From nobody Mon Feb 9 01:20:53 2026 Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0236A274FDC for ; Wed, 24 Dec 2025 00:29:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766536153; cv=none; b=IEB1pycq80tp+C2htI5Fll+oyOxIz4aoWQPyUgCXTZEVFzl1nN0bL0TrntqbKFFACg5LJcm+sNLWRyTBTpUh8kgC29qhd5zCHUpc3/KboJJAgyEgRP9sPO3OcvXTbzsNey6U2/NNh/yAwySA4roOSuNvIP8DtBX88YjefdkMTxU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766536153; c=relaxed/simple; bh=6QUmPXIiGL+410murstvYOrCrrfblNae9n8rzJVPgNE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=UMDWWTY/TpahyUJhRgIq6GD5IATu4KJrv/xLYjuiW77+hJknAH7/+RooEl65fAQDdS7Fi6pmWK2dnGM86YJORHOzRo6AYufh2kTRxeQ4wEwPmOOP4Cpzhudwqon+7xIHpIHhfS6P8OvMxVn1x3lC7d7rQlj+VFmGDz28a+enXTw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MP/uMwUV; arc=none smtp.client-ip=209.85.210.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MP/uMwUV" Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-7b9387df58cso8851789b3a.3 for ; Tue, 23 Dec 2025 16:29:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766536146; x=1767140946; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=rQmVHUP1pyOgb3jgFlt+9dq9N6/cw4hdbt8Er7EM9Cw=; b=MP/uMwUVd33VVkNQXgK4iQ+l+ZjYxyvPH5dMEZLMZbVt2i8VoG+Y6J8iVEzrRW0qae 7Ihw+NEK/qeAjj93pVkhWlldibwu3Uzt5Y6Huuf43MbT4Hr+BbgafPXdu4Hq7Acj+cOE xSugxdTJxAn5pFcN1ip1Phixbn0mE5HLjs47voseB/yL5+aZZgih3Ug2gx6WtDkG4NrU xWqlQc7bNhntugOAt8u3/UKSUrkfytBysLvylHWzre9GL5gCOrOSJmB/awKye5CJdK8p 6ocyMFJYYONIYsntOomXCNUHp+TcBYyOYlEuMA0FkvcQe+0M9kZWiNX4vVFrs87hg5FK 6ttw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766536146; x=1767140946; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=rQmVHUP1pyOgb3jgFlt+9dq9N6/cw4hdbt8Er7EM9Cw=; b=uF/Cd3OvmkCucbVmm2Cw5sZs7o4TheYcHfFh6mRwp9tJW70P2EmCq9vrBRWQI/6Mgt 62TnRdJe7ngdraZBnZQOq2wS69T+gmTIHNZB1/ID74WkKSLC68bmf5oIha35SbG5H2OZ IFqCyo0Qp8fG1+WHsghHmxjX3Yph0/rHPbX30hR6Ve78DTT0keFbj+oPACARJ6rPfaOH LzfdZS0b7hjIeLjru9DiBpi6IMD3DuGRtcn97NEyLkJcHrN2MX6O9Nwal6UcInExBZKK uTQ3n2a5Mzq3Y1ApYgjFxF++aD3RcKN+pfYTDs2K9KG5+pUK3UdoS7dkXwpBw2aO4r52 RBbQ== X-Gm-Message-State: AOJu0Ywab0NbzFwjDU0sCQJJSFZZK4OWfgCMskB5yaxmn7H8a17zLaiN yDAVvLbLF6/t8GS39pdrDOTuUgiXsC61e0zYTLIDvjiynLmd3gekWNCe X-Gm-Gg: AY/fxX79UVyRZh50Jil4srD/WBt5sSpaclesUQI+VG7JTVMwD7W2gQFlSA2hpRQxDNy DsyQuqGLKGxOaM+lATk6lF1NdN6zozzt5N5iAcx6HPY/U7u4LDtoxWoQJwLv3U9Pk4btkU6GAYG iDyWNUQeMALxIm1EV/+7dTOKsIKih9cWL5zzuXlYp3d8WvTbo0+bOzuc4XyryF8AOkIAWFiXjDF cZ8TZbuh2fjgf9d+2OgutOdhBUhx1US7u6nFJw5eTdBDrXA7iaThMtZlb8e83oM/wCt70+rXuBX KLdTCUq+WAFMaqjTDTyIp8tubqUgAj+T4n9OFTj0gXgmY5DoO6sBpFX1COlM+pOJjyhNYfN8FS+ ciNe/TZ/u5DgQlsN86ssAQfuUTj8fW1eGmsfv69cbylGx7JvpYync8gdURnuPHQ3+cfx1X5F/Wd hcbm7NV2Q7jqd22MOc+C1p X-Google-Smtp-Source: AGHT+IFumnafalLOtC3U+OthHSSkJyXLk9uPmQi6VhZ8FKCPfETUT8MKNlhUlX6TF/xbrqoNYzMNsQ== X-Received: by 2002:a05:6a00:bc90:b0:7e8:450c:61ad with SMTP id d2e1a72fcca58-7ff67063905mr15234546b3a.68.1766536146471; Tue, 23 Dec 2025 16:29:06 -0800 (PST) Received: from localhost ([2a03:2880:2ff:70::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7ff7eb85f15sm14844998b3a.68.2025.12.23.16.29.