From nobody Sun Feb 8 05:42:42 2026 Received: from mail-qv1-f42.google.com (mail-qv1-f42.google.com [209.85.219.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CF6C2DCF7B for ; Fri, 16 Jan 2026 23:27:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768606061; cv=none; b=LDL38Uy6z3rJ/fZAiLQgUhTFc9hA6BscJ/cro6ny7vh5xXXRXRNLdejWEmsnvx1NO5Qswa138AcpG45GAXRciuqyCFpC/MkGGIsJSdVE7S+nNF8aDc9l+pwr6r7B8tz3A3lkkw1So46cv6KXraXGLi+fv2RK6jqPItY63eNXNnM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768606061; c=relaxed/simple; bh=iWhx534wqtQNl1nxF2sFcEqz8ZHOjdK0bgb8yXgcfu8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=oWpcvAKXulNl+14O+mXx9C7qJrbVzvlkaha+TW+WTQgL/zrEHU/ZD1V5pDuPRvu8R3qHctiLWA384QKwUiotDZERrgPbqdIhCXQnNdgmcHusBapLXwfO3H6AVAfBfODFLJmrjCuJ5NnwRPm4Q9dmFDOAZ9ChWiQJuDxjsuyGlMk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DEE6fW4N; arc=none smtp.client-ip=209.85.219.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DEE6fW4N" Received: by mail-qv1-f42.google.com with SMTP id 6a1803df08f44-8888546d570so32646256d6.2 for ; Fri, 16 Jan 2026 15:27:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768606058; x=1769210858; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Bz5SQh4ZUAGs5FOQH9D0Ss9v/z0FeDQKGW44xhNAZ6Q=; b=DEE6fW4NaSM3X8HD3iYqMMMFgAKgGH8C0BdFvydD69mdJIiRA576hpZvf1dEQ0iDmY gS+ZcISAWnAcd3fD9vE9c6fGAZWGH16WogiAmE9jQKR09dVtsojwbPcCsrDPfHeyMcXm pwmLSrSoDcuw5I2v+oU30NWEz3VaXXe+mHNiLykeHgDdPysf1ru+6dbpDn2bzULB32V8 9BaCRuHJqvL904nkY4Nthllr+/cL6iEMciw/Nkx/KR+shlWB3kpBQ5HHG9UAxQz19QJH BsvUoTKop8T6d9gpGGPS85F97+M53ELpa0vu/98fYY/TPJTpUbx33sp5fqtv4mZ03pdD XA7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768606058; x=1769210858; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Bz5SQh4ZUAGs5FOQH9D0Ss9v/z0FeDQKGW44xhNAZ6Q=; b=JNi7ToMxaHPMJScsKF9hV35mT5lu3Wb7t5aZuChGCh+QzVHFwgwQsYm6aXjrhxZxIf B+UdjCZdL4sLI98/UFeS6uzbOHHloOkhMxz3L4vI6nqvVbHj2yTPL0RSs7M3W8Oi1kwL Abu9zEJQw/ZClB8x6+TcWxrbiji5dt+Vag1f5toj8Xrh01Um5E2c16v71igvnn4qkDQe qLqgNq8TtWVD700vmu8pLZjKczEAS4WkEL1hZOpxPg4XrFucA+mu4ZQsFBkTSFhJIChq Ac9Eis4hukFspKHYZwJEvf4zq5/ubO7KW8Z12hhicEeqP6llm4HOpAGTbunmRS+CHIY4 zsGQ== X-Gm-Message-State: AOJu0Yzj7APtCh50PzcV3AwoJu8YbY0txNCKtV88KKM3Mhq7DmUIex9J Rr/Z2FsLfCXjmFijZl56cGQ42Ouy5cdyWjH+xXT4sNhzNrXrLnnqAeok X-Gm-Gg: AY/fxX7z8ljMrdmVKHDVPc4LH0ovmyGJmkKoz/XTQvwMgRYAp2c2HZK5Cty+eCK2wNl fnwHO54ZY0KqRxJ8IsHxxccdKc9qNJYY5W0rfMxPTa9uHlvk2d2P0csf9VxPxlzc/FHb9ejywD9 hnsCK7BV5A29lwrecy3oM6Ngc8/T8xKWmYIoOjw2+pp99mhlya/SPfUJ5t5B0wwHxrmPrn2kUHd eh+5P2QZTntlRJxaedv+702JIyO6uG6Titil0cK+v2NeL+W9GbZ+fCBeA36Z3Xgz7xFIyIoIKZR LiKRTLBKoJf+lP4AXgPRfBVsYiqvvEJY1do4W9ITsIGBz5kvG/I5dJr3P+foJh5S8gdv38RK7j2 +y4N7uFP5DXJ+hI5X0y43IfU1JyUAXEEkl6ACGkdPMtU/8MOAjKJghiRKjD+CZqx+gE+xa0dorR TYUtyACAjH X-Received: by 2002:a05:690c:660d:b0:78f:f362:ec4b with SMTP id 00721157ae682-793c67e8f8emr30304037b3.36.1768598943673; Fri, 16 Jan 2026 13:29:03 -0800 (PST) Received: from localhost ([2a03:2880:25ff:9::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c66c708fsm13466837b3.3.2026.01.16.13.29.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:03 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:41 -0800 Subject: [PATCH net-next v15 01/12] vsock: add netns to vsock core Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-1-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add netns logic to vsock core. Additionally, modify transport hook prototypes to be used by later transport-specific patches (e.g., *_seqpacket_allow()). Namespaces are supported primarily by changing socket lookup functions (e.g., vsock_find_connected_socket()) to take into account the socket namespace and the namespace mode before considering a candidate socket a "match". This patch also introduces the sysctl /proc/sys/net/vsock/ns_mode to report the mode and /proc/sys/net/vsock/child_ns_mode to set the mode for new namespaces. Add netns functionality (initialization, passing to transports, procfs, etc...) to the af_vsock socket layer. Later patches that add netns support to transports depend on this patch. dgram_allow(), stream_allow(), and seqpacket_allow() callbacks are modified to take a vsk in order to perform logic on namespace modes. In future patches, the net will also be used for socket lookups in these functions. Signed-off-by: Bobby Eshleman Reviewed-by: Stefano Garzarella Suggested-by: Sargun Dhillon --- Changes in v15: - make static port in __vsock_bind_connectible per-netns - remove __net_initdata because we want the ops beyond just boot - add vsock_init_ns_mode kernel cmdline parameter to set init ns mode - use if (ret || !write) in __vsock_net_mode_string() (Stefano) - add vsock_net_mode_global() (Stefano) - hide !net =3D=3D VSOCK_NET_MODE_GLOBAL inside vsock_net_mode() (Stefano) - clarify af_vsock.c comments on ns_mode/child_ns_mode (Stefano) Changes in v14: - include linux/sysctl.h in af_vsock.c - squash patch 'vsock: add per-net vsock NS mode state' into this patch (prior version can be found here): https://lore.kernel.org/all/20251223-vsock-vmtest-v13-1-9d6db8e7c80b@meta= .com/) Changes