From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 25F862F3617 for ; Fri, 21 Nov 2025 05:44:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703894; cv=none; b=M3887yilfXhPeiA28l8iaex+76sjegdwuAM0wWi4/omlfEjIyNWoAsOrGqhLuVGAhnvGQoVRhY19guLxq6BYW8mIoHlfH6u6s0fwnW8kYEQnS5b74pyhkFFYUI/p4LJEpe5YdzVgR/J9WvB87FKbLSzFULrlQqKq2BRp+Aep+tw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703894; c=relaxed/simple; bh=26Ucrht91aAIwIXyn98Z2G6zb0Uqo0wULoQ9rseWbpU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ajyh16tl1ESHfBF4FKYlcpFbuDt9hfuy+IBflmInWZlwkYk3BQkUj+s4jvNj6/E7AC8UhucwK3PM1aW0x0DyexOO/5q2e6AMHB6U2rtHQ+bdjXZoBiDK7HRftEyc7AzGO8EIgXpFmPFu4AkdwHCzRiAIqmpFugpa2BhWKXr5lqI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gqv3HKsk; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gqv3HKsk" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-298145fe27eso25230775ad.1 for ; Thu, 20 Nov 2025 21:44:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703891; x=1764308691; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=rD2STQ1vCewvqhwa6nIY2y5ruJr4z91nYVEqL9bn/Qk=; b=gqv3HKskU/+y+owSy0N+Hl/+uFi0kqaRvA4Y66iVrdcTX77kheoF2gxjxknbwmP/Jw 3FG94ymCJvVJSwN+TAdstMhq0brq4pDFK2yB1RUWZwOuKrkQjtoXkMJTRH4zwCOCwXPN ooyaBZjX6fVanjyjDioFPqDb9v/SFsXR4ChdOV8OY5boIWVpoq+3mtnNoqW+tikaMZko xtPzpJS54ekUsg3jz7v5CcqQIKIjBx48PR24O6p7Wa/LdCPAEeILDfrmSLmmZHs2gWhP 5qsSMl3Z5dO/a56JVFVIiCMqtr00czJISKFDX0k/AWkVJleXf1AF9npIbLvKT3a7bU3c 2bqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703891; x=1764308691; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=rD2STQ1vCewvqhwa6nIY2y5ruJr4z91nYVEqL9bn/Qk=; b=UFwohYGr1Xd5bB+bCyez3Vt7FVds7iN+09FrO8p0GKUvz2sQ0Epv5qu+JdMenEf9Bd eRKteHoPCROaXMteN68RHs713nJJiU/xNrxR1V6Z9npzlA1k/mfSDdMLIkXI3cc7ND9+ tHY+ojLZZjCjKMdIARjl2Tlx+uxxOFlThhGcAmi7VksRCfiWwHRXBFIdbiXDaCOAvh1q uUpYq5aHh+9/uOXPSy61pyQlKEiBhaltiUsVfEDDSpiaT40aBjDiqb08KcFf+2U69AOA qtqnnl3sbEzcWegtEjGElK0HXYjL5YhRxjoTk3ZvIOb0izaCuMOynxQ3k2cu4IPJtrb3 70Cg== X-Gm-Message-State: AOJu0YzUDw0EbhPY1yLTb7gRy52JvcTfXGMvvZX9ZR7tvcsbU9vo7e23 cb1n/jv6kAQ7F9CLuJcCkVdlk2R5zKG5xKAuUcI0gJllYxc0UlTcCqes8UPrz1MR X-Gm-Gg: ASbGncsf5Egb8mzamGWlGL6KFJVFT1f1Od2BngZeAO3ooI10b8w5VZQtzLAJx6thhTX EiAYV7vB6sQSiRA5HJupcAaPo7NkEcYDz7S/WpW8t9mS3p5FggbHMNDx1JvvK4smjzp+1IpKw3A +0bbzi0lTbD1cNO6KU1gfM+ZJx7opvWW+leLoIn54mUK9T2gavTuhRtGj1H4I3x22mHFBrmKXmR mGIIHCuOpBw53ax4yjqEGwiS0LexKPbVsHnFfbv1qbv7A1ljA5zdF60MbrG22YD6OZffFScSIQO ZKsb51F9O5AlnrRpKV2WUIW80nxQjN/SE6ltvcNo6ddIQ6HdkaJe56nzpmnZscHX/D24oCNt7FQ p/t6ZKUfz22JYnu8XaGPyDloMZlJCGHJwxV2GUSsw6CeqPYxkjBBflr6XyylI2/p73bva2Vlp7n ZFS3luAGO3ka+6DPWMVF97TqV5suIVww== X-Google-Smtp-Source: AGHT+IGBX6lBycTr5y8I7/Ff3OgYb9C5r3Lt5Iu6ZJFwCB5+wDgrL2QmZGU72lmD28DyGWR9DkSOnQ== X-Received: by 2002:a17:903:3843:b0:298:8ec:9991 with SMTP id d9443c01a7336-29b6bf1a4famr16902995ad.37.1763703891158; Thu, 20 Nov 2025 21:44:51 -0800 (PST) Received: from localhost ([2a03:2880:2ff:3::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29b5b111e01sm43622845ad.7.2025.11.20.21.44.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:50 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:33 -0800 Subject: [PATCH net-next v11 01/13] vsock: a per-net vsock NS mode state Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-1-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add the per-net vsock NS mode state. This only adds the structure for holding the mode and some of the functions for setting/getting and checking the mode, but does not integrate the functionality yet. A "net_mode" field is added to vsock_sock to store the mode of the namespace when the vsock_sock was created. In order to evaluate namespace mode rules we need to know both a) which namespace the endpoints are in, and b) what mode that namespace had when the endpoints were created. This allows us to handle the changing of modes from global to local *after* a socket has been created by remembering that the mode was global when the socket was created. If we were to use the current net's mode instead, then the lookup would fail and the socket would break. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v10: - change mode_locked to int (Stefano) Changes in v9: - use xchg(), WRITE_ONCE(), READ_ONCE() for mode and mode_locked (Stefano) - clarify mode0/mode1 meaning in vsock_net_check_mode() comment - remove spin lock in net->vsock (not used anymore) - change mode from u8 to enum vsock_net_mode in vsock_net_write_mode() Changes in v7: - clarify vsock_net_check_mode() comments - change to `orig_net_mode =3D=3D VSOCK_NET_MODE_GLOBAL && orig_net_mode = =3D=3D vsk->orig_net_mode` - remove extraneous explanation of `orig_net_mode` - rename `written` to `mode_locked` - rename `vsock_hdr` to `sysctl_hdr` - change `orig_net_mode` to `net_mode` - make vsock_net_check_mode() more generic by taking just net pointers and modes, instead of a vsock_sock ptr, for reuse by transports (e.g., vhost_vsock) Changes in v6: - add orig_net_mode to store mode at creation time which will be used to avoid breakage when namespace changes mode during socket/VM lifespan Changes in v5: - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - change from net->vsock.ns_mode to net->vsock.mode - change vsock_net_set_mode() to vsock_net_write_mode() - vsock_net_write_mode() returns bool for write success to avoid need to use vsock_net_mode_can_set() - remove vsock_net_mode_can_set() --- MAINTAINERS | 1 + include/net/af_vsock.h | 44 +++++++++++++++++++++++++++++++++++++++++= +++ include/net/net_namespace.h | 4 ++++ include/net/netns/vsock.h | 17 +++++++++++++++++ 4 files changed, 66 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index e9a8d945632b..b6ac6720d706 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -27105,6 +27105,7 @@ L: netdev@vger.kernel.org S: Maintained F: drivers/vhost/vsock.c F: include/linux/virtio_vsock.h +F: include/net/netns/vsock.h F: include/uapi/linux/virtio_vsock.h F: net/vmw_vsock/virtio_transport.c F: net/vmw_vsock/virtio_transport_common.c diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index d40e978126e3..9b5bdd083b6f 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -10,6 +10,7 @@ =20 #include #include +#include #include #include =20 @@ -65,6 +66,7 @@ struct vsock_sock { u32 peer_shutdown; bool sent_request; bool ignore_connecting_rst; + enum vsock_net_mode net_mode; =20 /* Protected by lock_sock(sk) */ u64 buffer_size; @@ -256,4 +258,46 @@ static inline bool vsock_msgzerocopy_allow(const struc= t vsock_transport *t) { return t->msgzerocopy_allow && t->msgzerocopy_allow(); } + +static inline enum vsock_net_mode vsock_net_mode(struct net *net) +{ + return READ_ONCE(net->vsock.mode); +} + +static inline bool vsock_net_write_mode(struct net *net, + enum vsock_net_mode mode) +{ + if (xchg(&net->vsock.mode_locked, 1)) + return false; + + WRITE_ONCE(net->vsock.mode, mode); + return true; +} + +/* Return true if two namespaces and modes pass the mode rules. Otherwise, + * return false. + * + * - ns0 and ns1 are the namespaces being checked. + * - mode0 and mode1 are the vsock namespace modes of ns0 and ns1 at the t= ime + * the vsock objects were created. + * + * Read more about modes in the comment header of net/vmw_vsock/af_vsock.c. + */ +static inline bool vsock_net_check_mode(struct net *ns0, + enum vsock_net_mode mode0, + struct net *ns1, + enum vsock_net_mode mode1) +{ + /* Any vsocks within the same network namespace are always reachable, + * regardless of the mode. + */ + if (net_eq(ns0, ns1)) + return true; + + /* + * If the network namespaces differ, vsocks are only reachable if both + * were created in VSOCK_NET_MODE_GLOBAL mode. + */ + return mode0 =3D=3D VSOCK_NET_MODE_GLOBAL && mode0 =3D=3D mode1; +} #endif /* __AF_VSOCK_H__ */ diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index cb664f6e3558..66d3de1d935f 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -196,6 +197,9 @@ struct net { /* Move to a better place when the config guard is removed. */ struct mutex rtnl_mutex; #endif +#if IS_ENABLED(CONFIG_VSOCKETS) + struct netns_vsock vsock; +#endif } __randomize_layout; =20 #include diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h new file mode 100644 index 000000000000..c1a5e805949d --- /dev/null +++ b/include/net/netns/vsock.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __NET_NET_NAMESPACE_VSOCK_H +#define __NET_NET_NAMESPACE_VSOCK_H + +#include + +enum vsock_net_mode { + VSOCK_NET_MODE_GLOBAL, + VSOCK_NET_MODE_LOCAL, +}; + +struct netns_vsock { + struct ctl_table_header *sysctl_hdr; + enum vsock_net_mode mode; + int mode_locked; +}; +#endif /* __NET_NET_NAMESPACE_VSOCK_H */ --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26B5A2F3C25 for ; Fri, 21 Nov 2025 05:44:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703896; cv=none; b=CBWzT2cclPGQ0B7eM1iVPFAnNQVqUUz3TPl9BG4a5UaDLSmyJsyUojSmoAQQhX2gddaF+R/PKwfEZdyJu+zegj9VJLXj+8/mLBejDkc2kOv4JE45PeszWxJIxZuN2EYJqUtwEpNbXJVWrKpulJwGFAgyawq52sKj7ZR/cyeqdQE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703896; c=relaxed/simple; bh=CjcLpHwGga4LyyQ0NozEIEHYSPs4uhSwRwqDFMYEs4A=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=l5DP2Zh/efkgeuFJICI+yV6dT/SfA5VkqZK+Vx8Tdko4bXt6cXsgpRdEsoajYMFAezbMXYf6pBZk8t/V8LSApzJ56oQhXDTLHTXfb/vziGZWuD/C5CaA4P0ySLe0y6iNnuYTYfYQdHq1SLt5iyBJVTt4FmP1jlxrsijRZVs5Ko0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=QrEmk+td; arc=none smtp.client-ip=209.85.210.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QrEmk+td" Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-7b9215e55e6so1177889b3a.2 for ; Thu, 20 Nov 2025 21:44:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703892; x=1764308692; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=WQIl+zFDLzyhVKkIGBH4UnCndViQqDg/y1dV5YKjZiE=; b=QrEmk+td//m/5uXdo/E6GdPmrMb77/ZHImkk9UHwJaOVzwHfaF1vUPUib1Fvnjjct1 NfAYGNZ1X3LwNVt3m+j6EiEe2htTL5fM71DOKFNvP4+ZX0yqp5figRzB2brk+ec1qh/V NDWib9Rj4FHxyFgcnCNRIw4f3r95MHq92Kye3qDx/MLszYSjT1UDdOqttWK8uUsS7RmW ZBPpDzQKmtZzWtaeL4EMnSNGlxogmYALebiSwyFrWPncy+1+L2ZCn6PeklLEgKqSjoFn xWq3fWxl0B8uDwNXcJ8iZKy7jQQWUT/je9VZjpzDL64a8Z89fPnUZ6Q8hlnj4tam2cqj ZykQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703892; x=1764308692; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WQIl+zFDLzyhVKkIGBH4UnCndViQqDg/y1dV5YKjZiE=; b=iiIJQXNOdt7UamVv5drJjPxoApz6Wm78a3K6VSjgYl1taQu4pZHgBvZStJdTQQSLGe A24VchTQyneiokdfoP7YdgTuw51+3Umlvt1TGg1rPtA0Vu1iU4ZW5FgWbcSxxnluYmjH yXBoCu5fByNSQDv9/+418MbkGkjufGtTBXbgC9C3OYiZCu+CH1MnTTdC9KIZdgYygVR8 6NBHDK6JgM1ccEuuSyyoIeyMM2bVbCYtMbS1o0BPRqjtVh13l6zuB7g4r0G7X5vx6KCe 4A2+10I4ND6ktnj8a+2iFCv3I0i6MMTTZxuvHDX2pEGPDwhwK7hRlQjkOegO8M3jCjVs YIDQ== X-Gm-Message-State: AOJu0YwYpsxLMzOLcRkaEJYJFSn5x16Jhkmoo4/DjjQEht9HYZ30oTQp 2Z4xfI/KPZeuj7UD/g7VGLjio4rkNtWQBI7gImeJQ6W1nvVW6ILm8yT7 X-Gm-Gg: ASbGncvu5CKGJya551kL0U5Pp1QaUz8K1Cwr2rQ90y8RIuldAZ5olAZL0l40ws6ggn/ JgQuzazkwpePrLRyHdNNFUKE5Sie8vl6ZlWSJ9hXJkEzkUb3J4994e3ixa9jdjwRg9QtfrJAiAp ooVeIL4kvsWgy97ghbPpQNhAcDHcsmabtOR8/PlJInS5EYy8538z7/PA2dx0gzBvn7imfyGIrHd BDM9qWfrSQHvvFuvmoaqc44gsFiV/BeMmPuVlshoaqQW+uFOc7V9GAO0j+r3mp1989OrRZYVBhW 1yOqtxgGemcwAKj5NruvaYkkTDxMPs6jP3RIfgO2vLw9u1NOlGZrabRbMh9fbps4NuINVfcBi7T uOzRbrJpfy81/qkcDG5ARJbcxijwB8VqtDDvc25+lDC7UGbqL/HMPLoAWoPQgpF/AobI3Sk7Evf 0hZ6UtaMJinYmJpw1yttYnqIc/ItPssA== X-Google-Smtp-Source: AGHT+IEHmBNUyCr2KMzTRAxhCHe8PSGg7JbvyE+tA+5mFWQt/cL+HpXx1aqCFqLSixWw77QaJWBR1Q== X-Received: by 2002:a05:6a00:2d02:b0:7a2:882b:61b7 with SMTP id d2e1a72fcca58-7c58eb01a7fmr1237254b3a.32.1763703892295; Thu, 20 Nov 2025 21:44:52 -0800 (PST) Received: from localhost ([2a03:2880:2ff:4::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7c3ed789f19sm4655079b3a.28.2025.11.20.21.44.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:51 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:34 -0800 Subject: [PATCH net-next v11 02/13] vsock: add netns to vsock core Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-2-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add netns logic to vsock core. Additionally, modify transport hook prototypes to be used by later transport-specific patches (e.g., *_seqpacket_allow()). Namespaces are supported primarily by changing socket lookup functions (e.g., vsock_find_connected_socket()) to take into account the socket namespace and the namespace mode before considering a candidate socket a "match". This patch also introduces the sysctl /proc/sys/net/vsock/ns_mode that accepts the "global" or "local" mode strings. Add netns functionality (initialization, passing to transports, procfs, etc...) to the af_vsock socket layer. Later patches that add netns support to transports depend on this patch. seqpacket_allow() callbacks are modified to take a vsk so that transport implementations can inspect sock_net(sk) and vsk->net_mode when performing lookups (e.g., vhost does this in its future netns patch). Because the API change affects all transports, it seemed more appropriate to make this internal API change in the "vsock core" patch then in the "vhost" patch. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v10: - add file-level comment about what happens to sockets/devices when the namespace mode changes (Stefano) - change the 'if (write)' boolean in vsock_net_mode_string() to if (!write), this simplifies a later patch which adds "goto" for mutex unlocking on function exit. Changes in v9: - remove virtio_vsock_alloc_rx_skb() (Stefano) - remove vsock_global_dummy_net, not needed as net=3DNULL + net_mode=3DVSOCK_NET_MODE_GLOBAL achieves identical result Changes in v7: - hv_sock: fix hyperv build error - explain why vhost does not use the dummy - explain usage of __vsock_global_dummy_net - explain why VSOCK_NET_MODE_STR_MAX is 8 characters - use switch-case in vsock_net_mode_string() - avoid changing transports as much as possible - add vsock_find_{bound,connected}_socket_net() - rename `vsock_hdr` to `sysctl_hdr` - add virtio_vsock_alloc_linear_skb() wrapper for setting dummy net and global mode for virtio-vsock, move skb->cb zero-ing into wrapper - explain seqpacket_allow() change - move net setting to __vsock_create() instead of vsock_create() so that child sockets also have their net assigned upon accept() Changes in v6: - unregister sysctl ops in vsock_exit() - af_vsock: clarify description of CID behavior - af_vsock: fix buf vs buffer naming, and length checking - af_vsock: fix length checking w/ correct ctl_table->maxlen Changes in v5: - vsock_global_net() -> vsock_global_dummy_net() - update comments for new uAPI - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - add prototype changes so patch remains compilable --- drivers/vhost/vsock.c | 6 +- include/net/af_vsock.h | 9 +- net/vmw_vsock/af_vsock.c | 258 +++++++++++++++++++++++++++++++++++= +--- net/vmw_vsock/virtio_transport.c | 6 +- net/vmw_vsock/vsock_loopback.c | 6 +- 5 files changed, 261 insertions(+), 24 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index ae01457ea2cd..69074656263d 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -404,7 +404,8 @@ static bool vhost_transport_msgzerocopy_allow(void) return true; } =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid); +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); =20 static struct virtio_transport vhost_transport =3D { .transport =3D { @@ -460,7 +461,8 @@ static struct virtio_transport vhost_transport =3D { .send_pkt =3D vhost_transport_send_pkt, }; =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid) +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid) { struct vhost_vsock *vsock; bool seqpacket_allow =3D false; diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index 9b5bdd083b6f..59d97a143204 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -145,7 +145,7 @@ struct vsock_transport { int flags); int (*seqpacket_enqueue)(struct vsock_sock *vsk, struct msghdr *msg, size_t len); - bool (*seqpacket_allow)(u32 remote_cid); + bool (*seqpacket_allow)(struct vsock_sock *vsk, u32 remote_cid); u32 (*seqpacket_has_data)(struct vsock_sock *vsk); =20 /* Notification. */ @@ -218,6 +218,13 @@ void vsock_remove_connected(struct vsock_sock *vsk); struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr); struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, struct sockaddr_vm *dst); +struct