From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BEC131ED6A for ; Thu, 27 Nov 2025 07:47:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229667; cv=none; b=ou8PVg1mvR2qnrU5waYJkonut51jmhK2pSTwa5w7lxgpbfHgWOzeCgs6D2soRjMpkpNtZFxzOXPKtdnVPv3HzUR/p86oL81u2YTwjGgq+Xgqyzcym4+VzoOtcjDliVkBAgK4HScSxoWukfDMhEKbk89ZSkQj6uVDJ0X5J0cEmZQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229667; c=relaxed/simple; bh=26Ucrht91aAIwIXyn98Z2G6zb0Uqo0wULoQ9rseWbpU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=cvVUIXqXYJZ3Lj6qwRaiRROiYz5s2uGWzuMCZ+sg90zM7hY3wNnqnZHaHxmuYUJj6P9gyYjuApj17cVOD9n6nwNJbWJNXGNKN/SbupiWF4/eyNRLGOUmEZIatD/j04T+cODMDv9SVwDPdA1c7WX6r63jsKbxN90Inx56bR+V65I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=I3V1/mOQ; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="I3V1/mOQ" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2955623e6faso6518635ad.1 for ; Wed, 26 Nov 2025 23:47:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229664; x=1764834464; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=rD2STQ1vCewvqhwa6nIY2y5ruJr4z91nYVEqL9bn/Qk=; b=I3V1/mOQiOx8MRQ4km33v3H1xh7/IkZyF6oGxhqhuoBmpsjWKUwYwbLzXFYdoRZQwF 1CslYcsCb5FpDeEih6tvO6WwJbEmIaI48YPyrwNsQ5Yy2vp7wRm0EkQa45HVMWSJfGqf gXROi1cClLZWW9AN16CiNDvtdFNMB969ZUb8Cbz+9UBS/TP6hV46cbO6i3TNAyiSLN5+ OBJZXzbVjNnYIIqYOih0ZmJavFggCisDo5tVSBPlalM9HU/Cv7HWSrh9v1szl0qeW0Uw QVJaBB43PA63SnLAgRkTX6MP/88bY95WEXFgGTOr9SV1oj61JDSNTkJeznKCJ+Q/ruft ZguQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229664; x=1764834464; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=rD2STQ1vCewvqhwa6nIY2y5ruJr4z91nYVEqL9bn/Qk=; b=Q0twKUA8MF44gEAlyEjSbEmMulI8bcBvPJrGgv4DbpElL/NqUMaxEdqsLRyLHfnTWU DshUVU9VOEqVlZ64I1APAA4M3JRtwe6RTD/OO+QbsROT7gy3OD8SvPBsbzup30seFLqg AyIhfTAUveb6c4cXrH+dLQvwVr68Zu7HP7xZgG1xDtM7NTocJPVcvXV3FxI2SajlN1R4 GyS7ZGh2oSVcuNpSq6ilc2KyUVg1P86UyNBV6wpgdT7k4ig+Q36UTzqHcjeMBEWpRtwp DAUHBzSBrODlqYNnpeqiGhtrgfyEwKDFMPT68PsUZVDQfNcMDrAje9uqeJm9eXdsuWWH 74uA== X-Gm-Message-State: AOJu0Yze46QUxRvz3H9Nz2c8xl+xUMrJpIs3brfpBP7f49gHutGvOzxz jixjVm6UXRZX0WveMiFLxA4xvcStp8dD1dvclNQ4CN5HO0T7RoPxI6ll X-Gm-Gg: ASbGncsu0gzBj+xRsS8L3NpZsUNM7REAmg5jH8rUvHGv+PQOMXOHEnzOVvdA47hZ7SF L7T/1Tt352xyI4nDSO3qMWG4WwuF2bE2P/Bxn/6h0FQTSZkIHE7OHMTqQOcZt9e449YYitUSw63 mhFQgtJbjMgyvWVx2HtB8gwLiQM2UTHKWyRQr1bmLqk6kvCVXZUtXFV/00ig+vIwgEvDrH8VcG2 IWeXOKEpV3rOhtjy0014Z+cEzBERhxWjRJt/SVzAPtYQ16ekMiS702uCs5HV9EY9pKEUWnCbxOa yW4attqM8dr5mt0DC1T7oN/JwH7IxCeQLX/9qdmBIKxoRtHVkqGC783FXlllTBAKHwl1kvBYqwS tBI4ny5h77s8M6E4ajrr2XgYMeBXR9+iAAQ6R2VMPC6pk3OUTSeN8YHmQN3musUESqcClxW+Z3E w0ELSihDypzOpfxcsY X-Google-Smtp-Source: AGHT+IHn8ZHQCrrjN8WYiQwLe7s4AgFxywclEFz4RKnAL0Y6AAFYxABrnxA49xZvkfu8g2UNHoUjMw== X-Received: by 2002:a17:902:c406:b0:28d:18fb:bb93 with SMTP id d9443c01a7336-29baae4ed2emr111145825ad.7.1764229663889; Wed, 26 Nov 2025 23:47:43 -0800 (PST) Received: from localhost ([2a03:2880:2ff::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29bceb542a4sm8131685ad.86.2025.11.26.23.47.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:43 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:30 -0800 Subject: [PATCH net-next v12 01/12] vsock: a per-net vsock NS mode state Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-1-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add the per-net vsock NS mode state. This only adds the structure for holding the mode and some of the functions for setting/getting and checking the mode, but does not integrate the functionality yet. A "net_mode" field is added to vsock_sock to store the mode of the namespace when the vsock_sock was created. In order to evaluate namespace mode rules we need to know both a) which namespace the endpoints are in, and b) what mode that namespace had when the endpoints were created. This allows us to handle the changing of modes from global to local *after* a socket has been created by remembering that the mode was global when the socket was created. If we were to use the current net's mode instead, then the lookup would fail and the socket would break. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v10: - change mode_locked to int (Stefano) Changes in v9: - use xchg(), WRITE_ONCE(), READ_ONCE() for mode and mode_locked (Stefano) - clarify mode0/mode1 meaning in vsock_net_check_mode() comment - remove spin lock in net->vsock (not used anymore) - change mode from u8 to enum vsock_net_mode in vsock_net_write_mode() Changes in v7: - clarify vsock_net_check_mode() comments - change to `orig_net_mode =3D=3D VSOCK_NET_MODE_GLOBAL && orig_net_mode = =3D=3D vsk->orig_net_mode` - remove extraneous explanation of `orig_net_mode` - rename `written` to `mode_locked` - rename `vsock_hdr` to `sysctl_hdr` - change `orig_net_mode` to `net_mode` - make vsock_net_check_mode() more generic by taking just net pointers and modes, instead of a vsock_sock ptr, for reuse by transports (e.g., vhost_vsock) Changes in v6: - add orig_net_mode to store mode at creation time which will be used to avoid breakage when namespace changes mode during socket/VM lifespan Changes in v5: - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - change from net->vsock.ns_mode to net->vsock.mode - change vsock_net_set_mode() to vsock_net_write_mode() - vsock_net_write_mode() returns bool for write success to avoid need to use vsock_net_mode_can_set() - remove vsock_net_mode_can_set() --- MAINTAINERS | 1 + include/net/af_vsock.h | 44 +++++++++++++++++++++++++++++++++++++++++= +++ include/net/net_namespace.h | 4 ++++ include/net/netns/vsock.h | 17 +++++++++++++++++ 4 files changed, 66 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index e9a8d945632b..b6ac6720d706 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -27105,6 +27105,7 @@ L: netdev@vger.kernel.org S: Maintained F: drivers/vhost/vsock.c F: include/linux/virtio_vsock.h +F: include/net/netns/vsock.h F: include/uapi/linux/virtio_vsock.h F: net/vmw_vsock/virtio_transport.c F: net/vmw_vsock/virtio_transport_common.c diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index d40e978126e3..9b5bdd083b6f 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -10,6 +10,7 @@ =20 #include #include +#include #include #include =20 @@ -65,6 +66,7 @@ struct vsock_sock { u32 peer_shutdown; bool sent_request; bool ignore_connecting_rst; + enum vsock_net_mode net_mode; =20 /* Protected by lock_sock(sk) */ u64 buffer_size; @@ -256,4 +258,46 @@ static inline bool vsock_msgzerocopy_allow(const struc= t vsock_transport *t) { return t->msgzerocopy_allow && t->msgzerocopy_allow(); } + +static inline enum vsock_net_mode vsock_net_mode(struct net *net) +{ + return READ_ONCE(net->vsock.mode); +} + +static inline bool vsock_net_write_mode(struct net *net, + enum vsock_net_mode mode) +{ + if (xchg(&net->vsock.mode_locked, 1)) + return false; + + WRITE_ONCE(net->vsock.mode, mode); + return true; +} + +/* Return true if two namespaces and modes pass the mode rules. Otherwise, + * return false. + * + * - ns0 and ns1 are the namespaces being checked. + * - mode0 and mode1 are the vsock namespace modes of ns0 and ns1 at the t= ime + * the vsock objects were created. + * + * Read more about modes in the comment header of net/vmw_vsock/af_vsock.c. + */ +static inline bool vsock_net_check_mode(struct net *ns0, + enum vsock_net_mode mode0, + struct net *ns1, + enum vsock_net_mode mode1) +{ + /* Any vsocks within the same network namespace are always reachable, + * regardless of the mode. + */ + if (net_eq(ns0, ns1)) + return true; + + /* + * If the network namespaces differ, vsocks are only reachable if both + * were created in VSOCK_NET_MODE_GLOBAL mode. + */ + return mode0 =3D=3D VSOCK_NET_MODE_GLOBAL && mode0 =3D=3D mode1; +} #endif /* __AF_VSOCK_H__ */ diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index cb664f6e3558..66d3de1d935f 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -196,6 +197,9 @@ struct net { /* Move to a better place when the config guard is removed. */ struct mutex rtnl_mutex; #endif +#if IS_ENABLED(CONFIG_VSOCKETS) + struct netns_vsock vsock; +#endif } __randomize_layout; =20 #include diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h new file mode 100644 index 000000000000..c1a5e805949d --- /dev/null +++ b/include/net/netns/vsock.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __NET_NET_NAMESPACE_VSOCK_H +#define __NET_NET_NAMESPACE_VSOCK_H + +#include + +enum vsock_net_mode { + VSOCK_NET_MODE_GLOBAL, + VSOCK_NET_MODE_LOCAL, +}; + +struct netns_vsock { + struct ctl_table_header *sysctl_hdr; + enum vsock_net_mode mode; + int mode_locked; +}; +#endif /* __NET_NET_NAMESPACE_VSOCK_H */ --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E3CEB3203A0 for ; Thu, 27 Nov 2025 07:47:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229671; cv=none; b=YU7P+YPekn1OUqT0xj26VwKd26FwrGq29lwepg5kpRjlz/gIyKr9q3pZCpJar2AJLca4q5/NUVADtG5dGGybVBqXSH6WVwmy5CqAVlVTitcSP0LdVplI30vqYlkxLoFWxi7Nlu5OIe+qARFX5/AI+4H6WVf1Al/mbdPaBdXT6ko= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229671; c=relaxed/simple; bh=T6s/fX8Bucka31KVWMy17BfL3WMBh4IIsLL1pa/KosM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=d3n+VavEss4XzQzFaNbM0G8aNniIOqh1XbQuElGcBrSjuATecwpfykq8o32rT5gEi2Jk+8c68g4LdPmMSavl8rzrgmM/TkIzbmyBsN5QCqsiTUTGJhTxd28VlpLeeUV2NJ78vRGtcqgwxbpBobrn6OolgYVgfsZZs0njrYG9xhU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RzlX5On4; arc=none smtp.client-ip=209.85.216.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RzlX5On4" Received: by mail-pj1-f54.google.com with SMTP id 98e67ed59e1d1-343774bd9b4so464823a91.2 for ; Wed, 26 Nov 2025 23:47:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229665; x=1764834465; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=U4Npic8zOzVcf89TgGtgLVFqx0Z9GiyZp0YFIxLZfDk=; b=RzlX5On4EDv5tFEofQVTTEzhqO/I72HGFEu5GS3uaAnjjrRyx4RFUSoUI4Mv1pr/u/ fDjCdUjQAbLCOo60NiuhwCcFEcZcNP4mCJySCCqZTJ+nWKqCK3fix5dJbiISRMJv6CJq m2xBHePNvXdXEWMGIEGOOn1/R48CIxONnDAto1AXugwGzbl7+MEmPzJTre5Z4tQ7AHki vwjw7iAkNN78YSNbQIX39MVW+Rdo7qC61+0gvFbO2bdQMEdV/rqQRCG51ziMQw4mirwH RAo6DZupxQPhtWFPju7aYhZC/qS0mk/XwbhagqpilihIBuLc3U2Huod9OWJT7nvk/gvF ZMuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229665; x=1764834465; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=U4Npic8zOzVcf89TgGtgLVFqx0Z9GiyZp0YFIxLZfDk=; b=KjkP82c3ywuU069Jn2alkpEicVZMXkbaWKIKZD+e8M1dyYILzA8HSj2QtQlBABfcTh kiB8EdIL1OBTPs2VqaEhXwCWvybU9UJTw3qjKEN4YaABajmj7FGtBH2MFvAZrhAErgKF vBwjCUucA8msBfWo0ALYPqsPuFL2SC/sKoGDwZsZI8c6XNR5tK0YOCGnNCkahQgWXPKI vkXMiSaKoHDixfKv3P/RG+uNw+Mli0Vd8KiRgYUuHs3h+DzlSVa+jFZ3dhcwmGTLq5sl CmVg50XPXlUaPXu6TIMHFhQ1kVVeedxo00j/TM0oaAMhj4Xe4PueYDXIGhsTexwUn7jX bUUA== X-Gm-Message-State: AOJu0Yx9tnmVQBhlYKuGTQP8DK12E+ph5O3tqxA2m5Agc1KV5DynnYPx 8HqDBY+arrkX9W9Km31uk5pg5G24Fu+YDKkO7iUQAyxHF2Q3SRmViruz X-Gm-Gg: ASbGncvmZpTX87X8Tsk/mwsqIZUhzzF5cthKlW1ekB83v9xIy8ltSzWFD/syRxLLsjB VahnZqlKkEdDr5/5sNemkc1AvWjCxcPwNTfSrjGCOyt80pMPOZirYCih/tODk40Xa6WIqZju9hf POGTjBgnKZr2iUW3DEbxAkPnP51Jjy4rD42yLQu8UnleOVlFfBH19k4UD1ektHFEDO7A5G2y18z 0lLzVhjqSJavjiogUdjSI5MutiODRhS966heOMD5uGMSA7HXOgUBv7ftI/bZjckRtgVq9AfIvsc 4Avtmzu5pNSwSEYg0N5XeWthvlEJYPM1ZmNjRSBRM6irHduUbleTuQZCpv/8zWEVtRD9a0QrCWP dO/YlUqwJdYIcsM7US55OCYH4TOh1kVj1J8BPYd0KROtkzR3t2AevTUF8XTZ1opvc6EKtdk7ebs J1UFVQz8KG4c/ngtQi6mpv X-Google-Smtp-Source: AGHT+IHBtIt9JCJ+DA/JKejK6HYrRdIPxkE/b/YHn1NhW2KqkAfkUoLDYpPZJuOdacv8K8hbgnV1OA== X-Received: by 2002:a17:90b:2d46:b0:340:bb56:79de with SMTP id 98e67ed59e1d1-34733f4a9c3mr20146201a91.30.1764229664982; Wed, 26 Nov 2025 23:47:44 -0800 (PST) Received: from localhost ([2a03:2880:2ff:74::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-3476a7e8b65sm4686924a91.17.2025.11.26.23.47.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:44 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:31 -0800 Subject: [PATCH net-next v12 02/12] vsock: add netns to vsock core Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-2-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add netns logic to vsock core. Additionally, modify transport hook prototypes to be used by later transport-specific patches (e.g., *_seqpacket_allow()). Namespaces are supported primarily by changing socket lookup functions (e.g., vsock_find_connected_socket()) to take into account the socket namespace and the namespace mode before considering a candidate socket a "match". This patch also introduces the sysctl /proc/sys/net/vsock/ns_mode that accepts the "global" or "local" mode strings. Add netns functionality (initialization, passing to transports, procfs, etc...) to the af_vsock socket layer. Later patches that add netns support to transports depend on this patch. dgram_allow(), stream_allow(), and seqpacket_allow() callbacks are modified to take a vsk in order to perform logic on namespace modes. In future patches, the net and net_mode will also be used for socket lookups in these functions. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v12: - return true in dgram_allow(), stream_allow(), and seqpacket_allow() only if net_mode =3D=3D VSOCK_NET_MODE_GLOBAL (Stefano) - document bind(VMADDR_CID_ANY) case in af_vsock.c (Stefano) - change order of stream_allow() call in vmci so we can pass vsk to it Changes in v10: - add file-level comment about what happens to sockets/devices when the namespace mode changes (Stefano) - change the 'if (write)' boolean in vsock_net_mode_string() to if (!write), this simplifies a later patch which adds "goto" for mutex unlocking on function exit. Changes in v9: - remove virtio_vsock_alloc_rx_skb() (Stefano) - remove vsock_global_dummy_net, not needed as net=3DNULL + net_mode=3DVSOCK_NET_MODE_GLOBAL achieves identical result Changes in v7: - hv_sock: fix hyperv build error - explain why vhost does not use the dummy - explain usage of __vsock_global_dummy_net - explain why VSOCK_NET_MODE_STR_MAX is 8 characters - use switch-case in vsock_net_mode_string() - avoid changing transports as much as possible - add vsock_find_{bound,connected}_socket_net() - rename `vsock_hdr` to `sysctl_hdr` - add virtio_vsock_alloc_linear_skb() wrapper for setting dummy net and global mode for virtio-vsock, move skb->cb zero-ing into wrapper - explain seqpacket_allow() change - move net setting to __vsock_create() instead of vsock_create() so that child sockets also have their net assigned upon accept() Changes in v6: - unregister sysctl ops in vsock_exit() - af_vsock: clarify description of CID behavior - af_vsock: fix buf vs buffer naming, and length checking - af_vsock: fix length checking w/ correct ctl_table->maxlen Changes in v5: - vsock_global_net() -> vsock_global_dummy_net() - update comments for new uAPI - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - add prototype changes so patch remains compilable --- drivers/vhost/vsock.c | 9 +- include/linux/virtio_vsock.h | 4 +- include/net/af_vsock.h | 13 +- net/vmw_vsock/af_vsock.c | 272 ++++++++++++++++++++++++++++= +--- net/vmw_vsock/hyperv_transport.c | 7 +- net/vmw_vsock/virtio_transport.c | 9 +- net/vmw_vsock/virtio_transport_common.c | 6 +- net/vmw_vsock/vmci_transport.c | 26 ++- net/vmw_vsock/vsock_loopback.c | 8 +- 9 files changed, 310 insertions(+), 44 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index ae01457ea2cd..83937e1d63fa 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -404,7 +404,8 @@ static bool vhost_transport_msgzerocopy_allow(void) return true; } =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid); +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); =20 static struct virtio_transport vhost_transport =3D { .transport =3D { @@ -460,11 +461,15 @@ static struct virtio_transport vhost_transport =3D { .send_pkt =3D vhost_transport_send_pkt, }; =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid) +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid) { struct vhost_vsock *vsock; bool seqpacket_allow =3D false; =20 + if (vsk->net_mode !