in v13: - remove net_mode and replace with direct accesses to net->vsock.mode, since this is now immutable. - update comments about mode behavior and mutability, and sysctl API - only pass NULL for net when wanting global, instead of net_mode =3D=3D VSOCK_NET_MODE_GLOBAL. This reflects the new logic of vsock_net_check_mode() that only requires net pointers (not net_mode). - refactor sysctl string code into a re-usable function, because child_ns_mode and ns_mode both handle the same strings. - remove redundant vsock_net_init(&init_net) call in module init because pernet registration calls the callback on the init_net too Changes in v12: - return true in dgram_allow(), stream_allow(), and seqpacket_allow() only if net_mode =3D=3D VSOCK_NET_MODE_GLOBAL (Stefano) - document bind(VMADDR_CID_ANY) case in af_vsock.c (Stefano) - change order of stream_allow() call in vmci so we can pass vsk to it Changes in v10: - add file-level comment about what happens to sockets/devices when the namespace mode changes (Stefano) - change the 'if (write)' boolean in vsock_net_mode_string() to if (!write), this simplifies a later patch which adds "goto" for mutex unlocking on function exit. Changes in v9: - remove virtio_vsock_alloc_rx_skb() (Stefano) - remove vsock_global_dummy_net, not needed as net=3DNULL + net_mode=3DVSOCK_NET_MODE_GLOBAL achieves identical result Changes in v7: - hv_sock: fix hyperv build error - explain why vhost does not use the dummy - explain usage of __vsock_global_dummy_net - explain why VSOCK_NET_MODE_STR_MAX is 8 characters - use switch-case in vsock_net_mode_string() - avoid changing transports as much as possible - add vsock_find_{bound,connected}_socket_net() - rename `vsock_hdr` to `sysctl_hdr` - add virtio_vsock_alloc_linear_skb() wrapper for setting dummy net and global mode for virtio-vsock, move skb->cb zero-ing into wrapper - explain seqpacket_allow() change - move net setting to __vsock_create() instead of vsock_create() so that child sockets also have their net assigned upon accept() Changes in v6: - unregister sysctl ops in vsock_exit() - af_vsock: clarify description of CID behavior - af_vsock: fix buf vs buffer naming, and length checking - af_vsock: fix length checking w/ correct ctl_table->maxlen Changes in v5: - vsock_global_net() -> vsock_global_dummy_net() - update comments for new uAPI - use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode - add prototype changes so patch remains compilable --- Documentation/admin-guide/kernel-parameters.txt | 14 + MAINTAINERS | 1 + drivers/vhost/vsock.c | 6 +- include/linux/virtio_vsock.h | 4 +- include/net/af_vsock.h | 61 ++++- include/net/net_namespace.h | 4 + include/net/netns/vsock.h | 21 ++ net/vmw_vsock/af_vsock.c | 328 ++++++++++++++++++++= ++-- net/vmw_vsock/hyperv_transport.c | 7 +- net/vmw_vsock/virtio_transport.c | 9 +- net/vmw_vsock/virtio_transport_common.c | 6 +- net/vmw_vsock/vmci_transport.c | 26 +- net/vmw_vsock/vsock_loopback.c | 8 +- 13 files changed, 444 insertions(+), 51 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentatio= n/admin-guide/kernel-parameters.txt index a8d0afde7f85..b6e3bfe365a1 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -8253,6 +8253,20 @@ Kernel parameters them quite hard to use for exploits but might break your system. =20 + vsock_init_ns_mode=3D + [KNL,NET] Set the vsock namespace mode for the init + (root) network namespace. + + global [default] The init namespace operates in + global mode where CIDs are system-wide and + sockets can communicate across global + namespaces. + + local The init namespace operates in local mode + where CIDs are private to the namespace and + sockets can only communicate within the same + namespace. + vt.color=3D [VT] Default text color. Format: 0xYX, X =3D foreground, Y =3D background. Default: 0x07 =3D light gray on black. diff --git a/MAINTAINERS b/MAINTAINERS index afc71089ba09..c48a2e047686 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -27557,6 +27557,7 @@ L: netdev@vger.kernel.org S: Maintained F: drivers/vhost/vsock.c F: include/linux/virtio_vsock.h +F: include/net/netns/vsock.h F: include/uapi/linux/virtio_vsock.h F: net/vmw_vsock/virtio_transport.c F: net/vmw_vsock/virtio_transport_common.c diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 552cfb53498a..647ded6f6ea5 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -407,7 +407,8 @@ static bool vhost_transport_msgzerocopy_allow(void) return true; } =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid); +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); =20 static struct virtio_transport vhost_transport =3D { .transport =3D { @@ -463,7 +464,8 @@ static struct virtio_transport vhost_transport =3D { .send_pkt =3D vhost_transport_send_pkt, }; =20 -static bool vhost_transport_seqpacket_allow(u32 remote_cid) +static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid) { struct vhost_vsock *vsock; bool seqpacket_allow =3D false; diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 0c67543a45c8..1845e8d4f78d 