sock *vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode net_mode); +struct sock *vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode net_mode); void vsock_remove_sock(struct vsock_sock *vsk); void vsock_for_each_connected_socket(struct vsock_transport *transport, void (*fn)(struct sock *sk)); diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index adcba1b7bf74..243c0d588682 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -83,6 +83,38 @@ * TCP_ESTABLISHED - connected * TCP_CLOSING - disconnecting * TCP_LISTEN - listening + * + * - Namespaces in vsock support two different modes configured + * through /proc/sys/net/vsock/ns_mode. The modes are "local" and "globa= l". + * Each mode defines how the namespace interacts with CIDs. + * /proc/sys/net/vsock/ns_mode is write-once, so that it may be configur= ed + * and locked down by a namespace manager. The default is "global". The = mode + * is set per-namespace. + * + * The modes affect the allocation and accessibility of CIDs as follows: + * + * - global - access and allocation are all system-wide + * - all CID allocation from global namespaces draw from the same + * system-wide pool. + * - if one global namespace has already allocated some CID, another + * global namespace will not be able to allocate the same CID. + * - global mode AF_VSOCK sockets can reach any VM or socket in any g= lobal + * namespace, they are not contained to only their own namespace. + * - AF_VSOCK sockets in a global mode namespace cannot reach VMs or + * sockets in any local mode namespace. + * - local - access and allocation are contained within the namespace + * - CID allocation draws only from a private pool local only to the + * namespace, and does not affect the CIDs available for allocation = in any + * other namespace (global or local). + * - VMs in a local namespace do not collide with CIDs in any other lo= cal + * namespace or any global namespace. For example, if a VM in a loca= l mode + * namespace is given CID 10, then CID 10 is still available for + * allocation in any other namespace, but not in the same namespace. + * - AF_VSOCK sockets in a local mode namespace can connect only to VM= s or + * other sockets within their own namespace. + * - when a socket or device is initialized in a namespace with mode + * global, it will stay in global mode even if the namespace later + * changes to local. */ =20 #include @@ -100,6 +132,7 @@ #include #include #include +#include #include #include #include @@ -111,9 +144,18 @@ #include #include #include +#include #include #include =20 +#define VSOCK_NET_MODE_STR_GLOBAL "global" +#define VSOCK_NET_MODE_STR_LOCAL "local" + +/* 6 chars for "global", 1 for null-terminator, and 1 more for '\n'. + * The newline is added by proc_dostring() for read operations. + */ +#define VSOCK_NET_MODE_STR_MAX 8 + static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr); static void vsock_sk_destruct(struct sock *sk); static int vsock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); @@ -235,33 +277,47 @@ static void __vsock_remove_connected(struct vsock_soc= k *vsk) sock_put(&vsk->sk); } =20 -static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr) +static struct sock *__vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode net_mode) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_bound_sockets(addr), bound_table) { - if (vsock_addr_equals_addr(addr, &vsk->local_addr)) - return sk_vsock(vsk); + struct sock *sk =3D sk_vsock(vsk); + + if (vsock_addr_equals_addr(addr, &vsk->local_addr) && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, + net_mode)) + return sk; =20 if (addr->svm_port =3D=3D vsk->local_addr.svm_port && (vsk->local_addr.svm_cid =3D=3D VMADDR_CID_ANY || - addr->svm_cid =3D=3D VMADDR_CID_ANY)) - return sk_vsock(vsk); + addr->svm_cid =3D=3D VMADDR_CID_ANY) && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, + net_mode)) + return sk; } =20 return NULL; } =20 -static struct sock *__vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) +static struct sock * +__vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, struct net *net, + enum vsock_net_mode net_mode) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_connected_sockets(src, dst), connected_table) { + struct sock *sk =3D sk_vsock(vsk); + if (vsock_addr_equals_addr(src, &vsk->remote_addr) && - dst->svm_port =3D=3D vsk->local_addr.svm_port) { - return sk_vsock(vsk); + dst->svm_port =3D=3D vsk->local_addr.svm_port && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, + net_mode)) { + return sk; } } =20 @@ -304,12 +360,14 @@ void vsock_remove_connected(struct vsock_sock *vsk) } EXPORT_SYMBOL_GPL(vsock_remove_connected); =20 -struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +struct sock *vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode net_mode) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_bound_socket(addr); + sk =3D __vsock_find_bound_socket_net(addr, net, net_mode); if (sk) sock_hold(sk); =20 @@ -317,15 +375,23 @@ struct sock *vsock_find_bound_socket(struct sockaddr_= vm *addr) =20 return sk; } +EXPORT_SYMBOL_GPL(vsock_find_bound_socket_net); + +struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +{ + return vsock_find_bound_socket_net(addr, NULL, VSOCK_NET_MODE_GLOBAL); +} EXPORT_SYMBOL_GPL(vsock_find_bound_socket); =20 -struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) +struct sock *vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode net_mode) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_connected_socket(src, dst); + sk =3D __vsock_find_connected_socket_net(src, dst, net, net_mode); if (sk) sock_hold(sk); =20 @@ -333,6 +399,14 @@ struct sock *vsock_find_connected_socket(struct sockad= dr_vm *src, =20 return sk; } +EXPORT_SYMBOL_GPL(vsock_find_connected_socket_net); + +struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, + struct sockaddr_vm *dst) +{ + return vsock_find_connected_socket_net(src, dst, + NULL, VSOCK_NET_MODE_GLOBAL); +} EXPORT_SYMBOL_GPL(vsock_find_connected_socket); =20 void vsock_remove_sock(struct vsock_sock *vsk) @@ -528,7 +602,7 @@ int vsock_assign_transport(struct vsock_sock *vsk, stru= ct vsock_sock *psk) =20 if (sk->sk_type =3D=3D SOCK_SEQPACKET) { if (!new_transport->seqpacket_allow || - !new_transport->seqpacket_allow(remote_cid)) { + !new_transport->seqpacket_allow(vsk, remote_cid)) { module_put(new_transport->module); return -ESOCKTNOSUPPORT; } @@ -676,6 +750,7 @@ static void vsock_pending_work(struct work_struct *work) static int __vsock_bind_connectible(struct vsock_sock *vsk, struct sockaddr_vm *addr) { + struct net *net =3D sock_net(sk_vsock(vsk)); static u32 port; struct sockaddr_vm new_addr; =20 @@ -695,7 +770,8 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, =20 new_addr.svm_port =3D port++; =20 - if (!__vsock_find_bound_socket(&new_addr)) { + if (!__vsock_find_bound_socket_net(&new_addr, net, + vsk->net_mode)) { found =3D true; break; } @@ -712,7 +788,8 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, return -EACCES; } =20 - if (__vsock_find_bound_socket(&new_addr)) + if (__vsock_find_bound_socket_net(&new_addr, net, + vsk->net_mode)) return -EADDRINUSE; } =20 @@ -836,6 +913,8 @@ static struct sock *__vsock_create(struct net *net, vsk->buffer_max_size =3D VSOCK_DEFAULT_BUFFER_MAX_SIZE; } =20 + vsk->net_mode =3D vsock_net_mode(net); + return sk; } =20 @@ -2658,6 +2737,142 @@ static struct miscdevice vsock_device =3D { .fops =3D &vsock_device_ops, }; =20 +static int vsock_net_mode_string(const struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + char data[VSOCK_NET_MODE_STR_MAX] =3D {0}; + enum vsock_net_mode mode; + struct ctl_table tmp; + struct net *net; + int ret; + + if (!table->data || !table->maxlen || !*lenp) { + *lenp =3D 0; + return 0; + } + + net =3D current->nsproxy->net_ns; + tmp =3D *table; + tmp.data =3D data; + + if (!write) { + const char *p; + + mode =3D vsock_net_mode(net); + + switch (mode) { + case VSOCK_NET_MODE_GLOBAL: + p =3D VSOCK_NET_MODE_STR_GLOBAL; + break; + case VSOCK_NET_MODE_LOCAL: + p =3D VSOCK_NET_MODE_STR_LOCAL; + break; + default: + WARN_ONCE(true, "netns has invalid vsock mode"); + *lenp =3D 0; + return 0; + } + + strscpy(data, p, sizeof(data)); + tmp.maxlen =3D strlen(p); + } + + ret =3D proc_dostring(&tmp, write, buffer, lenp, ppos); + if (ret) + return ret; + + if (!write) + return 0; + + if (*lenp >=3D sizeof(data)) + return -EINVAL; + + if (!strncmp(data, VSOCK_NET_MODE_STR_GLOBAL, sizeof(data))) + mode =3D VSOCK_NET_MODE_GLOBAL; + else if (!strncmp(data, VSOCK_NET_MODE_STR_LOCAL, sizeof(data))) + mode =3D VSOCK_NET_MODE_LOCAL; + else + return -EINVAL; + + if (!vsock_net_write_mode(net, mode)) + return -EPERM; + + return 0; +} + +static struct ctl_table vsock_table[] =3D { + { + .procname =3D "ns_mode", + .data =3D &init_net.vsock.mode, + .maxlen =3D VSOCK_NET_MODE_STR_MAX, + .mode =3D 0644, + .proc_handler =3D vsock_net_mode_string + }, +}; + +static int __net_init vsock_sysctl_register(struct net *net) +{ + struct ctl_table *table; + + if (net_eq(net, &init_net)) { + table =3D vsock_table; + } else { + table =3D kmemdup(vsock_table, sizeof(vsock_table), GFP_KERNEL); + if (!table) + goto err_alloc; + + table[0].data =3D &net->vsock.mode; + } + + net->vsock.sysctl_hdr =3D register_net_sysctl_sz(net, "net/vsock", table, + ARRAY_SIZE(vsock_table)); + if (!net->vsock.sysctl_hdr) + goto err_reg; + + return 0; + +err_reg: + if (!net_eq(net, &init_net)) + kfree(table); +err_alloc: + return -ENOMEM; +} + +static void vsock_sysctl_unregister(struct net *net) +{ + const struct ctl_table *table; + + table =3D net->vsock.sysctl_hdr->ctl_table_arg; + unregister_net_sysctl_table(net->vsock.sysctl_hdr); + if (!net_eq(net, &init_net)) + kfree(table); +} + +static void vsock_net_init(struct net *net) +{ + net->vsock.mode =3D VSOCK_NET_MODE_GLOBAL; +} + +static __net_init int vsock_sysctl_init_net(struct net *net) +{ + vsock_net_init(net); + + if (vsock_sysctl_register(net)) + return -ENOMEM; + + return 0; +} + +static __net_exit void vsock_sysctl_exit_net(struct net *net) +{ + vsock_sysctl_unregister(net); +} + +static struct pernet_operations vsock_sysctl_ops __net_initdata =3D { + .init =3D vsock_sysctl_init_net, + .exit =3D vsock_sysctl_exit_net, +}; + static int __init vsock_init(void) { int err =3D 0; @@ -2685,10 +2900,18 @@ static int __init vsock_init(void) goto err_unregister_proto; } =20 + if (register_pernet_subsys(&vsock_sysctl_ops)) { + err =3D -ENOMEM; + goto err_unregister_sock; + } + + vsock_net_init(&init_net); vsock_bpf_build_proto(); =20 return 0; =20 +err_unregister_sock: + sock_unregister(AF_VSOCK); err_unregister_proto: proto_unregister(&vsock_proto); err_deregister_misc: @@ -2702,6 +2925,7 @@ static void __exit vsock_exit(void) misc_deregister(&vsock_device); sock_unregister(AF_VSOCK); proto_unregister(&vsock_proto); + unregister_pernet_subsys(&vsock_sysctl_ops); } =20 const struct vsock_transport *vsock_core_get_transport(struct vsock_sock *= vsk) diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index 8c867023a2e5..d365a4b371d0 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -536,7 +536,8 @@ static bool virtio_transport_msgzerocopy_allow(void) return true; } =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid); +static bool virtio_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); =20 static struct virtio_transport virtio_transport =3D { .transport =3D { @@ -593,7 +594,8 @@ static struct virtio_transport virtio_transport =3D { .can_msgzerocopy =3D virtio_transport_can_msgzerocopy, }; =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid) +static bool +virtio_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { struct virtio_vsock *vsock; bool seqpacket_allow; diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index bc2ff918b315..8722337a4f80 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -46,7 +46,8 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *v= sk) return 0; } =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid); +static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); static bool vsock_loopback_msgzerocopy_allow(void) { return true; @@ -106,7 +107,8 @@ static struct virtio_transport loopback_transport =3D { .send_pkt =3D vsock_loopback_send_pkt, }; =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid) +static bool +vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { return true; } --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 425192F5A10 for ; Fri, 21 Nov 2025 05:44:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703897; cv=none; b=fuqXEljqefeErdFF8wQt9wMRCL7MgbXx5npaIYCAVcNwzdPUnBe56MIUoiBvmmYtuZBJ2V9eqq+sV4sNJdKjW4vHoE0cMG9RdPmISrsru7I2yh7cwIf4nYYcii+aF/BZz5CidgVVIhlzA/+5EjsqSALj06pYRLyPRSnkauGZq30= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703897; c=relaxed/simple; bh=uEfXdeSVANLUa6rVejsVaXrIRmYS9OcD1C0m/NXBtP4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=V/h8JyEtir4K6/bpzpk/bKGVqY7KkWFxwX96tVf94qmbCo1yVQaVU4BWVFj8Ld9PBtllB1LnU2FCghaRxgYvJG0LpOd6svABRo9s6TnMnp6Ra4esmxlrPqsJlvTt7438BS4ecwU9W1aiSRVuK0P+qQS1B8Kxaj4cbhlenZwvnwI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=LihFDLWO; arc=none smtp.client-ip=209.85.216.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="LihFDLWO" Received: by mail-pj1-f42.google.com with SMTP id 98e67ed59e1d1-340c39ee02dso1436553a91.1 for ; Thu, 20 Nov 2025 21:44:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703893; x=1764308693; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=odLLOhtwYmzSqbG24AKMnQi3WKDhrK2QPqqiED54J4I=; b=LihFDLWO/Akg2GQLms7m1Zn8/6oDtQunGH9tYRAa6wqKZg17V77oz96ISBNs3ieI1N LRe+fpD3PRp2XwQYPijeOttEFeG84NFdbymDW45K55QNYwJKeL9TSw6gBHGnG4MX1Xmn 1CkEa4zmYSRT1mHJvq+BTexeOGv0T+kWn+JhJbaHC5ntMkJNvYzkeDKhvwnRwqQ1V2ha jw8HL0rd+RffQZFNykYWbtzyA7WEjLAXVRCs1aJ0Ue4GPZd2I7QXz/OB7jFLSOqeKKIE L/BNbB8/SxPe1PtGtDxxmeVBToqtkgivC9vvFy+uSnLLfL6oDGXd2FX1YUGPhy14sLRk Qdsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703893; x=1764308693; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=odLLOhtwYmzSqbG24AKMnQi3WKDhrK2QPqqiED54J4I=; b=hDRYxVxQI8bRSN4hoM9xicpdVkYQAj6TK676aGgyZe8em2Qe6vb+Wo10szei6gspHd N7PSnizK4NWUDLKkAFH9hTSjUA2tVzgtDEwdo7GuFa4QYzG833uFMnmaOZidVRUekqE0 1aei8Om6Hsxys6vhdIcgFaH0mHaSYvcDgDh9TeoX0C8R30dASTkXp47sZvDeOtwQ0Ee1 NYe6RTctt45lQ8j2ukmHEXyoecv5w/XPJ+N1YrN/Nqy+U2ix4nHtBQrTLd60kF9cIEtM u28o2QwF4v2hGh9cWSKMyXTldSyPsi5TJAo8ThL/pYuXv/8WyRwpABxNyWJh1SebjAqG 0G/g== X-Gm-Message-State: AOJu0YzKwFxOes5LVB9mocFuD/2f3vUUbptCVZ0nWBAE0s6xU3CNMz6p 4NSMJkJv7rVcsqCV0bf4ZmV+1a7URcCmMJxZ95bcxuwHmx7ia0MYh5VJ X-Gm-Gg: ASbGnctmnk6a297AWRzUSZHq7qnmLM36fk0gpOCuETwldXZbG6Ou2nAcKUDxpr7yb+l wOVtRbVVLOnZ9Cc9164pasNL+lJVNG1tUArN1SteM43qYavt/a37O9kb2KOAklaZ8WhqIwVfbXq y/m2LssH8Dn5gZ/z0OUrXYIRXp/1q09fNv5aYN+PrNcmTFpvaR5M0oLv30MD+Q5rHqsujJsNGLi LOKeqyqC0EvucbWrv2hc5Dq61awOG+/18TSszUOGalb6kUUNbKEgL5QXBGWAcMTgzErM2CXpI1K Co6H+lD1H07VHy1d1FljJm8xPMAdng7V6sRQ/uV377mVnal8PGzxqmLyPSrOvUZqgVcuV9OTsG2 ZaXtctwSf+YhXk34p+dkOTkzzRvlwV8LbYOWihp2Zn7tdDrjzTXnasU+WNL+YpFnvLvkrf2u+T3 4fZzHMxvQX+vbUvE6iRuo= X-Google-Smtp-Source: AGHT+IEO5g5+wAXGn3n7vGiB6yvUY7bPn1d4X+FB4X8ZXWt5BzrBvDjejtFbJoFDNynTDw1Ei5KFMQ== X-Received: by 2002:a17:90b:1c85:b0:32e:38b0:15f4 with SMTP id 98e67ed59e1d1-34733e46dc6mr1512838a91.7.1763703893331; Thu, 20 Nov 2025 21:44:53 -0800 (PST) Received: from localhost ([2a03:2880:2ff:9::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-34726696bb2sm4398523a91.3.2025.11.20.21.44.