=3D VSOCK_NET_MODE_GLOBAL) + return false; + rcu_read_lock(); vsock =3D vhost_vsock_get(remote_cid); =20 diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 0c67543a45c8..1845e8d4f78d 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -256,10 +256,10 @@ void virtio_transport_notify_buffer_size(struct vsock= _sock *vsk, u64 *val); =20 u64 virtio_transport_stream_rcvhiwat(struct vsock_sock *vsk); bool virtio_transport_stream_is_active(struct vsock_sock *vsk); -bool virtio_transport_stream_allow(u32 cid, u32 port); +bool virtio_transport_stream_allow(struct vsock_sock *vsk, u32 cid, u32 po= rt); int virtio_transport_dgram_bind(struct vsock_sock *vsk, struct sockaddr_vm *addr); -bool virtio_transport_dgram_allow(u32 cid, u32 port); +bool virtio_transport_dgram_allow(struct vsock_sock *vsk, u32 cid, u32 por= t); =20 int virtio_transport_connect(struct vsock_sock *vsk); =20 diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index 9b5bdd083b6f..d10e73cd7413 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -126,7 +126,7 @@ struct vsock_transport { size_t len, int flags); int (*dgram_enqueue)(struct vsock_sock *, struct sockaddr_vm *, struct msghdr *, size_t len); - bool (*dgram_allow)(u32 cid, u32 port); + bool (*dgram_allow)(struct vsock_sock *vsk, u32 cid, u32 port); =20 /* STREAM. */ /* TODO: stream_bind() */ @@ -138,14 +138,14 @@ struct vsock_transport { s64 (*stream_has_space)(struct vsock_sock *); u64 (*stream_rcvhiwat)(struct vsock_sock *); bool (*stream_is_active)(struct vsock_sock *); - bool (*stream_allow)(u32 cid, u32 port); + bool (*stream_allow)(struct vsock_sock *vsk, u32 cid, u32 port); =20 /* SEQ_PACKET. */ ssize_t (*seqpacket_dequeue)(struct vsock_sock *vsk, struct msghdr *msg, int flags); int (*seqpacket_enqueue)(struct vsock_sock *vsk, struct msghdr *msg, size_t len); - bool (*seqpacket_allow)(u32 remote_cid); + bool (*seqpacket_allow)(struct vsock_sock *vsk, u32 remote_cid); u32 (*seqpacket_has_data)(struct vsock_sock *vsk); =20 /* Notification. */ @@ -218,6 +218,13 @@ void vsock_remove_connected(struct vsock_sock *vsk); struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr); struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, struct sockaddr_vm *dst); +struct sock *vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode net_mode); +struct sock *vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode net_mode); void vsock_remove_sock(struct vsock_sock *vsk); void vsock_for_each_connected_socket(struct vsock_transport *transport, void (*fn)(struct sock *sk)); diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index adcba1b7bf74..6113c22db8dc 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -83,6 +83,46 @@ * TCP_ESTABLISHED - connected * TCP_CLOSING - disconnecting * TCP_LISTEN - listening + * + * - Namespaces in vsock support two different modes configured + * through /proc/sys/net/vsock/ns_mode. The modes are "local" and "globa= l". + * Each mode defines how the namespace interacts with CIDs. + * /proc/sys/net/vsock/ns_mode is write-once, so that it may be configur= ed + * and locked down by a namespace manager. The default is "global". The = mode + * is set per-namespace. + * + * The modes affect the allocation and accessibility of CIDs as follows: + * + * - global - access and allocation are all system-wide + * - all CID allocation from global namespaces draw from the same + * system-wide pool. + * - if one global namespace has already allocated some CID, another + * global namespace will not be able to allocate the same CID. + * - global mode AF_VSOCK sockets can reach any VM or socket in any g= lobal + * namespace, they are not contained to only their own namespace. + * - AF_VSOCK sockets in a global mode namespace cannot reach VMs or + * sockets in any local mode namespace. + * - local - access and allocation are contained within the namespace + * - CID allocation draws only from a private pool local only to the + * namespace, and does not affect the CIDs available for allocation = in any + * other namespace (global or local). + * - VMs in a local namespace do not collide with CIDs in any other lo= cal + * namespace or any global namespace. For example, if a VM in a loca= l mode + * namespace is given CID 10, then CID 10 is still available for + * allocation in any other namespace, but not in the same namespace. + * - AF_VSOCK sockets in a local mode namespace can connect only to VM= s or + * other sockets within their own namespace. + * - sockets bound to VMADDR_CID_ANY in local namespaces will never re= solve + * to any transport that is not compatible with local mode. There is= no + * error that propagates to the user (as there is for connection att= empts) + * because it is possible for some packet to reach this socket from + * a different transport that *does* support local mode. For + * example, virtio-vsock may not support local mode, but the socket + * may still accept a connection from vhost-vsock which does. + * + * - when a socket or device is initialized in a namespace with mode + * global, it will stay in global mode even if the namespace later + * changes to local. */ =20 #include @@ -100,6 +140,7 @@ #include #include #include +#include #include #include #include @@ -111,9 +152,18 @@ #include #include #include +#include #include #include =20 +#define VSOCK_NET_MODE_STR_GLOBAL "global" +#define VSOCK_NET_MODE_STR_LOCAL "local" + +/* 6 chars for "global", 1 for null-terminator, and 1 more for '\n'. + * The newline is added by proc_dostring() for read operations. + */ +#define VSOCK_NET_MODE_STR_MAX 8 + static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr); static void vsock_sk_destruct(struct sock *sk); static int vsock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); @@ -235,33 +285,47 @@ static void __vsock_remove_connected(struct vsock_soc= k *vsk) sock_put(&vsk->sk); } =20 -static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr) +static struct sock *__vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode net_mode) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_bound_sockets(addr), bound_table) { - if (vsock_addr_equals_addr(addr, &vsk->local_addr)) - return sk_vsock(vsk); + struct sock *sk =3D sk_vsock(vsk); + + if (vsock_addr_equals_addr(addr, &vsk->local_addr) && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, + net_mode)) + return sk; =20 if (addr->svm_port =3D=3D vsk->local_addr.svm_port && (vsk->local_addr.svm_cid =3D=3D VMADDR_CID_ANY || - addr->svm_cid =3D=3D VMADDR_CID_ANY)) - return sk_vsock(vsk); + addr->svm_cid =3D=3D VMADDR_CID_ANY) && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, + net_mode)) + return sk; } =20 return NULL; } =20 -static struct sock *__vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) +static struct sock * +__vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, struct net *net, + enum vsock_net_mode net_mode) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_connected_sockets(src, dst), connected_table) { + struct sock *sk =3D sk_vsock(vsk); + if (vsock_addr_equals_addr(src, &vsk->remote_addr) && - dst->svm_port =3D=3D vsk->local_addr.svm_port) { - return sk_vsock(vsk); + dst->svm_port =3D=3D vsk->local_addr.svm_port && + vsock_net_check_mode(sock_net(sk), vsk->net_mode, net, + net_mode)) { + return sk; } } =20 @@ -304,12 +368,14 @@ void vsock_remove_connected(struct vsock_sock *vsk) } EXPORT_SYMBOL_GPL(vsock_remove_connected); =20 -struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +struct sock *vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net, + enum vsock_net_mode net_mode) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_bound_socket(addr); + sk =3D __vsock_find_bound_socket_net(addr, net, net_mode); if (sk) sock_hold(sk); =20 @@ -317,15 +383,23 @@ struct sock *vsock_find_bound_socket(struct sockaddr_= vm *addr) =20 return sk; } +EXPORT_SYMBOL_GPL(vsock_find_bound_socket_net); + +struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +{ + return vsock_find_bound_socket_net(addr, NULL, VSOCK_NET_MODE_GLOBAL); +} EXPORT_SYMBOL_GPL(vsock_find_bound_socket); =20 -struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) +struct sock *vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, + struct net *net, + enum vsock_net_mode net_mode) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_connected_socket(src, dst); + sk =3D __vsock_find_connected_socket_net(src, dst, net, net_mode); if (sk) sock_hold(sk); =20 @@ -333,6 +407,14 @@ struct sock *vsock_find_connected_socket(struct sockad= dr_vm *src, =20 return sk; } +EXPORT_SYMBOL_GPL(vsock_find_connected_socket_net); + +struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, + struct sockaddr_vm *dst) +{ + return vsock_find_connected_socket_net(src, dst, + NULL, VSOCK_NET_MODE_GLOBAL); +} EXPORT_SYMBOL_GPL(vsock_find_connected_socket); =20 void vsock_remove_sock(struct vsock_sock *vsk) @@ -528,7 +610,7 @@ int vsock_assign_transport(struct vsock_sock *vsk, stru= ct vsock_sock *psk) =20 if (sk->sk_type =3D=3D SOCK_SEQPACKET) { if (!new_transport->seqpacket_allow || - !new_transport->seqpacket_allow(remote_cid)) { + !new_transport->seqpacket_allow(vsk, remote_cid)) { module_put(new_transport->module); return -ESOCKTNOSUPPORT; } @@ -676,6 +758,7 @@ static void vsock_pending_work(struct work_struct *work) static int __vsock_bind_connectible(struct vsock_sock *vsk, struct sockaddr_vm *addr) { + struct net *net =3D sock_net(sk_vsock(vsk)); static u32 port; struct sockaddr_vm new_addr; =20 @@ -695,7 +778,8 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, =20 new_addr.svm_port =3D port++; =20 - if (!__vsock_find_bound_socket(&new_addr)) { + if (!__vsock_find_bound_socket_net(&new_addr, net, + vsk->net_mode)) { found =3D true; break; } @@ -712,7 +796,8 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, return -EACCES; } =20 - if (__vsock_find_bound_socket(&new_addr)) + if (__vsock_find_bound_socket_net(&new_addr, net, + vsk->net_mode)) return -EADDRINUSE; } =20 @@ -836,6 +921,8 @@ static struct sock *__vsock_create(struct net *net, vsk->buffer_max_size =3D VSOCK_DEFAULT_BUFFER_MAX_SIZE; } =20 + vsk->net_mode =3D vsock_net_mode(net); + return sk; } =20 @@ -1314,7 +1401,7 @@ static int vsock_dgram_sendmsg(struct socket *sock, s= truct msghdr *msg, goto out; } =20 - if (!transport->dgram_allow(remote_addr->svm_cid, + if (!transport->dgram_allow(vsk, remote_addr->svm_cid, remote_addr->svm_port)) { err =3D -EINVAL; goto out; @@ -1355,7 +1442,7 @@ static int vsock_dgram_connect(struct socket *sock, if (err) goto out; =20 - if (!vsk->transport->dgram_allow(remote_addr->svm_cid, + if (!vsk->transport->dgram_allow(vsk, remote_addr->svm_cid, remote_addr->svm_port)) { err =3D -EINVAL; goto out; @@ -1585,7 +1672,7 @@ static int vsock_connect(struct socket *sock, struct = sockaddr_unsized *addr, * endpoints. */ if (!transport || - !transport->stream_allow(remote_addr->svm_cid, + !transport->stream_allow(vsk, remote_addr->svm_cid, remote_addr->svm_port)) { err =3D -ENETUNREACH; goto out; @@ -2658,6 +2745,142 @@ static struct miscdevice vsock_device =3D { .fops =3D &vsock_device_ops, }; =20 +static int vsock_net_mode_string(const struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + char data[VSOCK_NET_MODE_STR_MAX] =3D {0}; + enum vsock_net_mode mode; + struct ctl_table tmp; + struct net *net; + int ret; + + if (!table->data || !table->maxlen || !*lenp) { + *lenp =3D 0; + return 0; + } + + net =3D current->nsproxy->net_ns; + tmp =3D *table; + tmp.data =3D data; + + if (!write) { + const char *p; + + mode =3D vsock_net_mode(net); + + switch (mode) { + case VSOCK_NET_MODE_GLOBAL: + p =3D VSOCK_NET_MODE_STR_GLOBAL; + break; + case VSOCK_NET_MODE_LOCAL: + p =3D VSOCK_NET_MODE_STR_LOCAL; + break; + default: + WARN_ONCE(true, "netns has invalid vsock mode"); + *lenp =3D 0; + return 0; + } + + strscpy(data, p, sizeof(data)); + tmp.maxlen =3D strlen(p); + } + + ret =3D proc_dostring(&tmp, write, buffer, lenp, ppos); + if (ret) + return ret; + + if (!write) + return 0; + + if (*lenp >=3D sizeof(data)) + return -EINVAL; + + if (!strncmp(data, VSOCK_NET_MODE_STR_GLOBAL, sizeof(data))) + mode =3D VSOCK_NET_MODE_GLOBAL; + else if (!strncmp(data, VSOCK_NET_MODE_STR_LOCAL, sizeof(data))) + mode =3D VSOCK_NET_MODE_LOCAL; + else + return -EINVAL; + + if (!vsock_net_write_mode(net, mode)) + return -EPERM; + + return 0; +} + +static struct ctl_table vsock_table[] =3D { + { + .procname =3D "ns_mode", + .data =3D &init_net.vsock.mode, + .maxlen =3D VSOCK_NET_MODE_STR_MAX, + .mode =3D 0644, + .proc_handler =3D vsock_net_mode_string + }, +}; + +static int __net_init vsock_sysctl_register(struct net *net) +{ + struct ctl_table *table; + + if (net_eq(net, &init_net)) { + table =3D vsock_table; + } else { + table =3D kmemdup(vsock_table, sizeof(vsock_table), GFP_KERNEL); + if (!table) + goto err_alloc; + + table[0].data =3D &net->vsock.mode; + } + + net->vsock.sysctl_hdr =3D register_net_sysctl_sz(net, "net/vsock", table, + ARRAY_SIZE(vsock_table)); + if (!net->vsock.sysctl_hdr) + goto err_reg; + + return 0; + +err_reg: + if (!net_eq(net, &init_net)) + kfree(table); +err_alloc: + return -ENOMEM; +} + +static void vsock_sysctl_unregister(struct net *net) +{ + const struct ctl_table *table; + + table =3D net->vsock.sysctl_hdr->ctl_table_arg; + unregister_net_sysctl_table(net->vsock.sysctl_hdr); + if (!net_eq(net, &init_net)) + kfree(table); +} + +static void vsock_net_init(struct net *net) +{ + net->vsock.mode =3D VSOCK_NET_MODE_GLOBAL; +} + +static __net_init int vsock_sysctl_init_net(struct net *net) +{ + vsock_net_init(net); + + if (vsock_sysctl_register(net)) + return -ENOMEM; + + return 0; +} + +static __net_exit void vsock_sysctl_exit_net(struct net *net) +{ + vsock_sysctl_unregister(net); +} + +static struct pernet_operations vsock_sysctl_ops __net_initdata =3D { + .init =3D vsock_sysctl_init_net, + .exit =3D vsock_sysctl_exit_net, +}; + static int __init vsock_init(void) { int err =3D 0; @@ -2685,10 +2908,18 @@ static int __init vsock_init(void) goto err_unregister_proto; } =20 + if (register_pernet_subsys(&vsock_sysctl_ops)) { + err =3D -ENOMEM; + goto err_unregister_sock; + } + + vsock_net_init(&init_net); vsock_bpf_build_proto(); =20 return 0; =20 +err_unregister_sock: + sock_unregister(AF_VSOCK); err_unregister_proto: proto_unregister(&vsock_proto); err_deregister_misc: @@ -2702,6 +2933,7 @@ static void __exit vsock_exit(void) misc_deregister(&vsock_device); sock_unregister(AF_VSOCK); proto_unregister(&vsock_proto); + unregister_pernet_subsys(&vsock_sysctl_ops); } =20 const struct vsock_transport *vsock_core_get_transport(struct vsock_sock *= vsk) diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transp= ort.c index 432fcbbd14d4..b2ade188c8c7 100644 --- a/net/vmw_vsock/hyperv_transport.c +++ b/net/vmw_vsock/hyperv_transport.c @@ -570,7 +570,7 @@ static int hvs_dgram_enqueue(struct vsock_sock *vsk, return -EOPNOTSUPP; } =20 -static bool hvs_dgram_allow(u32 cid, u32 port) +static bool hvs_dgram_allow(struct vsock_sock *vsk, u32 cid, u32 port) { return false; } @@ -745,8 +745,11 @@ static bool hvs_stream_is_active(struct vsock_sock *vs= k) return hvs->chan !=3D NULL; } =20 -static bool hvs_stream_allow(u32 cid, u32 port) +static bool hvs_stream_allow(struct vsock_sock *vsk, u32 cid, u32 port) { + if (vsk->net_mode !=3D VSOCK_NET_MODE_GLOBAL) + return false; + if (cid =3D=3D VMADDR_CID_HOST) return true; =20 diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index 8c867023a2e5..f5123810192d 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -536,7 +536,8 @@ static bool virtio_transport_msgzerocopy_allow(void) return true; } =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid); +static bool virtio_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); =20 static struct virtio_transport virtio_transport =3D { .transport =3D { @@ -593,11 +594,15 @@ static struct virtio_transport virtio_transport =3D { .can_msgzerocopy =3D virtio_transport_can_msgzerocopy, }; =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid) +static bool +virtio_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { struct virtio_vsock *vsock; bool seqpacket_allow; =20 + if (vsk->net_mode !