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -256,10 +256,10 @@ void virtio_transport_notify_buffer_size(struct vsock= _sock *vsk, u64 *val); =20 u64 virtio_transport_stream_rcvhiwat(struct vsock_sock *vsk); bool virtio_transport_stream_is_active(struct vsock_sock *vsk); -bool virtio_transport_stream_allow(u32 cid, u32 port); +bool virtio_transport_stream_allow(struct vsock_sock *vsk, u32 cid, u32 po= rt); int virtio_transport_dgram_bind(struct vsock_sock *vsk, struct sockaddr_vm *addr); -bool virtio_transport_dgram_allow(u32 cid, u32 port); +bool virtio_transport_dgram_allow(struct vsock_sock *vsk, u32 cid, u32 por= t); =20 int virtio_transport_connect(struct vsock_sock *vsk); =20 diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h index d40e978126e3..d3ff48a2fbe0 100644 --- a/include/net/af_vsock.h +++ b/include/net/af_vsock.h @@ -10,6 +10,7 @@ =20 #include #include +#include #include #include =20 @@ -124,7 +125,7 @@ struct vsock_transport { size_t len, int flags); int (*dgram_enqueue)(struct vsock_sock *, struct sockaddr_vm *, struct msghdr *, size_t len); - bool (*dgram_allow)(u32 cid, u32 port); + bool (*dgram_allow)(struct vsock_sock *vsk, u32 cid, u32 port); =20 /* STREAM. */ /* TODO: stream_bind() */ @@ -136,14 +137,14 @@ struct vsock_transport { s64 (*stream_has_space)(struct vsock_sock *); u64 (*stream_rcvhiwat)(struct vsock_sock *); bool (*stream_is_active)(struct vsock_sock *); - bool (*stream_allow)(u32 cid, u32 port); + bool (*stream_allow)(struct vsock_sock *vsk, u32 cid, u32 port); =20 /* SEQ_PACKET. */ ssize_t (*seqpacket_dequeue)(struct vsock_sock *vsk, struct msghdr *msg, int flags); int (*seqpacket_enqueue)(struct vsock_sock *vsk, struct msghdr *msg, size_t len); - bool (*seqpacket_allow)(u32 remote_cid); + bool (*seqpacket_allow)(struct vsock_sock *vsk, u32 remote_cid); u32 (*seqpacket_has_data)(struct vsock_sock *vsk); =20 /* Notification. */ @@ -216,6 +217,11 @@ void vsock_remove_connected(struct vsock_sock *vsk); struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr); struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, struct sockaddr_vm *dst); +struct sock *vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net); +struct sock *vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, + struct net *net); void vsock_remove_sock(struct vsock_sock *vsk); void vsock_for_each_connected_socket(struct vsock_transport *transport, void (*fn)(struct sock *sk)); @@ -256,4 +262,53 @@ static inline bool vsock_msgzerocopy_allow(const struc= t vsock_transport *t) { return t->msgzerocopy_allow && t->msgzerocopy_allow(); } + +static inline enum vsock_net_mode vsock_net_mode(struct net *net) +{ + if (!net) + return VSOCK_NET_MODE_GLOBAL; + + return READ_ONCE(net->vsock.mode); +} + +static inline bool vsock_net_mode_global(struct vsock_sock *vsk) +{ + return vsock_net_mode(sock_net(sk_vsock(vsk))) =3D=3D VSOCK_NET_MODE_GLOB= AL; +} + +static inline void vsock_net_set_child_mode(struct net *net, + enum vsock_net_mode mode) +{ + WRITE_ONCE(net->vsock.child_ns_mode, mode); +} + +static inline enum vsock_net_mode vsock_net_child_mode(struct net *net) +{ + return READ_ONCE(net->vsock.child_ns_mode); +} + +/* Return true if two namespaces pass the mode rules. Otherwise, return fa= lse. + * + * A NULL namespace is treated as VSOCK_NET_MODE_GLOBAL. + * + * Read more about modes in the comment header of net/vmw_vsock/af_vsock.c. + */ +static inline bool vsock_net_check_mode(struct net *ns0, struct net *ns1) +{ + enum vsock_net_mode mode0, mode1; + + /* Any vsocks within the same network namespace are always reachable, + * regardless of the mode. + */ + if (net_eq(ns0, ns1)) + return true; + + mode0 =3D vsock_net_mode(ns0); + mode1 =3D vsock_net_mode(ns1); + + /* Different namespaces are only reachable if they are both + * global mode. + */ + return mode0 =3D=3D VSOCK_NET_MODE_GLOBAL && mode0 =3D=3D mode1; +} #endif /* __AF_VSOCK_H__ */ diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index cb664f6e3558..66d3de1d935f 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -196,6 +197,9 @@ struct net { /* Move to a better place when the config guard is removed. */ struct mutex rtnl_mutex; #endif +#if IS_ENABLED(CONFIG_VSOCKETS) + struct netns_vsock vsock; +#endif } __randomize_layout; =20 #include diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h new file mode 100644 index 000000000000..b34d69a22fa8 --- /dev/null +++ b/include/net/netns/vsock.