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:53 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:35 -0800 Subject: [PATCH net-next v11 03/13] vsock: reject bad VSOCK_NET_MODE_LOCAL configuration for G2H Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-3-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Reject setting VSOCK_NET_MODE_LOCAL with -EOPNOTSUPP if a G2H transport is operational. Additionally, reject G2H transport registration if there already exists a namespace in local mode. G2H sockets break in local mode because the G2H transports don't support namespacing yet. The current approach is to coerce packets coming out of G2H transports into VSOCK_NET_MODE_GLOBAL mode, but it is not possible to coerce sockets in the same way because it cannot be deduced which transport will be used by the socket. Specifically, when bound to VMADDR_CID_ANY in a nested VM (both G2H and H2G available), it is not until a packet is received and matched to the bound socket that we assign the transport. This presents a chicken-and-egg problem, because we need the namespace to lookup the socket and resolve the transport, but we need the transport to know how to use the namespace during lookup. For that reason, this patch prevents VSOCK_NET_MODE_LOCAL from being used on systems that support G2H, even nested systems that also have H2G transports. Local mode is blocked based on detecting the presence of G2H devices (when possible, as hyperv is special). This means that a host kernel with G2H support compiled in (or has the module loaded), will still support local mode if there is no G2H (e.g., virtio-vsock) device detected. This enables using the same kernel in the host and in the guest, as we do in kselftest. Systems with only namespace-aware transports (vhost-vsock, loopback) can still use both VSOCK_NET_MODE_GLOBAL and VSOCK_NET_MODE_LOCAL modes as intended. Add supports_local_mode() transport callback to indicate transport-specific local mode support. These restrictions can be lifted in a future patch series when G2H transports gain namespace support. Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v11: - vhost_transport_supports_local_mode() returns false to keep things disabled until support comes online (Stefano) - add comment above supports_local_mode() cb to clarify (Stefano) - Remove redundant `ret =3D 0` initialization in vsock_net_mode_string() (Stefano) - Refactor vsock_net_mode_string() to separate parsing from validation (Stefano) - vmci returns false for supports_local_mode(), with comment Changes in v10: - move this patch before any transports bring online namespacing (Stefano) - move vsock_net_mode_string into critical section (Stefano) - add ->supports_local_mode() callback to transports (Stefano) --- drivers/vhost/vsock.c | 6 ++++++ include/net/af_vsock.h | 11 +++++++++++ net/vmw_vsock/af_vsock.c | 32 ++++++++++++++++++++++++++++++++ net/vmw_vsock/hyperv_transport.c | 6 ++++++ net/vmw_vsock/virtio_transport.c | 13 +++++++++++++ net/vmw_vsock/vmci_transport.c | 12 ++++++++++++ net/vmw_vsock/vsock_loopback.c | 6 ++++++ 7 files changed, 86 insertions(+) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 69074656263d..4e3856aa2479 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -64,6 +64,11 @@ static u32 vhost_transport_get_local_cid(void) return VHOST_VSOCK_DEFAULT_HOST_CID; } =20 +static bool vhost_transport_supports_local_mode(void) +{ + return false; +} + /* Callers that dereference the return value must hold vhost_vsock_mutex o= r the * RCU read lock. */ @@ -412,6 +417,7 @@ static struct virtio_transport vhost_transport =3D { .module =3D THIS_MODULE, =20 .get_local_cid =3D vhost_transport_get_local_cid, + .supports_local_mode =3D vhost_transport_supports_local_mode, =20 .init =3D virtio_transport_do_socket_init, .destruct =3D virtio_transport_destruct, diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index 59d97a143204..e24ef1d9fe02 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -180,6 +180,17 @@ struct vsock_transport { /* Addressing. */ u32 (*get_local_cid)(void); =20 + /* Return true if the transport is compatible with + * VSOCK_NET_MODE_LOCAL. Otherwise, return false. + * + * Transports should return false if they lack local-mode namespace + * support (e.g., G2H transports like hyperv-vsock and vmci-vsock). + * virtio-vsock returns true only if no device is present in order to + * enable local mode in nested scenarios in which virtio-vsock is + * loaded or built-in, but nonetheless unusable by sockets. + */ + bool (*supports_local_mode)(void); + /* Read a single skb */ int (*read_skb)(struct vsock_sock *, skb_read_actor_t); =20 diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 243c0d588682..120adb9dad9f 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -91,6 +91,12 @@ * and locked down by a namespace manager. The default is "global". The = mode * is set per-namespace. * + * Note: LOCAL mode is only supported when using namespace-aware transpo= rts + * (vhost-vsock, loopback). If a guest-to-host transport (virtio-vsock, + * hyperv-vsock, vmci-vsock) is operational, attempts to set LOCAL mode = will + * fail with EOPNOTSUPP, as these transports do not support per-namespace + * isolation. + * * The modes affect the allocation and accessibility of CIDs as follows: * * - global - access and allocation are all system-wide @@ -2794,6 +2800,15 @@ static int vsock_net_mode_string(const struct ctl_ta= ble *table, int write, else return -EINVAL; =20 + mutex_lock(&vsock_register_mutex); + if (mode =3D=3D VSOCK_NET_MODE_LOCAL && + transport_g2h && transport_g2h->supports_local_mode && + !transport_g2h->supports_local_mode()) { + mutex_unlock(&vsock_register_mutex); + return -EOPNOTSUPP; + } + mutex_unlock(&vsock_register_mutex); + if (!vsock_net_write_mode(net, mode)) return -EPERM; =20 @@ -2938,6 +2953,7 @@ int vsock_core_register(const struct vsock_transport = *t, int features) { const struct vsock_transport *t_h2g, *t_g2h, *t_dgram, *t_local; int err =3D mutex_lock_interruptible(&vsock_register_mutex); + struct net *net; =20 if (err) return err; @@ -2960,6 +2976,22 @@ int vsock_core_register(const struct vsock_transport= *t, int features) err =3D -EBUSY; goto err_busy; } + + /* G2H sockets break in LOCAL mode namespaces because G2H + * transports don't support them yet. Block registering new G2H + * transports if we already have local mode namespaces on the + * system. + */ + rcu_read_lock(); + for_each_net_rcu(net) { + if (vsock_net_mode(net) =3D=3D VSOCK_NET_MODE_LOCAL) { + rcu_read_unlock(); + err =3D -EOPNOTSUPP; + goto err_busy; + } + } + rcu_read_unlock(); + t_g2h =3D t; } =20 diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transp= ort.c index 432fcbbd14d4..279f04fcd81a 100644 --- a/net/vmw_vsock/hyperv_transport.c +++ b/net/vmw_vsock/hyperv_transport.c @@ -833,10 +833,16 @@ int hvs_notify_set_rcvlowat(struct vsock_sock *vsk, i= nt val) return -EOPNOTSUPP; } =20 +static bool hvs_supports_local_mode(void) +{ + return false; +} + static struct vsock_transport hvs_transport =3D { .module =3D THIS_MODULE, =20 .get_local_cid =3D hvs_get_local_cid, + .supports_local_mode =3D hvs_supports_local_mode, =20 .init =3D hvs_sock_init, .destruct =3D hvs_destruct, diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index d365a4b371d0..af4fbce0baab 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -94,6 +94,18 @@ static u32 virtio_transport_get_local_cid(void) return ret; } =20 +static bool virtio_transport_supports_local_mode(void) +{ + struct virtio_vsock *vsock; + + rcu_read_lock(); + vsock =3D rcu_dereference(the_virtio_vsock); + rcu_read_unlock(); + + /* Local mode is supported only when no G2H device is present. */ + return vsock ? false : true; +} + /* Caller need to hold vsock->tx_lock on vq */ static int virtio_transport_send_skb(struct sk_buff *skb, struct virtqueue= *vq, struct virtio_vsock *vsock, gfp_t gfp) @@ -544,6 +556,7 @@ static struct virtio_transport virtio_transport =3D { .module =3D THIS_MODULE, =20 .get_local_cid =3D virtio_transport_get_local_cid, + .supports_local_mode =3D virtio_transport_supports_local_mode, =20 .init =3D virtio_transport_do_socket_init, .destruct =3D virtio_transport_destruct, diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c index 7eccd6708d66..e392d3d1fd90 100644 --- a/net/vmw_vsock/vmci_transport.c +++ b/net/vmw_vsock/vmci_transport.c @@ -2033,6 +2033,17 @@ static u32 vmci_transport_get_local_cid(void) return vmci_get_context_id(); } =20 +static bool vmci_transport_supports_local_mode(void) +{ + /* Local mode is not yet compatible with vmci because there is no clear + * mechanism yet for attaching a namespace to a VM, or for handling the + * namespacing for when neither H2G or G2H is registered (as is the + * case for MODULE_ALIAS_NETPROTO(PF_VSOCK) loading. To simplify, we + * keep local mode off for now. + */ + return false; +} + static struct vsock_transport vmci_transport =3D { .module =3D THIS_MODULE, .init =3D vmci_transport_socket_init, @@ -2062,6 +2073,7 @@ static struct vsock_transport vmci_transport =3D { .notify_send_post_enqueue =3D vmci_transport_notify_send_post_enqueue, .shutdown =3D vmci_transport_shutdown, .get_local_cid =3D vmci_transport_get_local_cid, + .supports_local_mode =3D vmci_transport_supports_local_mode, }; =20 static bool vmci_check_transport(struct vsock_sock *vsk) diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index 8722337a4f80..1e25c1a6b43f 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -26,6 +26,11 @@ static u32 vsock_loopback_get_local_cid(void) return VMADDR_CID_LOCAL; } =20 +static bool vsock_loopback_supports_local_mode(void) +{ + return true; +} + static int vsock_loopback_send_pkt(struct sk_buff *skb) { struct vsock_loopback *vsock =3D &the_vsock_loopback; @@ -58,6 +63,7 @@ static struct virtio_transport loopback_transport =3D { .module =3D THIS_MODULE, =20 .get_local_cid =3D vsock_loopback_get_local_cid, + .supports_local_mode =3D vsock_loopback_supports_local_mode, =20 .init =3D virtio_transport_do_socket_init, .destruct =3D virtio_transport_destruct, --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9059D2F5462 for ; Fri, 21 Nov 2025 05:44:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703898; cv=none; b=OIXrVdZGfmGCKdNEO0fMKWuv+REpgj2A8yKKlAbYQ7FijGTB/ygM9n8t9fS99HX+nWskE0Q4m0EklZPmrhpxPhhdtldqtsrqhDmhIbuzhUEdyBynwuKK+ZOKpaFqpWL7w81XDsm2pk5bZSlhnW5C6iVFOpXHRMk8nd8po1HB/zo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703898; c=relaxed/simple; bh=fsBBb11rRzR4Q5pi4KL2AyZQEMokJCJhZHnuBGJ1xhw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RhEJZ9h1OneHIobpDqfkuEaeEdGlgGqRi2EPaNeLhIO5xoefvnYFHaMDdm+/F4RWXQTh5FT/lUKc0qicT3rItLly/dAj9zV7exoR2U15qyItsVn6oiK67w7ovAbw3lRxyDxEi3VvWf0Bpdy5sU6aAZOr35MLBF1EMfNi7W8kwv4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MXufHc81; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MXufHc81" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-297e264528aso19225805ad.2 for ; Thu, 20 Nov 2025 21:44:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703895; x=1764308695; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=eC15iyYiDR+Sm1hgPKilCqyF6DXQAH/mQRgGwIW2dVA=; b=MXufHc81htKDHR7hx8nYgiZlT38+9IgO7C4G60UdU10UUhHbf52nM8xsEDkWKCBpXb V64BVPkWwlazJqRjDdgCrTU5Y5azVDuXb5NKbB6xFYRJZyyN2KLWy4UwZq2x3m0vvZFv FkxAANDMxYd/cX+Ii9bZbVczvZu2mmuAPPk16ZcvuESlysO1/8c88waTD7HrFlX0VQvN wRriWddBaOh9akp8C3IIvbPsN/sZj7UxM4Hv+LD6y1fdDh8nc2OMMNvGZhS5JWCD7F01 Y8wc7K51GjxvujTsz8tt9wFRdfOLeXo2Ga9k/fSrdt9SUkhb1BL64WmtDpvzHDps23VQ 1L6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703895; x=1764308695; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=eC15iyYiDR+Sm1hgPKilCqyF6DXQAH/mQRgGwIW2dVA=; b=nSL7+VtWPx6ZRljx9shfJX00SX5GvU7Tgy19JP/uIkVLYD2fhSbGUVMrXKGThqxwz+ 4/ry9Sof8TP8xKCl/y8d8IQfUI6lKMGKnBrwRTQKgZqDlpKb2u7/lL2mPQOcnqHqvmdc 4myuzDWZ5cpUTjJRmqbjDbdWf6SrjS125IuW6hwMT2ymdvcKDY4OWlFOLP555Qpmyeri K+BDq22/kkmrECk1FWhpjBmEYPRbBDKBJ0fXhXq58+ql0Az5YhDZAnNJ2MLVk5jvwBn0 ly0u3FhIIi5ekSsOhccFeQiCJR9c5Qido0WiuUwdYPODLhABPLDrGZdIZ1BFP7x6cwV8 8E/w== X-Gm-Message-State: AOJu0YzTWQ1MpSvaOY23lRVI/6re/1L3uGJVMm8v91UgwukHp8ZnGbcs jVhZWZiccLR3xYzLHMdWTE/PHa18raBrZt8PSRuIloMZYrP8YOP/Z8ik X-Gm-Gg: ASbGncuRMSeyMNAdPt1F/3TAm2B2CKe0tTpa8vpPB0/jV3tnU5I9nVwsX3RuN++oYQf /BJxgCmFYVN9GN2LNtH1Z6XoK2iAkS0uJgdaFw3EhRpJKzhV6aTFO+3I6wGrXyjQr6lZqz7lxz/ SsWUHtLViwASTKyuLUPdNfFdsJrlCqbxsCwF3HzuiioBdFmvrySDNftg/KZKB5FK/EaBJp8otNn xWaluQbpqAQytlshxWz4jLHnXsfoC5fMWNi5/ZZvOcHPf04sNDevDfKRKhEkXEfXHXZ5Zg8GgA0 Ep4Su/y/PHscB6GzfFv2Ni6JvD/PvEHnerlIxlif4FZ08+yK1Sc/T8eS4KLOJ9O4TPYxDV4U8DD DSg5jEhnu3uzrlFKtsgH5m+HeBYgjBbNJYGfXODw9v6tl6im4Ep28w5F/BuZ83BLGpPh75DrhhK h9m7Vhz0UXyG04Id1Q X-Google-Smtp-Source: AGHT+IGa+OjNw6ZNUabNVrbiRm1cN34zeqSyarDkZ/uyC1wiDWIlKAxvnZ18+6IgwXZkACrQhhBeIQ== X-Received: by 2002:a17:903:2acc:b0:298:efa:511f with SMTP id d9443c01a7336-29b6bf3bc9emr17507735ad.39.1763703894492; Thu, 20 Nov 2025 21:44:54 -0800 (PST) Received: from localhost ([2a03:2880:2ff::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29b5b13a870sm44383905ad.34.2025.11.20.21.44.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:54 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:36 -0800 Subject: [PATCH net-next v11 04/13] virtio: set skb owner of virtio_transport_reset_no_sock() reply Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-4-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Associate reply packets with the sending socket. When vsock must reply with an RST packet and there exists a sending socket (e.g., for loopback), setting the skb owner to the socket correctly handles reference counting between the skb and sk (i.e., the sk stays alive until the skb is freed). This allows the net namespace to be used for socket lookups for the duration of the reply skb's lifetime, preventing race conditions between the namespace lifecycle and vsock socket search using the namespace pointer. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v11: - move before adding to netns support (Stefano) Changes in v10: - break this out into its own patch for easy revert (Stefano) --- net/vmw_vsock/virtio_transport_common.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index dcc8a1d5851e..675eb9d83549 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1165,6 +1165,12 @@ static int virtio_transport_reset_no_sock(const stru= ct virtio_transport *t, .op =3D VIRTIO_VSOCK_OP_RST, .type =3D le16_to_cpu(hdr->type), .reply =3D true, + + /* Set sk owner to socket we are replying to (may be NULL for + * non-loopback). This keeps a reference to the sock and + * sock_net(sk) until the reply skb is freed. + */ + .vsk =3D vsock_sk(skb->sk), }; struct sk_buff *reply; =20 --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 805572F7AC8 for ; Fri, 21 Nov 2025 05:44:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703901; cv=none; b=swu92Ndf1U5FEMo3BWk9pLBiK4uv247c1cUhy6kgnlm4g9KhCPg+XJwllv2ahr+IyCShHdOzaf5DG1uoOpnGh6LsIm3sGd29GXxw9d7yX9VmkfvCRlmdpopBbexDIwVf4HxaP6wy106xJD11eh6DSRH8kT/06fJl6plm5+j59tk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703901; c=relaxed/simple; bh=3NFSpqWjsgM5rSdxx4dGvveCM/Zot7GQEo4Dcfx5mEo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=gOw5DXt86TdaeLRGP7GN/t/sUhHzGkpzZQypd9K5fOR1FkPBA7ZUzlvMSxlGK6g+E1693S2hHiQFqtVKFm/Z7jzqBwf3Ot4YyeeD3PdPmXo/8qmuoyL7Se2WJYb9j7hi1tfSSphRPNhcXeCCU1BY5yMATy/LKDg/hs3x23/SsgY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=T1ikjQHR; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="T1ikjQHR" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-29806bd47b5so10588695ad.3 for ; Thu, 20 Nov 2025 21:44:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703896; x=1764308696; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=8Af9v63LGrhL0rLWA0P5zmGlSyHIM3FMNmd7fCRBQLk=; b=T1ikjQHRAC1VOyGmbvdRfIis/Zc1Xj4w1wttE5SjsYIvgWOev0rBlFPSxzkfxO4rn5 rzTo93G02GyKcpnGlSyjk54MNOUWqn8u2PlqyrTAY+cGjnUX7hUBxf7C/gtirAbjbXvw DHLXNIbuyNpV6kivKahdtf1kUz2G4oTfhxeYKiwitgfQmdUfce986xMuDMqh7nd5HRox YiWeo0PgbEFokT/O6UUL0hkrhKd8WNw0poc+zeHBaSIBw3iqJg5OgWxxmiL3HTH04v0X 5LNo1Z9un5qF4oxbkV6/Ey9JuHQXkeXhHIczL+hIAHu1SjVB0f8/IDFqcFXPW1SlR2r/ waNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703896; x=1764308696; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=8Af9v63LGrhL0rLWA0P5zmGlSyHIM3FMNmd7fCRBQLk=; b=NRbVOVyiwAY6jPm4EJJl4RDgiO1SDDyyLD2WKAQ7Pge2FzK20GiT97L/e7CQH06dsj kcHiJK4UrcbxdsI1vzKbbzVdbrz5qUdbi1P+9Y7/P9R/eRhh9d9D0hj3/+x0ULAzBfJJ Q+Fb44SFXTMPAjswyaDV8cGpVlII/GU0noTiRxKNVyMGt4HTgKk0aiE9dWBhVgWMvjHZ 9f5SBVSzMAIhHbBvhEPrHcQC3vFXNr4Du0RISzCM7YzOFnwNBqQ8cPyO/4SeaBtJ+cXO Lh9OhNbqdiKnOkX8wI++bI3g89Izi5g05wAXAaIAykC76Oja08K+yfgteA3PJPWv5Gc9 IpfA== X-Gm-Message-State: AOJu0YyCy0k/F1O/4Qj6jr4HL5xlVAN5tD6/9hDiY+TUyGMwSvNCapqz bVyP8+hadedrWwibAy/m1+WP6pFM6Wrqnrfd9mTAnrwnEANbO8iduPiM X-Gm-Gg: ASbGnctruVoCh+N1a/wldooBrjNYp+zBk64FTlhCJGBnWg48bFbVWNroPyCn1DZAJ20 0VGQC6zEcVeCff+HILlrbGpHNTYne6Pql1FUezGmDOwbnPhDH8PCY0PN4vGsqr/etx0Rfm+U8cR vq0P6m3h92APlSGXd2OfOKzXDeaMIv+wpIIq0GWu9o+hdUOqEaNuC+ec2VMNCqg/NGurl6HXSdw SgYvWDiPMNcUAtsFBqVcF+mcEwm3Lc1DZtNDnI0cdofWvCQva9bP0YlbBMLz0u/C0kMQhvAS5Wh EgSLpZuLoi1L6AxkYWOtsba04GDYQ3IyLFuylC+96YcwmiDJUmhhgZ/rwxfhWgBx2ab8jWw3L64 6r/rgtVC9SZwQazG88l86WhHofhA8u2VmyXjXntUl1bMHdAeA4j1Pdp319aBdtOZJ0hBC5edHlP 27msaJR6u+Rxz0Rhlx2Eo6 X-Google-Smtp-Source: AGHT+IF0iYp9b0FX0KZhlBvdPvQOs85zD/xCyN6riZGZ8FzygdF+zvR7wEbOx5UnBNLtRnXTn3LY0Q== X-Received: by 2002:a17:902:d4ca:b0:294:f6e2:cea1 with SMTP id d9443c01a7336-29b6c571f11mr13130845ad.38.1763703895454; Thu, 20 Nov 2025 21:44:55 -0800 (PST) Received: from localhost ([2a03:2880:2ff:4f::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29b5b111acfsm44608815ad.19.2025.11.20.21.44.