=3D VSOCK_NET_MODE_GLOBAL) + return false; + seqpacket_allow =3D false; rcu_read_lock(); vsock =3D rcu_dereference(the_virtio_vsock); diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index dcc8a1d5851e..e6391eb7cc1b 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1043,9 +1043,9 @@ bool virtio_transport_stream_is_active(struct vsock_s= ock *vsk) } EXPORT_SYMBOL_GPL(virtio_transport_stream_is_active); =20 -bool virtio_transport_stream_allow(u32 cid, u32 port) +bool virtio_transport_stream_allow(struct vsock_sock *vsk, u32 cid, u32 po= rt) { - return true; + return vsk->net_mode =3D=3D VSOCK_NET_MODE_GLOBAL; } EXPORT_SYMBOL_GPL(virtio_transport_stream_allow); =20 @@ -1056,7 +1056,7 @@ int virtio_transport_dgram_bind(struct vsock_sock *vs= k, } EXPORT_SYMBOL_GPL(virtio_transport_dgram_bind); =20 -bool virtio_transport_dgram_allow(u32 cid, u32 port) +bool virtio_transport_dgram_allow(struct vsock_sock *vsk, u32 cid, u32 por= t) { return false; } diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c index 7eccd6708d66..0ce44dc11708 100644 --- a/net/vmw_vsock/vmci_transport.c +++ b/net/vmw_vsock/vmci_transport.c @@ -646,13 +646,17 @@ static int vmci_transport_recv_dgram_cb(void *data, s= truct vmci_datagram *dg) return VMCI_SUCCESS; } =20 -static bool vmci_transport_stream_allow(u32 cid, u32 port) +static bool vmci_transport_stream_allow(struct vsock_sock *vsk, u32 cid, + u32 port) { static const u32 non_socket_contexts[] =3D { VMADDR_CID_LOCAL, }; int i; =20 + if (vsk->net_mode !=3D VSOCK_NET_MODE_GLOBAL) + return false; + BUILD_BUG_ON(sizeof(cid) !=3D sizeof(*non_socket_contexts)); =20 for (i =3D 0; i < ARRAY_SIZE(non_socket_contexts); i++) { @@ -682,12 +686,10 @@ static int vmci_transport_recv_stream_cb(void *data, = struct vmci_datagram *dg) err =3D VMCI_SUCCESS; bh_process_pkt =3D false; =20 - /* Ignore incoming packets from contexts without sockets, or resources - * that aren't vsock implementations. + /* Ignore incoming packets from resources that aren't vsock + * implementations. */ - - if (!vmci_transport_stream_allow(dg->src.context, -1) - || vmci_transport_peer_rid(dg->src.context) !=3D dg->src.resource) + if (vmci_transport_peer_rid(dg->src.context) !=3D dg->src.resource) return VMCI_ERROR_NO_ACCESS; =20 if (VMCI_DG_SIZE(dg) < sizeof(*pkt)) @@ -749,6 +751,12 @@ static int vmci_transport_recv_stream_cb(void *data, s= truct vmci_datagram *dg) goto out; } =20 + /* Ignore incoming packets from contexts without sockets. */ + if (!vmci_transport_stream_allow(vsk, dg->src.context, -1)) { + err =3D VMCI_ERROR_NO_ACCESS; + goto out; + } + /* We do most everything in a work queue, but let's fast path the * notification of reads and writes to help data transfer performance. * We can only do this if there is no process context code executing @@ -1784,8 +1792,12 @@ static int vmci_transport_dgram_dequeue(struct vsock= _sock *vsk, return err; } =20 -static bool vmci_transport_dgram_allow(u32 cid, u32 port) +static bool vmci_transport_dgram_allow(struct vsock_sock *vsk, u32 cid, + u32 port) { + if (vsk->net_mode !=3D VSOCK_NET_MODE_GLOBAL) + return false; + if (cid =3D=3D VMADDR_CID_HYPERVISOR) { /* Registrations of PBRPC Servers do not modify VMX/Hypervisor * state and are allowed. diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index bc2ff918b315..afad27cf533a 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -46,7 +46,8 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *v= sk) return 0; } =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid); +static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); static bool vsock_loopback_msgzerocopy_allow(void) { return true; @@ -106,9 +107,10 @@ static struct virtio_transport loopback_transport =3D { .send_pkt =3D vsock_loopback_send_pkt, }; =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid) +static bool +vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { - return true; + return vsk->net_mode =3D=3D VSOCK_NET_MODE_GLOBAL; } =20 static void vsock_loopback_work(struct work_struct *work) --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0BFAC320CA8 for ; Thu, 27 Nov 2025 07:47:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229670; cv=none; b=aKosC25QoGqF2wTFobclpOiaL7iP2poGjRrLjwnFNvj2Rm4MiIbO3B6pXDFAxIPASOpGulHWD8RSveTIBI3BDZpB3N3atS8X4liIk6HCbWFEW1GhTfpPGb82aqaqOlsTg3MPtSs7yT1m4dNoUC/2wVyOEkOafOeoQ8B20GBSWhQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229670; c=relaxed/simple; bh=ngrprkAcK9o71FbUOC3NZ7RyRN7JcMdikXQcWlHlTQ8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Ev1N2lck9/2TLQPE1UCUZmAmRdkx4UCPP9sCrooJlMkv2KlPyzo1T+wgt0D7VftizkYnuvirCF4YeawttmNjlpGBJJkYcEOtfRY3titgGIjKSierdjsRtHNsvmIWnGy3OZBID+JIQDHEGlyGpUGdfaQcSz1y/RTbyvBhOSmmjSQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Bg2d4qYg; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Bg2d4qYg" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-297dc3e299bso5769505ad.1 for ; Wed, 26 Nov 2025 23:47:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229666; x=1764834466; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=wdjtlHAU46wbJRJNPh2vrdaHOqMf+PZ2xHKsN6+qWOY=; b=Bg2d4qYgk4kfYwNa7AycPQ6XdzG0m+Xy8oyitG4OwTE2NwZagya760K7hY5R5Vjg1/ hX/n1f2olMhz5cuBDb42gdnShH8CO2PV9XvRebWO9AMBwHzLdjtfcHIorRG0LDAfRCjx oU7aX0NG8YyNTjvPot7GzMPNLgRrLkLLOaQ2a8i+dDodGHFfB9OFmwJtLNZUUtFJkX72 6/NgTYo/cSOgFsHQDlLua0/zQ/6VLsy1K0xV5kk0Ws+YKX0ossqfIoenB5GTiL0j9Oyg vL6MATcuUT+gRp5TLbDWx2czYqlNAXYfqCYmRjbMBEBBfkSANgix/QB5VMZdIKK7/dwX qhGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229666; x=1764834466; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=wdjtlHAU46wbJRJNPh2vrdaHOqMf+PZ2xHKsN6+qWOY=; b=uQ8fRwfcPbuio/maIm4i7KJYjBiGZjoqh80ay+HTTisXbkiRpLnWfaj1/xDOE5Sh4S VFmZwatnMdwG07T5zdQfaxIqfgLA8GbBG5AbYTfrYUy6g2Bg4eB/Id0huxJiuShjnIDI 71I/W4zhu7zGmStCYwrGndLHnzXM6wyjwewR2QusnEY52W8fLUCHnoanCO+AvW2cBOj7 d29N5F84n10QcnCPctbAnK4QN0DzINoHK8L/JwqwSMV9kgPIBbDu7Es8RQilHd4edlA1 HUGnNtAmBkgBK63AmxxDAkvih7ZwxsLO+U8s8J/fHIdEbtZs8iLmKfczomQboO7R/9ye kQMA== X-Gm-Message-State: AOJu0Ywq4wTwbCAw+K1eln8gPqATTJNU1TWAm0vVHuUD7pTb2D/XfnEx vmDpLUS0e5sjIW0kBkmmntza/tXx4HyXIbnL3DjT1paXngxChvLS2YsK X-Gm-Gg: ASbGncuwY6RxpO1T6sdHE0euBP3HNWjJAvFqOsj7QOmfNwVnGGop2o0CyTY6cX6lHpj 0bTNyUrlX5l3XPJ3M6X/qF11aGbHBsvENaEgH943C5Uz0smfmaon0te5jvoAB+oI2rkobGgwkEM jQQLSygV973FgnyO/Pl2IdozJqx3bzgJeYogU0DbkMqF7+AJ8sGyClN4MnfoNZT+WQTzgPM5N/v CQPErBz7e47eTmiJUBAWPHpKls/l89qM6zObtZWobt1qQqmSOFxEBTZlwCdcWcUDUS0vEQ1URr2 xzihRvx9OOzBY7+B1koAmwVTXr4f/9orYaItNiEnv3z8BD/zJ5w6S+kW1UozOCNwKDUwfnQWF6b h7DHALh+sQ5IVTYRbuyr3ojIIcsgi52dV3gFuWxgIrZQDz7d8CrNGrJnG3ThIjZ3P0Iz+BIR2zY 9kNZY/sQJtfWqVsAghmLU= X-Google-Smtp-Source: AGHT+IFYvO1UtpbFl//by/z1SxVW3RV5sMUL/B4xccNDs4++DXCvOjc0LlmnAs3s4Ij/sBDaAEebvg== X-Received: by 2002:a17:902:da82:b0:269:82a5:f9e9 with SMTP id d9443c01a7336-29bab148972mr111949915ad.29.1764229665894; Wed, 26 Nov 2025 23:47:45 -0800 (PST) Received: from localhost ([2a03:2880:2ff:2::]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-3477b1cbd8csm965410a91.1.2025.11.26.23.47.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:45 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:32 -0800 Subject: [PATCH net-next v12 03/12] virtio: set skb owner of virtio_transport_reset_no_sock() reply Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-3-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Associate reply packets with the sending socket. When vsock must reply with an RST packet and there exists a sending socket (e.g., for loopback), setting the skb owner to the socket correctly handles reference counting between the skb and sk (i.e., the sk stays alive until the skb is freed). This allows the net namespace to be used for socket lookups for the duration of the reply skb's lifetime, preventing race conditions between the namespace lifecycle and vsock socket search using the namespace pointer. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v11: - move before adding to netns support (Stefano) Changes in v10: - break this out into its own patch for easy revert (Stefano) --- net/vmw_vsock/virtio_transport_common.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index e6391eb7cc1b..de71e2b3f77e 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1165,6 +1165,12 @@ static int virtio_transport_reset_no_sock(const stru= ct virtio_transport *t, .op =3D VIRTIO_VSOCK_OP_RST, .type =3D le16_to_cpu(hdr->type), .reply =3D true, + + /* Set sk owner to socket we are replying to (may be NULL for + * non-loopback). This keeps a reference to the sock and + * sock_net(sk) until the reply skb is freed. + */ + .vsk =3D vsock_sk(skb->sk), }; struct sk_buff *reply; =20 --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D39E631D393 for ; Thu, 27 Nov 2025 07:47:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229674; cv=none; b=Yjrl6KTtPTTmQUa3GpoGc51tsLhTKoeST8ziVY0m0P1AhY1xOs8tAI39lftYiku/HPuNR09R61+54Nxn6qM6ZIdCIBJ+FXuxoucD8wRuBG4U7l9HBPxebB0u5jkhGyG3p0D3Z+P4bOenXvCQbSvwgTLxUeAFwrQEj1nA69HmeBg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229674; c=relaxed/simple; bh=FIt2oxmgoQb57azIqfEcz6F2qrbhumVCF150+ACSdDE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ry6VeMxUGD4DnlPWj+bUInt6aXX/7MDWmB8lMFKjrHDlFUNSXkXhCjV5vm2j7W2R6RxBFqA5OaZDS9T/+3178BusNzlifJgK6pfYLMv/rLZQAuRZCBwXEb1GHTUs/KcVlfvMiMm+px51ij3Bs/+89R4SFjBaKQBYUTa+Hle8uVw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=S8dmhVe9; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="S8dmhVe9" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-297d4a56f97so8824245ad.1 for ; Wed, 26 Nov 2025 23:47:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229667; x=1764834467; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=tjmfflkrIQyOb2uIHthf9fdUT5FnOR2WdSUpkaHf4Lw=; b=S8dmhVe96YK9XVNIMydo3RnR8Gt4u4efKEsLV51fGmwQEAdIM//boFV1H8/LsVrACm 4Ejc+aTDiJsZxtJffDMZePlP/AeBdrjLhldUUQF3er8RkAsFInEFp6vEjANkHf/lSYCC IKPjciCzw+yRqYWPceysDaYK3rbEnp/96oMhfEjlwbhwxDzfdgX+DAzpo+lvXu4MVWQB 8lgcxQBnJds2WtaDaqI0NWACEGr0PvpG5Z4K8tIWpgFwzX2PN4nkl58DFYYsfazjtp1L +UQ0JT+aBZ5pVmd3uXcEdtpL98BoCp36pTx+rqrX4hfsODcEVbfbBlZcYY1Fkv6vLxcn D5Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229667; x=1764834467; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=tjmfflkrIQyOb2uIHthf9fdUT5FnOR2WdSUpkaHf4Lw=; b=J9fYWOR13ylsGdVhK+BwT2TRpK7UYiiWSKuLTWJCfcO/z0ClRBAmMgBlMI9jyn/u35 5bwvIObkoSgjWXj9uIMFE8YNzLIMcZ6LtBt2Q+q3ck5fUdb/vG/YN5uvGafGOPhjSwrC S28fxcQyfOY/gRMKYXpyR3FN0WhXr+TowguwQkYUX0L3p/sqMvJK0IgRrwwK7QKsTSJQ KGf7Cx909Mr7UbPiVA8C+Z7KRvtgAubB0TOchMpDPnyZTyzOshgqyt3ELmX66XKBak/N ODkjxoAhyJvoWkiDzf3Fy3XmOj8qGc9kfUDot7YeVXEfczV+arDu7i3jz4h9OjQLEOEg oSfA== X-Gm-Message-State: AOJu0YxwvN+3JrC8KN6Z5sNJp1+s8LZxA7YNnZZ19D3zynLMD9amG4uI s7eTgDOc36cuhS1TIR4GyyeAw0FiNhGXsLFfVWhNx4SeTNk6aBs3ZThJ X-Gm-Gg: ASbGncuhK3d1hddGodmFVUUEBKXYW3eMRzoJA11VlPmqJVfyuk6N0cEl0H9PPa17K9H uD0nBpPucO2T0FLJBZ1xS8aC7fgjFDNdOWAyQiIV0NtCCgHK3b5dmq8vyMuxWGG4ulg4SBAXxcO qRUHjpVMHiZ7hIcvBauSdM9w4L2/Ku69hH1+sY8vwKhD5UnFjgJQ1lmj+e37EH/nEXPCthNizXo EBI6UWD6mFKzW7jr6oSKc3ME9v/JLnoDWvDTpHt2GpN0g5Iq01BTtJJgaHDqdWapa5WMbo3beQH mq8MrA15zDEDURUhYNgIpjzhGWgmpWg7P3ZgtMouhfeiIPlPBQCdvnI1ETkcCdDFi9bUx3mVskj nA3Vx+k7mQt9T7SRJZreqCJ4wpFkUz3ECAbjKjHkE1LCx59IK1MdluXUDf/I2G2MAJtlSD39Oqz DQmh6NbqD335Wh1bM7DcU= X-Google-Smtp-Source: AGHT+IGzIj0RBcOTfa1PNXG+NMokMcuP8zx8upgTsaJ9DjkuXxVomM1coxobYxop1zZyF5DYgmD1nw== X-Received: by 2002:a17:903:1b30:b0:295:4936:d1e9 with SMTP id d9443c01a7336-29b6c574f5fmr244227805ad.36.1764229666887; Wed, 26 Nov 2025 23:47:46 -0800 (PST) Received: from localhost ([2a03:2880:2ff:1::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29bceb5442csm8175885ad.85.2025.11.26.23.47.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:46 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:33 -0800 Subject: [PATCH net-next v12 04/12] vsock: add netns support to virtio transports Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-4-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add netns support to loopback and vhost. Keep netns disabled for virtio-vsock, but add necessary changes to comply with common API updates. This is the patch in the series when vhost-vsock namespaces actually come online. Hence, vhost_transport_supports_local_mode() is switched to return true. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v12: - change seqpacket_allow() and stream_allow() to return true for loopback and vhost (Stefano) Changes in v11: - reorder with the skb ownership patch for loopback (Stefano) - toggle vhost_transport_supports_local_mode() to true Changes in v10: - Splitting patches complicates the series with meaningless placeholder values that eventually get replaced anyway, so to avoid that this patch combines into one. Links to previous patches here: - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-3-852787a37b= ed@meta.com/ - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-6-852787a37b= ed@meta.com/ - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-7-852787a37b= ed@meta.com/ - remove placeholder values (Stefano) - update comment describe net/net_mode for virtio_transport_reset_no_sock() --- drivers/vhost/vsock.c | 56 +++++++++++++++++++++-------- include/linux/virtio_vsock.h | 8 +++-- net/vmw_vsock/virtio_transport.c | 10 ++++-- net/vmw_vsock/virtio_transport_common.c | 63 ++++++++++++++++++++++++-----= ---- net/vmw_vsock/vsock_loopback.c | 19 +++++++--- 5 files changed, 118 insertions(+), 38 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 83937e1d63fa..82cb9ec09e78 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -46,6 +46,11 @@ static DEFINE_READ_MOSTLY_HASHTABLE(vhost_vsock_hash, 8); struct vhost_vsock { struct vhost_dev dev; struct vhost_virtqueue vqs[2]; + struct net *net; + netns_tracker ns_tracker; + + /* The ns mode at the time vhost_vsock was created */ + enum vsock_net_mode net_mode; =20 /* Link to global vhost_vsock_hash, writes use vhost_vsock_mutex */ struct hlist_node hash; @@ -67,7 +72,8 @@ static u32 vhost_transport_get_local_cid(void) /* Callers that dereference the return value must hold vhost_vsock_mutex o= r the * RCU read lock. */ -static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) +static struct vhost_vsock *vhost_vsock_get(u32 guest_cid, struct net *net, + enum vsock_net_mode mode) { struct vhost_vsock *vsock; =20 @@ -78,9 +84,10 @@ static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) if (other_cid =3D=3D 0) continue; =20 - if (other_cid =3D=3D guest_cid) + if (other_cid =3D=3D guest_cid && + vsock_net_check_mode(net, mode, vsock->net, + vsock->net_mode)) return vsock; - } =20 return NULL; @@ -269,7 +276,8 @@ static void vhost_transport_send_pkt_work(struct vhost_= work *work) } =20 static int -vhost_transport_send_pkt(struct sk_buff *skb) +vhost_transport_send_pkt(struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct vhost_vsock *vsock; @@ -278,7 +286,7 @@ vhost_transport_send_pkt(struct sk_buff *skb) rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid)); + vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid), net, net_mode); if (!vsock) { rcu_read_unlock(); kfree_skb(skb); @@ -305,7 +313,8 @@ vhost_transport_cancel_pkt(struct vsock_sock *vsk) rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid); + vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid, + sock_net(sk_vsock(vsk)), vsk->net_mode); if (!vsock) goto out; =20 @@ -407,6 +416,12 @@ static bool vhost_transport_msgzerocopy_allow(void) static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid); =20 +static bool +vhost_transport_stream_allow(struct vsock_sock *vsk, u32 cid, u32 port) +{ + return true; +} + static struct virtio_transport vhost_transport =3D { .transport =3D { .module =3D THIS_MODULE, @@ -431,7 +446,7 @@ static struct virtio_transport vhost_transport =3D { .stream_has_space =3D virtio_transport_stream_has_space, .stream_rcvhiwat =3D virtio_transport_stream_rcvhiwat, .stream_is_active =3D virtio_transport_stream_is_active, - .stream_allow =3D virtio_transport_stream_allow, + .stream_allow =3D vhost_transport_stream_allow, =20 .seqpacket_dequeue =3D virtio_transport_seqpacket_dequeue, .seqpacket_enqueue =3D virtio_transport_seqpacket_enqueue, @@ -464,14 +479,12 @@ static struct virtio_transport vhost_transport =3D { static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { + struct net *net =3D sock_net(sk_vsock(vsk)); struct vhost_vsock *vsock; bool seqpacket_allow =3D false; =20 - if (vsk->net_mode !