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __NET_NET_NAMESPACE_VSOCK_H +#define __NET_NET_NAMESPACE_VSOCK_H + +#include + +enum vsock_net_mode { + VSOCK_NET_MODE_GLOBAL, + VSOCK_NET_MODE_LOCAL, +}; + +struct netns_vsock { + struct ctl_table_header *sysctl_hdr; + + /* protected by the vsock_table_lock in af_vsock.c */ + u32 port; + + enum vsock_net_mode mode; + enum vsock_net_mode child_ns_mode; +}; +#endif /* __NET_NET_NAMESPACE_VSOCK_H */ diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index a3505a4dcee0..3fc8160d51df 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -83,6 +83,48 @@ * TCP_ESTABLISHED - connected * TCP_CLOSING - disconnecting * TCP_LISTEN - listening + * + * - Namespaces in vsock support two different modes: "local" and "global". + * Each mode defines how the namespace interacts with CIDs. + * Each namespace exposes two sysctl files: + * + * - /proc/sys/net/vsock/ns_mode (read-only) reports the current namespa= ce's + * mode, which is set at namespace creation and immutable thereafter. + * - /proc/sys/net/vsock/child_ns_mode (writable) controls what mode fut= ure + * child namespaces will inherit when created. The default is "global". + * + * Changing child_ns_mode only affects newly created namespaces, not the + * current namespace or existing children. At namespace creation, ns_mode + * is inherited from the parent's child_ns_mode. + * + * The modes affect the allocation and accessibility of CIDs as follows: + * + * - global - access and allocation are all system-wide + * - all CID allocation from global namespaces draw from the same + * system-wide pool. + * - if one global namespace has already allocated some CID, another + * global namespace will not be able to allocate the same CID. + * - global mode AF_VSOCK sockets can reach any VM or socket in any g= lobal + * namespace, they are not contained to only their own namespace. + * - AF_VSOCK sockets in a global mode namespace cannot reach VMs or + * sockets in any local mode namespace. + * - local - access and allocation are contained within the namespace + * - CID allocation draws only from a private pool local only to the + * namespace, and does not affect the CIDs available for allocation = in any + * other namespace (global or local). + * - VMs in a local namespace do not collide with CIDs in any other lo= cal + * namespace or any global namespace. For example, if a VM in a loca= l mode + * namespace is given CID 10, then CID 10 is still available for + * allocation in any other namespace, but not in the same namespace. + * - AF_VSOCK sockets in a local mode namespace can connect only to VM= s or + * other sockets within their own namespace. + * - sockets bound to VMADDR_CID_ANY in local namespaces will never re= solve + * to any transport that is not compatible with local mode. There is= no + * error that propagates to the user (as there is for connection att= empts) + * because it is possible for some packet to reach this socket from + * a different transport that *does* support local mode. For + * example, virtio-vsock may not support local mode, but the socket + * may still accept a connection from vhost-vsock which does. */ =20 #include @@ -100,20 +142,31 @@ #include #include #include +#include #include #include #include #include #include #include +#include #include #include #include #include #include +#include #include #include =20 +#define VSOCK_NET_MODE_STR_GLOBAL "global" +#define VSOCK_NET_MODE_STR_LOCAL "local" + +/* 6 chars for "global", 1 for null-terminator, and 1 more for '\n'. + * The newline is added by proc_dostring() for read operations. + */ +#define VSOCK_NET_MODE_STR_MAX 8 + static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr); static void vsock_sk_destruct(struct sock *sk); static int vsock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); @@ -149,6 +202,21 @@ static const struct vsock_transport *transport_dgram; static const struct vsock_transport *transport_local; static DEFINE_MUTEX(vsock_register_mutex); =20 +static enum vsock_net_mode vsock_init_ns_mode =3D VSOCK_NET_MODE_GLOBAL; + +#ifndef MODULE +static int __init vsock_init_ns_mode_setup(char *str) +{ + if (!strcmp(str, VSOCK_NET_MODE_STR_LOCAL)) + vsock_init_ns_mode =3D VSOCK_NET_MODE_LOCAL; + else if (!strcmp(str, VSOCK_NET_MODE_STR_GLOBAL)) + vsock_init_ns_mode =3D VSOCK_NET_MODE_GLOBAL; + + return 1; +} +__setup("vsock_init_ns_mode=3D", vsock_init_ns_mode_setup); +#endif + /**** UTILS ****/ =20 /* Each bound VSocket is stored in the bind hash table and each connected @@ -235,33 +303,42 @@ static void __vsock_remove_connected(struct vsock_soc= k *vsk) sock_put(&vsk->sk); } =20 -static struct sock *__vsock_find_bound_socket(struct sockaddr_vm *addr) +static struct sock *__vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_bound_sockets(addr), bound_table) { - if (vsock_addr_equals_addr(addr, &vsk->local_addr)) - return sk_vsock(vsk); + struct sock *sk =3D sk_vsock(vsk); + + if (vsock_addr_equals_addr(addr, &vsk->local_addr) && + vsock_net_check_mode(sock_net(sk), net)) + return sk; =20 if (addr->svm_port =3D=3D vsk->local_addr.svm_port && (vsk->local_addr.svm_cid =3D=3D VMADDR_CID_ANY || - addr->svm_cid =3D=3D VMADDR_CID_ANY)) - return sk_vsock(vsk); + addr->svm_cid =3D=3D VMADDR_CID_ANY) && + vsock_net_check_mode(sock_net(sk), net)) + return sk; } =20 return NULL; } =20 -static struct sock *__vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) +static struct sock * +__vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, struct net *net) { struct vsock_sock *vsk; =20 list_for_each_entry(vsk, vsock_connected_sockets(src, dst), connected_table) { + struct sock *sk =3D