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:55 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:37 -0800 Subject: [PATCH net-next v11 05/13] vsock: add netns support to virtio transports Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-5-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add netns support to loopback and vhost. Keep netns disabled for virtio-vsock, but add necessary changes to comply with common API updates. This is the patch in the series when vhost-vsock namespaces actually come online. Hence, vhost_transport_supports_local_mode() is switched to return true. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v11: - reorder with the skb ownership patch for loopback (Stefano) - toggle vhost_transport_supports_local_mode() to true Changes in v10: - Splitting patches complicates the series with meaningless placeholder values that eventually get replaced anyway, so to avoid that this patch combines into one. Links to previous patches here: - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-3-852787a37b= ed@meta.com/ - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-6-852787a37b= ed@meta.com/ - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-7-852787a37b= ed@meta.com/ - remove placeholder values (Stefano) - update comment describe net/net_mode for virtio_transport_reset_no_sock() --- drivers/vhost/vsock.c | 47 ++++++++++++++++++------ include/linux/virtio_vsock.h | 8 +++-- net/vmw_vsock/virtio_transport.c | 10 ++++-- net/vmw_vsock/virtio_transport_common.c | 63 ++++++++++++++++++++++++-----= ---- net/vmw_vsock/vsock_loopback.c | 8 +++-- 5 files changed, 103 insertions(+), 33 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 4e3856aa2479..e73a6499b9fe 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -46,6 +46,11 @@ static DEFINE_READ_MOSTLY_HASHTABLE(vhost_vsock_hash, 8); struct vhost_vsock { struct vhost_dev dev; struct vhost_virtqueue vqs[2]; + struct net *net; + netns_tracker ns_tracker; + + /* The ns mode at the time vhost_vsock was created */ + enum vsock_net_mode net_mode; =20 /* Link to global vhost_vsock_hash, writes use vhost_vsock_mutex */ struct hlist_node hash; @@ -66,13 +71,14 @@ static u32 vhost_transport_get_local_cid(void) =20 static bool vhost_transport_supports_local_mode(void) { - return false; + return true; } =20 /* Callers that dereference the return value must hold vhost_vsock_mutex o= r the * RCU read lock. */ -static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) +static struct vhost_vsock *vhost_vsock_get(u32 guest_cid, struct net *net, + enum vsock_net_mode mode) { struct vhost_vsock *vsock; =20 @@ -83,9 +89,10 @@ static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) if (other_cid =3D=3D 0) continue; =20 - if (other_cid =3D=3D guest_cid) + if (other_cid =3D=3D guest_cid && + vsock_net_check_mode(net, mode, vsock->net, + vsock->net_mode)) return vsock; - } =20 return NULL; @@ -274,7 +281,8 @@ static void vhost_transport_send_pkt_work(struct vhost_= work *work) } =20 static int -vhost_transport_send_pkt(struct sk_buff *skb) +vhost_transport_send_pkt(struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct vhost_vsock *vsock; @@ -283,7 +291,7 @@ vhost_transport_send_pkt(struct sk_buff *skb) rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid)); + vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid), net, net_mode); if (!vsock) { rcu_read_unlock(); kfree_skb(skb); @@ -310,7 +318,8 @@ vhost_transport_cancel_pkt(struct vsock_sock *vsk) rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid); + vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid, + sock_net(sk_vsock(vsk)), vsk->net_mode); if (!vsock) goto out; =20 @@ -470,11 +479,12 @@ static struct virtio_transport vhost_transport =3D { static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { + struct net *net =3D sock_net(sk_vsock(vsk)); struct vhost_vsock *vsock; bool seqpacket_allow =3D false; =20 rcu_read_lock(); - vsock =3D vhost_vsock_get(remote_cid); + vsock =3D vhost_vsock_get(remote_cid, net, vsk->net_mode); =20 if (vsock) seqpacket_allow =3D vsock->seqpacket_allow; @@ -545,7 +555,8 @@ static void vhost_vsock_handle_tx_kick(struct vhost_wor= k *work) if (le64_to_cpu(hdr->src_cid) =3D=3D vsock->guest_cid && le64_to_cpu(hdr->dst_cid) =3D=3D vhost_transport_get_local_cid()) - virtio_transport_recv_pkt(&vhost_transport, skb); + virtio_transport_recv_pkt(&vhost_transport, skb, + vsock->net, vsock->net_mode); else kfree_skb(skb); =20 @@ -662,6 +673,7 @@ static int vhost_vsock_dev_open(struct inode *inode, st= ruct file *file) { struct vhost_virtqueue **vqs; struct vhost_vsock *vsock; + struct net *net; int ret; =20 /* This struct is large and allocation could fail, fall back to vmalloc @@ -677,6 +689,17 @@ static int vhost_vsock_dev_open(struct inode *inode, s= truct file *file) goto out; } =20 + net =3D current->nsproxy->net_ns; + vsock->net =3D get_net_track(net, &vsock->ns_tracker, GFP_KERNEL); + + /* Store the mode of the namespace at the time of creation. If this + * namespace later changes from "global" to "local", we want this vsock + * to continue operating normally and not suddenly break. For that + * reason, we save the mode here and later use it when performing + * socket lookups with vsock_net_check_mode() (see vhost_vsock_get()). + */ + vsock->net_mode =3D vsock_net_mode(net); + vsock->guest_cid =3D 0; /* no CID assigned yet */ vsock->seqpacket_allow =3D false; =20 @@ -716,7 +739,8 @@ static void vhost_vsock_reset_orphans(struct sock *sk) */ =20 /* If the peer is still valid, no need to reset connection */ - if (vhost_vsock_get(vsk->remote_addr.svm_cid)) + if (vhost_vsock_get(vsk->remote_addr.svm_cid, sock_net(sk), + vsk->net_mode)) return; =20 /* If the close timeout is pending, let it expire. This avoids races @@ -761,6 +785,7 @@ static int vhost_vsock_dev_release(struct inode *inode,= struct file *file) virtio_vsock_skb_queue_purge(&vsock->send_pkt_queue); =20 vhost_dev_cleanup(&vsock->dev); + put_net_track(vsock->net, &vsock->ns_tracker); kfree(vsock->dev.vqs); vhost_vsock_free(vsock); return 0; @@ -787,7 +812,7 @@ static int vhost_vsock_set_cid(struct vhost_vsock *vsoc= k, u64 guest_cid) =20 /* Refuse if CID is already in use */ mutex_lock(&vhost_vsock_mutex); - other =3D vhost_vsock_get(guest_cid); + other =3D vhost_vsock_get(guest_cid, vsock->net, vsock->net_mode); if (other && other !=3D vsock) { mutex_unlock(&vhost_vsock_mutex); return -EADDRINUSE; diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 0c67543a45c8..5ed6136a4ed4 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -173,6 +173,8 @@ struct virtio_vsock_pkt_info { u32 remote_cid, remote_port; struct vsock_sock *vsk; struct msghdr *msg; + struct net *net; + enum vsock_net_mode net_mode; u32 pkt_len; u16 type; u16 op; @@ -185,7 +187,8 @@ struct virtio_transport { struct vsock_transport transport; =20 /* Takes ownership of the packet */ - int (*send_pkt)(struct sk_buff *skb); + int (*send_pkt)(struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode); =20 /* Used in MSG_ZEROCOPY mode. Checks, that provided data * (number of buffers) could be transmitted with zerocopy @@ -280,7 +283,8 @@ virtio_transport_dgram_enqueue(struct vsock_sock *vsk, void virtio_transport_destruct(struct vsock_sock *vsk); =20 void virtio_transport_recv_pkt(struct virtio_transport *t, - struct sk_buff *skb); + struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode); void virtio_transport_inc_tx_pkt(struct virtio_vsock_sock *vvs, struct sk_= buff *skb); u32 virtio_transport_get_credit(struct virtio_vsock_sock *vvs, u32 wanted); void virtio_transport_put_credit(struct virtio_vsock_sock *vvs, u32 credit= ); diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index af4fbce0baab..106d3f25a5cb 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -243,7 +243,8 @@ static int virtio_transport_send_skb_fast_path(struct v= irtio_vsock *vsock, struc } =20 static int -virtio_transport_send_pkt(struct sk_buff *skb) +virtio_transport_send_pkt(struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct virtio_vsock_hdr *hdr; struct virtio_vsock *vsock; @@ -675,7 +676,12 @@ static void virtio_transport_rx_work(struct work_struc= t *work) virtio_vsock_skb_put(skb, payload_len); =20 virtio_transport_deliver_tap_pkt(skb); - virtio_transport_recv_pkt(&virtio_transport, skb); + + /* Force virtio-transport into global mode since it + * does not yet support local-mode namespacing. + */ + virtio_transport_recv_pkt(&virtio_transport, skb, + NULL, VSOCK_NET_MODE_GLOBAL); } } while (!virtqueue_enable_cb(vq)); =20 diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index 675eb9d83549..5bb498caa19e 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -413,7 +413,7 @@ static int virtio_transport_send_pkt_info(struct vsock_= sock *vsk, =20 virtio_transport_inc_tx_pkt(vvs, skb); =20 - ret =3D t_ops->send_pkt(skb); + ret =3D t_ops->send_pkt(skb, info->net, info->net_mode); if (ret < 0) break; =20 @@ -527,6 +527,8 @@ static int virtio_transport_send_credit_update(struct v= sock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_CREDIT_UPDATE, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1067,6 +1069,8 @@ int virtio_transport_connect(struct vsock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_REQUEST, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1082,6 +1086,8 @@ int virtio_transport_shutdown(struct vsock_sock *vsk,= int mode) (mode & SEND_SHUTDOWN ? VIRTIO_VSOCK_SHUTDOWN_SEND : 0), .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1108,6 +1114,8 @@ virtio_transport_stream_enqueue(struct vsock_sock *vs= k, .msg =3D msg, .pkt_len =3D len, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1145,6 +1153,8 @@ static int virtio_transport_reset(struct vsock_sock *= vsk, .op =3D VIRTIO_VSOCK_OP_RST, .reply =3D !!skb, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 /* Send RST only if the original pkt is not a RST pkt */ @@ -1156,9 +1166,14 @@ static int virtio_transport_reset(struct vsock_sock = *vsk, =20 /* Normally packets are associated with a socket. There may be no socket = if an * attempt was made to connect to a socket that does not exist. + * + * net and net_mode refer to the namespace of whoever sent the invalid mes= sage. + * For loopback, this is the namespace of the socket. For vhost, this is t= he + * namespace of the VM (i.e., vhost_vsock). */ static int virtio_transport_reset_no_sock(const struct virtio_transport *t, - struct sk_buff *skb) + struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct virtio_vsock_pkt_info info =3D { @@ -1171,6 +1186,13 @@ static int virtio_transport_reset_no_sock(const stru= ct virtio_transport *t, * sock_net(sk) until the reply skb is freed. */ .vsk =3D vsock_sk(skb->sk), + + /* net or net_mode are not defined here because we pass + * net and net_mode directly to t->send_pkt(), instead of + * relying on virtio_transport_send_pkt_info() to pass them to + * t->send_pkt(). They are not needed by + * virtio_transport_alloc_skb(). + */ }; struct sk_buff *reply; =20 @@ -1189,7 +1211,7 @@ static int virtio_transport_reset_no_sock(const struc= t virtio_transport *t, if (!reply) return -ENOMEM; =20 - return t->send_pkt(reply); + return t->send_pkt(reply, net, net_mode); } =20 /* This function should be called with sk_lock held and SOCK_DONE set */ @@ -1471,6 +1493,8 @@ virtio_transport_send_response(struct vsock_sock *vsk, .remote_port =3D le32_to_cpu(hdr->src_port), .reply =3D true, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1513,12 +1537,14 @@ virtio_transport_recv_listen(struct sock *sk, struc= t sk_buff *skb, int ret; =20 if (le16_to_cpu(hdr->op) !=3D VIRTIO_VSOCK_OP_REQUEST) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); return -EINVAL; } =20 if (sk_acceptq_is_full(sk)) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); return -ENOMEM; } =20 @@ -1526,13 +1552,15 @@ virtio_transport_recv_listen(struct sock *sk, struc= t sk_buff *skb, * Subsequent enqueues would lead to a memory leak. */ if (sk->sk_shutdown =3D=3D SHUTDOWN_MASK) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); return -ESHUTDOWN; } =20 child =3D vsock_create_connected(sk); if (!child) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); return -ENOMEM; } =20 @@ -1554,7 +1582,8 @@ virtio_transport_recv_listen(struct sock *sk, struct = sk_buff *skb, */ if (ret || vchild->transport !=3D &t->transport) { release_sock(child); - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); sock_put(child); return ret; } @@ -1582,7 +1611,8 @@ static bool virtio_transport_valid_type(u16 type) * lock. */ void virtio_transport_recv_pkt(struct virtio_transport *t, - struct sk_buff *skb) + struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct sockaddr_vm src, dst; @@ -1605,24 +1635,25 @@ void virtio_transport_recv_pkt(struct virtio_transp= ort *t, le32_to_cpu(hdr->fwd_cnt)); =20 if (!virtio_transport_valid_type(le16_to_cpu(hdr->type))) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, net_mode); goto free_pkt; } =20 /* The socket must be in connected or bound table * otherwise send reset back */ - sk =3D vsock_find_connected_socket(&src, &dst); + sk =3D vsock_find_connected_socket_net(&src, &dst, net, net_mode); if (!sk) { - sk =3D vsock_find_bound_socket(&dst); + sk =3D vsock_find_bound_socket_net(&dst, net, net_mode); if (!sk) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, + net_mode); goto free_pkt; } } =20 if (virtio_transport_get_type(sk) !=3D le16_to_cpu(hdr->type)) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, net_mode); sock_put(sk); goto free_pkt; } @@ -1641,7 +1672,7 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, */ if (sock_flag(sk, SOCK_DONE) || (sk->sk_state !=3D TCP_LISTEN && vsk->transport !