=3D VSOCK_NET_MODE_GLOBAL) - return false; - rcu_read_lock(); - vsock =3D vhost_vsock_get(remote_cid); + vsock =3D vhost_vsock_get(remote_cid, net, vsk->net_mode); =20 if (vsock) seqpacket_allow =3D vsock->seqpacket_allow; @@ -542,7 +555,8 @@ static void vhost_vsock_handle_tx_kick(struct vhost_wor= k *work) if (le64_to_cpu(hdr->src_cid) =3D=3D vsock->guest_cid && le64_to_cpu(hdr->dst_cid) =3D=3D vhost_transport_get_local_cid()) - virtio_transport_recv_pkt(&vhost_transport, skb); + virtio_transport_recv_pkt(&vhost_transport, skb, + vsock->net, vsock->net_mode); else kfree_skb(skb); =20 @@ -659,6 +673,7 @@ static int vhost_vsock_dev_open(struct inode *inode, st= ruct file *file) { struct vhost_virtqueue **vqs; struct vhost_vsock *vsock; + struct net *net; int ret; =20 /* This struct is large and allocation could fail, fall back to vmalloc @@ -674,6 +689,17 @@ static int vhost_vsock_dev_open(struct inode *inode, s= truct file *file) goto out; } =20 + net =3D current->nsproxy->net_ns; + vsock->net =3D get_net_track(net, &vsock->ns_tracker, GFP_KERNEL); + + /* Store the mode of the namespace at the time of creation. If this + * namespace later changes from "global" to "local", we want this vsock + * to continue operating normally and not suddenly break. For that + * reason, we save the mode here and later use it when performing + * socket lookups with vsock_net_check_mode() (see vhost_vsock_get()). + */ + vsock->net_mode =3D vsock_net_mode(net); + vsock->guest_cid =3D 0; /* no CID assigned yet */ vsock->seqpacket_allow =3D false; =20 @@ -713,7 +739,8 @@ static void vhost_vsock_reset_orphans(struct sock *sk) */ =20 /* If the peer is still valid, no need to reset connection */ - if (vhost_vsock_get(vsk->remote_addr.svm_cid)) + if (vhost_vsock_get(vsk->remote_addr.svm_cid, sock_net(sk), + vsk->net_mode)) return; =20 /* If the close timeout is pending, let it expire. This avoids races @@ -758,6 +785,7 @@ static int vhost_vsock_dev_release(struct inode *inode,= struct file *file) virtio_vsock_skb_queue_purge(&vsock->send_pkt_queue); =20 vhost_dev_cleanup(&vsock->dev); + put_net_track(vsock->net, &vsock->ns_tracker); kfree(vsock->dev.vqs); vhost_vsock_free(vsock); return 0; @@ -784,7 +812,7 @@ static int vhost_vsock_set_cid(struct vhost_vsock *vsoc= k, u64 guest_cid) =20 /* Refuse if CID is already in use */ mutex_lock(&vhost_vsock_mutex); - other =3D vhost_vsock_get(guest_cid); + other =3D vhost_vsock_get(guest_cid, vsock->net, vsock->net_mode); if (other && other !=3D vsock) { mutex_unlock(&vhost_vsock_mutex); return -EADDRINUSE; diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 1845e8d4f78d..7ea264dcfff7 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -173,6 +173,8 @@ struct virtio_vsock_pkt_info { u32 remote_cid, remote_port; struct vsock_sock *vsk; struct msghdr *msg; + struct net *net; + enum vsock_net_mode net_mode; u32 pkt_len; u16 type; u16 op; @@ -185,7 +187,8 @@ struct virtio_transport { struct vsock_transport transport; =20 /* Takes ownership of the packet */ - int (*send_pkt)(struct sk_buff *skb); + int (*send_pkt)(struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode); =20 /* Used in MSG_ZEROCOPY mode. Checks, that provided data * (number of buffers) could be transmitted with zerocopy @@ -280,7 +283,8 @@ virtio_transport_dgram_enqueue(struct vsock_sock *vsk, void virtio_transport_destruct(struct vsock_sock *vsk); =20 void virtio_transport_recv_pkt(struct virtio_transport *t, - struct sk_buff *skb); + struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode); void virtio_transport_inc_tx_pkt(struct virtio_vsock_sock *vvs, struct sk_= buff *skb); u32 virtio_transport_get_credit(struct virtio_vsock_sock *vvs, u32 wanted); void virtio_transport_put_credit(struct virtio_vsock_sock *vvs, u32 credit= ); diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index f5123810192d..3ff695740108 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -231,7 +231,8 @@ static int virtio_transport_send_skb_fast_path(struct v= irtio_vsock *vsock, struc } =20 static int -virtio_transport_send_pkt(struct sk_buff *skb) +virtio_transport_send_pkt(struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct virtio_vsock_hdr *hdr; struct virtio_vsock *vsock; @@ -665,7 +666,12 @@ static void virtio_transport_rx_work(struct work_struc= t *work) virtio_vsock_skb_put(skb, payload_len); =20 virtio_transport_deliver_tap_pkt(skb); - virtio_transport_recv_pkt(&virtio_transport, skb); + + /* Force virtio-transport into global mode since it + * does not yet support local-mode namespacing. + */ + virtio_transport_recv_pkt(&virtio_transport, skb, + NULL, VSOCK_NET_MODE_GLOBAL); } } while (!virtqueue_enable_cb(vq)); =20 diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index de71e2b3f77e..a818152d8b79 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -413,7 +413,7 @@ static int virtio_transport_send_pkt_info(struct vsock_= sock *vsk, =20 virtio_transport_inc_tx_pkt(vvs, skb); =20 - ret =3D t_ops->send_pkt(skb); + ret =3D t_ops->send_pkt(skb, info->net, info->net_mode); if (ret < 0) break; =20 @@ -527,6 +527,8 @@ static int virtio_transport_send_credit_update(struct v= sock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_CREDIT_UPDATE, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1067,6 +1069,8 @@ int virtio_transport_connect(struct vsock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_REQUEST, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1082,6 +1086,8 @@ int virtio_transport_shutdown(struct vsock_sock *vsk,= int mode) (mode & SEND_SHUTDOWN ? VIRTIO_VSOCK_SHUTDOWN_SEND : 0), .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1108,6 +1114,8 @@ virtio_transport_stream_enqueue(struct vsock_sock *vs= k, .msg =3D msg, .pkt_len =3D len, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1145,6 +1153,8 @@ static int virtio_transport_reset(struct vsock_sock *= vsk, .op =3D VIRTIO_VSOCK_OP_RST, .reply =3D !!skb, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 /* Send RST only if the original pkt is not a RST pkt */ @@ -1156,9 +1166,14 @@ static int virtio_transport_reset(struct vsock_sock = *vsk, =20 /* Normally packets are associated with a socket. There may be no socket = if an * attempt was made to connect to a socket that does not exist. + * + * net and net_mode refer to the namespace of whoever sent the invalid mes= sage. + * For loopback, this is the namespace of the socket. For vhost, this is t= he + * namespace of the VM (i.e., vhost_vsock). */ static int virtio_transport_reset_no_sock(const struct virtio_transport *t, - struct sk_buff *skb) + struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct virtio_vsock_pkt_info info =3D { @@ -1171,6 +1186,13 @@ static int virtio_transport_reset_no_sock(const stru= ct virtio_transport *t, * sock_net(sk) until the reply skb is freed. */ .vsk =3D vsock_sk(skb->sk), + + /* net or net_mode are not defined here because we pass + * net and net_mode directly to t->send_pkt(), instead of + * relying on virtio_transport_send_pkt_info() to pass them to + * t->send_pkt(). They are not needed by + * virtio_transport_alloc_skb(). + */ }; struct sk_buff *reply; =20 @@ -1189,7 +1211,7 @@ static int virtio_transport_reset_no_sock(const struc= t virtio_transport *t, if (!reply) return -ENOMEM; =20 - return t->send_pkt(reply); + return t->send_pkt(reply, net, net_mode); } =20 /* This function should be called with sk_lock held and SOCK_DONE set */ @@ -1471,6 +1493,8 @@ virtio_transport_send_response(struct vsock_sock *vsk, .remote_port =3D le32_to_cpu(hdr->src_port), .reply =3D true, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), + .net_mode =3D vsk->net_mode, }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1513,12 +1537,14 @@ virtio_transport_recv_listen(struct sock *sk, struc= t sk_buff *skb, int ret; =20 if (le16_to_cpu(hdr->op) !=3D VIRTIO_VSOCK_OP_REQUEST) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); return -EINVAL; } =20 if (sk_acceptq_is_full(sk)) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); return -ENOMEM; } =20 @@ -1526,13 +1552,15 @@ virtio_transport_recv_listen(struct sock *sk, struc= t sk_buff *skb, * Subsequent enqueues would lead to a memory leak. */ if (sk->sk_shutdown =3D=3D SHUTDOWN_MASK) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); return -ESHUTDOWN; } =20 child =3D vsock_create_connected(sk); if (!child) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); return -ENOMEM; } =20 @@ -1554,7 +1582,8 @@ virtio_transport_recv_listen(struct sock *sk, struct = sk_buff *skb, */ if (ret || vchild->transport !=3D &t->transport) { release_sock(child); - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk), + vsk->net_mode); sock_put(child); return ret; } @@ -1582,7 +1611,8 @@ static bool virtio_transport_valid_type(u16 type) * lock. */ void virtio_transport_recv_pkt(struct virtio_transport *t, - struct sk_buff *skb) + struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct sockaddr_vm src, dst; @@ -1605,24 +1635,25 @@ void virtio_transport_recv_pkt(struct virtio_transp= ort *t, le32_to_cpu(hdr->fwd_cnt)); =20 if (!virtio_transport_valid_type(le16_to_cpu(hdr->type))) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, net_mode); goto free_pkt; } =20 /* The socket must be in connected or bound table * otherwise send reset back */ - sk =3D vsock_find_connected_socket(&src, &dst); + sk =3D vsock_find_connected_socket_net(&src, &dst, net, net_mode); if (!sk) { - sk =3D vsock_find_bound_socket(&dst); + sk =3D vsock_find_bound_socket_net(&dst, net, net_mode); if (!sk) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, + net_mode); goto free_pkt; } } =20 if (virtio_transport_get_type(sk) !=3D le16_to_cpu(hdr->type)) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, net_mode); sock_put(sk); goto free_pkt; } @@ -1641,7 +1672,7 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, */ if (sock_flag(sk, SOCK_DONE) || (sk->sk_state !=3D TCP_LISTEN && vsk->transport !=3D &t->transport)) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, net_mode); release_sock(sk); sock_put(sk); goto free_pkt; @@ -1673,7 +1704,7 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, kfree_skb(skb); break; default: - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net, net_mode); kfree_skb(skb); break; } diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index afad27cf533a..aef44d1631c3 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -26,7 +26,8 @@ static u32 vsock_loopback_get_local_cid(void) return VMADDR_CID_LOCAL; } =20 -static int vsock_loopback_send_pkt(struct sk_buff *skb) +static int vsock_loopback_send_pkt(struct sk_buff *skb, struct net *net, + enum vsock_net_mode net_mode) { struct vsock_loopback *vsock =3D &the_vsock_loopback; int len =3D skb->len; @@ -48,6 +49,13 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *= vsk) =20 static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid); + +static bool vsock_loopback_stream_allow(struct vsock_sock *vsk, u32 cid, + u32 port) +{ + return true; +} + static bool vsock_loopback_msgzerocopy_allow(void) { return true; @@ -77,7 +85,7 @@ static struct virtio_transport loopback_transport =3D { .stream_has_space =3D virtio_transport_stream_has_space, .stream_rcvhiwat =3D virtio_transport_stream_rcvhiwat, .stream_is_active =3D virtio_transport_stream_is_active, - .stream_allow =3D virtio_transport_stream_allow, + .stream_allow =3D vsock_loopback_stream_allow, =20 .seqpacket_dequeue =3D virtio_transport_seqpacket_dequeue, .seqpacket_enqueue =3D virtio_transport_seqpacket_enqueue, @@ -110,7 +118,7 @@ static struct virtio_transport loopback_transport =3D { static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { - return vsk->net_mode =3D=3D VSOCK_NET_MODE_GLOBAL; + return true; } =20 static void vsock_loopback_work(struct work_struct *work) @@ -132,7 +140,10 @@ static void vsock_loopback_work(struct work_struct *wo= rk) */ virtio_transport_consume_skb_sent(skb, false); virtio_transport_deliver_tap_pkt(skb); - virtio_transport_recv_pkt(&loopback_transport, skb); + + virtio_transport_recv_pkt(&loopback_transport, skb, + sock_net(skb->sk), + vsock_sk(skb->sk)->net_mode); } } =20 --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE15D321440 for ; Thu, 27 Nov 2025 07:47:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229672; cv=none; b=T8lTLSRnCl7ZC57W5Pz2U0nauYydfQcHm91+ISIabmCDbUp7VC4nGapDW84QH7ONX7F4ARV2XBwUtuDxjQnrnddtpD06faURCi5vlpbFPfU/IGUdhmqB+h51VwE0ykSl6BdaLSaZ70sJ5RgxuahNQEUjM1SnStrpN7H9GszWDrU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229672; c=relaxed/simple; bh=uK+7wonqeqIE2+4J4eSHlB1BJW2sPOHiw05XtJHZdQM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FonUgxomDF8GO+ABC5UwjE36V9o/Qy/ye7wBj19NrXcsyu/vAL7hb+Q5UM96lrO+LG5jALSuPb1sOb9K1zmjoXhnFMtWJt75JBvKN7ZU7UkgxB470enFc6bWki6rjigBMxOHW0mzM62El3etAgI6AH/nwvotU6GMsnntH8QHi9E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=h5wwDv9G; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="h5wwDv9G" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-29806bd47b5so3428355ad.3 for ; Wed, 26 Nov 2025 23:47:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229668; x=1764834468; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=fSkbmakY8QtibtOCdba8TmlxElnFph3vUeoyjgD6/iw=; b=h5wwDv9GKeXtfqyy8uBcGE7Ny11mbGGZ9/tkoTL22Yv2lk5ihy2PWjDMi2/R5Uk029 LsQh9kqzWrZnGJv28ZYSAMBVeYsYn4co2W95iBeaAobYgcf3kbX84bMM3HxRfWJhrd1c BgR+gFCX8iPOGiw0WFcoVJMVGHC/Si1j/7B/LSRnX/nZ/8y5bb5jmhWrhruHVH4V+Nd0 BX2+lvi84KNYBD0yQ5m9jvhJALLEcj9N0Sg4kYnhqNIYxFnQ87172zAM//Bukgdh45pO n9Zc1iGiFoSR1RlkFaoYl/R+ZgrI52EyDzj/Kq80FzYqFQbXu6PvGvxKxF0uhnK5Djsr Y1Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229668; x=1764834468; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fSkbmakY8QtibtOCdba8TmlxElnFph3vUeoyjgD6/iw=; b=aHoYlT7f1TY9Kye/UBq0dvK4NC0z5/2akL4AUqNPKGo/P5sdrhxFb24OCOzmzh6l5Z c6jp6jjIEo0YdKDUzrCqmOjzpp/KKL2F7JOKil1AMISxBkbYw2T+Huou+XqCIy+zGkp/ B8szLDrQECHbzJ1/NEaBp2+jok7/WVruKgtUta9pA818g3jzY0JcIa4jpdwmtgK3gkwn JWwyo5KX0nuBjbaBm5IOLa5xetN1QvuuGxQMUUh/yOJzbK1hIkli/LlwyR+doPjAPsHU Yq8tlwzMi5MejF0DDqHogMt641e2b71kPjhFMgDVXVZjjutb0/Xk5exAXDGqu2ZXIgTV BYIg== X-Gm-Message-State: AOJu0Yz2+BoRapJ8AZ9W87ZE3nOkzxduLDcsfY1ObjrdD4BcU/wmEv/U ufc0q9CRWXwt7cVI0v3jQELtO1ynXOaQZQE9dbMqY/UazPL0lVDgNS+g X-Gm-Gg: ASbGncu15hYERv+hr1mVOqDTRTVbSDJk/NnrZepmTz4jCSPj+gh6m8+7E+pAJOmhwOW sZdK3aFFnnrU1noTBlQYUnXYhLPJkaYfKbj2Sgwj20fPmWjq+FaatUnjAZCK8oS//lseekEbAPE 1bYzlSXr9hz7fhkmadzSu1k83Izr26GHRu6bH1tvBdYm+QEkkmCHYheoPneB4ZNS56aroNU8N1V /d598F2GyaUqsZEe+c6MKxlLmKPbrHgUc8/hfZAoS0MxU0MxY+b7AlKLkl1nUmgJXbwahdsruYR Fn2CCKfxMgY8cMGNChGp+aBEKj7QeSZHeOjZ3fpCz9uVNk5traPZe4dMU4jmVZBggMfy3NCqwgH LvR4Gt/W65kQXtrh4BFC7NFpSbVhOY9t9cl0lITW/V6TZ0luFnnwTGKYm1UfLnneZHj8D/z09ve 64KrFErGa+PTi6yy+2eIXVDr90LM8jMbM= X-Google-Smtp-Source: AGHT+IFtPh0V9McunNowJrC+9Bd7rTHnkxHi303D7KFa0Z7tGOf0IgXX81NinSQPf6KKOfBJpQFrOg== X-Received: by 2002:a17:902:cec1:b0:295:5da6:6014 with SMTP id d9443c01a7336-29b6c504483mr275220555ad.22.1764229667840; Wed, 26 Nov 2025 23:47:47 -0800 (PST) Received: from localhost ([2a03:2880:2ff:73::]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-be5093b5b79sm1006270a12.25.2025.11.26.23.47.