprOHTZHXU6v9cfS97dNF6O/NmtSmg9Dcg4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=qMOhDacU68EXmnT5I9A4olmHK0PhLNSyOz4lVS1p8+cliDVG+qcwSFpO0ZYechzzQC40F/c+tws/h3jLN9Pp5+c0Z9Tra616Ye1bkVfulqKM3OE9Ix0BF14oUgOrNTRERGkYpt7JDFcIUKJJDPiW8dJm++LB3+rG0XXcAM1ji9w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=U7n5lEqD; arc=none smtp.client-ip=209.85.216.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="U7n5lEqD" Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-33255011eafso1267494a91.1 for ; Thu, 23 Oct 2025 11:28:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761244098; x=1761848898; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=NCwbZALKzMmSW9iQhg2QB2KqAXC2Lr1Db59OQ7PdTpE=; b=U7n5lEqDryM8SnXGwk8JtHrXP3CBhsmyffy0N0WIusMDCTAucg6hWgx5uDediDsY/L E3WilLZk8Xo9rDl6uJ3Ysv80XEuDISXoWtcwJFmyZQKwSAroSaEWkGUYw6fnw0+YCYfh EFk1x9osyk4LHHF7Ca1qChJ825VKfbccv7+qwUfad+6LAuU2UMJwsXuFGNCUzVRRe847 Wh1OqZpdF+2/uNr3q0y6R4kKgvJcK2BGFuv6uGUh2vLvMrMDNv6/mQ7RKZyv4D2eI9A8 h6iTldbIrjjXUgKpETA1jUnyU+oi9PCFx0REBwHBHjR6B9o2GsFlKudVG6kJBdqcaq5B iw4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761244098; x=1761848898; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NCwbZALKzMmSW9iQhg2QB2KqAXC2Lr1Db59OQ7PdTpE=; b=enCHBIMPCuf1FM+KRmfqPFgKGhtfGkiELuEUeMK5gV+m2pQ+0SuzlCygj2hJL0ApJC uc0JcyJ3aLOz8yRhtcvO2OaE7eVcvGjVuGxfnQ02el8vXPLnXxfLojc3NZgMhFDQCGxl du4CniukBVMxebaGi8vZzVtO2s3Y8BP8i76jxXuJibxTrQMKk6daVCCQ61kZ8piFTcti R0yZnimNF5bywRX2vDpCNE+YmXxLdYK5OkRRjIkQKJT8J2A5vUa7CPfrUBcdi2HAIhEL 86MgzbtsFYBvBrdu/WaXFKgMnjdaHiBC7Ku3blpYBB+RTEOMkqLc7DQyZ0RZuKudL0oM ZZ1g== X-Forwarded-Encrypted: i=1; AJvYcCWxEoEWUKjjRfCW4/8QeYoDMkYCrELiMwAlmVQfeIOXpOYfLJFiqQjJaP3q9lGURHwWEBDQV8bcXwxuQpg=@vger.kernel.org X-Gm-Message-State: AOJu0YzHBnDURdpAzr/Xp6Mr8mmp+rno0/6/6ZSiAbJxUKbykTl4sEda nd+fD+YbMGVEjEm3G44KSRgzCH0F6til2I0bcSBp9sVO5vN+gY5DrZ4q X-Gm-Gg: ASbGnctwW8G8A7u0Wdz9fxKhlkAo16H+TE5npaPKn3+ofDSKarTJWaNBPAmcH9U8Mjn 3GaJe0BcpJNe9JyPDqlhFUywtnk1URRI7C3Q1SwngCkZA8ACsR9VCkGfmaMgAiWXNPG1BdlFK4Z uPLimp0KfylLcU6piYJ0ZwtRziWoLKYRFubt0o8zrFqUNnkXOSrO2crdBkRvzFnBFrTqr3l+cq4 b/z22RE8Pc4Ic+kY8W6ZNywyi3Rzlwgf9i+iOcitBBxRyAPd9ChdJAwIwETOpAJhqF+J/Yok5/P Ab5RbPcpS10Wo8lqwL6M+Rf7EQ4KHNsAxMcdJW2mopSKZ6F60Khs57iIBAxL0de7giEE3b/nNYS NCIyetxyH34nwL9mAKkHca2/HItocYpYrC5fMlS4cj04vf/NgcSSD0dyK/+N1t3EzaLZI7xUuRm TC+VvWoEk= X-Google-Smtp-Source: AGHT+IFx7yBJ75xjpC43+vM6BKxxk2sJHe/HPmtClbhgVqFNPtURD2tOiskQk/SLCG92Yy1QMi/lvA== X-Received: by 2002:a17:90b:3f8d:b0:32e:6fae:ba52 with SMTP id 98e67ed59e1d1-33bcf861b1amr32391331a91.6.1761244097816; Thu, 23 Oct 2025 11:28:17 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:8::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33e224a2c3bsm6530615a91.20.2025.10.23.11.28.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Oct 2025 11:28:17 -0700 (PDT) From: Bobby Eshleman Date: Thu, 23 Oct 2025 11:27:53 -0700 Subject: [PATCH net-next v8 14/14] selftests/vsock: add tests for module loading order Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251023-vsock-vmtest-v8-14-dea984d02bb0@meta.com> References: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> In-Reply-To: <20251023-vsock-vmtest-v8-0-dea984d02bb0@meta.com> To: Stefano Garzarella , Shuah Khan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Bobby Eshleman Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, berrange@redhat.com, Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to check that module loading order does not break vsock_loopback. Because vsock_loopback has some per-namespace data structure initialization that affects vsock namespace modes, lets make sure that namespace modes are respected and loopback sockets are functional even when the namespaces and modes are set prior to loading the vsock_loopback module. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 138 ++++++++++++++++++++++++++++= ++++ 1 file changed, 138 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 014cecd93858..9aa3200b160f 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -68,6 +68,8 @@ readonly TEST_NAMES=3D( ns_delete_vm_ok ns_delete_host_ok ns_delete_both_ok + ns_loopback_global_global_late_module_load_ok + ns_loopback_local_local_late_module_load_fails ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -153,6 +155,12 @@ readonly TEST_DESCS=3D( =20 # ns_delete_both_ok "Check that deleting the VM and host's namespaces does not break the sock= et connection" + + # ns_loopback_global_global_late_module_load_ok + "Test that loopback still works in global namespaces initialized prior to= loading the vsock_loopback kmod" + + # ns_loopback_local_local_late_module_load_fails + "Test that loopback connections still fail between local namespaces initi= alized prior to loading the vsock_loopback kmod" ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) @@ -914,6 +922,30 @@ test_ns_diff_local_vm_connect_to_local_host_fails() { return "${KSFT_FAIL}" } =20 +unload_module() { + local module=3D$1 + local retries=3D5 + readonly retries + local delay=3D1 + local i + + # Sometimes previously executed tests may result in a delayed release + # of the reference to the vsock_loopback module and result in the + # module being unremovable. For that reason, we use retries to allow + # some time for those references to be dropped. + for ((i =3D 0; i < ${retries}; i++)); do + modprobe -r "${module}" 2>/dev/null || : + + if [[ "$(lsmod | grep -c ${module})" -eq 0 ]]; then + return 0 + fi + + sleep ${delay} + done + + return 1 +} + __test_loopback_two_netns() { local ns0=3D$1 local ns1=3D$2 @@ -1266,6 +1298,112 @@ test_ns_delete_both_ok() { check_ns_changes_dont_break_connection "both" "delete" } =20 +test_ns_loopback_global_global_late_module_load_ok() { + declare -a pids + local unixfile + local ns0 ns1 + local pids + local port + + if ! unload_module vsock_loopback; then + log_host "Unable to unload vsock_loopback, skipping..." + return "${KSFT_SKIP}" + fi + + ns0=3Dloopback_ns0 + ns1=3Dloopback_ns1 + + ip netns del "${ns0}" &>/dev/null || : + ip netns del "${ns1}" &>/dev/null || : + ip netns add "${ns0}" + ip netns add "${ns1}" + ns_set_mode "${ns0}" global + ns_set_mode "${ns1}" global + ip netns exec "${ns0}" ip link set dev lo up + ip netns exec "${ns1}" ip link set dev lo up + + modprobe vsock_loopback &> /dev/null || : + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + port=3D321 + ip netns exec "${ns1}" \ + socat TCP-LISTEN:"${port}",fork \ + UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + + host_wait_for_listener "${ns1}" "${port}" + ip netns exec "${ns0}" socat UNIX-LISTEN:"${unixfile}",fork \ + TCP-CONNECT:localhost:"${port}" & + pids+=3D($!) + + if ! host_vsock_test "${ns0}" "server" 1 "${port}"; then + ip netns del "${ns0}" &>/dev/null || : + ip netns del "${ns1}" &>/dev/null || : + terminate_pids "${pids[@]}" + return "${KSFT_FAIL}" + fi + + if ! host_vsock_test "${ns1}" "127.0.0.1" 1 "${port}"; then + ip netns del "${ns0}" &>/dev/null || : + ip netns del "${ns1}" &>/dev/null || : + terminate_pids "${pids[@]}" + return "${KSFT_FAIL}" + fi + + ip netns del "${ns0}" &>/dev/null || : + ip netns del "${ns1}" &>/dev/null || : + terminate_pids "${pids[@]}" + + return "${KSFT_PASS}" +} + +test_ns_loopback_local_local_late_module_load_fails() { + declare -a pids + local ns0 ns1 + local outfile + local pids + local rc + + if ! unload_module vsock_loopback; then + log_host "Unable to unload vsock_loopback, skipping..." + return "${KSFT_SKIP}" + fi + + ns0=3Dloopback_ns0 + ns1=3Dloopback_ns1 + + ip netns del "${ns0}" &>/dev/null || : + ip netns del "${ns1}" &>/dev/null || : + ip netns add "${ns0}" + ip netns add "${ns1}" + ns_set_mode "${ns0}" local + ns_set_mode "${ns1}" local + + modprobe vsock_loopback &> /dev/null || : + + outfile=3D$(mktemp /tmp/XXXX.vmtest.out) + ip netns exec "${ns0}" socat VSOCK-LISTEN:${port} STDOUT \ + > "${outfile}" 2>/dev/null & + pids+=3D($!) + + echo TEST | \ + ip netns exec "${ns1}" socat STDIN VSOCK-CONNECT:1:${port} \ + 2>/dev/null + + if grep -q "TEST" "${outfile}" 2>/dev/null; then + rc=3D"${KSFT_FAIL}" + else + rc=3D"${KSFT_PASS}" + fi + + ip netns del "${ns0}" &>/dev/null || : + ip netns del "${ns1}" &>/dev/null || : + terminate_pids "${pids[@]}" + rm -f "${outfile}" + + return "${rc}" +} + shared_vm_test() { local tname =20 --=20 2.47.3