=3D &t->transport)) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, net_mode); release_sock(sk); sock_put(sk); goto free_pkt; @@ -1673,7 +1704,7 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, kfree_skb(skb); break; default: - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, net_mode); kfree_skb(skb); break; } diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index 1e25c1a6b43f..a730fa74d2d9 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -31,7 +31,8 @@ static bool vsock_loopback_supports_local_mode(void) return true; } =20 -static int vsock_loopback_send_pkt(struct sk_buff *skb) +static int vsock_loopback_send_pkt(struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct vsock_loopback *vsock =3D &the_vsock_loopback; int len =3D skb->len; @@ -138,7 +139,10 @@ static void vsock_loopback_work(struct work_struct *wo= rk) */ virtio_transport_consume_skb_sent(skb, false); virtio_transport_deliver_tap_pkt(skb); - virtio_transport_recv_pkt(&loopback_transport, skb); + + virtio_transport_recv_pkt(&loopback_transport, skb, + sock_net(skb->sk), + vsock_sk(skb->sk)->net_mode); } } =20 --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DBE62F9DB8 for ; Fri, 21 Nov 2025 05:44:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703901; cv=none; b=Gbtq+XDh8o/dSa/4bFCwtJ6/2je1VEmUYi2HUpfWLNj5Cv0NMVaeZB6zBunWVYpG8kLd5RFLYTomJWIvVE0lVh8s8AQ4jn0yj9RV09ZkmaOGYrm3QSBxNBlWVTc+5g2BapvsJVz9iWkVVld6RWtvw99Kr/hXAa/MYJFQYaSvZOs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703901; c=relaxed/simple; bh=uK+7wonqeqIE2+4J4eSHlB1BJW2sPOHiw05XtJHZdQM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hWltsLpcJH8/2xte0o3GXa4Ola579gW9NLe5u+IntnD3nC9aJ7s2gQBepc831YVGOn5tTUeZbHC/ms3LEaDTW0jWDbGSLZ//NEPvH9Z7lP2yN+u/PyBjqZyOpy9qJnTEPHv0XYdXGIPRVSWm9jwYqYEUVjrb/7K9NcIXXZggTFg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=QAUOO0WH; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QAUOO0WH" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-299d40b0845so26505225ad.3 for ; Thu, 20 Nov 2025 21:44:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703897; x=1764308697; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=fSkbmakY8QtibtOCdba8TmlxElnFph3vUeoyjgD6/iw=; b=QAUOO0WH3+qgxCZ6gMwgQYIf1kk8I60OZx+Wxe2+vqswILHB94RidaRv6PgCam5Q/2 0QeqACwTPcokwZ1EwCE9dam0p5utVtxibxiUmQQP4AH9iFGNKaLyhRpYOEnHT9bSW9w3 nhpWiRmeFGT2pphlhz6ckYZJZlrPTLQUtOx6da7bJ2js+q7FehULpnpD7Lku6lz3sXbN KC2TRvN/VeTSxcaaEOdNbgXjk0EKihxBvkR8mfc8eU2hGDUwvoJ3m3eWqgcg3guyA7O9 MWl5ys8XEXnSXyMtIMLQuXdf5YL/w78Un6fNQG9qKtkWEIG1PTstwa2KYP0Ip0sZFAzt 99RA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703897; x=1764308697; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fSkbmakY8QtibtOCdba8TmlxElnFph3vUeoyjgD6/iw=; b=oFtzP8zNPwxHs5pbcKq6xCwfaRts8NzAch6Aq/UOeArmMbMwwb5w5NDiTCSBBZuNU+ lGeeRUHOxQJu25/VsvSlMqs8JD0XeDS9jM3EEtGG752TwNj6/K1koZHlh7B+8kmL4q1g af/r2WW3YyTscuX9CmBz7JX81HxzgkDEhl91lOLvTPOImafaTmD1HEOzpMbvZB2zwe5O kRQDznsZgrhThWpduyNpMG0bRuwPWe+CpT76x6+vTxcSkIbHkSR4jIy1tubR2ooWpC1O efCavHKQim9/dpObAHl60GJqeZulDK0Ss4dsSlaPvQ6iSusvtki49LpiYtQa4FMr1DdS AAcA== X-Gm-Message-State: AOJu0Yy2wGJAstlMkUsmDhAE/qFjIf2xcj4RYA/oWn3U1WTiNSzLrISX A03gnWgohwd3lqh5n/WrG4TKyzqAliJTVMef3VaphuC5u1Or7LH9wWjK5fJKxdK6 X-Gm-Gg: ASbGncuufmVOS3SQqSOl8m68mT6dmTc35ua8E+3n+uju7w+d+Gy3eFlfXecMmhrJsqA AO9j6hNR8GGMsoX3VjTj1wikSS3p73dkhpnrRASr9bv6LjCmeYcU3BcGOtbaF+UHI6KVEPMgzfP ePEm34tepp8e9X8HBAY+oHV8CH9hHO2gWhjmSk6umoYnjZqA98Uz6avpKH6x65rCyElL9eNmwOg psJZHPAiOdsrxCo307q+r212gmZe+3iN0oYUUAyFFduHJD+PDXNgQ/gRO3SlGGodvChzhyMBnOb Zlzgs71LzBGofFe0ssufgK/WLWP8SXrYya15FfXqy8MxDQ+piBvl30j/sCWbmTGY32ASTgp1tfv s5bLvvZiBIZe0RA9ZuwLnDNez5OI3ofTmd2uVkkPTid3y/C4+2gEpoKSi2oWfxVsnXrCp5lywSm 4nEb2LU8QL+coExdF/6b8= X-Google-Smtp-Source: AGHT+IGGsDu1q3vm1jDYt6q/UI5NUFr2N2GTMwEvCBun/hcx13LSj7midmn1ev74SGvBLriqPu/3+g== X-Received: by 2002:a17:903:2ac5:b0:297:e59c:63cc with SMTP id d9443c01a7336-29b6bf19ef0mr14465525ad.35.1763703896832; Thu, 20 Nov 2025 21:44:56 -0800 (PST) Received: from localhost ([2a03:2880:2ff:4::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29b5b25c104sm44306755ad.54.2025.11.20.21.44.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:56 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:38 -0800 Subject: [PATCH net-next v11 06/13] selftests/vsock: add namespace helpers to vmtest.sh Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-6-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add functions for initializing namespaces with the different vsock NS modes. Callers can use add_namespaces() and del_namespaces() to create namespaces global0, global1, local0, and local1. The init_namespaces() function initializes global0, local0, etc... with their respective vsock NS mode. This function is separate so that tests that depend on this initialization can use it, while other tests that want to test the initialization interface itself can start with a clean slate by omitting this call. Remove namespaces upon exiting the program in cleanup(). This is unlikely to be needed for a healthy run, but it is useful for tests that are manually killed mid-test. In that case, this patch prevents the subsequent test run from finding stale namespaces with already-write-once-locked vsock ns modes. This patch is in preparation for later namespace tests. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/vmtest.sh | 41 +++++++++++++++++++++++++++++= ++++ 1 file changed, 41 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index c7b270dd77a9..f78cc574c274 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -49,6 +49,7 @@ readonly TEST_DESCS=3D( ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly NS_MODES=3D("local" "global") =20 VERBOSE=3D0 =20 @@ -103,6 +104,45 @@ check_result() { fi } =20 +add_namespaces() { + # add namespaces local0, local1, global0, and global1 + for mode in "${NS_MODES[@]}"; do + ip netns add "${mode}0" 2>/dev/null + ip netns add "${mode}1" 2>/dev/null + done +} + +init_namespaces() { + for mode in "${NS_MODES[@]}"; do + ns_set_mode "${mode}0" "${mode}" + ns_set_mode "${mode}1" "${mode}" + + log_host "set ns ${mode}0 to mode ${mode}" + log_host "set ns ${mode}1 to mode ${mode}" + + # we need lo for qemu port forwarding + ip netns exec "${mode}0" ip link set dev lo up + ip netns exec "${mode}1" ip link set dev lo up + done +} + +del_namespaces() { + for mode in "${NS_MODES[@]}"; do + ip netns del "${mode}0" &>/dev/null + ip netns del "${mode}1" &>/dev/null + log_host "removed ns ${mode}0" + log_host "removed ns ${mode}1" + done +} + +ns_set_mode() { + local ns=3D$1 + local mode=3D$2 + + echo "${mode}" | ip netns exec "${ns}" \ + tee /proc/sys/net/vsock/ns_mode &>/dev/null +} + vm_ssh() { ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" return $? @@ -110,6 +150,7 @@ vm_ssh() { =20 cleanup() { terminate_pidfiles "${!PIDFILES[@]}" + del_namespaces } =20 check_args() { --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C14A62FC87E for ; Fri, 21 Nov 2025 05:44:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703903; cv=none; b=hB+mboTN/r1tKqX5zjmpvuayuT15bwI7p6OwwyeZfbQ36azS4uNOaL4D7aplBofBFiCK+WL315zzszjT4HJfIntdF5cFyRHRZPGzvLNJWnW35AkAmwicFwhSi+95tewfDbKvcc8b4k+gmzkrO+pCOUpFCySLkElSV5cx8mjHwWw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703903; c=relaxed/simple; bh=dLqHAItx9mFQf4mJ0TDWA0vu/MRgEQeXnYFPU6Q9mTY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=SorDiDcN15PRL5mqPOxglsJ5GHEi9yBzSN+RCtxgO0cOhFqBTkvMgnCqqatqTYwZ6AByVnv68Z8gSc0ut4AUnzmeMj5l5p7Jh+gpWlhVwwJJRUAEVqimMtk19hpLOls2TEt+qT2Ep6oIB0l1fhOxwsE5NYVnqFye1mpw7KG1oqw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AWFEJt4B; arc=none smtp.client-ip=209.85.215.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AWFEJt4B" Received: by mail-pg1-f176.google.com with SMTP id 41be03b00d2f7-b9f1d0126e6so701282a12.1 for ; Thu, 20 Nov 2025 21:44:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703898; x=1764308698; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=VDBkxvqePG9pbCy3nBUwmVuR9KjnUrVCuFljawa5iCE=; b=AWFEJt4Bqwej0yJTjVHvcVa+uZjYQWMZ7cjollxBvyClmEncy2JF7ku0fck1R5nNC3 zdcVH0Z5DBypPThmq51MkMhe6U1pMfkSw0BzItBzGFiKkycgAaezoi7ovR5nMploGv0F laFthun+4/o8zDWZ4ESqXW/mm/Bdk3p8wXrVRnnG8p7S6IGOZA6StsmDAalV70UOgUjt Gctk2So5pl3zyoNQOJ+Yy4i031bfEY2E79ZuO+pmDj+gFCKXmxRGjk6RariMPItMgLW0 9EOqzuUN1Asdq6N2HD80bhAOGUnL3eHfgNZEjQIvuBFUjKFTNKlYx+2gaDM1/R0NZ4tO RfCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703898; x=1764308698; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VDBkxvqePG9pbCy3nBUwmVuR9KjnUrVCuFljawa5iCE=; b=LLyzwoX6rbVoYnUnuIdcXghV9lW6s0NEC4ZWng4rAoOyDhAfWdF5uRSb/JgsVDS+It /xCJX1JYV3c/3ph3pfYTFSkusOfeftssE7OYAJX+LUISSDbHW03Gi4Ub8dpWAb4LJX1d LOekP6Chp7LFVe1xP0Cg1roHGcaFKBCbXUBybdO3wfecVmDNhZub6esRGsJjdqQrUyMs qEppVCGyK80lsdsrOzZXVYGqsZeQ2myS0MUm3/A3P3F7q812nJjt54Xv4kNnLvt5YDPi qrYZgfO/ObHJvSTNxyd6uUUjW/j8iHtNWLdisVQhxtosEdivixwQVu7FhXzLY2MERUzb 5sGA== X-Gm-Message-State: AOJu0YzWauh72CpV+0ThmdKRbZdhaTDeUDqovWubt4ZEaYVuJUfe+o5+ 1mIqOUxImWqaxujKjtxlvqMq3nc3mIdlTk9pLMkHtE+0tIhtaaUF8TlZ X-Gm-Gg: ASbGncuniKT9G/Eex89L6ez2ouS2jG1IQdllavw2mnN3thzBmu5irjMypjTMfj4XyH8 xrjdGY28wj1ddQzK2jJK6IiT+d8oQ3LQAZrx8t7Q6592lbGv+yZLUjOiChn/swc81+ARtkoX48j 4NYtvREedPQT+DJ38GUjC5bTxhbj+fT1vkww/q1AVxB1aUUCJ6DbdOoixlgE+BwbgTDBBWhsxms ErcsRqr+xrlgewKfrhm+rMszlKUGroHY58+779jgqBn3FaYeihiqBDsVLAs5uwGMSnoXqRFSN/n U4d3VQXmdYVvLFe5EjWIN+tsqwHgzcXDr7JbWCeQ/Bhv8xPVhPuIK1lh9DCNS+KzeRwNDjNNhn4 YeCu+l/k/p5Yf8yQh5IApsvPlOgBg0LANMpg9x0QnQYRfTgD5o9TPXYqQL4zOcF0yG9BlIyWrYJ sk539sZW/u1XRlAQ6nuToRQ5W4dMpjiw== X-Google-Smtp-Source: AGHT+IEBMn6TQYN1j4KFxziEA98W0yBi294QmAjGh6KNbAmhH8gwotxis/ko5/31tPJswq8x6D/dpQ== X-Received: by 2002:a17:90b:534e:b0:343:89cc:6f23 with SMTP id 98e67ed59e1d1-347298c0cb6mr5941596a91.14.1763703897724; Thu, 20 Nov 2025 21:44:57 -0800 (PST) Received: from localhost ([2a03:2880:2ff:8::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-34727bcc59dsm4086780a91.2.2025.11.20.21.44.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:57 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:39 -0800 Subject: [PATCH net-next v11 07/13] selftests/vsock: prepare vm management helpers for namespaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-7-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add namespace support to vm management, ssh helpers, and vsock_test wrapper functions. This enables running VMs and test helpers in specific namespaces, which is required for upcoming namespace isolation tests. The functions still work correctly within the init ns, though the caller must now pass "init_ns" explicitly. No functional changes for existing tests. All have been updated to pass "init_ns" explicitly. Affected functions (such as vm_start() and vm_ssh()) now wrap their commands with 'ip netns exec' when executing commands in non-init namespaces. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/vmtest.sh | 93 +++++++++++++++++++++++------= ---- 1 file changed, 65 insertions(+), 28 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index f78cc574c274..4da91828a6a0 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -144,7 +144,18 @@ ns_set_mode() { } =20 vm_ssh() { - ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" + local ns_exec + + if [[ "${1}" =3D=3D init_ns ]]; then + ns_exec=3D"" + else + ns_exec=3D"ip netns exec ${1}" + fi + + shift + + ${ns_exec} ssh -q -o UserKnownHostsFile=3D/dev/null -p "${SSH_HOST_PORT}"= localhost "$@" + return $? } =20 @@ -267,10 +278,12 @@ terminate_pidfiles() { =20 vm_start() { local pidfile=3D$1 + local ns=3D$2 local logfile=3D/dev/null local verbose_opt=3D"" local kernel_opt=3D"" local qemu_opts=3D"" + local ns_exec=3D"" local qemu =20 qemu=3D$(command -v "${QEMU}") @@ -291,7 +304,11 @@ vm_start() { kernel_opt=3D"${KERNEL_CHECKOUT}" fi =20 - vng \ + if [[ "${ns}" !=3D "init_ns" ]]; then + ns_exec=3D"ip netns exec ${ns}" + fi + + ${ns_exec} vng \ --run \ ${kernel_opt} \ ${verbose_opt} \ @@ -306,6 +323,7 @@ vm_start() { } =20 vm_wait_for_ssh() { + local ns=3D$1 local i =20 i=3D0 @@ -313,7 +331,8 @@ vm_wait_for_ssh() { if [[ ${i} -gt ${WAIT_PERIOD_MAX} ]]; then die "Timed out waiting for guest ssh" fi - if vm_ssh -- true; then + + if vm_ssh "${ns}" -- true; then break fi i=3D$(( i + 1 )) @@ -347,30 +366,41 @@ wait_for_listener() } =20 vm_wait_for_listener() { - local port=3D$1 + local ns=3D$1 + local port=3D$2 =20 - vm_ssh <&1 | log_guest rc=3D$? else - vm_ssh -- "${VSOCK_TEST}" \ + vm_ssh "${ns}" -- "${VSOCK_TEST}" \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ --control-port=3D"${port}" \ @@ -390,7 +420,7 @@ vm_vsock_test() { return $rc fi =20 - vm_wait_for_listener "${port}" + vm_wait_for_listener "${ns}" "${port}" rc=3D$? fi set +o pipefail @@ -399,22 +429,28 @@ vm_vsock_test() { } =20 host_vsock_test() { - local host=3D$1 - local cid=3D$2 - local port=3D$3 + local ns=3D$1 + local host=3D$2 + local cid=3D$3 + local port=3D$4 local rc =20 + local cmd=3D"${VSOCK_TEST}" + if [[ "${ns}" !=3D "init_ns" ]]; then + cmd=3D"ip netns exec ${ns} ${cmd}" + fi + # log output and use pipefail to respect vsock_test errors set -o pipefail if [[ "${host}" !=3D server ]]; then - ${VSOCK_TEST} \ + ${cmd} \ --mode=3Dclient \ --peer-cid=3D"${cid}" \ --control-host=3D"${host}" \ --control-port=3D"${port}" 2>&1 | log_host rc=3D$? else - ${VSOCK_TEST} \ + ${cmd} \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ --control-port=3D"${port}" 2>&1 | log_host & @@ -425,7 +461,7 @@ host_vsock_test() { return $rc fi =20 - host_wait_for_listener "${port}" + host_wait_for_listener "${ns}" "${port}" rc=3D$? fi set +o pipefail @@ -469,11 +505,11 @@ log_guest() { } =20 test_vm_server_host_client() { - if ! vm_vsock_test "server" 2 "${TEST_GUEST_PORT}"; then + if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" fi =20 - if ! host_vsock_test "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}"; then + if ! host_vsock_test "init_ns" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PO= RT}"; then return "${KSFT_FAIL}" fi =20 @@ -481,11 +517,11 @@ test_vm_server_host_client() { } =20 test_vm_client_host_server() { - if ! host_vsock_test "server" "${VSOCK_CID}" "${TEST_HOST_PORT_LISTENER}"= ; then + if ! host_vsock_test "init_ns" "server" "${VSOCK_CID}" "${TEST_HOST_PORT_= LISTENER}"; then return "${KSFT_FAIL}" fi =20 - if ! vm_vsock_test "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}"; then + if ! vm_vsock_test "init_ns" "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}"; t= hen return "${KSFT_FAIL}" fi =20 @@ -495,13 +531,14 @@ test_vm_client_host_server() { test_vm_loopback() { local port=3D60000 # non-forwarded local port =20 - vm_ssh -- modprobe vsock_loopback &> /dev/null || : + vm_ssh "init_ns" -- modprobe vsock_loopback &> /dev/null || : =20 - if ! vm_vsock_test "server" 1 "${port}"; then + if ! vm_vsock_test "init_ns" "server" 1 "${port}"; then return "${KSFT_FAIL}" fi =20 - if ! vm_vsock_test "127.0.0.1" 1 "${port}"; then + + if ! vm_vsock_test "init_ns" "127.0.0.1" 1 "${port}"; then return "${KSFT_FAIL}" fi =20 @@ -630,8 +667,8 @@ cnt_total=3D0 if shared_vm_tests_requested "${ARGS[@]}"; then log_host "Booting up VM" pidfile=3D"$(create_pidfile)" - vm_start "${pidfile}" - vm_wait_for_ssh + vm_start "${pidfile}" "init_ns" + vm_wait_for_ssh "init_ns" log_host "VM booted up" =20 run_shared_vm_tests "${ARGS[@]}" --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E46E2FE04C for ; Fri, 21 Nov 2025 05:44:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703903; cv=none; b=j0h6LtHZvVHAFXgw1U4BFkh2/1twiwz4zsfSTPDE5J4G60n01K13aYUuLuFpg6XXA6T8YauLvl3Xs4AZzgcmKWhFfOrqnC9QGqN1C6cN6p5vi9Nj7voKimQDu8uoS6vH+KvnESKqo2cVs3ja0i1eWix4ajV6I6EYAgiAsuhEEcg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703903; c=relaxed/simple; bh=nx6UHyycvOx0nOMJPrniexSgcT4f8Lew6DQLvX17eQE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=CDKHeSCLX1tDy/je9WyJOXlufCgFv/dBvbQtvGn/nTmqVfue65KJNhzpNmnKME9YURDTf/2CO4zbrBm5p4AgiYMT4+f6soT+W7xZ9K5s8BOq+h8mmz8JedJSik/QWxqzYzx1ggfDiFqDBHU4QS/znEuyCzhf50m6/TTiNgb0xHM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XIGiNvYy; arc=none smtp.client-ip=209.85.210.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XIGiNvYy" Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-7acd9a03ba9so1874002b3a.1 for ; Thu, 20 Nov 2025 21:44:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703899; x=1764308699; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=8WanE8FrhGxigttKl86eZszwf4U+f6tE0kVhiGDUGVY=; b=XIGiNvYy65++kSc1B1HqQC6TtCuiv5nxOxbFE3MP1nSN0Rn30KHMSEoG6W+f1pf5fa vQWTgyXdxY+RvJeCvEqPXSgtpjN/cb/DvG7ZMDnHiw9+LOaktknE3zrVLKMRZxyc4TGv 15XuW1+Hjh/yi9t2cj2dqFPCP8IYlUPXZtMG/+1zokdyGyi0obrfvY8aTyX0cDQlKUx3 FEDnidpQyx98b/LkBBl19spwy36Karcm3JTKxCPoxTHWCtosijdXCHddeSWWdDubBBdQ bc8E+oQhbItA3wSe2BmW0fUdaMskfmFzS1DkKOcarxSzD9ITLsqx0nPCmYYy82Kz1BWF whvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703899; x=1764308699; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=8WanE8FrhGxigttKl86eZszwf4U+f6tE0kVhiGDUGVY=; b=JSZWyillRiBjeRhwJRlxojWkweWPxfSfog7+DQPicK28zLuRdlAi8o5Vc+lXU8R97l j4qksJg+dPmtqLY2u48UxiIM1sEQdDxIcNdddjfd0jkE0bl6Bmc2jcBZgUwUdsN5dxZ5 D0iu+mjSxQseLRECIJ+27YtVFUZfIFnlLkc0iWCJyvpUwXLFi00YZdLNVxx78ApasuRm Qfw00hYE0ndB9UhOfjHoyjtxVyqMRdLj7iTSDwuN/Pe3VCqM9lxjU7n1Eg6ciKbEQmvO 5NIymjDlhAWm47kGXgp9tN6q/WVwGawDsLgzrpexCoYsXlrefGbGsGdIyTXOfFqNzyC8 K9tA== X-Gm-Message-State: AOJu0YzV31Ipjxsvz4PnANX9+KkKowNUE/s+CkE2WzhKfkvII9or7NA8 OBdyGkyoI2wvv3Viy4iTHH84YgxZ/18xIRAIc8Sx3OhH5cCfK6dU3dVD X-Gm-Gg: ASbGncsqKuAoUO9VHSU6muWy0yoN0Z7B577K6y0REmhHKPeQWdP9vzFHArwSMBIPXuh 8ol93YMGzQ+uoPG7LGL5q1F6glS8gWwcpF5ZT/BOrdad6ZYpRQbcBj39jdDkMn6qOQS8LTGcdXC yB2oqrRajj0c+LrvqfmvKCHxsdwwaaYCxR3nl6mwihz9EJ2TBYdv0jA8v4kCEU2NPQ9juXeT/zX MbVBSQNSSYnEG3VwTnNK36rlI3kwtK/D+NukWsnQA38YLDJU2xql0Uhc2LOiwQPwnCWI7K/jH+w qrxofxePbHhx5U2fYLRSiz5Hkgq/pLlkXcSW/jyYEniNqE40Ln0e+u6G1Nm7l/HKrH8a2xv3UYk 1woRMwjng7sW18g+/iVvYV17lfNSp8S3tf4S97oelbclGLfGYDIPyqzc4iIAmRd5HWgzbwOdtn6 D3lNvXOld9cKeSWCmgI+dMuHi7OhZ9s8I= X-Google-Smtp-Source: AGHT+IHqyE0w19zDPkaB/Ash2VMSaGraMj87gNleVuj/tN2LhZMjdzS2nkC0fyQfEaBt2i2bVW/KCA== X-Received: by 2002:a05:6a00:1ad2:b0:7a2:7237:79ff with SMTP id d2e1a72fcca58-7c58c4a4fe3mr1123886b3a.7.1763703898643; Thu, 20 Nov 2025 21:44:58 -0800 (PST) Received: from localhost ([2a03:2880:2ff:42::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7c3f0b63dbcsm4627465b3a.50.2025.11.20.21.44.