sk_vsock(vsk); + if (vsock_addr_equals_addr(src, &vsk->remote_addr) && - dst->svm_port =3D=3D vsk->local_addr.svm_port) { - return sk_vsock(vsk); + dst->svm_port =3D=3D vsk->local_addr.svm_port && + vsock_net_check_mode(sock_net(sk), net)) { + return sk; } } =20 @@ -304,12 +381,13 @@ void vsock_remove_connected(struct vsock_sock *vsk) } EXPORT_SYMBOL_GPL(vsock_remove_connected); =20 -struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +struct sock *vsock_find_bound_socket_net(struct sockaddr_vm *addr, + struct net *net) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_bound_socket(addr); + sk =3D __vsock_find_bound_socket_net(addr, net); if (sk) sock_hold(sk); =20 @@ -317,15 +395,22 @@ struct sock *vsock_find_bound_socket(struct sockaddr_= vm *addr) =20 return sk; } +EXPORT_SYMBOL_GPL(vsock_find_bound_socket_net); + +struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr) +{ + return vsock_find_bound_socket_net(addr, NULL); +} EXPORT_SYMBOL_GPL(vsock_find_bound_socket); =20 -struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, - struct sockaddr_vm *dst) +struct sock *vsock_find_connected_socket_net(struct sockaddr_vm *src, + struct sockaddr_vm *dst, + struct net *net) { struct sock *sk; =20 spin_lock_bh(&vsock_table_lock); - sk =3D __vsock_find_connected_socket(src, dst); + sk =3D __vsock_find_connected_socket_net(src, dst, net); if (sk) sock_hold(sk); =20 @@ -333,6 +418,13 @@ struct sock *vsock_find_connected_socket(struct sockad= dr_vm *src, =20 return sk; } +EXPORT_SYMBOL_GPL(vsock_find_connected_socket_net); + +struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, + struct sockaddr_vm *dst) +{ + return vsock_find_connected_socket_net(src, dst, NULL); +} EXPORT_SYMBOL_GPL(vsock_find_connected_socket); =20 void vsock_remove_sock(struct vsock_sock *vsk) @@ -528,7 +620,7 @@ int vsock_assign_transport(struct vsock_sock *vsk, stru= ct vsock_sock *psk) =20 if (sk->sk_type =3D=3D SOCK_SEQPACKET) { if (!new_transport->seqpacket_allow || - !new_transport->seqpacket_allow(remote_cid)) { + !new_transport->seqpacket_allow(vsk, remote_cid)) { module_put(new_transport->module); return -ESOCKTNOSUPPORT; } @@ -676,11 +768,11 @@ static void vsock_pending_work(struct work_struct *wo= rk) static int __vsock_bind_connectible(struct vsock_sock *vsk, struct sockaddr_vm *addr) { - static u32 port; + struct net *net =3D sock_net(sk_vsock(vsk)); struct sockaddr_vm new_addr; =20 - if (!port) - port =3D get_random_u32_above(LAST_RESERVED_PORT); + if (!net->vsock.port) + net->vsock.port =3D get_random_u32_above(LAST_RESERVED_PORT); =20 vsock_addr_init(&new_addr, addr->svm_cid, addr->svm_port); =20 @@ -689,13 +781,13 @@ static int __vsock_bind_connectible(struct vsock_sock= *vsk, unsigned int i; =20 for (i =3D 0; i < MAX_PORT_RETRIES; i++) { - if (port =3D=3D VMADDR_PORT_ANY || - port <=3D LAST_RESERVED_PORT) - port =3D LAST_RESERVED_PORT + 1; + if (net->vsock.port =3D=3D VMADDR_PORT_ANY || + net->vsock.port <=3D LAST_RESERVED_PORT) + net->vsock.port =3D LAST_RESERVED_PORT + 1; =20 - new_addr.svm_port =3D port++; + new_addr.svm_port =3D net->vsock.port++; =20 - if (!__vsock_find_bound_socket(&new_addr)) { + if (!__vsock_find_bound_socket_net(&new_addr, net)) { found =3D true; break; } @@ -712,7 +804,7 @@ static int __vsock_bind_connectible(struct vsock_sock *= vsk, return -EACCES; } =20 - if (__vsock_find_bound_socket(&new_addr)) + if (__vsock_find_bound_socket_net(&new_addr, net)) return -EADDRINUSE; } =20 @@ -1314,7 +1406,7 @@ static int vsock_dgram_sendmsg(struct socket *sock, s= truct msghdr *msg, goto out; } =20 - if (!transport->dgram_allow(remote_addr->svm_cid, + if (!transport->dgram_allow(vsk, remote_addr->svm_cid, remote_addr->svm_port)) { err =3D -EINVAL; goto out; @@ -1355,7 +1447,7 @@ static int vsock_dgram_connect(struct socket *sock, if (err) goto out; =20 - if (!vsk->transport->dgram_allow(remote_addr->svm_cid, + if (!vsk->transport->dgram_allow(vsk, remote_addr->svm_cid, remote_addr->svm_port)) { err =3D -EINVAL; goto out; @@ -1585,7 +1677,7 @@ static int vsock_connect(struct socket *sock, struct = sockaddr_unsized *addr, * endpoints. */ if (!transport || - !transport->stream_allow(remote_addr->svm_cid, + !transport->stream_allow(vsk, remote_addr->svm_cid, remote_addr->svm_port)) { err =3D -ENETUNREACH; goto out; @@ -2662,6 +2754,180 @@ static struct miscdevice vsock_device =3D { .fops =3D &vsock_device_ops, }; =20 +static int __vsock_net_mode_string(const struct ctl_table *table, int writ= e, + void *buffer, size_t *lenp, loff_t *ppos, + enum vsock_net_mode mode, + enum vsock_net_mode *new_mode) +{ + char data[VSOCK_NET_MODE_STR_MAX] =3D {0}; + struct ctl_table tmp; + int ret; + + if (!table->data || !table->maxlen || !