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:47 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:34 -0800 Subject: [PATCH net-next v12 05/12] selftests/vsock: add namespace helpers to vmtest.sh Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-5-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add functions for initializing namespaces with the different vsock NS modes. Callers can use add_namespaces() and del_namespaces() to create namespaces global0, global1, local0, and local1. The init_namespaces() function initializes global0, local0, etc... with their respective vsock NS mode. This function is separate so that tests that depend on this initialization can use it, while other tests that want to test the initialization interface itself can start with a clean slate by omitting this call. Remove namespaces upon exiting the program in cleanup(). This is unlikely to be needed for a healthy run, but it is useful for tests that are manually killed mid-test. In that case, this patch prevents the subsequent test run from finding stale namespaces with already-write-once-locked vsock ns modes. This patch is in preparation for later namespace tests. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/vmtest.sh | 41 +++++++++++++++++++++++++++++= ++++ 1 file changed, 41 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index c7b270dd77a9..f78cc574c274 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -49,6 +49,7 @@ readonly TEST_DESCS=3D( ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly NS_MODES=3D("local" "global") =20 VERBOSE=3D0 =20 @@ -103,6 +104,45 @@ check_result() { fi } =20 +add_namespaces() { + # add namespaces local0, local1, global0, and global1 + for mode in "${NS_MODES[@]}"; do + ip netns add "${mode}0" 2>/dev/null + ip netns add "${mode}1" 2>/dev/null + done +} + +init_namespaces() { + for mode in "${NS_MODES[@]}"; do + ns_set_mode "${mode}0" "${mode}" + ns_set_mode "${mode}1" "${mode}" + + log_host "set ns ${mode}0 to mode ${mode}" + log_host "set ns ${mode}1 to mode ${mode}" + + # we need lo for qemu port forwarding + ip netns exec "${mode}0" ip link set dev lo up + ip netns exec "${mode}1" ip link set dev lo up + done +} + +del_namespaces() { + for mode in "${NS_MODES[@]}"; do + ip netns del "${mode}0" &>/dev/null + ip netns del "${mode}1" &>/dev/null + log_host "removed ns ${mode}0" + log_host "removed ns ${mode}1" + done +} + +ns_set_mode() { + local ns=3D$1 + local mode=3D$2 + + echo "${mode}" | ip netns exec "${ns}" \ + tee /proc/sys/net/vsock/ns_mode &>/dev/null +} + vm_ssh() { ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" return $? @@ -110,6 +150,7 @@ vm_ssh() { =20 cleanup() { terminate_pidfiles "${!PIDFILES[@]}" + del_namespaces } =20 check_args() { --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 31F19324717 for ; Thu, 27 Nov 2025 07:47:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229674; cv=none; b=ETVNrlRHVMX/fuUpjPSBMc5u+O4bBj1Ql092p72oznVpLtDt6rALblsgv7a5Q6T3uSq3aDr04CIkm7mjKp71pVItZLiSvp1f48FI4PWYroXX8FvMCVXTfUlpZ4PhaB8YB3SkWLM5zvoZ7U5ajz251crs6LdBSYSZ+MAC8oMHRsw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229674; c=relaxed/simple; bh=dLqHAItx9mFQf4mJ0TDWA0vu/MRgEQeXnYFPU6Q9mTY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=g+sUfpn0MnkOpgXsUoxSUYNBe/kuhdHlDq4eLER4lk+cQitoPmYmo/G4kvmN6mAD5jq2cyrDf/YUmReMZmZCRM5YDTHJDkMCuamQRb0OEgOPfGutvZKJ/aWAfFu8OUXcuOK2HrhgM4xBH6j5DlQNgi5k3i6ZNaCjeUnE+u+1HCM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=b2689JOZ; arc=none smtp.client-ip=209.85.210.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="b2689JOZ" Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-7b86e0d9615so714235b3a.0 for ; Wed, 26 Nov 2025 23:47:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229669; x=1764834469; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=VDBkxvqePG9pbCy3nBUwmVuR9KjnUrVCuFljawa5iCE=; b=b2689JOZtrBsrvd25PcR0zQT6XM9ndq6M/7KI1VvU5v7IH9BP3q5MRaAtE6hUZHgZV m0GujfFuljkScJSEhwafh1E9+98doyDHqSMkT13O4DQexRJFOXIQNXlKbeto2yJZeYhp Xm20Np8Gmqw3Y7CkOI/E0/AS9lOmGtZVKrnFRlgE0v83PuFMyxZZPI62a5UYytD5yLBj YDiFtUbWpgpueD0emcewe/Y7LiJZT5q4sgMQgJ2PRjV7oWS+K8IqX6PHvg68hvwyHuAu bz3q/qKJXB8gw1rFgLZQiWTzD65pXEpvCGyqoko/yHr01h6jo9GWLPw6fSniwvgoixyG JFBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229669; x=1764834469; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VDBkxvqePG9pbCy3nBUwmVuR9KjnUrVCuFljawa5iCE=; b=QR/PDmEgJU2CCBY49xDlU7YrCOzTg45vEiJqTs1itcGf1CS2tpwHsolOl9MlrYgZMC u/lkq3SOw+qFXD9xwIZjr1ecTLMSueAwFlKX3bmNj5P41qAppDaM+F6E/7+SgEdlI45O yyvZ+iB37Or7PeuJC76gpKvA3XQiLE7S78YHzStekhnXCQw6OD7zhmCoMLXX7T1FYg/L 61vMurMsLEKmBIDWqiespjC7lZDL3IRJu6yYPbnxye3RxysmtCuUKfX7ha8ns9TN6bb9 u0eEkZQFr6W3sCm4DVHUPYo2wbV78m+ub61eqVrWFQ0gGHczEi6PI0QtaUoZHF79A5WL eSBw== X-Gm-Message-State: AOJu0YxXPg0UOdqJeysvP5nf3Um9HObrFLMMYdYlBfocuy3Xsp75khT4 CfDlSvJdzZdzgeVXRUSfqJbnViCyfdh9jFz8DtqNyuVnSPq1jgdguP+U X-Gm-Gg: ASbGncsvGARYk3bhCKfVMprXQK14QXubd5s/R2ffLRRXFIuHkLhEYXtpcMoHEDLGxNC eaoCDWMKNfxQLOoLMjhUB0mdcGTpHiGuECCtYgJunkv0Q2iDb/2JtJao99JxEEN0AMYs+WIpVvl pS0wRZYthazW8tshUSVPFQm7uc21/CZCeb7vuRvcpQarbDaw2qCjuE5FudM61ULgaxlqTie/gRj 4PlskkZo38PNaAjn6yg2uI4Wiw56/GFwEV4Ce8hvkP3gi+MvYOt8X3oR2gQfhFas2Iis9bX36O4 nRDosdsU2CX1EDL4sZ4hpa5984mJWTLWM6LdB+b4N7u+dXrfH+/bgl1Ffw5+8Mn1UckUpiElUXJ umiRF3ZEwmYfN8qDbdaMrxZPFHRMU1p1uvgs/qUBz5VfTcdXQFTLwa5mt2v6AvvkmUdXYHzV0Ba feanofyv4b4gpri21om8LVtVXwvGyK6/w= X-Google-Smtp-Source: AGHT+IEg+xT1NVT3hk/HaQA++QJgPenvxQrbJfFpkDytVNOytBV/0UzIT69Z0PqwdJ15vzwwUQf27Q== X-Received: by 2002:a05:6a00:894:b0:7b8:383d:8706 with SMTP id d2e1a72fcca58-7c58e609849mr24834382b3a.18.1764229668751; Wed, 26 Nov 2025 23:47:48 -0800 (PST) Received: from localhost ([2a03:2880:2ff:73::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7d15f178788sm911553b3a.55.2025.11.26.23.47.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:48 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:35 -0800 Subject: [PATCH net-next v12 06/12] selftests/vsock: prepare vm management helpers for namespaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-6-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add namespace support to vm management, ssh helpers, and vsock_test wrapper functions. This enables running VMs and test helpers in specific namespaces, which is required for upcoming namespace isolation tests. The functions still work correctly within the init ns, though the caller must now pass "init_ns" explicitly. No functional changes for existing tests. All have been updated to pass "init_ns" explicitly. Affected functions (such as vm_start() and vm_ssh()) now wrap their commands with 'ip netns exec' when executing commands in non-init namespaces. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/vmtest.sh | 93 +++++++++++++++++++++++------= ---- 1 file changed, 65 insertions(+), 28 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index f78cc574c274..4da91828a6a0 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -144,7 +144,18 @@ ns_set_mode() { } =20 vm_ssh() { - ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" + local ns_exec + + if [[ "${1}" =3D=3D init_ns ]]; then + ns_exec=3D"" + else + ns_exec=3D"ip netns exec ${1}" + fi + + shift + + ${ns_exec} ssh -q -o UserKnownHostsFile=3D/dev/null -p "${SSH_HOST_PORT}"= localhost "$@" + return $? } =20 @@ -267,10 +278,12 @@ terminate_pidfiles() { =20 vm_start() { local pidfile=3D$1 + local ns=3D$2 local logfile=3D/dev/null local verbose_opt=3D"" local kernel_opt=3D"" local qemu_opts=3D"" + local ns_exec=3D"" local qemu =20 qemu=3D$(command -v "${QEMU}") @@ -291,7 +304,11 @@ vm_start() { kernel_opt=3D"${KERNEL_CHECKOUT}" fi =20 - vng \ + if [[ "${ns}" !=3D "init_ns" ]]; then + ns_exec=3D"ip netns exec ${ns}" + fi + + ${ns_exec} vng \ --run \ ${kernel_opt} \ ${verbose_opt} \ @@ -306,6 +323,7 @@ vm_start() { } =20 vm_wait_for_ssh() { + local ns=3D$1 local i =20 i=3D0 @@ -313,7 +331,8 @@ vm_wait_for_ssh() { if [[ ${i} -gt ${WAIT_PERIOD_MAX} ]]; then die "Timed out waiting for guest ssh" fi - if vm_ssh -- true; then + + if vm_ssh "${ns}" -- true; then break fi i=3D$(( i + 1 )) @@ -347,30 +366,41 @@ wait_for_listener() } =20 vm_wait_for_listener() { - local port=3D$1 + local ns=3D$1 + local port=3D$2 =20 - vm_ssh <&1 | log_guest rc=3D$? else - vm_ssh -- "${VSOCK_TEST}" \ + vm_ssh "${ns}" -- "${VSOCK_TEST}" \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ --control-port=3D"${port}" \ @@ -390,7 +420,7 @@ vm_vsock_test() { return $rc fi =20 - vm_wait_for_listener "${port}" + vm_wait_for_listener "${ns}" "${port}" rc=3D$? fi set +o pipefail @@ -399,22 +429,28 @@ vm_vsock_test() { } =20 host_vsock_test() { - local host=3D$1 - local cid=3D$2 - local port=3D$3 + local ns=3D$1 + local host=3D$2 + local cid=3D$3 + local port=3D$4 local rc =20 + local cmd=3D"${VSOCK_TEST}" + if [[ "${ns}" !=3D "init_ns" ]]; then + cmd=3D"ip netns exec ${ns} ${cmd}" + fi + # log output and use pipefail to respect vsock_test errors set -o pipefail if [[ "${host}" !=3D server ]]; then - ${VSOCK_TEST} \ + ${cmd} \ --mode=3Dclient \ --peer-cid=3D"${cid}" \ --control-host=3D"${host}" \ --control-port=3D"${port}" 2>&1 | log_host rc=3D$? else - ${VSOCK_TEST} \ + ${cmd} \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ --control-port=3D"${port}" 2>&1 | log_host & @@ -425,7 +461,7 @@ host_vsock_test() { return $rc fi =20 - host_wait_for_listener "${port}" + host_wait_for_listener "${ns}" "${port}" rc=3D$? fi set +o pipefail @@ -469,11 +505,11 @@ log_guest() { } =20 test_vm_server_host_client() { - if ! vm_vsock_test "server" 2 "${TEST_GUEST_PORT}"; then + if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" fi =20 - if ! host_vsock_test "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}"; then + if ! host_vsock_test "init_ns" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PO= RT}"; then return "${KSFT_FAIL}" fi =20 @@ -481,11 +517,11 @@ test_vm_server_host_client() { } =20 test_vm_client_host_server() { - if ! host_vsock_test "server" "${VSOCK_CID}" "${TEST_HOST_PORT_LISTENER}"= ; then + if ! host_vsock_test "init_ns" "server" "${VSOCK_CID}" "${TEST_HOST_PORT_= LISTENER}"; then return "${KSFT_FAIL}" fi =20 - if ! vm_vsock_test "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}"; then + if ! vm_vsock_test "init_ns" "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}"; t= hen return "${KSFT_FAIL}" fi =20 @@ -495,13 +531,14 @@ test_vm_client_host_server() { test_vm_loopback() { local port=3D60000 # non-forwarded local port =20 - vm_ssh -- modprobe vsock_loopback &> /dev/null || : + vm_ssh "init_ns" -- modprobe vsock_loopback &> /dev/null || : =20 - if ! vm_vsock_test "server" 1 "${port}"; then + if ! vm_vsock_test "init_ns" "server" 1 "${port}"; then return "${KSFT_FAIL}" fi =20 - if ! vm_vsock_test "127.0.0.1" 1 "${port}"; then + + if ! vm_vsock_test "init_ns" "127.0.0.1" 1 "${port}"; then return "${KSFT_FAIL}" fi =20 @@ -630,8 +667,8 @@ cnt_total=3D0 if shared_vm_tests_requested "${ARGS[@]}"; then log_host "Booting up VM" pidfile=3D"$(create_pidfile)" - vm_start "${pidfile}" - vm_wait_for_ssh + vm_start "${pidfile}" "init_ns" + vm_wait_for_ssh "init_ns" log_host "VM booted up" =20 run_shared_vm_tests "${ARGS[@]}" --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E84B332142D for ; Thu, 27 Nov 2025 07:47:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229676; cv=none; b=k+sbU5Tm+AVh4S/Afg0MWZJwBb8I7MHGSU02swLI18MB3OzzonCPo/PTCxPRXLEfSE1XunC2OIJaqxMOOelro3/VFtmRtblZUESYAK68KJqQEB8261zQxaO+rW5zBR05zbbnGxiHEGG8yLWA/8HURwXdzhea0hRdf3O0P1OhJDg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229676; c=relaxed/simple; bh=czzpcNHjlEeOECy7L6VEuIsFXHYOopcrm3f9fwHEjh0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=GPSusA+/b5v57RKZF/f3Dqz1HypTC0hNfnhcV+9Avc7oXwQFHDssDG+XdId/l892Pd6ri2SfrLGRC/1CAGU6c6Au7IRZp6owWmlUQDX/J7KC7A4P8XvHGNlT7W04XuMKoBta6gdt/QoK+h0YEat+SGfBiNZ+Jt2SfJ1ROXT8wV4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=O1bzQGbi; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="O1bzQGbi" Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-7ba92341f83so951425b3a.0 for ; Wed, 26 Nov 2025 23:47:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229670; x=1764834470; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=NQ4JZaUoTsMQYrL+kuRb36qxz+zHEzB26FSI/H3YBMA=; b=O1bzQGbiuiHCoQa7aBJcBJ+b7+e+Lsreenxf60zxvObi/ttUxG0Z6G+5yEKYtMFt/Y dnijsJgbkDnoQ1Y3FyKHHfnXlSio2eZCvE3raBKTeAqUKHGOAdzMqACjDkVTCoePXK07 hj3QRqFXBjjo1BC83lzbpP7opxa56zdCYtN9AWlRaZIyKojORO8s3GTwK4cmuqjIexqy KTwsGtWgGbXx3OVBpY9FdkRQzE4E1I7xi4jzM4FGIsk6++eLTBzVdFtkks4iP0ZdT0+d GIJDoGsKKOw3wly83lWWZ1tZTaD82SOY1OrLiZk+iNw+ZbO3zCtffL7jb9DiS6bHjPo3 HZ7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229670; x=1764834470; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NQ4JZaUoTsMQYrL+kuRb36qxz+zHEzB26FSI/H3YBMA=; b=WciPk5mdy0YYZlDNj+LyvSj0RXL31tLxA8BIKmH7rCed+Wb2/Vq0PToVpXSCI8yB/F G4M8PPmajZbBoBwEKEnSIJ68Iw/1CiKVy/whpu+1jhulUY9/nX3ujcXzIJ2qht0GvhFl ao3qd2aRJG5GYexIi3HuZzmOXtkGXrXsILCk43eTffVBr85Fj3+edj3j99P44c1ffmmD 4atwg/ICH5wlF5Bokp/nnB6CsremW1KjY1qMNeEloEGSFCrduiP2yScNZYna/JeREQOm QkhfxEZb37E90BmJvXYNuOpG3vBzqLyqisFVab3YtK6LaRrCefqVRA0Q4ZGchHTb3ZZl b8Uw== X-Gm-Message-State: AOJu0YwU6oe8t4xCGS4HzAmwIZsGaj7g+93N9EpbOmw5Z56oc4Xgke33 9aRYYGwgQPAvzpws07gLu9HByeGzj3GKekhm92aykSrqn22Ww/Z9xVNX X-Gm-Gg: ASbGncvaTcl+MeR7NIuUxlvPCVc9ucdclylofkB+8zwg0O8ABtbxmTLx9YI1taGdpdJ zMM16+dhf+1YuJIhCM8BczNMLgoE+jIouF5oBzm4afvkIFz/9BBGBHxQmrGgDRYMdhwHWNEKwTV Gxy2BWO6JIb3dkpPKZVJd5C1qmKwJLHeuR6vjIM/do8sTt41/3GCNWNOiKoi2Fm2rz9IUWObM3z 4UUHlB7dhVJYlkEoRpuajdcQ9BCBzmd3ctAVDs4rgEV+sdl07Wvk1QP9LjZ7J8MGHApDAtv4k5p sKWi3gmPb7rvenXWGal0/sUezr0Ms1fcRQJtOie0wiBbb1p8rqdsLHrCS3WgO35nDFw7MrS4NrO qCrij8dE4thcdkSq+b3NvuW3eO1Ji6Sv/PM1MqRottDxolQm3Tm2RD2Ge126dHGOKC0LXz8hj8f ssutCNRGPCnOWlARwyoT8p X-Google-Smtp-Source: AGHT+IG/QkipgDC5/9P1526ujkoBXHGm/apxd0sZKMmlL+0mQ3lVcIPyxsJBx47IADm7h5JzGsdVRA== X-Received: by 2002:a05:6a00:2d0c:b0:7af:19bc:ca71 with SMTP id d2e1a72fcca58-7ca8975f7c1mr11555824b3a.19.1764229669761; Wed, 26 Nov 2025 23:47:49 -0800 (PST) Received: from localhost ([2a03:2880:2ff:70::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7d15e6e6df9sm918997b3a.39.2025.11.26.23.47.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:49 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:36 -0800 Subject: [PATCH net-next v12 07/12] selftests/vsock: add vm_dmesg_{warn,oops}_count() helpers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-7-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman These functions are reused by the VM tests to collect and compare dmesg warnings and oops counts. The future VM-specific tests use them heavily. This patches relies on vm_ssh() already supporting namespaces. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v11: - break these out into an earlier patch so that they can be used directly in new patches (instead of causing churn by adding this later) --- tools/testing/selftests/vsock/vmtest.sh | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 4da91828a6a0..1623e4da15e2 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -389,6 +389,17 @@ host_wait_for_listener() { fi } =20 +vm_dmesg_oops_count() { + local ns=3D$1 + + vm_ssh "${ns}" -- dmesg 2>/dev/null | grep -c -i 'Oops' +} + +vm_dmesg_warn_count() { + local ns=3D$1 + + vm_ssh "${ns}" -- dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock' +} =20 vm_vsock_test() { local ns=3D$1 @@ -596,8 +607,8 @@ run_shared_vm_test() { =20 host_oops_cnt_before=3D$(dmesg | grep -c -i 'Oops') host_warn_cnt_before=3D$(dmesg --level=3Dwarn | grep -c -i 'vsock') - vm_oops_cnt_before=3D$(vm_ssh -- dmesg | grep -c -i 'Oops') - vm_warn_cnt_before=3D$(vm_ssh -- dmesg --level=3Dwarn | grep -c -i 'vsock= ') + vm_oops_cnt_before=3D$(vm_dmesg_oops_count "init_ns") + vm_warn_cnt_before=3D$(vm_dmesg_warn_count "init_ns") =20 name=3D$(echo "${1}" | awk '{ print $1 }') eval test_"${name}" @@ -615,13 +626,13 @@ run_shared_vm_test() { rc=3D$KSFT_FAIL fi =20 - vm_oops_cnt_after=3D$(vm_ssh -- dmesg | grep -i 'Oops' | wc -l) + vm_oops_cnt_after=3D$(vm_dmesg_oops_count "init_ns") if [[ ${vm_oops_cnt_after} -gt ${vm_oops_cnt_before} ]]; then echo "FAIL: kernel oops detected on vm" | log_host rc=3D$KSFT_FAIL fi =20 - vm_warn_cnt_after=3D$(vm_ssh -- dmesg --level=3Dwarn | grep -c -i 'vsock') + vm_warn_cnt_after=3D$(vm_dmesg_warn_count "init_ns") if [[ ${vm_warn_cnt_after} -gt ${vm_warn_cnt_before} ]]; then echo "FAIL: kernel warning detected on vm" | log_host rc=3D$KSFT_FAIL --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 984F2325709 for ; Thu, 27 Nov 2025 07:47:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229676; cv=none; b=FhmjA2kDmIBP9986Rib9XG7wmgly1LThmJEjcl7QA+bJzWIqGNt0bKJBBgOR+17GQY91hHTxH5STIDtJFS0vnqwi5mJNtO7VuGv9faJXu/6My1+6wQUXmiQl9h8Tuxi/OD8MtCy9hj12c/9hFhHayp5zw2AOvoRAK0+wwlHJyDw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229676; c=relaxed/simple; bh=VXSznUA/qrGw37DlDQ/ITpl+vbnJQhBZAvRQarakHeE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=IBnoEiY+bjmnALdTmw5f7B7vTuoPf3O53/yMvuCh7PTJa8li108dmXH8jPzfwpDDZb6YgELMC83L1dULfp59Fr4uInSBj8dLeUPj3nd+pCSuo5hUBt+6fyblRlca5KjkI2UbGF3+qUxGVjYkD39eerGi0y0pA1Kbp2ni6/rbJTk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WikHZaK9; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WikHZaK9" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-34585428e33so628571a91.3 for ; Wed, 26 Nov 2025 23:47:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229671; x=1764834471; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=81Yb0D7xNXy+MdzfxaynPdllQZqiJyMZrUjJeETwoWg=; b=WikHZaK9uCb14sc9tWk1a8ahDKOQyP5MPHTQTTvBDi5x3sUPb7U0JOZRLNS5T0fKdv 7Yl5tInXpO1ZnwaO/cmAkRQ3YIcCRZRfELueqV2YwpDOLKlkSEm/NA1KMa1h026h1PYD QrjmMSLDKVFZIyPue1ElrVhA8L6B/3Ax3o+XOfIY3U8GpPI6CHlLlxItXVa6WINpVrmy 3nu/f/yncbUbXh/iMp+7XAN3CP3/kHXuuHIf6ibWBdFeDqnKuX480DQxAxHZM9zpBn+p Z8hdNBq/XGmEBjp9rNP9w3ZoepkYXgmil3X6/0CVnrR5Ve4F8PVl0eQ8OJ1+yH74JIuy vmNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229671; x=1764834471; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=81Yb0D7xNXy+MdzfxaynPdllQZqiJyMZrUjJeETwoWg=; b=KjTN1srpTKnePvMRPxEhkHXAB2S2LHmMdh0HT1uFR7qMnZyTbXtiKVC9Qs5AZS4Gg/ QNd+NHuxoFXWqcSmVRn8nohxjpoKBaL8axz091t/CD5vdI0mVy7gJGuMW/sbe5Qdz7qy q2zyl706R+D7rfAwYdPdzgeBwxpTwsiIioUfRU3fbOiC4X4GEnp9Ggzk9z7dUUX1j2R6 7vUMdp/zJy87K/w8nYEwze5FO4icMqc9uyxWThvpW3vC7mWTVnyXEkb3rcFACdoOFCXQ 5uAH3HXcSMoMfKuQTVZTlUWal0TudV+2mCIZtVQk9GEZcOWXcXgn5amLduJ7Mjd/1DfR FNCA== X-Gm-Message-State: AOJu0YySJYOPaJNrePbXIhXizWttu1wtc/G9it/I2nSXBxnBvogXGStH q9i26GdyFwZblzafMaCE+ddKvBvGV7nX+PEqx9pGlhm+pE+ICcZOSIxt X-Gm-Gg: ASbGncsVWWyO3wWtECX1Y2upmC0sJPLdR5VvPU+xwHjBWpFcUleHea5Aop3NucjRbEj Zul+AfsWbz7S/QN5P9zqh7n0jD4dbODIsG1lDpXo0hF3EBKCEJ7/h0maV30yMSdHV4vtTToPpBB +AjnT32px0vK2+nLdpQkEDf09qZMLZbyVbupq5poFxTmHgDJrU9ZZRe7eQFTWfYi4mvGk2mnC1v nOYlG8qVJWHOFr0/4bUaRuUidPYMzHncmrycWPcAGUmoqem61J068MxkuVieS2TSRZAiQVzdkhx 0QjUmf55RdIvNo/iKJ3wPt5Vfx15KAysenktVZLJ0dqV9q0xjkAAWRFMjxl9WWjblJhuix41Jr5 R53Xqv3QOnSj0+nCw0bRvPVdgf66zTWI1vEpV2GFLWuXaD8H1buwR02MrinJPDDtTCvqobQ5j8r OBLSJZa2g0I+85Ww0grAQ= X-Google-Smtp-Source: AGHT+IHm9n1hN/MXgqh8Fst0OOiMbfzgNDndic/dBuz4wSklQZaHZ2bC0MkEgH2q8ls+YwLmQfHTOg== X-Received: by 2002:a17:90b:4c48:b0:32e:5d87:8abc with SMTP id 98e67ed59e1d1-34733f3f6d5mr19204188a91.36.1764229670667; Wed, 26 Nov 2025 23:47:50 -0800 (PST) Received: from localhost ([2a03:2880:2ff:3::]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-be5095a0e65sm989665a12.27.2025.11.26.23.47.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:50 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:37 -0800 Subject: [PATCH net-next v12 08/12] selftests/vsock: use ss to wait for listeners instead of /proc/net Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-8-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Replace /proc/net parsing with ss(8) for detecting listening sockets in wait_for_listener() functions and add support for TCP, VSOCK, and Unix socket protocols. The previous implementation parsed /proc/net/tcp using awk to detect listening sockets, but this approach could not support vsock because vsock does not export socket information to /proc/net/. Instead, use ss so that we can detect listeners on tcp, vsock, and unix. The protocol parameter is now required for all wait_for_listener family functions (wait_for_listener, vm_wait_for_listener, host_wait_for_listener) to explicitly specify which socket type to wait for. ss is added to the dependency check in check_deps(). Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/vmtest.sh | 47 +++++++++++++++++++++--------= ---- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 1623e4da15e2..e32997db322d 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -191,7 +191,7 @@ check_args() { } =20 check_deps() { - for dep in vng ${QEMU} busybox pkill ssh; do + for dep in vng ${QEMU} busybox pkill ssh ss; do if [[ ! -x $(command -v "${dep}") ]]; then echo -e "skip: dependency ${dep} not found!\n" exit "${KSFT_SKIP}" @@ -346,21 +346,32 @@ wait_for_listener() local port=3D$1 local interval=3D$2 local max_intervals=3D$3 - local protocol=3Dtcp - local pattern + local protocol=3D$4 local i =20 - pattern=3D":$(printf "%04X" "${port}") " - - # for tcp protocol additionally check the socket state - [ "${protocol}" =3D "tcp" ] && pattern=3D"${pattern}0A" - for i in $(seq "${max_intervals}"); do - if awk -v pattern=3D"${pattern}" \ - 'BEGIN {rc=3D1} $2" "$4 ~ pattern {rc=3D0} END {exit rc}' \ - /proc/net/"${protocol}"*; then + case "${protocol}" in + tcp) + if ss --listening --tcp --numeric | grep -q ":${port} "; then + break + fi + ;; + vsock) + if ss --listening --vsock --numeric | grep -q ":${port} "; then + break + fi + ;; + unix) + # For unix sockets, port is actually the socket path + if ss --listening --unix | grep -q "${port}"; then + break + fi + ;; + *) + echo "Unknown protocol: ${protocol}" >&2 break - fi + ;; + esac sleep "${interval}" done } @@ -368,23 +379,25 @@ wait_for_listener() vm_wait_for_listener() { local ns=3D$1 local port=3D$2 + local protocol=3D$3 =20 vm_ssh "${ns}" <; Thu, 27 Nov 2025 07:47:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229679; cv=none; b=f4163DWm/ckCdHVuCqQIvzJ+qQEAQXW/hoZ+c5BqSFmV88mnOTNMWxfaTTbOroLWoFpPDQPzmQJdLEzpgrkjyOWgnCvKDV0fd6uPX1ups4pSlieq88zpm9gnSACnnn3y+h6TqqwH0hZQyAoXRsz9yxjlWKatkmVZxiqCaCLNqjs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229679; c=relaxed/simple; bh=F9qzWvarzspoUbvluZkW92TRtUEFCNdPtvyTfxTGneI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=cH7mdHwFas0FWLbG9mws57bLCNFS4uN3efYk2CxLZDbNQZWZzkTz5UQtuEJCq6kPQchFGDzYEBHeUsC3SCzFuoHaUuNFfJacBiCWFTMH8IvIcta4Dh3f3kw+L8tUFoTysH5h3ziCvXGn/MJXNNUPzGziK5a7koSl6Emqci1SYWY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=deBkStv4; arc=none smtp.client-ip=209.85.210.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="deBkStv4" Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-7aad4823079so496414b3a.0 for ; Wed, 26 Nov 2025 23:47:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229672; x=1764834472; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=t7w0kW50AlmYUAXmX9e+2xAS4l5tTncqOsdNWYiuLxg=; b=deBkStv440J/WPF0ePakSjKh8XC3N/uyPoV6vpxNJ6sYgGY0YtpiGnKBsQyRZHzrDc GFbjnNkbINoLVsIHdWOhtiSahHJ25mdZDcrxejbhX6KdvAG/GuYauLGxqTqXr5ZXBSGx GDfPoIKaBdUE3h4CZcF+nySqjy8A1nR27uwffbhXEBwnvQ0t9m47pBFLVOVEcNu9ndQ+ 3heQImDvFDAi2z3sW8LDU+vGsaFqWUN+mVtwxCRxakVw67l0O+wtZqgZEDsc4ANJ/y8T IPrm5DIaUebAvJGcmIW2i3I9j/P6J79htPxIkhi0Hfc2miAM+cYkEHmevf+4xe2S5Wos WgnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229672; x=1764834472; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=t7w0kW50AlmYUAXmX9e+2xAS4l5tTncqOsdNWYiuLxg=; b=RjIF2EmlqqvYeB0U4H7kNZdC68/8wew4WuXBciG0TIY3NS2vH/AXQgXlI0Y9kzk0zD mFsrnbnIKTSIjPItQN4i1eVD0JIQsYbbDEd03W8zRB+fHXxhK3OsOVu83uqK3HcMFOuf dgtRopMiUAaWGsFOCi+9u2w4eHNQnsjhr9jg9DABBLwMF5ee56cP67n65FzhM5fpXWyZ NoJvzNWfHMBPXV+3giWxnPh2DPDAsOoqj/Yqng80dyqlk4xcANc4tfBpfgGZSk5eH8+d sd0fn5ql5RHTKfrssbhBQHuF4I6huBZiRphpgqn0xlaSkwTehdFMujybt4cn3ddu3hYd 9z0g== X-Gm-Message-State: AOJu0YzEorXNOfERW0EQkAOhYNUN9tNhsSN4kZNRbJTh56iIhxIK/maD uusHUPgi333NEqzE7Iy1nN2FXqXK685kAL74Smf2UpWOoCRvX7NVYY/6 X-Gm-Gg: ASbGncuuIwejB7Fji7Yu5/9e/nVfkG8l97BI5YwUr/fTyVsjWFFDtgJkYaADIqQCkvG pLEq1o42jBVTcjArRCX40Xl38HrCEy0FSuy4L0NIf2Ku2kD5ZmzNqmk3auMCpNn1PR7uQRhczb0 HfttayYJmDQRtMvxy9LeNNlcK+2AaywruUZO2yjfYgouvVN/+04D1o/ugvklH6FqyrMBAwv0sRQ Q5Xd7dWgqn+OfNA9Uk7kkgiIFz3jczbq99+RUOkiKdkUKPXduLG/H2naE0TA5UtCQb9vdQGXeGh /iLQurQ23ySMffwRfipzKbnecM8K0yd/Uxw2RJhI2U70qDSgQF8Atg+bWNFcV04rTyeT9OlZTWy dVskbDoVWlsXh7MiBAfO40mQiJesqCxfKP9pk1nOUmeJacucFBEZpXeYoAG2rFaNA++My+oz1WO d5lDMl3mxzqCjACPy7XZ8= X-Google-Smtp-Source: AGHT+IGEYmtf5UyCmZLOOSPGMZMDsJ6uWauj+yI5/GaJ4MNR6NysYv4OOh6lVMxLOGQMBecx4geSKw== X-Received: by 2002:a05:6a20:3d07:b0:35d:53dc:cb60 with SMTP id adf61e73a8af0-36150e21647mr25470206637.6.1764229671642; Wed, 26 Nov 2025 23:47:51 -0800 (PST) Received: from localhost ([2a03:2880:2ff:9::]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-be4fbb003a1sm1063358a12.8.2025.11.26.23.47.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:51 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:38 -0800 Subject: [PATCH net-next v12 09/12] selftests/vsock: add tests for proc sys vsock ns_mode Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-9-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests for the /proc/sys/net/vsock/ns_mode interface. Namely, that it accepts "global" and "local" strings and enforces a write-once policy. Start a convention of commenting the test name over the test description. Add test name comments over test descriptions that existed before this convention. Add a check_netns() function that checks if the test requires namespaces and if the current kernel supports namespaces. Skip tests that require namespaces if the system does not have namespace support. Add a test to verify that guest VMs with an active G2H transport (virtio-vsock) cannot set namespace mode to 'local'. This validates the mutual exclusion between G2H transports and LOCAL mode. This patch is the first to add tests that do *not* re-use the same shared VM. For that reason, it adds a run_tests() function to run these tests and filter out the shared VM tests. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v12: - remove ns_vm_local_mode_rejected test, due to dropping that constraint Changes in v11: - Document ns_ prefix above TEST_NAMES (Stefano) Changes in v10: - Remove extraneous add_namespaces/del_namespaces calls. - Rename run_tests() to run_ns_tests() since it is designed to only run ns tests. Changes in v9: - add test ns_vm_local_mode_rejected to check that guests cannot use local mode --- tools/testing/selftests/vsock/vmtest.sh | 118 ++++++++++++++++++++++++++++= +++- 1 file changed, 116 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index e32997db322d..28b91b906cdc 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -41,14 +41,38 @@ readonly KERNEL_CMDLINE=3D"\ virtme.ssh virtme_ssh_channel=3Dtcp virtme_ssh_user=3D$USER \ " readonly LOG=3D$(mktemp /tmp/vsock_vmtest_XXXX.log) -readonly TEST_NAMES=3D(vm_server_host_client vm_client_host_server vm_loop= back) + +# Namespace tests must use the ns_ prefix. This is checked in check_netns(= ) and +# is used to determine if a test needs namespace setup before test executi= on. +readonly TEST_NAMES=3D( + vm_server_host_client + vm_client_host_server + vm_loopback + ns_host_vsock_ns_mode_ok + ns_host_vsock_ns_mode_write_once_ok +) readonly TEST_DESCS=3D( + # vm_server_host_client "Run vsock_test in server mode on the VM and in client mode on the host." + + # vm_client_host_server "Run vsock_test in client mode on the VM and in server mode on the host." + + # vm_loopback "Run vsock_test using the loopback transport in the VM." + + # ns_host_vsock_ns_mode_ok + "Check /proc/sys/net/vsock/ns_mode strings on the host." + + # ns_host_vsock_ns_mode_write_once_ok + "Check /proc/sys/net/vsock/ns_mode is write-once on the host." ) =20 -readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly USE_SHARED_VM=3D( + vm_server_host_client + vm_client_host_server + vm_loopback +) readonly NS_MODES=3D("local" "global") =20 VERBOSE=3D0 @@ -205,6 +229,20 @@ check_deps() { fi } =20 +check_netns() { + local tname=3D$1 + + # If the test requires NS support, check if NS support exists + # using /proc/self/ns + if [[ "${tname}" =3D~ ^ns_ ]] && + [[ ! -e /proc/self/ns ]]; then + log_host "No NS support detected for test ${tname}" + return 1 + fi + + return 0 +} + check_vng() { local tested_versions local version @@ -528,6 +566,32 @@ log_guest() { LOG_PREFIX=3Dguest log "$@" } =20 +test_ns_host_vsock_ns_mode_ok() { + for mode in "${NS_MODES[@]}"; do + if ! ns_set_mode "${mode}0" "${mode}"; then + return "${KSFT_FAIL}" + fi + done + + return "${KSFT_PASS}" +} + +test_ns_host_vsock_ns_mode_write_once_ok() { + for mode in "${NS_MODES[@]}"; do + local ns=3D"${mode}0" + if ! ns_set_mode "${ns}" "${mode}"; then + return "${KSFT_FAIL}" + fi + + # try writing again and expect failure + if ns_set_mode "${ns}" "${mode}"; then + return "${KSFT_FAIL}" + fi + done + + return "${KSFT_PASS}" +} + test_vm_server_host_client() { if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" @@ -601,6 +665,11 @@ run_shared_vm_tests() { continue fi =20 + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" "${arg}" + continue + fi + run_shared_vm_test "${arg}" check_result "$?" "${arg}" done @@ -654,6 +723,49 @@ run_shared_vm_test() { return "${rc}" } =20 +run_ns_tests() { + for arg in "${ARGS[@]}"; do + if shared_vm_test "${arg}"; then + continue + fi + + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" "${arg}" + continue + fi + + add_namespaces + + name=3D$(echo "${arg}" | awk '{ print $1 }') + log_host "Executing test_${name}" + + host_oops_before=3D$(dmesg 2>/dev/null | grep -c -i 'Oops') + host_warn_before=3D$(dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsoc= k') + eval test_"${name}" + rc=3D$? + + host_oops_after=3D$(dmesg 2>/dev/null | grep -c -i 'Oops') + if [[ "${host_oops_after}" -gt "${host_oops_before}" ]]; then + echo "FAIL: kernel oops detected on host" | log_host + check_result "${KSFT_FAIL}" "${name}" + del_namespaces + continue + fi + + host_warn_after=3D$(dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock= ') + if [[ "${host_warn_after}" -gt "${host_warn_before}" ]]; then + echo "FAIL: kernel warning detected on host" | log_host + check_result "${KSFT_FAIL}" "${name}" + del_namespaces + continue + fi + + check_result "${rc}" "${name}" + + del_namespaces + done +} + BUILD=3D0 QEMU=3D"qemu-system-$(uname -m)" =20 @@ -699,6 +811,8 @@ if shared_vm_tests_requested "${ARGS[@]}"; then terminate_pidfiles "${pidfile}" fi =20 +run_ns_tests "${ARGS[@]}" + echo "SUMMARY: PASS=3D${cnt_pass} SKIP=3D${cnt_skip} FAIL=3D${cnt_fail}" echo "Log: ${LOG}" =20 --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA15132694B for ; Thu, 27 Nov 2025 07:47:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229679; cv=none; b=u5+9YsBbmqxrcsmKzmmCQ5OfDms+623soXa6caB6qL9jTSeWuUdamtT8SU5kG0TuSlHFNKFLk4kkXrc7SzMR5saMyC1FdjSCmiD2KBg6qKyKIRunC2GxCCsMWPFk7RY9KZCuoYNerpZntw1aV+KCR8YG7SD4+TdJMV92haUfMjw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229679; c=relaxed/simple; bh=+2R3w3S681rnHvviIO0MgWHpMBdTB9OzqHRpjlN2cZg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=KzRa2Lf4VOcOtKX6cw6J2P6xfqbBsc/+1E+Cog3jCTBl5f4CGTiqO3t4v3nuDeFxQ+5npoWcPJvi/OeEsOVpPyd4sZ++UY7xnhFfK52YadznBjbcn91iqeSg8qj9eDU5/WoM32hlzH9xVOddEufgG7VXKorhMWEgf9OAml1Mibg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=kju2PZAu; arc=none smtp.client-ip=209.85.210.