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:58 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:40 -0800 Subject: [PATCH net-next v11 08/13] selftests/vsock: add vm_dmesg_{warn,oops}_count() helpers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-8-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman These functions are reused by the VM tests to collect and compare dmesg warnings and oops counts. The future VM-specific tests use them heavily. This patches relies on vm_ssh() already supporting namespaces. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v11: - break these out into an earlier patch so that they can be used directly in new patches (instead of causing churn by adding this later) --- tools/testing/selftests/vsock/vmtest.sh | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 4da91828a6a0..1623e4da15e2 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -389,6 +389,17 @@ host_wait_for_listener() { fi } =20 +vm_dmesg_oops_count() { + local ns=3D$1 + + vm_ssh "${ns}" -- dmesg 2>/dev/null | grep -c -i 'Oops' +} + +vm_dmesg_warn_count() { + local ns=3D$1 + + vm_ssh "${ns}" -- dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock' +} =20 vm_vsock_test() { local ns=3D$1 @@ -596,8 +607,8 @@ run_shared_vm_test() { =20 host_oops_cnt_before=3D$(dmesg | grep -c -i 'Oops') host_warn_cnt_before=3D$(dmesg --level=3Dwarn | grep -c -i 'vsock') - vm_oops_cnt_before=3D$(vm_ssh -- dmesg | grep -c -i 'Oops') - vm_warn_cnt_before=3D$(vm_ssh -- dmesg --level=3Dwarn | grep -c -i 'vsock= ') + vm_oops_cnt_before=3D$(vm_dmesg_oops_count "init_ns") + vm_warn_cnt_before=3D$(vm_dmesg_warn_count "init_ns") =20 name=3D$(echo "${1}" | awk '{ print $1 }') eval test_"${name}" @@ -615,13 +626,13 @@ run_shared_vm_test() { rc=3D$KSFT_FAIL fi =20 - vm_oops_cnt_after=3D$(vm_ssh -- dmesg | grep -i 'Oops' | wc -l) + vm_oops_cnt_after=3D$(vm_dmesg_oops_count "init_ns") if [[ ${vm_oops_cnt_after} -gt ${vm_oops_cnt_before} ]]; then echo "FAIL: kernel oops detected on vm" | log_host rc=3D$KSFT_FAIL fi =20 - vm_warn_cnt_after=3D$(vm_ssh -- dmesg --level=3Dwarn | grep -c -i 'vsock') + vm_warn_cnt_after=3D$(vm_dmesg_warn_count "init_ns") if [[ ${vm_warn_cnt_after} -gt ${vm_warn_cnt_before} ]]; then echo "FAIL: kernel warning detected on vm" | log_host rc=3D$KSFT_FAIL --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FBB82F5A28 for ; Fri, 21 Nov 2025 05:45:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703905; cv=none; b=sy18UAuyADY0wKkWhs5SrUi3hVmGHjO2Q12EhIKhkZlwELeH6aByc6eBmOvNE2axeAt5w48Sb7COoXi8YwE1cSh+PdAxmslXrZklCVFUAMsnyN4aNfqXT/dBa+h3E53684RYEs6/sVTzhnQWTO4vy5E+pCAMTQn4KSbA9mA/qWA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703905; c=relaxed/simple; bh=6ZscPf9/nWkvwyT/JpdFbFpcYi98JG+pA4BQmlsYrSo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=TdUSeRQwBrqP20TCEh7DjjxY/ua9DuD00Vq2SBZ/V/lbBXKDn8RIIopRiojUcUakL5M7pr1paAXRVUtgGqk57gh4CiCeM33IkYXAG0k+ZHZPYqpY5IRWjecSCzFxHorwun8eciBjQR0RVtwL9UdlRwTIGCI2ej7LZnX1MZjA4zw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=avlJ3HB2; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="avlJ3HB2" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-297e982506fso22341545ad.2 for ; Thu, 20 Nov 2025 21:45:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703900; x=1764308700; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=QM2Et2bNJKp5Ra2pKHUtM/dUKGxKia3TES/qjTZzw/Y=; b=avlJ3HB2SSmkGQFhN9cX354DE5YeOVa/cPzKR+S/YkNKsyG2Yut79nnutTbFb/wgwj sFkob0fS6UVCDlLEX1GYZ/fvegPtq4TV54hXDKfzSL1BcQKwcE7N30ldNWgBsF6I9KDS YxDnNG7A3nBLpfp4EOO/5ZDjqhHLPd/2w7mLF0NPi5dscLX4YWn6z+Y9hFn+D7Sx3ZUz SWnV0Lpba1aDOXbtBp9h5Tw+h++hi5oBoicAmaxeSiCca3UdDbkZqN/eBDARb+KEaeTN fBdmg6tSzYsuXruphKxKtz23asz5RCgMLIkZMeKIrh+LlQZVG+8NuPCnfJqqLhgieiMn Q5gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703900; x=1764308700; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=QM2Et2bNJKp5Ra2pKHUtM/dUKGxKia3TES/qjTZzw/Y=; b=Os9ppNStpaAcpQbXU+nD4cx727+B8ebc6v1C/xNGwLOeh7tHNDFvrp5w8Gr/c8BJjk kKv6lvWCIpb2e5ttsDZN9ZYoMmE7MrWJwNeeCne5L14wsOcUg+mopbL7wYSfl8wf5ENL +9GWrRMXJbyRJUcb/bAronqp28MhlhNAPAQaK+DOcbzxOXiKSpUcJV48yfInpGHgDrrU 4lH9bMG56ZSibyD42OxIPv6bgE/iXqhFjMAWxFgV9C9e6/3CAb4M+JZUlCD9auIjfjwF /TPsudBrm9FyyQZWH6fjXeKbad3YwcriQD0Rbw7bYuEQLZJC0iP7nKnUACQ1BrbM+tz8 mCzQ== X-Gm-Message-State: AOJu0YwWzBizaal1EOaXSED8TqISZONwwy7+Qf0igLw+iUfRq4jzz8r1 0ygCWsPSVODdC1cvUp/yUP1Dc+Jrx86mHjTLEKhiqSecxb/GAk+NF7WfZU/S/z+W X-Gm-Gg: ASbGncvDQp4FwozMO2qANoUeLnoaBLT0wdv4qkeh2di/uMzox8PyxXiA7uEgukWX3w0 GVzeTokQldP36HyziYr4Olo300J+j9w0/z4GSp+Hb2RdVUCe0RLEyV2LV+DUNI6ntaYjGNlRRAq AglilHeTkJsVx2V7S8IUOhqeu7Em0M00QCOD8FVAPrVg2aY+ElhvYJLkrB+7hkU0+nNuHWlLipP DlUglAmynTc4wYW+uDQZRliLUpnKNAEWUB46j9xIgysmXvsvK0yP4PspbrGBhCQDbH2vUV+648P X6NE7hAuYt70RPQFUCqcYO2ERmUTfpemElVZzoihcytqTJXUjE42yMIJ3KTkFQJNa8lp7ZXW6O6 1K5QFpuRBGopsraw4FcQwHLOlwAmt09ngTqHyTMQPJulTlGA4OEYfv5s1cxS5QQr7th0g1wMJl1 5fqjU2uVKBeyBuiG1d+Vo= X-Google-Smtp-Source: AGHT+IGFbL+cnKyAAC1irHWJ8hb+QO/2gEl/srsbm0MtCPfs6CQtasuEnk/8bsVIJzKyqjf5dYOUcw== X-Received: by 2002:a17:902:da4d:b0:298:2e7a:3c47 with SMTP id d9443c01a7336-29b6bf5c107mr16446955ad.42.1763703899576; Thu, 20 Nov 2025 21:44:59 -0800 (PST) Received: from localhost ([2a03:2880:2ff:2::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29b5b15b851sm43195905ad.43.2025.11.20.21.44.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:44:59 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:41 -0800 Subject: [PATCH net-next v11 09/13] selftests/vsock: use ss to wait for listeners instead of /proc/net Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-9-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Replace /proc/net parsing with ss(8) for detecting listening sockets in wait_for_listener() functions and add support for TCP, VSOCK, and Unix socket protocols. The previous implementation parsed /proc/net/tcp using awk to detect listening sockets, but this approach could not support vsock because vsock does not export socket information to /proc/net/. Instead, use ss so that we can detect listeners on tcp, vsock, and unix. The protocol parameter is now required for all wait_for_listener family functions (wait_for_listener, vm_wait_for_listener, host_wait_for_listener) to explicitly specify which socket type to wait for. ss is added to the dependency check in check_deps(). Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/vmtest.sh | 47 +++++++++++++++++++++--------= ---- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 1623e4da15e2..e32997db322d 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -191,7 +191,7 @@ check_args() { } =20 check_deps() { - for dep in vng ${QEMU} busybox pkill ssh; do + for dep in vng ${QEMU} busybox pkill ssh ss; do if [[ ! -x $(command -v "${dep}") ]]; then echo -e "skip: dependency ${dep} not found!\n" exit "${KSFT_SKIP}" @@ -346,21 +346,32 @@ wait_for_listener() local port=3D$1 local interval=3D$2 local max_intervals=3D$3 - local protocol=3Dtcp - local pattern + local protocol=3D$4 local i =20 - pattern=3D":$(printf "%04X" "${port}") " - - # for tcp protocol additionally check the socket state - [ "${protocol}" =3D "tcp" ] && pattern=3D"${pattern}0A" - for i in $(seq "${max_intervals}"); do - if awk -v pattern=3D"${pattern}" \ - 'BEGIN {rc=3D1} $2" "$4 ~ pattern {rc=3D0} END {exit rc}' \ - /proc/net/"${protocol}"*; then + case "${protocol}" in + tcp) + if ss --listening --tcp --numeric | grep -q ":${port} "; then + break + fi + ;; + vsock) + if ss --listening --vsock --numeric | grep -q ":${port} "; then + break + fi + ;; + unix) + # For unix sockets, port is actually the socket path + if ss --listening --unix | grep -q "${port}"; then + break + fi + ;; + *) + echo "Unknown protocol: ${protocol}" >&2 break - fi + ;; + esac sleep "${interval}" done } @@ -368,23 +379,25 @@ wait_for_listener() vm_wait_for_listener() { local ns=3D$1 local port=3D$2 + local protocol=3D$3 =20 vm_ssh "${ns}" <; Fri, 21 Nov 2025 05:45:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703908; cv=none; b=V7gi3n8MzKBzN2zSqAABzZc+fNv1vSmsaA7Ll5h7Tv+0AvDrqL6bvDD4YqKzKZx5WyzxuO+rYb6Jirez7uOfKkYwTA82GqPEkCyY4HlAQOaL6yjcVNC5a41/dK6vODlndCOpQ1hT2xj5w7YhA15m/OtdXMEri1UvvPC9vQYKTWY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703908; c=relaxed/simple; bh=LWCJX/byO6UT+q76eS2OBJSBBF4gv+i35nuRb2OqTDY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=m87LmoqGncCbptST1NQv+0662JtUf45M/zg5QxYjj95ZtW+oyzmPlslw64PG7CW3RWFsbxSzEzzBsnVvT4gxsv4aDWl3IDwIvkCfoweXSEpQkFXP9/LCYhgi6bVolotQEgVs6EC2O/S3x6nP1Hio22yYrsaCiIuRQtnUr6iJf/g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XsHbQSGI; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XsHbQSGI" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-297dd95ffe4so14270515ad.3 for ; Thu, 20 Nov 2025 21:45:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703901; x=1764308701; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=zs6xAt2Exwcvl73D0Naa+Oua/oZSvlnc8CEdm60k1A4=; b=XsHbQSGIyHFOcTINzOuCv2oxvrbYyZ8GbLANbkI0rpKVDTPe5czprM2awBSAdYXnJk ZY3n+acZD9GW1vquE6U3vohcOovBEwo1or988Y1jDYm9Mn06crDAhu4bZ7yA2jj+aclV AA5YFfHGLU7cc5p3CcL6ojI+51Ajlr40KuV2GE3TQ6ncPO4hnZY6+SFa6L4t6XjmGV4/ aHnzzc4xvtCOKbZJXrf6IyCc4OWNB+jHYu6v+Qy9Axrx0xnaGa2SMaSV9YpfYODylehc xcIJARIXpK2iapy4htu92G6ZA3b4vCayETIERrTX5QMQc87kk74QgwgIcBsZ73K4c7w+ Tlng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703901; x=1764308701; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=zs6xAt2Exwcvl73D0Naa+Oua/oZSvlnc8CEdm60k1A4=; b=DmKrgaZfM8QkrRR7xV1sTpj8G1JZvD2BKNNKl+7aQ+WuvDd6e072suU++RtDLgccB6 8Y3qBHRG4RMa8u5TI9NjhY4n5ZKvPBFFPOieSCN6Vyw9GIIQ+6solSS9+bIsC1p//lS9 uHpX/jo8+7yECgm4WJ0gOyyOplfdWFXP/mQsAPW7YEFwiDnmTlkaUiJacVy1JQVHd25E YVOb0NfiinaVdGsq81XpdE3XvF2SsbCV4z3Ig4jg/adHzS7UeY4pm54EgblKiaRZGL00 eJzyP8RUUyJfqAoKMcatZ6BpRD2dcafb60EHKCw/ftOgfeou2JbgpO9XjCA1T0h9dyUl XS0A== X-Gm-Message-State: AOJu0Yz2soY73/mNXpCq3w9e7nGuoyGWT3gX3A35Kk7sJtliqp8gSzf9 0bSuatILZIAT2KqTBzoLo+8bV4RoXMLxCNRfQSyIH2nrmIDJ3oihkzjW X-Gm-Gg: ASbGnctRjXwO2KQYpVSKh3HTzEULeSM7fantIXAQkHSmnkqq6bWN0Figfel+ZkN8dvW DLk12BzjjwfRobom+FYLVHmmw69hsiluIqYYA53Gu8zqKgN7leCkp8cB2jvGe6fQW4nieR3GHlh 03JeR+sbPpRXDgdn2jpEiL4W60rKZjBiXovXyNTX3NA4R2K+Ocv7tNiTliOV97GU4yPezN+VyLd uDTCbLx5RwXhNEy56hMkV3VrNpDOs5jL766+mZp6Rm2ncsgb8h7Xv6uK3zAIkgFGrPTmEZHX2eJ K5dQ3oWnQalt1YaZuvbR93FHNoSGUjJWk7EOygxEKpofPp0aRs+f7FNrNdr9rEsmc8+MI1xaiBA 3tYL1Z7pqZZRAi5OkKJlRBHUIEE6KrVmPUlwuYsS3PuE9gmt6F+R7z5Uh/yzk57RPcts7rsgTGQ xdrljcOUvyLy0oqHhyYziC X-Google-Smtp-Source: AGHT+IGn57Do3B+4FXiqsfIwgYl7pgWu9SjAS1ObYcIb+VIFdYb1GrE+1aqSdJXSuLR056m2+Bwhjw== X-Received: by 2002:a17:903:1666:b0:297:dfae:1524 with SMTP id d9443c01a7336-29b6beba2c9mr15580275ad.16.1763703900501; Thu, 20 Nov 2025 21:45:00 -0800 (PST) Received: from localhost ([2a03:2880:2ff:45::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29b5b25e579sm44377955ad.51.2025.11.20.21.45.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:45:00 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:42 -0800 Subject: [PATCH net-next v11 10/13] selftests/vsock: add tests for proc sys vsock ns_mode Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-10-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests for the /proc/sys/net/vsock/ns_mode interface. Namely, that it accepts "global" and "local" strings and enforces a write-once policy. Start a convention of commenting the test name over the test description. Add test name comments over test descriptions that existed before this convention. Add a check_netns() function that checks if the test requires namespaces and if the current kernel supports namespaces. Skip tests that require namespaces if the system does not have namespace support. Add a test to verify that guest VMs with an active G2H transport (virtio-vsock) cannot set namespace mode to 'local'. This validates the mutual exclusion between G2H transports and LOCAL mode. This patch is the first to add tests that do *not* re-use the same shared VM. For that reason, it adds a run_tests() function to run these tests and filter out the shared VM tests. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v11: - Document ns_ prefix above TEST_NAMES (Stefano) Changes in v10: - Remove extraneous add_namespaces/del_namespaces calls. - Rename run_tests() to run_ns_tests() since it is designed to only run ns tests. Changes in v9: - add test ns_vm_local_mode_rejected to check that guests cannot use local mode --- tools/testing/selftests/vsock/vmtest.sh | 143 ++++++++++++++++++++++++++++= +++- 1 file changed, 141 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index e32997db322d..2e077e8a1777 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -41,14 +41,43 @@ readonly KERNEL_CMDLINE=3D"\ virtme.ssh virtme_ssh_channel=3Dtcp virtme_ssh_user=3D$USER \ " readonly LOG=3D$(mktemp /tmp/vsock_vmtest_XXXX.log) -readonly TEST_NAMES=3D(vm_server_host_client vm_client_host_server vm_loop= back) + +# Namespace tests must use the ns_ prefix. This is checked in check_netns(= ) and +# is used to determine if a test needs namespace setup before test executi= on. +readonly TEST_NAMES=3D( + vm_server_host_client + vm_client_host_server + vm_loopback + ns_host_vsock_ns_mode_ok + ns_host_vsock_ns_mode_write_once_ok + ns_vm_local_mode_rejected +) readonly TEST_DESCS=3D( + # vm_server_host_client "Run vsock_test in server mode on the VM and in client mode on the host." + + # vm_client_host_server "Run vsock_test in client mode on the VM and in server mode on the host." + + # vm_loopback "Run vsock_test using the loopback transport in the VM." + + # ns_host_vsock_ns_mode_ok + "Check /proc/sys/net/vsock/ns_mode strings on the host." + + # ns_host_vsock_ns_mode_write_once_ok + "Check /proc/sys/net/vsock/ns_mode is write-once on the host." + + # ns_vm_local_mode_rejected + "Test that guest VM with G2H transport cannot set namespace mode to 'loca= l'" ) =20 -readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly USE_SHARED_VM=3D( + vm_server_host_client + vm_client_host_server + vm_loopback + ns_vm_local_mode_rejected +) readonly NS_MODES=3D("local" "global") =20 VERBOSE=3D0 @@ -205,6 +234,20 @@ check_deps() { fi } =20 +check_netns() { + local tname=3D$1 + + # If the test requires NS support, check if NS support exists + # using /proc/self/ns + if [[ "${tname}" =3D~ ^ns_ ]] && + [[ ! -e /proc/self/ns ]]; then + log_host "No NS support detected for test ${tname}" + return 1 + fi + + return 0 +} + check_vng() { local tested_versions local version @@ -528,6 +571,32 @@ log_guest() { LOG_PREFIX=3Dguest log "$@" } =20 +test_ns_host_vsock_ns_mode_ok() { + for mode in "${NS_MODES[@]}"; do + if ! ns_set_mode "${mode}0" "${mode}"; then + return "${KSFT_FAIL}" + fi + done + + return "${KSFT_PASS}" +} + +test_ns_host_vsock_ns_mode_write_once_ok() { + for mode in "${NS_MODES[@]}"; do + local ns=3D"${mode}0" + if ! ns_set_mode "${ns}" "${mode}"; then + return "${KSFT_FAIL}" + fi + + # try writing again and expect failure + if ns_set_mode "${ns}" "${mode}"; then + return "${KSFT_FAIL}" + fi + done + + return "${KSFT_PASS}" +} + test_vm_server_host_client() { if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" @@ -569,6 +638,26 @@ test_vm_loopback() { return "${KSFT_PASS}" } =20 +test_ns_vm_local_mode_rejected() { + # Guest VMs have a G2H transport (virtio-vsock) active, so they + # should not be able to set namespace mode to 'local'. + # This test verifies that the sysctl write fails as expected. + + # Try to set local mode in the guest's init_ns + if vm_ssh init_ns "echo local | tee /proc/sys/net/vsock/ns_mode &>/dev/nu= ll"; then + return "${KSFT_FAIL}" + fi + + # Verify mode is still 'global' + local mode + mode=3D$(vm_ssh init_ns "cat /proc/sys/net/vsock/ns_mode") + if [[ "${mode}" !