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 16:29:06 -0800 (PST) From: Bobby Eshleman Date: Tue, 23 Dec 2025 16:28:44 -0800 Subject: [PATCH RFC net-next v13 10/13] selftests/vsock: add tests for proc sys vsock ns_mode Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251223-vsock-vmtest-v13-10-9d6db8e7c80b@meta.com> References: <20251223-vsock-vmtest-v13-0-9d6db8e7c80b@meta.com> In-Reply-To: <20251223-vsock-vmtest-v13-0-9d6db8e7c80b@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests for the /proc/sys/net/vsock/{ns_mode,child_ns_mode} interfaces. Namely, that they accept/report "global" and "local" strings and enforce their access policies. Start a convention of commenting the test name over the test description. Add test name comments over test descriptions that existed before this convention. Add a check_netns() function that checks if the test requires namespaces and if the current kernel supports namespaces. Skip tests that require namespaces if the system does not have namespace support. This patch is the first to add tests that do *not* re-use the same shared VM. For that reason, it adds a run_ns_tests() function to run these tests and filter out the shared VM tests. Signed-off-by: Bobby Eshleman --- Changes in v13: - remove write-once test ns_host_vsock_ns_mode_write_once_ok to reflect removing the write-once policy - add child_ns_mode test test_ns_host_vsock_child_ns_mode_ok - modify test_ns_host_vsock_ns_mode_ok() to check that the correct mode was inherited from child_ns_mode Changes in v12: - remove ns_vm_local_mode_rejected test, due to dropping that constraint Changes in v11: - Document ns_ prefix above TEST_NAMES (Stefano) Changes in v10: - Remove extraneous add_namespaces/del_namespaces calls. - Rename run_tests() to run_ns_tests() since it is designed to only run ns tests. Changes in v9: - add test ns_vm_local_mode_rejected to check that guests cannot use local mode --- tools/testing/selftests/vsock/vmtest.sh | 140 ++++++++++++++++++++++++++++= +++- 1 file changed, 138 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 0e681d4c3a15..38785a102236 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -41,14 +41,38 @@ readonly KERNEL_CMDLINE=3D"\ virtme.ssh virtme_ssh_channel=3Dtcp virtme_ssh_user=3D$USER \ " readonly LOG=3D$(mktemp /tmp/vsock_vmtest_XXXX.log) -readonly TEST_NAMES=3D(vm_server_host_client vm_client_host_server vm_loop= back) + +# Namespace tests must use the ns_ prefix. This is checked in check_netns(= ) and +# is used to determine if a test needs namespace setup before test executi= on. +readonly TEST_NAMES=3D( + vm_server_host_client + vm_client_host_server + vm_loopback + ns_host_vsock_ns_mode_ok + ns_host_vsock_child_ns_mode_ok +) readonly TEST_DESCS=3D( + # vm_server_host_client "Run vsock_test in server mode on the VM and in client mode on the host." + + # vm_client_host_server "Run vsock_test in client mode on the VM and in server mode on the host." + + # vm_loopback "Run vsock_test using the loopback transport in the VM." + + # ns_host_vsock_ns_mode_ok + "Check /proc/sys/net/vsock/ns_mode strings on the host." + + # ns_host_vsock_child_ns_mode_ok + "Check /proc/sys/net/vsock/ns_mode is read-only and child_ns_mode is writ= able." ) =20 -readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly USE_SHARED_VM=3D( + vm_server_host_client + vm_client_host_server + vm_loopback +) readonly