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kju2PZAu" Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-7aa9be9f03aso487911b3a.2 for ; Wed, 26 Nov 2025 23:47:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229672; x=1764834472; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=njNVZdo2YcwUcrU7+c1XfJBjEkwYcrP/2uy6YKalASA=; b=kju2PZAuBZ7TglrcObJGqKgNmPOLsUAuiERbEPlkouTrZSOA65gONVkVaPzHTPV0P7 X+ydosXFwx/SyxuFlE6N1uPzPuYmCANqVMp3CZlhZLDeT2/i0CHYuW0JjdcFeUCbQXry iyTyRxEQjj4tMq6Aq4+FOZhBesXyrpcxDpHaJLZZvF/E1VlUjVx1aMnzTsC8w8M7K5fg wl3M3kbSN1ItVix3PgPNZ6MtzHlVubTV0PYodx+9h0rrzgkfdvk0VGUpP96QwxrsSGWV imsqo3ZgifhpksjuRVnNU7HFdiNrRDd8HVY5BTWV2EazOK2SHCMY5wDj90sRVYie1DAL Cu3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229672; x=1764834472; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=njNVZdo2YcwUcrU7+c1XfJBjEkwYcrP/2uy6YKalASA=; b=ZFYN7FxC51FI8W4TN3oJeMdTUqVLZLdoJCEfO2EmaXmnorEnDVzTmLi6BSD6qoEwCA WG6y6ckX0eJ9Zd9yU1QRsqnkA84v3ZxN/FRMn0hlYpIva2isyrVW2PfMZrWzK4iO/6L8 vidP6n04zzTNCIAWewoKMfoezLvdetoE0QCIsULjrr9UWScJcyO9IhgYN6Wkfydu/rh/ uX1mkc2a/1xErgLgOHvEeX5r4l9mZDQURggv7DFRn3gaH8TMYjt1yOt4+/uS7zC3C/8N pZTeAc7RX7SwqqB2NLs625L8V00Raa35iwOIyG3oGdgZrw6mP9ueKDQ/bhaWw0QPoKBO rXew== X-Gm-Message-State: AOJu0YyV+szckEVq4JspH/9gqDIUlV07VT45EbPO7Ei+YeLs8LLHsGRs EaR3kOgyIHKz3O1Kk26YFReq+Lh7iTmkR5buEbu/c7P2av8fp9Mmed6h X-Gm-Gg: ASbGnctdL2b14GLff0Q30yanj/Si3NYMX07kYEGlYQHgGoLUjk9eSuyDSoKnaXo1I61 dn4G9G6rU8MaALzevySqhhMCPXkUbZR9dlzRZ1ozRR+ce9wfy9Vlm5gbitapfphu38o5aUFSJcF b/g8tJk3bci9Uvl3Ibns4EE9ZZrkfdLpqRwypf1FqrR/TDH8Akk0zJ4+kH/CuhRNvBWgUiHJQXI E5eI7KFw5jKvfVVqVQAKHWDFqkuKRP6w4dhZCVsbTkSloE7ECBaXk4gsI0rOFX/y0whXmfxwoPM llb1aSNel5PwMkchpvse4JQB2D6pbkXLkv8vs9Y48yXff5Pl7QRuhuZpmM2U7FA0tguTqGa+yrV Bx8irPp3DuAyZFkVniR3okKUqFbTQxRHWyreHc7w4gTbnUoa7dXpq7XiXPmHojnwjq1YNuNfX7C DnUTCXOaADPhXVaCp9pEI= X-Google-Smtp-Source: AGHT+IEQLozRTu5+aaYZLmpX43UDWknuXMdbfEtxDJQmwd+GQgMyCjfBlGTu04L/oX1PAGiOiTHt+g== X-Received: by 2002:a05:6a00:1383:b0:7b9:7349:4f0f with SMTP id d2e1a72fcca58-7c58988f7camr22478072b3a.0.1764229672558; Wed, 26 Nov 2025 23:47:52 -0800 (PST) Received: from localhost ([2a03:2880:2ff:3::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7d15fcfd0cfsm913324b3a.65.2025.11.26.23.47.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:52 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:39 -0800 Subject: [PATCH net-next v12 10/12] selftests/vsock: add namespace tests for CID collisions Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-10-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to verify CID collision rules across different vsock namespace modes. 1. Two VMs with the same CID cannot start in different global namespaces (ns_global_same_cid_fails) 2. Two VMs with the same CID can start in different local namespaces (ns_local_same_cid_ok) 3. VMs with the same CID can coexist when one is in a global namespace and another is in a local namespace (ns_global_local_same_cid_ok and ns_local_global_same_cid_ok) The tests ns_global_local_same_cid_ok and ns_local_global_same_cid_ok make sure that ordering does not matter. The tests use a shared helper function namespaces_can_boot_same_cid() that attempts to start two VMs with identical CIDs in the specified namespaces and verifies whether VM initialization failed or succeeded. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v11: - check vm_start() rc in namespaces_can_boot_same_cid() (Stefano) - fix ns_local_same_cid_ok() to use local0 and local1 instead of reusing local0 twice. This check should pass, ensuring local namespaces do not collide (Stefano) --- tools/testing/selftests/vsock/vmtest.sh | 78 +++++++++++++++++++++++++++++= ++++ 1 file changed, 78 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 28b91b906cdc..ec18eb5b4ccd 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -50,6 +50,10 @@ readonly TEST_NAMES=3D( vm_loopback ns_host_vsock_ns_mode_ok ns_host_vsock_ns_mode_write_once_ok + ns_global_same_cid_fails + ns_local_same_cid_ok + ns_global_local_same_cid_ok + ns_local_global_same_cid_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -66,6 +70,18 @@ readonly TEST_DESCS=3D( =20 # ns_host_vsock_ns_mode_write_once_ok "Check /proc/sys/net/vsock/ns_mode is write-once on the host." + + # ns_global_same_cid_fails + "Check QEMU fails to start two VMs with same CID in two different global = namespaces." + + # ns_local_same_cid_ok + "Check QEMU successfully starts two VMs with same CID in two different lo= cal namespaces." + + # ns_global_local_same_cid_ok + "Check QEMU successfully starts one VM in a global ns and then another VM= in a local ns with the same CID." + + # ns_local_global_same_cid_ok + "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." ) =20 readonly USE_SHARED_VM=3D( @@ -576,6 +592,68 @@ test_ns_host_vsock_ns_mode_ok() { return "${KSFT_PASS}" } =20 +namespaces_can_boot_same_cid() { + local ns0=3D$1 + local ns1=3D$2 + local pidfile1 pidfile2 + local rc + + pidfile1=3D"$(create_pidfile)" + + # The first VM should be able to start. If it can't then we have + # problems and need to return non-zero. + if ! vm_start "${pidfile1}" "${ns0}"; then + return 1 + fi + + pidfile2=3D"$(create_pidfile)" + vm_start "${pidfile2}" "${ns1}" + rc=3D$? + terminate_pidfiles "${pidfile1}" "${pidfile2}" + + return "${rc}" +} + +test_ns_global_same_cid_fails() { + init_namespaces + + if namespaces_can_boot_same_cid "global0" "global1"; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_local_global_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_global_local_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_local_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "local0" "local1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + test_ns_host_vsock_ns_mode_write_once_ok() { for mode in "${NS_MODES[@]}"; do local ns=3D"${mode}0" --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D2AF327214 for ; Thu, 27 Nov 2025 07:47:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229682; cv=none; b=ET6GjQkzLhe0MOhPRBhG7war9UM0rRYHC3waWDvnRt+jNlQXtq44J3ZRmNUrltDil3DmcBCA7cU1qdUsutBsIGOvYcuH20EfgbiyXZrsgEM2C5dqOpVUI7Mq4R42FWLN/yDlrLGunR4cr+FRfQSMdqV3wjJd73ubYv5Bi0+kqx8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229682; c=relaxed/simple; bh=RHW51DO5rTZXCmS5YBDjzHO25r5cGqwxMTIBVSzYLRg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=aWXJM1WkSW2LfZLNauB+cKrGTEwyzE8aEqQm5KD1wqewgLqnQZ0dUvuAIcWfaQw/CexVoNkPPn7/l9UgfdiVt+pf0E+07Mz5573CFD1Uj1KbF+musS69wgo9m6z/9Tfx4u0TI2gvew2/rbakX647ZrI2l8KPdkxHWENx+GM8J24= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FZvLhUBE; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FZvLhUBE" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-297e982506fso7975065ad.2 for ; Wed, 26 Nov 2025 23:47:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229673; x=1764834473; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=B2K3KiookCYa5UlhQIA8xrMoFGDRgA876yYdEAzk0eY=; b=FZvLhUBEnXMYvENrG6SZNNc4+uVq8xndUqcTKG9vVJX6MxJEZn8c09ga0A+gnMU7X5 gsm7uNv6F/jBTZxXpJ9Fs74idh+LiD3BcSjsXE9unIb7xq+nRScRTtajhMvdv6ylsspg oCVmjJEVxIdyn/SLqYwy09o5ZECdj91QBBBHnbfs71HHnDq9n8cRe+zJ06vsfZHeRmB+ AsRuQmu4FBqW6y6MOCXJ8Mlfz9t3zVrgYmQz6E5lHsXoH9dkojF3UnYM5AWOIgWSQGA3 01MZJ0ZRUcqVX0BEs0/7pS6b9coqgG4Ghk5gQJV+nhIsdjTw7d8lk4JYbAPQuHVwYVIq 10FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229673; x=1764834473; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=B2K3KiookCYa5UlhQIA8xrMoFGDRgA876yYdEAzk0eY=; b=LXCajt4DOHNfFEVVwZiVvlf8LlCWezLcZSk/H1TOyeQC6qC8AEV8D5Jf3tbGxCXgHA HoNZWFyC0VqrzGO7VeFrLJy8rDhXmqXicap82V3zJb5h5GWYDa75gq2+T3lNjJ76xGEb Pf2O7MWjzz7l5QCIWPJXBwsC+hn+79GPnNVWUdPPMaa0IR8FMqXw+QxgeaSbGZOK4od9 j3DQC2btCAnzY/Lw0NU8DPdrzJ2eLAYWt9cUL7sv0YRlkCdozVqFhyxtoOGSnkJTpVyJ 5NdKNKg9WUxGaE5lcsvVKPdzz2zpT+qf5KJl7+aDKY2t0TwPwPGVJmPF7TVUWc0Qr+rW T7rA== X-Gm-Message-State: AOJu0YxIjvqkMBm3/7uRicEfko+N8t6Y/NgxktssgtGMvweTYClYBHRO bzB+mM1ZfpaSul7Q7u/JAyYRN5krX3iFEnOp2HZlZVmIPg3/RM4TGY6j X-Gm-Gg: ASbGncvcQHVmi5vBzjZ/Y95bm2bSjp3TAyY/NurT6wqBzm6U3SI9GRabaRyE40QDr/P +yk4cIieGAM6aYS2yCCLztXW5wfhhpvX1m11WLp89im5Yj7lwkEnsvEM19qkhAqIOYj11ByCRLv l8oPWQhZuZ5iNOtmjv1gjMhvzTkJpKxF/PFFVIVLdeZLnWjVMVYCjcU6CFjlipipQb/+TUNj1zA 1blCSTBtpdQu/aHVLoz3aD9ovimKb3a+45hKBmqKGXiTheVSANVQTigdSPYfa4CK0womS/KfV/g Ki6jKM0myC3WzjjmbnXbQb/2+VQcCOafDDVEl/BIi3fk14GqXELu6f+IY0C1P+jfUMbpvRv8b13 GrfDvKhR+9dtHZ1f1L0+r+2XXm3+LnEYVvDCvOIoUJ6xdplCviviV+cmAMXI3xGF6JRpB8HmVxB kyu8peT33GPQw7piY5RTQ= X-Google-Smtp-Source: AGHT+IG71pGJcWAORP9h/iHRpACmrwj/q9XxcpRw6X0fcaswETBPwkdN4axCiv8W/DfqBJfO6uUGCQ== X-Received: by 2002:a17:903:1b47:b0:295:8662:6a4e with SMTP id d9443c01a7336-29b6bf5c8d5mr266506205ad.47.1764229673520; Wed, 26 Nov 2025 23:47:53 -0800 (PST) Received: from localhost ([2a03:2880:2ff:5::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29bce40ace2sm8873665ad.13.2025.11.26.23.47.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:53 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:40 -0800 Subject: [PATCH net-next v12 11/12] selftests/vsock: add tests for host <-> vm connectivity with namespaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-11-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to validate namespace correctness using vsock_test and socat. The vsock_test tool is used to validate expected success tests, but socat is used for expected failure tests. socat is used to ensure that connections are rejected outright instead of failing due to some other socket behavior (as tested in vsock_test). Additionally, socat is already required for tunneling TCP traffic from vsock_test. Using only one of the vsock_test tests like 'test_stream_client_close_client' would have yielded a similar result, but doing so wouldn't remove the socat dependency. Additionally, check for the dependency socat. socat needs special handling beyond just checking if it is on the path because it must be compiled with support for both vsock and unix. The function check_socat() checks that this support exists. Add more padding to test name printf strings because the tests added in this patch would otherwise overflow. Add vm_dmesg_* helpers to encapsulate checking dmesg for oops and warnings. Add ability to pass extra args to host-side vsock_test so that tests that cause false positives may be skipped with arg --skip. Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v12: - add test skip (vsock_test test 29) when host_vsock_test() uses client mode in a local namespace. Test 29 causes a false positive to trigger. Changes in v11: - add 'sleep "${WAIT_PERIOD}"' after any non-TCP socat LISTEN cmd (Stefano) - add host_wait_for_listener() after any socat TCP-LISTEN (Stefano) - reuse vm_dmesg_{oops,warn}_count() inside vm_dmesg_check() - fix copy-paste in test_ns_same_local_vm_connect_to_local_host_ok() (Stefano) Changes in v10: - add vm_dmesg_start() and vm_dmesg_check() Changes in v9: - consistent variable quoting --- tools/testing/selftests/vsock/vmtest.sh | 572 ++++++++++++++++++++++++++++= +++- 1 file changed, 568 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index ec18eb5b4ccd..da9198dc8ab5 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -7,6 +7,7 @@ # * virtme-ng # * busybox-static (used by virtme-ng) # * qemu (used by virtme-ng) +# * socat # # shellcheck disable=3DSC2317,SC2119 =20 @@ -54,6 +55,19 @@ readonly TEST_NAMES=3D( ns_local_same_cid_ok ns_global_local_same_cid_ok ns_local_global_same_cid_ok + ns_diff_global_host_connect_to_global_vm_ok + ns_diff_global_host_connect_to_local_vm_fails + ns_diff_global_vm_connect_to_global_host_ok + ns_diff_global_vm_connect_to_local_host_fails + ns_diff_local_host_connect_to_local_vm_fails + ns_diff_local_vm_connect_to_local_host_fails + ns_diff_global_to_local_loopback_local_fails + ns_diff_local_to_global_loopback_fails + ns_diff_local_to_local_loopback_fails + ns_diff_global_to_global_loopback_ok + ns_same_local_loopback_ok + ns_same_local_host_connect_to_local_vm_ok + ns_same_local_vm_connect_to_local_host_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -82,6 +96,45 @@ readonly TEST_DESCS=3D( =20 # ns_local_global_same_cid_ok "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." + + # ns_diff_global_host_connect_to_global_vm_ok + "Run vsock_test client in global ns with server in VM in another global n= s." + + # ns_diff_global_host_connect_to_local_vm_fails + "Run socat to test a process in a global ns fails to connect to a VM in a= local ns." + + # ns_diff_global_vm_connect_to_global_host_ok + "Run vsock_test client in VM in a global ns with server in another global= ns." + + # ns_diff_global_vm_connect_to_local_host_fails + "Run socat to test a VM in a global ns fails to connect to a host process= in a local ns." + + # ns_diff_local_host_connect_to_local_vm_fails + "Run socat to test a host process in a local ns fails to connect to a VM = in another local ns." + + # ns_diff_local_vm_connect_to_local_host_fails + "Run socat to test a VM in a local ns fails to connect to a host process = in another local ns." + + # ns_diff_global_to_local_loopback_local_fails + "Run socat to test a loopback vsock in a global ns fails to connect to a = vsock in a local ns." + + # ns_diff_local_to_global_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in a global ns." + + # ns_diff_local_to_local_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in another local ns." + + # ns_diff_global_to_global_loopback_ok + "Run socat to test a loopback vsock in a global ns successfully connects = to a vsock in another global ns." + + # ns_same_local_loopback_ok + "Run socat to test a loopback vsock in a local ns successfully connects t= o a vsock in the same ns." + + # ns_same_local_host_connect_to_local_vm_ok + "Run vsock_test client in a local ns with server in VM in same ns." + + # ns_same_local_vm_connect_to_local_host_ok + "Run vsock_test client in VM in a local ns with server in same ns." ) =20 readonly USE_SHARED_VM=3D( @@ -112,7 +165,7 @@ usage() { for ((i =3D 0; i < ${#TEST_NAMES[@]}; i++)); do name=3D${TEST_NAMES[${i}]} desc=3D${TEST_DESCS[${i}]} - printf "\t%-35s%-35s\n" "${name}" "${desc}" + printf "\t%-55s%-35s\n" "${name}" "${desc}" done echo =20 @@ -231,7 +284,7 @@ check_args() { } =20 check_deps() { - for dep in vng ${QEMU} busybox pkill ssh ss; do + for dep in vng ${QEMU} busybox pkill ssh ss socat; do if [[ ! -x $(command -v "${dep}") ]]; then echo -e "skip: dependency ${dep} not found!\n" exit "${KSFT_SKIP}" @@ -282,6 +335,20 @@ check_vng() { fi } =20 +check_socat() { + local support_string + + support_string=3D"$(socat -V)" + + if [[ "${support_string}" !=3D *"WITH_VSOCK 1"* ]]; then + die "err: socat is missing vsock support" + fi + + if [[ "${support_string}" !