=3D "global" ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + shared_vm_test() { local tname =20 @@ -601,6 +690,11 @@ run_shared_vm_tests() { continue fi =20 + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" "${arg}" + continue + fi + run_shared_vm_test "${arg}" check_result "$?" "${arg}" done @@ -654,6 +748,49 @@ run_shared_vm_test() { return "${rc}" } =20 +run_ns_tests() { + for arg in "${ARGS[@]}"; do + if shared_vm_test "${arg}"; then + continue + fi + + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" "${arg}" + continue + fi + + add_namespaces + + name=3D$(echo "${arg}" | awk '{ print $1 }') + log_host "Executing test_${name}" + + host_oops_before=3D$(dmesg 2>/dev/null | grep -c -i 'Oops') + host_warn_before=3D$(dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsoc= k') + eval test_"${name}" + rc=3D$? + + host_oops_after=3D$(dmesg 2>/dev/null | grep -c -i 'Oops') + if [[ "${host_oops_after}" -gt "${host_oops_before}" ]]; then + echo "FAIL: kernel oops detected on host" | log_host + check_result "${KSFT_FAIL}" "${name}" + del_namespaces + continue + fi + + host_warn_after=3D$(dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock= ') + if [[ "${host_warn_after}" -gt "${host_warn_before}" ]]; then + echo "FAIL: kernel warning detected on host" | log_host + check_result "${KSFT_FAIL}" "${name}" + del_namespaces + continue + fi + + check_result "${rc}" "${name}" + + del_namespaces + done +} + BUILD=3D0 QEMU=3D"qemu-system-$(uname -m)" =20 @@ -699,6 +836,8 @@ if shared_vm_tests_requested "${ARGS[@]}"; then terminate_pidfiles "${pidfile}" fi =20 +run_ns_tests "${ARGS[@]}" + echo "SUMMARY: PASS=3D${cnt_pass} SKIP=3D${cnt_skip} FAIL=3D${cnt_fail}" echo "Log: ${LOG}" =20 --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B73CA29D29C for ; Fri, 21 Nov 2025 05:45:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703907; cv=none; b=SN2/cods/+XYE+lAzahEHl95QNRMZAsUmw20KAdVoDP6f1VJWQ2TQmfGHcQG2WwIGXNYhozoJpZNL0FXHInlHdouvNknJsnyrSQW6GoQPQx0hPZAAVcIjFOKYSWt7wjy/kaCgb83e0F48m5O3NMBtC50nrPDNA+ujjFCDPHGW4A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703907; c=relaxed/simple; bh=S0OTYm3s0WeftWD4AqPQ/rzlCPMOTr3mHqDyBo2IzPM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RsuLljMf1RMHTJna/AO2vmYdrpflp2haEjg0XNDlQHYK5XGI9FvbJ2u9aOrx06nYXr4+aA7KGH2PM6E4Dy8w73Ac14HtjaKmrjw8LEiyygAwUFCkR+x7G1pXy3hPepaEEPqPRx9CMCLwQANOhStiiRocDjzvtoy1GE0wQ1ZGYeQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FNf8Z88Y; arc=none smtp.client-ip=209.85.216.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FNf8Z88Y" Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-343684a06b2so1651335a91.1 for ; Thu, 20 Nov 2025 21:45:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703902; x=1764308702; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ukEcgJRgkjZjmBgpWiJDnd24uu19PQYcukqnsJV0jE0=; b=FNf8Z88Y4Oz5X1VuMZOrmSJ4CyYP18JGMeaD3wE91y7au4XThrpiH8BZqKV3XUDEVl rxFqwwuDAVbK4fqMzsU9dAswOj3xEVv0+BvlWae09hSiV8PMc3FgD0BfC8BgNLNsoPyh kPjTeSTZsuuvlqYgKa7Zk3Y7DLdl2vpDh5tYMZA1adAV5VV3VPcaiEIRju/cCdcSYs1Q D0AEWZhC7tL33IS+cG6fUKMKGBSTfpXT+XpRAhNswlWS/hlRuYr+9VNe2JF5bp+FQwwX iJDoDsnfgRZQdflGqJaqxiilnOF5A7Z/9EvJ2AUNOyVGMQ3DnRUS1eKom9LkG61t6Z58 2yoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703902; x=1764308702; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ukEcgJRgkjZjmBgpWiJDnd24uu19PQYcukqnsJV0jE0=; b=pXxUtnbbmwcQ4he+0Sz+Zp4DxqZuAtDAmmxEeLmlo1w5X5yoUCyywSKjtxWxq93kGz PrvCBba2lDvMtC8MQmPpjv7QIV2R3MYVbSSULK/jF+WbtT65aG3jmYu4ympWn0kayyp8 +Xv2D1KQpcjwX+EviZ/Tu/hr7CZlAPLvwbUsqHLLdRroizo9pMdjHVdM36+adJyGz0So gGYL1WSNLcwnaflbuhm+aqOwCzFFTZOy2tFQ1h01+vZBIfgq08tJ5iDKdOyGjn7+r6yd kczBtYSHypUzOFrChdh6A/6A4KQUmYQynUD9YOu2rYEwfP8DaJZhE3humFKpYm+qW3gO CKMw== X-Gm-Message-State: AOJu0YyN4JYCoVT7PBfbR1/QqDnznxOIzv4YrEm2D4/HKq3qI+4LI/GG e1aCs7ggt5oqaaNgryR3RFu0aFgwrXBdNp0RgB+EIoA5cc9gksLQAEJm X-Gm-Gg: ASbGnctZHO05TNOqfSkU9f31av+x+Zzw1yX7IP0y3K7RqqUSZ9YI7JhFHRdtZN2dixa LVfC4dOgrHdzAMHVxNq3NPdPZ9Sdk8GLED5KdIu3yMp67/TpHO1OyMibmdRzGDuHaSa5CbUe77t x43iJ65EbiFSSjwnGACpq8OUwvTxOXvsBrTjFJ/yo4VpLV6iv59yokPLJeTD5QOdZbbGXMTcU8U rOBhhM0m5gjoT9UOmPldOndDRS7XCNo0Lub0HMwpY3Gg5o38eCKvklh6nkKQ0u8yt8vJA4pOPXG le4A8HAd1uJZNCN4aJ2ONVvO5Sp1M7AU73e2OyNG+qzNTlQqDuRIzKs3kUCRKjagBONc5jvx+NE 2RfrytsiFANeK2chJKWuH/IXTG9Xa64UhQu7LDTEXytWMjBgVc+bNKjfaudKgBXPb1TjyFhhbt7 5wBpS+tLBCS2UghyXbJg/C X-Google-Smtp-Source: AGHT+IFELQgLCRsG8NRuOCsGBzSRJdEH8+ehXXOKkL8vFZuPvZ3QfZTp5lGjY+9g40dgcEdSszo9Aw== X-Received: by 2002:a17:90a:c2cd:b0:339:eff5:ef26 with SMTP id 98e67ed59e1d1-34733f40d29mr1247312a91.30.1763703901651; Thu, 20 Nov 2025 21:45:01 -0800 (PST) Received: from localhost ([2a03:2880:2ff:70::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-34727be2fa7sm4195843a91.6.2025.11.20.21.45.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:45:01 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:43 -0800 Subject: [PATCH net-next v11 11/13] selftests/vsock: add namespace tests for CID collisions Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-11-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to verify CID collision rules across different vsock namespace modes. 1. Two VMs with the same CID cannot start in different global namespaces (ns_global_same_cid_fails) 2. Two VMs with the same CID can start in different local namespaces (ns_local_same_cid_ok) 3. VMs with the same CID can coexist when one is in a global namespace and another is in a local namespace (ns_global_local_same_cid_ok and ns_local_global_same_cid_ok) The tests ns_global_local_same_cid_ok and ns_local_global_same_cid_ok make sure that ordering does not matter. The tests use a shared helper function namespaces_can_boot_same_cid() that attempts to start two VMs with identical CIDs in the specified namespaces and verifies whether VM initialization failed or succeeded. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v11: - check vm_start() rc in namespaces_can_boot_same_cid() (Stefano) - fix ns_local_same_cid_ok() to use local0 and local1 instead of reusing local0 twice. This check should pass, ensuring local namespaces do not collide (Stefano) --- tools/testing/selftests/vsock/vmtest.sh | 78 +++++++++++++++++++++++++++++= ++++ 1 file changed, 78 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 2e077e8a1777..f84da1e8ad14 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -51,6 +51,10 @@ readonly TEST_NAMES=3D( ns_host_vsock_ns_mode_ok ns_host_vsock_ns_mode_write_once_ok ns_vm_local_mode_rejected + ns_global_same_cid_fails + ns_local_same_cid_ok + ns_global_local_same_cid_ok + ns_local_global_same_cid_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -70,6 +74,18 @@ readonly TEST_DESCS=3D( =20 # ns_vm_local_mode_rejected "Test that guest VM with G2H transport cannot set namespace mode to 'loca= l'" + + # ns_global_same_cid_fails + "Check QEMU fails to start two VMs with same CID in two different global = namespaces." + + # ns_local_same_cid_ok + "Check QEMU successfully starts two VMs with same CID in two different lo= cal namespaces." + + # ns_global_local_same_cid_ok + "Check QEMU successfully starts one VM in a global ns and then another VM= in a local ns with the same CID." + + # ns_local_global_same_cid_ok + "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." ) =20 readonly USE_SHARED_VM=3D( @@ -581,6 +597,68 @@ test_ns_host_vsock_ns_mode_ok() { return "${KSFT_PASS}" } =20 +namespaces_can_boot_same_cid() { + local ns0=3D$1 + local ns1=3D$2 + local pidfile1 pidfile2 + local rc + + pidfile1=3D"$(create_pidfile)" + + # The first VM should be able to start. If it can't then we have + # problems and need to return non-zero. + if ! vm_start "${pidfile1}" "${ns0}"; then + return 1 + fi + + pidfile2=3D"$(create_pidfile)" + vm_start "${pidfile2}" "${ns1}" + rc=3D$? + terminate_pidfiles "${pidfile1}" "${pidfile2}" + + return "${rc}" +} + +test_ns_global_same_cid_fails() { + init_namespaces + + if namespaces_can_boot_same_cid "global0" "global1"; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_local_global_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_global_local_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_local_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "local0" "local1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + test_ns_host_vsock_ns_mode_write_once_ok() { for mode in "${NS_MODES[@]}"; do local ns=3D"${mode}0" --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 141362F5320 for ; Fri, 21 Nov 2025 05:45:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703909; cv=none; b=fLc9Ah1jjttcz9vOJn+GIAwfBHbhFl9qDpVTukfpze+Wv3Nvd3MMMJ5RozYxJwmleIDeA3JzTdMZGWSwogT0umb5zVbVmPdyzcHB3ZGy430sqrNWIFQifSPdy2VzvQnUCd+dXdNrQzKYtyFPUTAM9b1ZpzjA6XBilgById5e3Xw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703909; c=relaxed/simple; bh=ElzwQ/Uk7+6/K3/0sD1a50qGoV8AgNqS88zz/fPpHYU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=gS5xS2f2mQRpbY6x/zx6QgG8kDfSY9CG+a4St+ME5HwP+HcXdv5S5jjcQiLPLyyBSqQpOoRJlTG0ggRg7vtZLFOWF8RVI+0azRi5+LAUSmh2J4NRGh9lG+RLArH7aVhvVcIxtkDMktlnNEnJeatFHOGCpe0WOp5hvWpc5fNagGU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=cLVmYKf+; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cLVmYKf+" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-34381ec9197so1505481a91.1 for ; Thu, 20 Nov 2025 21:45:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703903; x=1764308703; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=M77mCllcJMbMpVR22bc4qHyCRYKpmXn6ys6/Up60Jxg=; b=cLVmYKf+TdzYL3lfoKW7BgJt2h6emqrW+vPZ6cbBWPAVyyhmmLOkM+ZEIlg97cUmPN iKQsCBgHfkwjOhNQNGBzhhACxn/FyQJDNe566FaC6w5UtbpCb8A91WOwM8KEwUkCYHY8 XM9cO8CNTtLCY5xMu3DWVg2cAyZ9WT7DWQDKK27UJsL2eiD1eYRHAtD+USLxyFRoEal7 Mj4eQzOWIlB2mYp73Yx0sY3zBUKw+xzucCDh8M5Q4cFpwXtRh71KvVoYJwXA7Kzi/5fh bGL/2RIQkCd44anRxu5WopnhM3K/CXKU0u5yR872Wwey8jq3Mm+QRSYC2GkVYumHufP5 9vLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703903; x=1764308703; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=M77mCllcJMbMpVR22bc4qHyCRYKpmXn6ys6/Up60Jxg=; b=dP20EeoRQHyDS3DDXI0gJ5B4HYfkrqU6BQ0Bv9WWg7tVy70quoowgjqr50u2mflZi6 imppmrQGmPUbXhxeYRvWtxKir/JA9PGLBDdEYIcy5u+DPPt946fudSVbYSibGId7HqEh 5QYqTLMn8k9t/JsZDKFU5GRBwq7KEE7UtJlBSKd6aV2Ff3/I4HQt/cL9aWhlyzJJ8lfW 1ZpeXFQZfHShsKbp7DnXizCUqcsg27e8X02k3hUAAk+wc/6HMVrMBMZ4DP1KiBI8XZEW cXFy8o9dvsmGVzcxmXtqoSFfu9CXcs3ZtZzScbXl/cmdNhzlTljc2iyhPbVGQpBLH76L 5/eQ== X-Gm-Message-State: AOJu0YwPM6ck/ONpOy7q0tGQy65CN2dYsIdk1WRaJa5EAXX8TVIaV2oa ZCjHTdXu/wYMp6ANQk4i52GlJX1IH1iVDdCJabiwxJVYDeRObeU31Ix6 X-Gm-Gg: ASbGncuwor3tZx6N0jJ/kP/U4Sz9Mb89PG3oR9MWjoWoYctlNSmzhDMDUI47fqwzfoj fYFHTtheGfMsqnkRSDSwP6J/z4VSE/E3i+zrbeZ4WSZqKYzMjZFG0fzgwoDb2BvuD2xVl/3xdZ3 oBy9g+6HKujbr3ppRUGAM8mTlCui32toebJ7LiMm/DbAGXvTb/mbumxI+9PWRSlmaYDJ/iyzFLj DlpaYpdAS3dRtdOrYrCN/Eqm/wzNchE4rzTsFtoz+2/ccddVNpm0He8c0bXGNrhUa5MrkfQzDU8 OwgBxD966i/knBpoS9QGKuIx7GJZoH5K9KEy65BxBm19DVtOv8Mlx6qAHwYItd8cCmchjjqc0lG tMjKmihmP6eK2fZTfuHHC6OpnKaRPE/jp3KasSzy3NZbfcLo0/ECN9YoKVXblkJYiCHn9Q8HMcV zg1pICVBeOr0rvbnySqM2l X-Google-Smtp-Source: AGHT+IFiczZxqh/SzL68p8yHg4vkV1ClW3o7kQ11kfQfTKx98sbjec/c4UHBvDjgv7YTJ5BYR649kQ== X-Received: by 2002:a17:90b:580c:b0:341:8491:472a with SMTP id 98e67ed59e1d1-34733e4c8d9mr1458637a91.4.1763703902634; Thu, 20 Nov 2025 21:45:02 -0800 (PST) Received: from localhost ([2a03:2880:2ff:4c::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7c3f174c9dasm4610030b3a.65.2025.11.20.21.45.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:45:02 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:44 -0800 Subject: [PATCH net-next v11 12/13] selftests/vsock: add tests for host <-> vm connectivity with namespaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-12-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to validate namespace correctness using vsock_test and socat. The vsock_test tool is used to validate expected success tests, but socat is used for expected failure tests. socat is used to ensure that connections are rejected outright instead of failing due to some other socket behavior (as tested in vsock_test). Additionally, socat is already required for tunneling TCP traffic from vsock_test. Using only one of the vsock_test tests like 'test_stream_client_close_client' would have yielded a similar result, but doing so wouldn't remove the socat dependency. Additionally, check for the dependency socat. socat needs special handling beyond just checking if it is on the path because it must be compiled with support for both vsock and unix. The function check_socat() checks that this support exists. Add more padding to test name printf strings because the tests added in this patch would otherwise overflow. Add vm_dmesg_start() and vm_dmesg_check() to encapsulate checking dmesg for oops and warnings. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v11: - add 'sleep "${WAIT_PERIOD}"' after any non-TCP socat LISTEN cmd (Stefano) - add host_wait_for_listener() after any socat TCP-LISTEN (Stefano) - reuse vm_dmesg_{oops,warn}_count() inside vm_dmesg_check() - fix copy-paste in test_ns_same_local_vm_connect_to_local_host_ok() (Stefano) Changes in v10: - add vm_dmesg_start() and vm_dmesg_check() Changes in v9: - consistent variable quoting --- tools/testing/selftests/vsock/vmtest.sh | 557 ++++++++++++++++++++++++++++= +++- 1 file changed, 555 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index f84da1e8ad14..dfa895abfc7f 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -7,6 +7,7 @@ # * virtme-ng # * busybox-static (used by virtme-ng) # * qemu (used by virtme-ng) +# * socat # # shellcheck disable=3DSC2317,SC2119 =20 @@ -55,6 +56,19 @@ readonly TEST_NAMES=3D( ns_local_same_cid_ok ns_global_local_same_cid_ok ns_local_global_same_cid_ok + ns_diff_global_host_connect_to_global_vm_ok + ns_diff_global_host_connect_to_local_vm_fails + ns_diff_global_vm_connect_to_global_host_ok + ns_diff_global_vm_connect_to_local_host_fails + ns_diff_local_host_connect_to_local_vm_fails + ns_diff_local_vm_connect_to_local_host_fails + ns_diff_global_to_local_loopback_local_fails + ns_diff_local_to_global_loopback_fails + ns_diff_local_to_local_loopback_fails + ns_diff_global_to_global_loopback_ok + ns_same_local_loopback_ok + ns_same_local_host_connect_to_local_vm_ok + ns_same_local_vm_connect_to_local_host_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -86,6 +100,45 @@ readonly TEST_DESCS=3D( =20 # ns_local_global_same_cid_ok "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." + + # ns_diff_global_host_connect_to_global_vm_ok + "Run vsock_test client in global ns with server in VM in another global n= s." + + # ns_diff_global_host_connect_to_local_vm_fails + "Run socat to test a process in a global ns fails to connect to a VM in a= local ns." + + # ns_diff_global_vm_connect_to_global_host_ok + "Run vsock_test client in VM in a global ns with server in another global= ns." + + # ns_diff_global_vm_connect_to_local_host_fails + "Run socat to test a VM in a global ns fails to connect to a host process= in a local ns." + + # ns_diff_local_host_connect_to_local_vm_fails + "Run socat to test a host process in a local ns fails to connect to a VM = in another local ns." + + # ns_diff_local_vm_connect_to_local_host_fails + "Run socat to test a VM in a local ns fails to connect to a host process = in another local ns." + + # ns_diff_global_to_local_loopback_local_fails + "Run socat to test a loopback vsock in a global ns fails to connect to a = vsock in a local ns." + + # ns_diff_local_to_global_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in a global ns." + + # ns_diff_local_to_local_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in another local ns." + + # ns_diff_global_to_global_loopback_ok + "Run socat to test a loopback vsock in a global ns successfully connects = to a vsock in another global ns." + + # ns_same_local_loopback_ok + "Run socat to test a loopback vsock in a local ns successfully connects t= o a vsock in the same ns." + + # ns_same_local_host_connect_to_local_vm_ok + "Run vsock_test client in a local ns with server in VM in same ns." + + # ns_same_local_vm_connect_to_local_host_ok + "Run vsock_test client in VM in a local ns with server in same ns." ) =20 readonly USE_SHARED_VM=3D( @@ -117,7 +170,7 @@ usage() { for ((i =3D 0; i < ${#TEST_NAMES[@]}; i++)); do name=3D${TEST_NAMES[${i}]} desc=3D${TEST_DESCS[${i}]} - printf "\t%-35s%-35s\n" "${name}" "${desc}" + printf "\t%-55s%-35s\n" "${name}" "${desc}" done echo =20 @@ -236,7 +289,7 @@ check_args() { } =20 check_deps() { - for dep in vng ${QEMU} busybox pkill ssh ss; do + for dep in vng ${QEMU} busybox pkill ssh ss socat; do if [[ ! -x $(command -v "${dep}") ]]; then echo -e "skip: dependency ${dep} not found!