NS_MODES=3D("local" "global") =20 VERBOSE=3D0 @@ -196,6 +220,20 @@ check_deps() { fi } =20 +check_netns() { + local tname=3D$1 + + # If the test requires NS support, check if NS support exists + # using /proc/self/ns + if [[ "${tname}" =3D~ ^ns_ ]] && + [[ ! -e /proc/self/ns ]]; then + log_host "No NS support detected for test ${tname}" + return 1 + fi + + return 0 +} + check_vng() { local tested_versions local version @@ -519,6 +557,54 @@ log_guest() { LOG_PREFIX=3Dguest log "$@" } =20 +ns_get_mode() { + local ns=3D$1 + + ip netns exec "${ns}" cat /proc/sys/net/vsock/ns_mode 2>/dev/null +} + +test_ns_host_vsock_ns_mode_ok() { + for mode in "${NS_MODES[@]}"; do + local actual + + actual=3D$(ns_get_mode "${mode}0") + if [[ "${actual}" !=3D "${mode}" ]]; then + log_host "expected mode ${mode}, got ${actual}" + return "${KSFT_FAIL}" + fi + done + + return "${KSFT_PASS}" +} + +test_ns_host_vsock_child_ns_mode_ok() { + local orig_mode + local rc + + orig_mode=3D$(cat /proc/sys/net/vsock/child_ns_mode) + + rc=3D"${KSFT_PASS}" + for mode in "${NS_MODES[@]}"; do + local ns=3D"${mode}0" + + if echo "${mode}" 2>/dev/null > /proc/sys/net/vsock/ns_mode; then + log_host "ns_mode should be read-only but write succeeded" + rc=3D"${KSFT_FAIL}" + continue + fi + + if ! echo "${mode}" > /proc/sys/net/vsock/child_ns_mode; then + log_host "child_ns_mode should be writable to ${mode}" + rc=3D"${KSFT_FAIL}" + continue + fi + done + + echo "${orig_mode}" > /proc/sys/net/vsock/child_ns_mode + + return "${rc}" +} + test_vm_server_host_client() { if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" @@ -592,6 +678,11 @@ run_shared_vm_tests() { continue fi =20 + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" "${arg}" + continue + fi + run_shared_vm_test "${arg}" check_result "$?" "${arg}" done @@ -645,6 +736,49 @@ run_shared_vm_test() { return "${rc}" } =20 +run_ns_tests() { + for arg in "${ARGS[@]}"; do + if shared_vm_test "${arg}"; then + continue + fi + + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" "${arg}" + continue + fi + + add_namespaces + + name=3D$(echo "${arg}" | awk '{ print $1 }') + log_host "Executing test_${name}" + + host_oops_before=3D$(dmesg 2>/dev/null | grep -c -i 'Oops') + host_warn_before=3D$(dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsoc= k') + eval test_"${name}" + rc=3D$? + + host_oops_after=3D$(dmesg 2>/dev/null | grep -c -i 'Oops') + if [[ "${host_oops_after}" -gt "${host_oops_before}" ]]; then + echo "FAIL: kernel oops detected on host" | log_host + check_result "${KSFT_FAIL}" "${name}" + del_namespaces + continue + fi + + host_warn_after=3D$(dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock= ') + if [[ "${host_warn_after}" -gt "${host_warn_before}" ]]; then + echo "FAIL: kernel warning detected on host" | log_host + check_result "${KSFT_FAIL}" "${name}" + del_namespaces + continue + fi + + check_result "${rc}" "${name}" + + del_namespaces + done +} + BUILD=3D0 QEMU=3D"qemu-system-$(uname -m)" =20 @@ -690,6 +824,8 @@ if shared_vm_tests_requested "${ARGS[@]}"; then terminate_pidfiles "${pidfile}" fi =20 +run_ns_tests "${ARGS[@]}" + echo "SUMMARY: PASS=3D${cnt_pass} SKIP=3D${cnt_skip} FAIL=3D${cnt_fail}" echo "Log: ${LOG}" =20 --=20 2.47.3