*lenp) { + *lenp =3D 0; + return 0; + } + + tmp =3D *table; + tmp.data =3D data; + + if (!write) { + const char *p; + + switch (mode) { + case VSOCK_NET_MODE_GLOBAL: + p =3D VSOCK_NET_MODE_STR_GLOBAL; + break; + case VSOCK_NET_MODE_LOCAL: + p =3D VSOCK_NET_MODE_STR_LOCAL; + break; + default: + WARN_ONCE(true, "netns has invalid vsock mode"); + *lenp =3D 0; + return 0; + } + + strscpy(data, p, sizeof(data)); + tmp.maxlen =3D strlen(p); + } + + ret =3D proc_dostring(&tmp, write, buffer, lenp, ppos); + if (ret || !write) + return ret; + + if (*lenp >=3D sizeof(data)) + return -EINVAL; + + if (!strncmp(data, VSOCK_NET_MODE_STR_GLOBAL, sizeof(data))) + *new_mode =3D VSOCK_NET_MODE_GLOBAL; + else if (!strncmp(data, VSOCK_NET_MODE_STR_LOCAL, sizeof(data))) + *new_mode =3D VSOCK_NET_MODE_LOCAL; + else + return -EINVAL; + + return 0; +} + +static int vsock_net_mode_string(const struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + struct net *net; + + if (write) + return -EPERM; + + net =3D current->nsproxy->net_ns; + + return __vsock_net_mode_string(table, write, buffer, lenp, ppos, + vsock_net_mode(net), NULL); +} + +static int vsock_net_child_mode_string(const struct ctl_table *table, int = write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + enum vsock_net_mode new_mode; + struct net *net; + int ret; + + net =3D current->nsproxy->net_ns; + + ret =3D __vsock_net_mode_string(table, write, buffer, lenp, ppos, + vsock_net_child_mode(net), &new_mode); + if (ret) + return ret; + + if (write) + vsock_net_set_child_mode(net, new_mode); + + return 0; +} + +static struct ctl_table vsock_table[] =3D { + { + .procname =3D "ns_mode", + .data =3D &init_net.vsock.mode, + .maxlen =3D VSOCK_NET_MODE_STR_MAX, + .mode =3D 0444, + .proc_handler =3D vsock_net_mode_string + }, + { + .procname =3D "child_ns_mode", + .data =3D &init_net.vsock.child_ns_mode, + .maxlen =3D VSOCK_NET_MODE_STR_MAX, + .mode =3D 0644, + .proc_handler =3D vsock_net_child_mode_string + }, +}; + +static int __net_init vsock_sysctl_register(struct net *net) +{ + struct ctl_table *table; + + if (net_eq(net, &init_net)) { + table =3D vsock_table; + } else { + table =3D kmemdup(vsock_table, sizeof(vsock_table), GFP_KERNEL); + if (!table) + goto err_alloc; + + table[0].data =3D &net->vsock.mode; + table[1].data =3D &net->vsock.child_ns_mode; + } + + net->vsock.sysctl_hdr =3D register_net_sysctl_sz(net, "net/vsock", table, + ARRAY_SIZE(vsock_table)); + if (!net->vsock.sysctl_hdr) + goto err_reg; + + return 0; + +err_reg: + if (!net_eq(net, &init_net)) + kfree(table); +err_alloc: + return -ENOMEM; +} + +static void vsock_sysctl_unregister(struct net *net) +{ + const struct ctl_table *table; + + table =3D net->vsock.sysctl_hdr->ctl_table_arg; + unregister_net_sysctl_table(net->vsock.sysctl_hdr); + if (!net_eq(net, &init_net)) + kfree(table); +} + +static void vsock_net_init(struct net *net) +{ + if (net_eq(net, &init_net)) + net->vsock.mode =3D vsock_init_ns_mode; + else + net->vsock.mode =3D vsock_net_child_mode(current->nsproxy->net_ns); + + net->vsock.child_ns_mode =3D VSOCK_NET_MODE_GLOBAL; +} + +static __net_init int vsock_sysctl_init_net(struct net *net) +{ + vsock_net_init(net); + + if (vsock_sysctl_register(net)) + return -ENOMEM; + + return 0; +} + +static __net_exit void vsock_sysctl_exit_net(struct net *net) +{ + vsock_sysctl_unregister(net); +} + +static struct pernet_operations vsock_sysctl_ops =3D { + .init =3D vsock_sysctl_init_net, + .exit =3D vsock_sysctl_exit_net, +}; + static int __init vsock_init(void) { int err =3D 0; @@ -2689,10 +2955,17 @@ static int __init vsock_init(void) goto err_unregister_proto; } =20 + if (register_pernet_subsys(&vsock_sysctl_ops)) { + err =3D -ENOMEM; + goto err_unregister_sock; + } + vsock_bpf_build_proto(); =20 return 0; =20 +err_unregister_sock: + sock_unregister(AF_VSOCK); err_unregister_proto: proto_unregister(&vsock_proto); err_deregister_misc: @@ -2706,6 +2979,7 @@ static void __exit vsock_exit(void) misc_deregister(&vsock_device); sock_unregister(AF_VSOCK); proto_unregister(&vsock_proto); + unregister_pernet_subsys(&vsock_sysctl_ops); } =20 const struct vsock_transport *vsock_core_get_transport(struct vsock_sock *= vsk) diff --git a/net/vmw_vsock/hyperv_transport.c b/net/vmw_vsock/hyperv_transp= ort.c index 432fcbbd14d4..c3010c874308 100644 --- a/net/vmw_vsock/hyperv_transport.c +++ b/net/vmw_vsock/hyperv_transport.c @@ -570,7 +570,7 @@ static int hvs_dgram_enqueue(struct vsock_sock *vsk, return -EOPNOTSUPP; } =20 -static bool hvs_dgram_allow(u32 cid, u32 port) +static bool hvs_dgram_allow(struct vsock_sock *vsk, u32 cid, u32 port) { return false; } @@ -745,8 +745,11 @@ static bool hvs_stream_is_active(struct vsock_sock *vs= k) return hvs->chan !