\n" exit "${KSFT_SKIP}" @@ -287,6 +340,20 @@ check_vng() { fi } =20 +check_socat() { + local support_string + + support_string=3D"$(socat -V)" + + if [[ "${support_string}" !=3D *"WITH_VSOCK 1"* ]]; then + die "err: socat is missing vsock support" + fi + + if [[ "${support_string}" !=3D *"WITH_UNIX 1"* ]]; then + die "err: socat is missing unix support" + fi +} + handle_build() { if [[ ! "${BUILD}" -eq 1 ]]; then return @@ -335,6 +402,14 @@ terminate_pidfiles() { done } =20 +terminate_pids() { + local pid + + for pid in "$@"; do + kill -SIGTERM "${pid}" &>/dev/null || : + done +} + vm_start() { local pidfile=3D$1 local ns=3D$2 @@ -473,6 +548,28 @@ vm_dmesg_warn_count() { vm_ssh "${ns}" -- dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock' } =20 +vm_dmesg_check() { + local pidfile=3D$1 + local ns=3D$2 + local oops_before=3D$3 + local warn_before=3D$4 + local oops_after warn_after + + oops_after=3D$(vm_dmesg_oops_count "${ns}") + if [[ "${oops_after}" -gt "${oops_before}" ]]; then + echo "FAIL: kernel oops detected on vm in ns ${ns}" | log_host + return 1 + fi + + warn_after=3D$(vm_dmesg_warn_count "${ns}") + if [[ "${warn_after}" -gt "${warn_before}" ]]; then + echo "FAIL: kernel warning detected on vm in ns ${ns}" | log_host + return 1 + fi + + return 0 +} + vm_vsock_test() { local ns=3D$1 local host=3D$2 @@ -597,6 +694,461 @@ test_ns_host_vsock_ns_mode_ok() { return "${KSFT_PASS}" } =20 +test_ns_diff_global_host_connect_to_global_vm_ok() { + local oops_before warn_before + local pids pid pidfile + local ns0 ns1 port + declare -a pids + local unixfile + ns0=3D"global0" + ns1=3D"global1" + port=3D1234 + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns0}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + ip netns exec "${ns1}" \ + socat TCP-LISTEN:"${TEST_HOST_PORT}",fork \ + UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + host_wait_for_listener "${ns1}" "${TEST_HOST_PORT}" "tcp" + + ip netns exec "${ns0}" socat UNIX-LISTEN:"${unixfile}",fork \ + TCP-CONNECT:localhost:"${TEST_HOST_PORT}" & + pids+=3D($!) + host_wait_for_listener "${ns0}" "${unixfile}" "unix" + + vm_vsock_test "${ns0}" "server" 2 "${TEST_GUEST_PORT}" + vm_wait_for_listener "${ns0}" "${TEST_GUEST_PORT}" "tcp" + host_vsock_test "${ns1}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pids "${pids[@]}" + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_diff_global_host_connect_to_local_vm_fails() { + local oops_before warn_before + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + outfile=3D$(mktemp) + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns1}"; then + log_host "failed to start vm (cid=3D${VSOCK_CID}, ns=3D${ns0})" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns1}" + oops_before=3D$(vm_dmesg_oops_count "${ns1}") + warn_before=3D$(vm_dmesg_warn_count "${ns1}") + + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + vm_wait_for_listener "${ns1}" "${port}" "vsock" + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + vm_dmesg_check "${pidfile}" "${ns1}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" =3D=3D "TEST" ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_diff_global_vm_connect_to_global_host_ok() { + local oops_before warn_before + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local unixfile + local dmesg_rc + local pidfile + local pids + local rc + + init_namespaces + + declare -a pids + + log_host "Setup socat bridge from ns ${ns0} to ns ${ns1} over port ${port= }" + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + + ip netns exec "${ns0}" \ + socat TCP-LISTEN:"${port}" UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + host_wait_for_listener "${ns0}" "${port}" "tcp" + + ip netns exec "${ns1}" \ + socat UNIX-LISTEN:"${unixfile}" TCP-CONNECT:127.0.0.1:"${port}" & + pids+=3D($!) + host_wait_for_listener "${ns1}" "${unixfile}" "unix" + + log_host "Launching ${VSOCK_TEST} in ns ${ns1}" + host_vsock_test "${ns1}" "server" "${VSOCK_CID}" "${port}" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_vsock_test "${ns0}" "10.0.2.2" 2 "${port}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" + +} + +test_ns_diff_global_vm_connect_to_local_host_fails() { + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local oops_before warn_before + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT &> "${outfile}= " & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pid}" + rm -f "${outfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_host_connect_to_local_vm_fails() { + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local oops_before warn_before + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + outfile=3D$(mktemp) + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns1}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns1}" + oops_before=3D$(vm_dmesg_oops_count "${ns1}") + warn_before=3D$(vm_dmesg_warn_count "${ns1}") + + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + vm_wait_for_listener "${ns1}" "${port}" "vsock" + + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + vm_dmesg_check "${pidfile}" "${ns1}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_vm_connect_to_local_host_fails() { + local oops_before warn_before + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT &> "${outfile}= " & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + rm -f "${outfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +__test_loopback_two_netns() { + local ns0=3D$1 + local ns1=3D$2 + local port=3D12345 + local result + local pid + + modprobe vsock_loopback &> /dev/null || : + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}"= 2>/dev/null & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + log_host "Launching socat in ns ${ns0}" + echo TEST | ip netns exec "${ns0}" socat STDIN VSOCK-CONNECT:1:"${port}" = 2>/dev/null + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" =3D=3D TEST ]]; then + return 0 + fi + + return 1 +} + +test_ns_diff_global_to_local_loopback_local_fails() { + init_namespaces + + if ! __test_loopback_two_netns "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_to_global_loopback_fails() { + init_namespaces + + if ! __test_loopback_two_netns "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_to_local_loopback_fails() { + init_namespaces + + if ! __test_loopback_two_netns "local0" "local1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_global_to_global_loopback_ok() { + init_namespaces + + if __test_loopback_two_netns "global0" "global1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_same_local_loopback_ok() { + init_namespaces + + if __test_loopback_two_netns "local0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_same_local_host_connect_to_local_vm_ok() { + local oops_before warn_before + local ns=3D"local0" + local port=3D1234 + local dmesg_rc + local pidfile + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns}" + oops_before=3D$(vm_dmesg_oops_count "${ns}") + warn_before=3D$(vm_dmesg_warn_count "${ns}") + + vm_vsock_test "${ns}" "server" 2 "${TEST_GUEST_PORT}" + host_vsock_test "${ns}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_same_local_vm_connect_to_local_host_ok() { + local oops_before warn_before + local ns=3D"local0" + local port=3D1234 + local dmesg_rc + local pidfile + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns}" + oops_before=3D$(vm_dmesg_oops_count "${ns}") + warn_before=3D$(vm_dmesg_warn_count "${ns}") + + host_vsock_test "${ns}" "server" "${VSOCK_CID}" "${port}" + vm_vsock_test "${ns}" "10.0.2.2" 2 "${port}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + namespaces_can_boot_same_cid() { local ns0=3D$1 local ns1=3D$2 @@ -894,6 +1446,7 @@ fi check_args "${ARGS[@]}" check_deps check_vng +check_socat handle_build =20 echo "1..${#ARGS[@]}" --=20 2.47.3 From nobody Tue Dec 2 01:30:06 2025 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4D5830102D for ; Fri, 21 Nov 2025 05:45:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703912; cv=none; b=UBBv3EPrrwdylcG5WnOtAPsnWVcKNg6617sC89bqNRVOjZNVUX/BqarRO5lD+V3JhwtTuxnwvZWgoTtBZK5iy7DGP0tlmhjPBmVLNwSOeVLdSPA4vxl2belKVXhrWs8/FLkmucl8nmV16YBnBYyvDCSxQieJTiOSR1johrVgn6Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763703912; c=relaxed/simple; bh=HcFpLUc+G6pQCjiDu3dqqPPKH+0uQ8yqBNmFiEzDG9E=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=TV6RvFL3Apvk5K/1NsKWT8POOY5HOiL4L4F/ASjf7c2jyKm7ud/tWylcBCwoeCHWvBI+WFz/dvoB/bw+pFwQfEuIzlsp3/6jsfM9/pyf1vXjcfg1TwemQ3DNLV9N3TC0Z8To4a5KcUbk3fvD+8nK1Lzym50KsDFIqTUDfYFPknE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Klkn0m20; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Klkn0m20" Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-2956d816c10so19575625ad.1 for ; Thu, 20 Nov 2025 21:45:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763703903; x=1764308703; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=V9sFl9qbvPwYtRInTuWVbglrBqV89lDCjlyhP3JynaY=; b=Klkn0m20fjLI6Vui0GWilQsRMEvbJFjTwZ9HtpseO8a271FSF86tEMIr9jBqtMe+NY TJYA97A1ZEWs0grA8NlWhm1EWLGRAruXtl8iIs8ASFE5QV4fKbklmTqKhlIZVPRLYfzE MU1JPTMrAYKAHrcT8hFsT+9geha38Rfd1/hvxu1enXwRRIdYWESM/fMhRRZFHgdeWVFz hbhEpJUIpYlIwCw5FHijmibnG6FU22ANSd3szZWWFTHlwUE3yPJhbSoOTMz8n0Ldj6+F MlW65xr+pYraqUw390l+Pb2JRj6s8bOgEd8Pvn6HcDp9Lb/NNMo0x10wjbTJ2N1GVqNb iMMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763703903; x=1764308703; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=V9sFl9qbvPwYtRInTuWVbglrBqV89lDCjlyhP3JynaY=; b=GkeKZUbk1F58verITBDikb6snx4tQlfIDJb/JxGMQZDogB+fcxr6MrXc8dsQhVy1Z8 hl7sqFvuYDSEP2PBxbBBUAV00MsZ2cZt9wymSOaG8VQf/VP83vYuyOYIUIF9wDXeLkdi VL/jxUeQ0PfB4X4JcWOzTjU+HLkPU6FShFMbBMVeKVJdquU6hAO7jkhu24Ii/hOtZOtg gKNHgLyeyNNQK8bWLBJhC17vAqepn4YSs3oIRq75MmydXGyS92z68DLw7Ck/UrdR43AY ACj3NVygwhu66VYNzo2GXSzB5ntBmLVxEKCjYuqLVuyST1JizrCrmejs+T1xQt7RC1V4 03gQ== X-Gm-Message-State: AOJu0Yw9Uv59eV2xgr6bpRn0YPGcgk283dDRgQF7RLR+NejbveIqkBDF XUU7hrMZ+mSLoZylmCrkK2vO8Utfcfsboel2otXItE79TBSp4ahKA2LB X-Gm-Gg: ASbGncu5sZSGR52h6Rl4RCnvSqRhjia+jB6QdPBqJPKz8lUHmCmmAMphJJCWyFVy5K5 FKTbkSZFhC9d9353pU0yN7YNSu3H/+zWtUhfk05CqsZFoh3T7oOAqAGtk2jTtcpxqEwGg9xK2uW QUnmBxi3eXJV9/Ci+3RRmWpG+ia0TkyDrgNn8C5xW9nBFUxgOpJXC41yeoVzAIx0NZGPEIA06z9 ERNfSwg6pyNvlvnKkPe49N5bR8vADDN0rvajx8ujZNOSFQXc+79iJoRarEKLgRT+fTJ9b/KEmnf pdprqublJjIMdBtdG6o6t0tFIaHn5OhwFstPByJgwl01GSB5/RV9cO4KbMnHtusa2QqB6yUGGFn xY9BoDrfKD/gh8zsw9V0oUdEc746Z00ps/zjyIOFL6vy7JtmK9ljsOeqQeNwbKlRUdGeE1MiYl7 BR6zRvRYbbLumqNld6zZU= X-Google-Smtp-Source: AGHT+IGNogkw6+aYEKeY1jIA1/MWu6kqW3NQeqBIULV4beIyW6SfaQAClzFvrrHi8XqojUq6urD3Lg== X-Received: by 2002:a17:903:19ec:b0:297:f8dd:4d8e with SMTP id d9443c01a7336-29b6bf37d9dmr17593035ad.30.1763703903500; Thu, 20 Nov 2025 21:45:03 -0800 (PST) Received: from localhost ([2a03:2880:2ff:6::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29b5b25e0f0sm42902025ad.46.2025.11.20.21.45.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 21:45:03 -0800 (PST) From: Bobby Eshleman Date: Thu, 20 Nov 2025 21:44:45 -0800 Subject: [PATCH net-next v11 13/13] selftests/vsock: add tests for namespace deletion and mode changes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251120-vsock-vmtest-v11-13-55cbc80249a7@meta.com> References: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> In-Reply-To: <20251120-vsock-vmtest-v11-0-55cbc80249a7@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests that validate vsock sockets are resilient to deleting namespaces or changing namespace modes from global to local. The vsock sockets should still function normally. The function check_ns_changes_dont_break_connection() is added to re-use the step-by-step logic of 1) setup connections, 2) do something that would maybe break the connections, 3) check that the connections are still ok. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v11: - remove pipefile (Stefano) Changes in v9: - more consistent shell style - clarify -u usage comment for pipefile --- tools/testing/selftests/vsock/vmtest.sh | 119 ++++++++++++++++++++++++++++= ++++ 1 file changed, 119 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index dfa895abfc7f..5f0b24845fad 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -69,6 +69,12 @@ readonly TEST_NAMES=3D( ns_same_local_loopback_ok ns_same_local_host_connect_to_local_vm_ok ns_same_local_vm_connect_to_local_host_ok + ns_mode_change_connection_continue_vm_ok + ns_mode_change_connection_continue_host_ok + ns_mode_change_connection_continue_both_ok + ns_delete_vm_ok + ns_delete_host_ok + ns_delete_both_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -139,6 +145,24 @@ readonly TEST_DESCS=3D( =20 # ns_same_local_vm_connect_to_local_host_ok "Run vsock_test client in VM in a local ns with server in same ns." + + # ns_mode_change_connection_continue_vm_ok + "Check that changing NS mode of VM namespace from global to local after a= connection is established doesn't break the connection" + + # ns_mode_change_connection_continue_host_ok + "Check that changing NS mode of host namespace from global to local after= a connection is established doesn't break the connection" + + # ns_mode_change_connection_continue_both_ok + "Check that changing NS mode of host and VM namespaces from global to loc= al after a connection is established doesn't break the connection" + + # ns_delete_vm_ok + "Check that deleting the VM's namespace does not break the socket connect= ion" + + # ns_delete_host_ok + "Check that deleting the host's namespace does not break the socket conne= ction" + + # ns_delete_both_ok + "Check that deleting the VM and host's namespaces does not break the sock= et connection" ) =20 readonly USE_SHARED_VM=3D( @@ -1288,6 +1312,101 @@ test_ns_vm_local_mode_rejected() { return "${KSFT_PASS}" } =20 +check_ns_changes_dont_break_connection() { + local pipefile pidfile outfile + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local pids=3D() + local rc=3D0 + + init_namespaces + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + return "${KSFT_FAIL}" + fi + vm_wait_for_ssh "${ns0}" + + outfile=3D$(mktemp) + vm_ssh "${ns0}" -- \ + socat VSOCK-LISTEN:"${port}",fork STDOUT > "${outfile}" 2>/dev/null & + pids+=3D($!) + vm_wait_for_listener "${ns0}" "${port}" "vsock" + + # We use a pipe here so that we can echo into the pipe instead of using + # socat and a unix socket file. We just need a name for the pipe (not a + # regular file) so use -u. + pipefile=3D$(mktemp -u /tmp/vmtest_pipe_XXXX) + ip netns exec "${ns1}" \ + socat PIPE:"${pipefile}" VSOCK-CONNECT:"${VSOCK_CID}":"${port}" & + pids+=3D($!) + + timeout "${WAIT_PERIOD}" \ + bash -c 'while [[ ! -e '"${pipefile}"' ]]; do sleep 1; done; exit 0' + + if [[ $2 =3D=3D "delete" ]]; then + if [[ "$1" =3D=3D "vm" ]]; then + ip netns del "${ns0}" + elif [[ "$1" =3D=3D "host" ]]; then + ip netns del "${ns1}" + elif [[ "$1" =3D=3D "both" ]]; then + ip netns del "${ns0}" + ip netns del "${ns1}" + fi + elif [[ $2 =3D=3D "change_mode" ]]; then + if [[ "$1" =3D=3D "vm" ]]; then + ns_set_mode "${ns0}" "local" + elif [[ "$1" =3D=3D "host" ]]; then + ns_set_mode "${ns1}" "local" + elif [[ "$1" =3D=3D "both" ]]; then + ns_set_mode "${ns0}" "local" + ns_set_mode "${ns1}" "local" + fi + fi + + echo "TEST" > "${pipefile}" + + timeout "${WAIT_PERIOD}" \ + bash -c 'while [[ ! -s '"${outfile}"' ]]; do sleep 1; done; exit 0' + + if grep -q "TEST" "${outfile}"; then + rc=3D"${KSFT_PASS}" + else + rc=3D"${KSFT_FAIL}" + fi + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${outfile}" "${pipefile}" + + return "${rc}" +} + +test_ns_mode_change_connection_continue_vm_ok() { + check_ns_changes_dont_break_connection "vm" "change_mode" +} + +test_ns_mode_change_connection_continue_host_ok() { + check_ns_changes_dont_break_connection "host" "change_mode" +} + +test_ns_mode_change_connection_continue_both_ok() { + check_ns_changes_dont_break_connection "both" "change_mode" +} + +test_ns_delete_vm_ok() { + check_ns_changes_dont_break_connection "vm" "delete" +} + +test_ns_delete_host_ok() { + check_ns_changes_dont_break_connection "host" "delete" +} + +test_ns_delete_both_ok() { + check_ns_changes_dont_break_connection "both" "delete" +} + shared_vm_test() { local tname =20 --=20 2.47.3