=3D *"WITH_UNIX 1"* ]]; then + die "err: socat is missing unix support" + fi +} + handle_build() { if [[ ! "${BUILD}" -eq 1 ]]; then return @@ -330,6 +397,14 @@ terminate_pidfiles() { done } =20 +terminate_pids() { + local pid + + for pid in "$@"; do + kill -SIGTERM "${pid}" &>/dev/null || : + done +} + vm_start() { local pidfile=3D$1 local ns=3D$2 @@ -468,6 +543,28 @@ vm_dmesg_warn_count() { vm_ssh "${ns}" -- dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock' } =20 +vm_dmesg_check() { + local pidfile=3D$1 + local ns=3D$2 + local oops_before=3D$3 + local warn_before=3D$4 + local oops_after warn_after + + oops_after=3D$(vm_dmesg_oops_count "${ns}") + if [[ "${oops_after}" -gt "${oops_before}" ]]; then + echo "FAIL: kernel oops detected on vm in ns ${ns}" | log_host + return 1 + fi + + warn_after=3D$(vm_dmesg_warn_count "${ns}") + if [[ "${warn_after}" -gt "${warn_before}" ]]; then + echo "FAIL: kernel warning detected on vm in ns ${ns}" | log_host + return 1 + fi + + return 0 +} + vm_vsock_test() { local ns=3D$1 local host=3D$2 @@ -511,6 +608,8 @@ host_vsock_test() { local host=3D$2 local cid=3D$3 local port=3D$4 + shift 4 + local extra_args=3D("$@") local rc =20 local cmd=3D"${VSOCK_TEST}" @@ -525,13 +624,15 @@ host_vsock_test() { --mode=3Dclient \ --peer-cid=3D"${cid}" \ --control-host=3D"${host}" \ - --control-port=3D"${port}" 2>&1 | log_host + --control-port=3D"${port}" \ + "${extra_args[@]}" 2>&1 | log_host rc=3D$? else ${cmd} \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ - --control-port=3D"${port}" 2>&1 | log_host & + --control-port=3D"${port}" \ + "${extra_args[@]}" 2>&1 | log_host & rc=3D$? =20 if [[ $rc -ne 0 ]]; then @@ -592,6 +693,468 @@ test_ns_host_vsock_ns_mode_ok() { return "${KSFT_PASS}" } =20 +test_ns_diff_global_host_connect_to_global_vm_ok() { + local oops_before warn_before + local pids pid pidfile + local ns0 ns1 port + declare -a pids + local unixfile + ns0=3D"global0" + ns1=3D"global1" + port=3D1234 + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns0}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + ip netns exec "${ns1}" \ + socat TCP-LISTEN:"${TEST_HOST_PORT}",fork \ + UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + host_wait_for_listener "${ns1}" "${TEST_HOST_PORT}" "tcp" + + ip netns exec "${ns0}" socat UNIX-LISTEN:"${unixfile}",fork \ + TCP-CONNECT:localhost:"${TEST_HOST_PORT}" & + pids+=3D($!) + host_wait_for_listener "${ns0}" "${unixfile}" "unix" + + vm_vsock_test "${ns0}" "server" 2 "${TEST_GUEST_PORT}" + vm_wait_for_listener "${ns0}" "${TEST_GUEST_PORT}" "tcp" + host_vsock_test "${ns1}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pids "${pids[@]}" + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_diff_global_host_connect_to_local_vm_fails() { + local oops_before warn_before + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + outfile=3D$(mktemp) + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns1}"; then + log_host "failed to start vm (cid=3D${VSOCK_CID}, ns=3D${ns0})" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns1}" + oops_before=3D$(vm_dmesg_oops_count "${ns1}") + warn_before=3D$(vm_dmesg_warn_count "${ns1}") + + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + vm_wait_for_listener "${ns1}" "${port}" "vsock" + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + vm_dmesg_check "${pidfile}" "${ns1}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" =3D=3D "TEST" ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_diff_global_vm_connect_to_global_host_ok() { + local oops_before warn_before + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local unixfile + local dmesg_rc + local pidfile + local pids + local rc + + init_namespaces + + declare -a pids + + log_host "Setup socat bridge from ns ${ns0} to ns ${ns1} over port ${port= }" + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + + ip netns exec "${ns0}" \ + socat TCP-LISTEN:"${port}" UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + host_wait_for_listener "${ns0}" "${port}" "tcp" + + ip netns exec "${ns1}" \ + socat UNIX-LISTEN:"${unixfile}" TCP-CONNECT:127.0.0.1:"${port}" & + pids+=3D($!) + host_wait_for_listener "${ns1}" "${unixfile}" "unix" + + log_host "Launching ${VSOCK_TEST} in ns ${ns1}" + host_vsock_test "${ns1}" "server" "${VSOCK_CID}" "${port}" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_vsock_test "${ns0}" "10.0.2.2" 2 "${port}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" + +} + +test_ns_diff_global_vm_connect_to_local_host_fails() { + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local oops_before warn_before + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT &> "${outfile}= " & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pid}" + rm -f "${outfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_host_connect_to_local_vm_fails() { + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local oops_before warn_before + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + outfile=3D$(mktemp) + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns1}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns1}" + oops_before=3D$(vm_dmesg_oops_count "${ns1}") + warn_before=3D$(vm_dmesg_warn_count "${ns1}") + + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + vm_wait_for_listener "${ns1}" "${port}" "vsock" + + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + vm_dmesg_check "${pidfile}" "${ns1}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_vm_connect_to_local_host_fails() { + local oops_before warn_before + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT &> "${outfile}= " & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + rm -f "${outfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +__test_loopback_two_netns() { + local ns0=3D$1 + local ns1=3D$2 + local port=3D12345 + local result + local pid + + modprobe vsock_loopback &> /dev/null || : + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}"= 2>/dev/null & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + log_host "Launching socat in ns ${ns0}" + echo TEST | ip netns exec "${ns0}" socat STDIN VSOCK-CONNECT:1:"${port}" = 2>/dev/null + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" =3D=3D TEST ]]; then + return 0 + fi + + return 1 +} + +test_ns_diff_global_to_local_loopback_local_fails() { + init_namespaces + + if ! __test_loopback_two_netns "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_to_global_loopback_fails() { + init_namespaces + + if ! __test_loopback_two_netns "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_to_local_loopback_fails() { + init_namespaces + + if ! __test_loopback_two_netns "local0" "local1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_global_to_global_loopback_ok() { + init_namespaces + + if __test_loopback_two_netns "global0" "global1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_same_local_loopback_ok() { + init_namespaces + + if __test_loopback_two_netns "local0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_same_local_host_connect_to_local_vm_ok() { + local oops_before warn_before + local ns=3D"local0" + local port=3D1234 + local dmesg_rc + local pidfile + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns}" + oops_before=3D$(vm_dmesg_oops_count "${ns}") + warn_before=3D$(vm_dmesg_warn_count "${ns}") + + vm_vsock_test "${ns}" "server" 2 "${TEST_GUEST_PORT}" + + # Skip test 29 (transport release use-after-free): This test attempts + # binding both G2H and H2G CIDs. Because virtio-vsock (G2H) doesn't + # support local namespaces the test will fail when + # transport_g2h->stream_allow() returns false. This edge case only + # happens for vsock_test in client mode on the host in a local + # namespace. This is a false positive. + host_vsock_test "${ns}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" --= skip=3D29 + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_same_local_vm_connect_to_local_host_ok() { + local oops_before warn_before + local ns=3D"local0" + local port=3D1234 + local dmesg_rc + local pidfile + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns}" + oops_before=3D$(vm_dmesg_oops_count "${ns}") + warn_before=3D$(vm_dmesg_warn_count "${ns}") + + host_vsock_test "${ns}" "server" "${VSOCK_CID}" "${port}" + vm_vsock_test "${ns}" "10.0.2.2" 2 "${port}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + namespaces_can_boot_same_cid() { local ns0=3D$1 local ns1=3D$2 @@ -869,6 +1432,7 @@ fi check_args "${ARGS[@]}" check_deps check_vng +check_socat handle_build =20 echo "1..${#ARGS[@]}" --=20 2.47.3 From nobody Mon Dec 1 22:36:49 2025 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D08332573E for ; Thu, 27 Nov 2025 07:47:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229682; cv=none; b=GwcE28fgBsJyUNPwZrXA2i7IAtSg68wacXXki9Z/NsPm1IKuerXSB+erj4QG/o9wz71eqq/Sw1fSiF2/3E/XWehEjF1MY4/1Z834xOcleTUPu3gB5OIhUWEd6HLCaqDEt+0h3JwPEZNDBsFHbAinw3yI4FA/TJrXCF4RHcbbfdc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764229682; c=relaxed/simple; bh=/Awk+ZNAUSYj37xQmP8u5lLIpYhs6f3jnk3Fa/B/6hw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=GenWWuU0V1XiSu5TEjnAxyv3TC0Y37WWR7p4y/BNFP3NSNzAiL6mfJVA1cZyd7CTMRUnlaSRFsLuwB+uO55wNWTJgFOakOl2iYBHmsxmrEID4+mvlAbacHxgXlqAT9uFUxQEjwH0Xn9Tf0i73Z+OAjHIouaDxCwnWN+skCieWEc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=eYchrPpl; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eYchrPpl" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-29ba9249e9dso6852135ad.3 for ; Wed, 26 Nov 2025 23:47:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764229674; x=1764834474; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=mwxY3RrBqHReoCCTc0CExP42GtobWyxbXrcCgf7a+Ec=; b=eYchrPplPehlVONV2tShm8syxQbikMDbK31X02qr1WFUKIamsItRPtI1KoJAMlc+WK 7hhzsked/rE8gwmwya2BNTeLRguSm5P4ImkNaSpJVXSuVVTzC4K83TlhFwtGtAnkcUSu KR6GbGGdsG4BTCLNMEXJv6bm3TxC/ll1u7RtDkI0FL3LzOJtJoDs/na1zCutCzGiM7o7 W4mzH2UoC+esSVmi5JGiCIPtS+krXRcdby0KC/3iG3wdQ8kvcyuFDqdjSFAVJQuPnV/v NVk11bWY2PFyMOivvcFx4xKmGJaVMcFDDVQMqd7IYNwgePqkKdngzobjcTWUgH7/OQGw Uv5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764229674; x=1764834474; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mwxY3RrBqHReoCCTc0CExP42GtobWyxbXrcCgf7a+Ec=; b=ZT35agNtsDqQiCxtSAR2kGKKDA9YPQ7iHDKjzuqKgsvNvBrWnD5WMg4+DxW15nHZ9x Pgz8eCmgimZxl9ZFYS9I1QTXH5s6JZlPOJD/G0Gd9iKSHxu7yfm0OfsAQ7PEObeZ44Xl cFShcyJJBEe3Xo+xJQaUdzE9YQSsnhcM8sWASwoBR1rnzgQVSFOrNrAPNWDeu+r8EujB M1TsJs9lGt52XiehyXdIc3fO5RVKPCXeqIbL23O3lChCivh3NQ9aPyD74voGC6wuKk4u 7jLd6FBiYz/ke2E8OYV19hlqEfkwYWxL56ggPHhZD1tgBUj9PnCaNe8pXJau5UxU/7+O 8z+Q== X-Gm-Message-State: AOJu0YzeRKUNw/B829a+uEYMGCY9abvEXp/UfNbBCNVaArNzqDveCmwn WxACyZt8sYdN63ezTCPU8tiKGrdlMA8pxhc0ByHgIa1DHspirAFDMaeg X-Gm-Gg: ASbGncs29wAmclWxOxal4yHtoyUX8NsR08CGaqKZy6jzSDvR1gDrUrk9f1Iog8sBvZj UgBMZWKZXuvE9WoFvMssVLVBAXDVDVG+uxnijs1WiH+6ZhKyuGGaqYPd4GtubKX7ZajT5eNvIhN 7i7ZrW/sTesQUfTxzP3uHw8TT772oj94yJ5qnNPH3peAdC3nKHh0ciY3lFVZ4/6AVzm87wx1/uS nMZMbqoqMKTh3nnfbols7gPNinJtKhdbn0w+54jgN201gIcdKzT+LT02sUDIcbG5mdev6d4y61p 3fQEL/DvIlqYwKEqi0LF/3SLnDpRB3LGxsCegonp+IPHHsnCItWcul/ZmD3jtg5F6bNk1Xyn6O0 4g8YvKUVMMF5b0nSrftkuuD80LRXPsJognLuUT8ZPYlgepXnI9mRgwSmECONsoupkD0VL6ZAPOW E+36vm8WDUKSOibllDR0Af X-Google-Smtp-Source: AGHT+IHIlqze70ddD15adUvv30WNku5JRlVK0eu6g7d4TW5+OfNZ6dSJWF3hfK+35WHjCJXw8EQ6FQ== X-Received: by 2002:a17:903:b86:b0:295:4d97:8503 with SMTP id d9443c01a7336-29b6c575180mr257859795ad.30.1764229674412; Wed, 26 Nov 2025 23:47:54 -0800 (PST) Received: from localhost ([2a03:2880:2ff:73::]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29bce477e94sm8648415ad.43.2025.11.26.23.47.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 23:47:54 -0800 (PST) From: Bobby Eshleman Date: Wed, 26 Nov 2025 23:47:41 -0800 Subject: [PATCH net-next v12 12/12] selftests/vsock: add tests for namespace deletion and mode changes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251126-vsock-vmtest-v12-12-257ee21cd5de@meta.com> References: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> In-Reply-To: <20251126-vsock-vmtest-v12-0-257ee21cd5de@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests that validate vsock sockets are resilient to deleting namespaces or changing namespace modes from global to local. The vsock sockets should still function normally. The function check_ns_changes_dont_break_connection() is added to re-use the step-by-step logic of 1) setup connections, 2) do something that would maybe break the connections, 3) check that the connections are still ok. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v11: - remove pipefile (Stefano) Changes in v9: - more consistent shell style - clarify -u usage comment for pipefile --- tools/testing/selftests/vsock/vmtest.sh | 119 ++++++++++++++++++++++++++++= ++++ 1 file changed, 119 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index da9198dc8ab5..a903a0bf66c4 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -68,6 +68,12 @@ readonly TEST_NAMES=3D( ns_same_local_loopback_ok ns_same_local_host_connect_to_local_vm_ok ns_same_local_vm_connect_to_local_host_ok + ns_mode_change_connection_continue_vm_ok + ns_mode_change_connection_continue_host_ok + ns_mode_change_connection_continue_both_ok + ns_delete_vm_ok + ns_delete_host_ok + ns_delete_both_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -135,6 +141,24 @@ readonly TEST_DESCS=3D( =20 # ns_same_local_vm_connect_to_local_host_ok "Run vsock_test client in VM in a local ns with server in same ns." + + # ns_mode_change_connection_continue_vm_ok + "Check that changing NS mode of VM namespace from global to local after a= connection is established doesn't break the connection" + + # ns_mode_change_connection_continue_host_ok + "Check that changing NS mode of host namespace from global to local after= a connection is established doesn't break the connection" + + # ns_mode_change_connection_continue_both_ok + "Check that changing NS mode of host and VM namespaces from global to loc= al after a connection is established doesn't break the connection" + + # ns_delete_vm_ok + "Check that deleting the VM's namespace does not break the socket connect= ion" + + # ns_delete_host_ok + "Check that deleting the host's namespace does not break the socket conne= ction" + + # ns_delete_both_ok + "Check that deleting the VM and host's namespaces does not break the sock= et connection" ) =20 readonly USE_SHARED_VM=3D( @@ -1274,6 +1298,101 @@ test_vm_loopback() { return "${KSFT_PASS}" } =20 +check_ns_changes_dont_break_connection() { + local pipefile pidfile outfile + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local pids=3D() + local rc=3D0 + + init_namespaces + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + return "${KSFT_FAIL}" + fi + vm_wait_for_ssh "${ns0}" + + outfile=3D$(mktemp) + vm_ssh "${ns0}" -- \ + socat VSOCK-LISTEN:"${port}",fork STDOUT > "${outfile}" 2>/dev/null & + pids+=3D($!) + vm_wait_for_listener "${ns0}" "${port}" "vsock" + + # We use a pipe here so that we can echo into the pipe instead of using + # socat and a unix socket file. We just need a name for the pipe (not a + # regular file) so use -u. + pipefile=3D$(mktemp -u /tmp/vmtest_pipe_XXXX) + ip netns exec "${ns1}" \ + socat PIPE:"${pipefile}" VSOCK-CONNECT:"${VSOCK_CID}":"${port}" & + pids+=3D($!) + + timeout "${WAIT_PERIOD}" \ + bash -c 'while [[ ! -e '"${pipefile}"' ]]; do sleep 1; done; exit 0' + + if [[ $2 =3D=3D "delete" ]]; then + if [[ "$1" =3D=3D "vm" ]]; then + ip netns del "${ns0}" + elif [[ "$1" =3D=3D "host" ]]; then + ip netns del "${ns1}" + elif [[ "$1" =3D=3D "both" ]]; then + ip netns del "${ns0}" + ip netns del "${ns1}" + fi + elif [[ $2 =3D=3D "change_mode" ]]; then + if [[ "$1" =3D=3D "vm" ]]; then + ns_set_mode "${ns0}" "local" + elif [[ "$1" =3D=3D "host" ]]; then + ns_set_mode "${ns1}" "local" + elif [[ "$1" =3D=3D "both" ]]; then + ns_set_mode "${ns0}" "local" + ns_set_mode "${ns1}" "local" + fi + fi + + echo "TEST" > "${pipefile}" + + timeout "${WAIT_PERIOD}" \ + bash -c 'while [[ ! -s '"${outfile}"' ]]; do sleep 1; done; exit 0' + + if grep -q "TEST" "${outfile}"; then + rc=3D"${KSFT_PASS}" + else + rc=3D"${KSFT_FAIL}" + fi + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${outfile}" "${pipefile}" + + return "${rc}" +} + +test_ns_mode_change_connection_continue_vm_ok() { + check_ns_changes_dont_break_connection "vm" "change_mode" +} + +test_ns_mode_change_connection_continue_host_ok() { + check_ns_changes_dont_break_connection "host" "change_mode" +} + +test_ns_mode_change_connection_continue_both_ok() { + check_ns_changes_dont_break_connection "both" "change_mode" +} + +test_ns_delete_vm_ok() { + check_ns_changes_dont_break_connection "vm" "delete" +} + +test_ns_delete_host_ok() { + check_ns_changes_dont_break_connection "host" "delete" +} + +test_ns_delete_both_ok() { + check_ns_changes_dont_break_connection "both" "delete" +} + shared_vm_test() { local tname =20 --=20 2.47.3