=3D NULL; } =20 -static bool hvs_stream_allow(u32 cid, u32 port) +static bool hvs_stream_allow(struct vsock_sock *vsk, u32 cid, u32 port) { + if (!vsock_net_mode_global(vsk)) + return false; + if (cid =3D=3D VMADDR_CID_HOST) return true; =20 diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index 8c867023a2e5..f0a9e51118f3 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -536,7 +536,8 @@ static bool virtio_transport_msgzerocopy_allow(void) return true; } =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid); +static bool virtio_transport_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); =20 static struct virtio_transport virtio_transport =3D { .transport =3D { @@ -593,11 +594,15 @@ static struct virtio_transport virtio_transport =3D { .can_msgzerocopy =3D virtio_transport_can_msgzerocopy, }; =20 -static bool virtio_transport_seqpacket_allow(u32 remote_cid) +static bool +virtio_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { struct virtio_vsock *vsock; bool seqpacket_allow; =20 + if (!vsock_net_mode_global(vsk)) + return false; + seqpacket_allow =3D false; rcu_read_lock(); vsock =3D rcu_dereference(the_virtio_vsock); diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index dcc8a1d5851e..fdb8f5b3fa60 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1043,9 +1043,9 @@ bool virtio_transport_stream_is_active(struct vsock_s= ock *vsk) } EXPORT_SYMBOL_GPL(virtio_transport_stream_is_active); =20 -bool virtio_transport_stream_allow(u32 cid, u32 port) +bool virtio_transport_stream_allow(struct vsock_sock *vsk, u32 cid, u32 po= rt) { - return true; + return vsock_net_mode(sock_net(sk_vsock(vsk))) =3D=3D VSOCK_NET_MODE_GLOB= AL; } EXPORT_SYMBOL_GPL(virtio_transport_stream_allow); =20 @@ -1056,7 +1056,7 @@ int virtio_transport_dgram_bind(struct vsock_sock *vs= k, } EXPORT_SYMBOL_GPL(virtio_transport_dgram_bind); =20 -bool virtio_transport_dgram_allow(u32 cid, u32 port) +bool virtio_transport_dgram_allow(struct vsock_sock *vsk, u32 cid, u32 por= t) { return false; } diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c index 7eccd6708d66..00f6bbdb035a 100644 --- a/net/vmw_vsock/vmci_transport.c +++ b/net/vmw_vsock/vmci_transport.c @@ -646,13 +646,17 @@ static int vmci_transport_recv_dgram_cb(void *data, s= truct vmci_datagram *dg) return VMCI_SUCCESS; } =20 -static bool vmci_transport_stream_allow(u32 cid, u32 port) +static bool vmci_transport_stream_allow(struct vsock_sock *vsk, u32 cid, + u32 port) { static const u32 non_socket_contexts[] =3D { VMADDR_CID_LOCAL, }; int i; =20 + if (!vsock_net_mode_global(vsk)) + return false; + BUILD_BUG_ON(sizeof(cid) !=3D sizeof(*non_socket_contexts)); =20 for (i =3D 0; i < ARRAY_SIZE(non_socket_contexts); i++) { @@ -682,12 +686,10 @@ static int vmci_transport_recv_stream_cb(void *data, = struct vmci_datagram *dg) err =3D VMCI_SUCCESS; bh_process_pkt =3D false; =20 - /* Ignore incoming packets from contexts without sockets, or resources - * that aren't vsock implementations. + /* Ignore incoming packets from resources that aren't vsock + * implementations. */ - - if (!vmci_transport_stream_allow(dg->src.context, -1) - || vmci_transport_peer_rid(dg->src.context) !=3D dg->src.resource) + if (vmci_transport_peer_rid(dg->src.context) !=3D dg->src.resource) return VMCI_ERROR_NO_ACCESS; =20 if (VMCI_DG_SIZE(dg) < sizeof(*pkt)) @@ -749,6 +751,12 @@ static int vmci_transport_recv_stream_cb(void *data, s= truct vmci_datagram *dg) goto out; } =20 + /* Ignore incoming packets from contexts without sockets. */ + if (!vmci_transport_stream_allow(vsk, dg->src.context, -1)) { + err =3D VMCI_ERROR_NO_ACCESS; + goto out; + } + /* We do most everything in a work queue, but let's fast path the * notification of reads and writes to help data transfer performance. * We can only do this if there is no process context code executing @@ -1784,8 +1792,12 @@ static int vmci_transport_dgram_dequeue(struct vsock= _sock *vsk, return err; } =20 -static bool vmci_transport_dgram_allow(u32 cid, u32 port) +static bool vmci_transport_dgram_allow(struct vsock_sock *vsk, u32 cid, + u32 port) { + if (!vsock_net_mode_global(vsk)) + return false; + if (cid =3D=3D VMADDR_CID_HYPERVISOR) { /* Registrations of PBRPC Servers do not modify VMX/Hypervisor * state and are allowed. diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index bc2ff918b315..deff68c64a09 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -46,7 +46,8 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *v= sk) return 0; } =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid); +static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, + u32 remote_cid); static bool vsock_loopback_msgzerocopy_allow(void) { return true; @@ -106,9 +107,10 @@ static struct virtio_transport loopback_transport =3D { .send_pkt =3D vsock_loopback_send_pkt, }; =20 -static bool vsock_loopback_seqpacket_allow(u32 remote_cid) +static bool +vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { - return true; + return vsock_net_mode_global(vsk); } =20 static void vsock_loopback_work(struct work_struct *work) --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yw1-f175.google.com (mail-yw1-f175.google.com [209.85.128.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B3903074AE for ; Fri, 16 Jan 2026 21:29:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598947; cv=none; b=MaXuWBcz96jWt9OjbP0sFkDFW2DWMMG9f4GMiwFM1wCtIDXbDthNyQgsud21rbMg4aXmrMtae9rwO1xo/Ru+1eY+UzroKx1Ks3lD0hmDrnlJ9ohvsC29WDxme/nm00ox17q82cHqT23Fn0S1EgKlqX8Dapp+wu0wQ9unQvZWPxw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598947; c=relaxed/simple; bh=vD964Lj1wPSOw/16ssWykcRPX0KDwrhlz4wvw7+NTyw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=lP3gcQ3dUmsbHFzfSL01ZmuODQz9DylhY690dSD2DwgdaFy/RzwXtyMcvUlsP4Im2MM8Z/HyZMhkXiumcLJh2+Ch3I7YmArJjcSWtaJbKBVH7HwBiAduoCtpGb4CtNBja6Vi3Cvz7uWbqKZUdRwcgRAN2zi2pNEj/n5dWZ8aGN8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BqwvUnlN; arc=none smtp.client-ip=209.85.128.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BqwvUnlN" Received: by mail-yw1-f175.google.com with SMTP id 00721157ae682-78e6dc6d6d7so25868687b3.3 for ; Fri, 16 Jan 2026 13:29:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598944; x=1769203744; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=N0yb8kb1LkqAc5YpKYa8ha5gJygHDPK65XDs8oEX3qw=; b=BqwvUnlNPCKikTxYdL+5w8XOT82LgQ0+ssDXjKCFsQOiOEKeiqpdAFz8/CE93RQl5v /GVKF15nii0G6eKA5oQ8s22PMA7hztwgG5qgQDLIW3i5knksl747rL2nTy6hhVXHGHFy vQNhM17LwHRwZEtAqwkm6d5i5P1xIbrGPD8eDjNZCCEMNSMK8p6XUwSj1NxI0l7Ym5ZV S3Lxo/tw3O96guydkObG3nLyxKn7r9U0oaRjAvCLmJ8qQ1uCYYurSraB70Sj03AnAvXI WkOkTK0q3z508sBiWTyQ8VqmEyUTD1pndtwVGYmkBN5icbbVkvQOfNR9KCBiKYMzS1wK NxkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598944; x=1769203744; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=N0yb8kb1LkqAc5YpKYa8ha5gJygHDPK65XDs8oEX3qw=; b=bPE88KxT4ndC7QxJ4M7AgKWK+gcxsRsCGocwXZ2La1LTC43BC8N5MT8AMjp323iLYq 7SC+ZYWnGE9PVzGjt48+0GbmBb00eGj0Rhr++xYD7zUUjyvL2NyiU9BHA8aeJTuQXGua w4I0/7A/dob8bmhzn6VhEqZqT23B99s8HQeeRN1kHv7BWPAi2o0T9BPDjsAzt72utzbt mDgp0yGvv/yavorcZyL9CoYT2tjGZCTfVBGR8IDs/ukfP23h8/A99Hen7BaCchr5FXij RTZcdjFtyMVBW93VXPlNcn61PBfiBkF30fP2v1Ue7pM3ZN2cQWVG1ir6v7jBs7HT9ExE 2uBA== X-Gm-Message-State: AOJu0Yzui9Zgf7d5qYMkH+KM/K3mEOka/rb/RQnbQJMSzyinVwNEkOPl PvzPh+6xlop9AHbDuuN8b7v4XVGqio0fBYLIcCbTAwMK6XCS6xU1FYVP X-Gm-Gg: AY/fxX5i512RHME3XRnJ8Ys886zKdHf9fDQ106+NADpObT+UupyU/UKwMkYquJFeUmb wgtwrepuIci6vo3TkzkdwNkqo35hkLje+SLUNg6yPPtOYGEkHPs/avUCV0HXcEK4t5USXJq+NrK mqAyVmIrHDonxYAu0hobadxLmtIO2QC6w2UkP01nkykz6+sRwvedFHwu5xVlM3ulsFMbhpNGyCk dqMVPO+wNATyi1UOk+HAlkrYv6iL2RScLGgdh/s4nZb6AcPHEUZvVh2KNcskatrfZCwU7BS9DZf /ukbNZQ6Rkn1Dby3J4EZFqn3JbCAzpAdDNqI+Eb445SWaHvxZX15fGdfWdFjEny9ezmKlpElacj qS1bPaATQ7SeSZq8L121f1KONwrJ3MysMhDFWw6Zzv/L2QoaBe2Zyy/s0jJHUMM6pqkJr+TVBEB Lc5piGBCNejA== X-Received: by 2002:a05:690c:39d:b0:78c:2916:3f0a with SMTP id 00721157ae682-793c66b8eb1mr33268517b3.7.1768598944439; Fri, 16 Jan 2026 13:29:04 -0800 (PST) Received: from localhost ([2a03:2880:25ff:5d::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c66c729fsm13186297b3.12.2026.01.16.13.29.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:04 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:42 -0800 Subject: [PATCH net-next v15 02/12] virtio: set skb owner of virtio_transport_reset_no_sock() reply Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-2-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Associate reply packets with the sending socket. When vsock must reply with an RST packet and there exists a sending socket (e.g., for loopback), setting the skb owner to the socket correctly handles reference counting between the skb and sk (i.e., the sk stays alive until the skb is freed). This allows the net namespace to be used for socket lookups for the duration of the reply skb's lifetime, preventing race conditions between the namespace lifecycle and vsock socket search using the namespace pointer. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v11: - move before adding to netns support (Stefano) Changes in v10: - break this out into its own patch for easy revert (Stefano) --- net/vmw_vsock/virtio_transport_common.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index fdb8f5b3fa60..718be9f33274 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -1165,6 +1165,12 @@ static int virtio_transport_reset_no_sock(const stru= ct virtio_transport *t, .op =3D VIRTIO_VSOCK_OP_RST, .type =3D le16_to_cpu(hdr->type), .reply =3D true, + + /* Set sk owner to socket we are replying to (may be NULL for + * non-loopback). This keeps a reference to the sock and + * sock_net(sk) until the reply skb is freed. + */ + .vsk =3D vsock_sk(skb->sk), }; struct sk_buff *reply; =20 --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yw1-f175.google.com (mail-yw1-f175.google.com [209.85.128.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AB4C3093B6 for ; Fri, 16 Jan 2026 21:29:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598950; cv=none; b=kpSVx3hPratDh8q0LnHLxSoZi0KV4LnHMI7pnu7uwRSygxunijS4XoE40/D61rnLN522642y8g3JTAUEQ3ur4WVOLs9yH0vkv8+eAqnWBlZz2BLtckE7iFsjd4omF4RewYjeBAXazU/88x+im5QTf4hvlamsbwWl7rD/29sCjCI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598950; c=relaxed/simple; bh=lNb9Eg57ytObaScZAe62mQOXXzXVW5c4yKUiSDBUQi4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Y+Ro8a5gHZfS4/On5Kh/W6/F6Bg7PShybsGSXVvV5F2FlKwg7L0fduZ2xls1H1aNijf6tDeHZ2+zfDVixM383RDeC7Jq21PpuoI8lg4dXu6VDvVbBFuTGDcbSZ2PlpBLgL+JLw9U36H1gXnX3SaAGmO0AaJLrHRTiKDWx10GqgM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=h5p2nTt/; arc=none smtp.client-ip=209.85.128.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="h5p2nTt/" Received: by mail-yw1-f175.google.com with SMTP id 00721157ae682-793ae293fadso24436467b3.0 for ; Fri, 16 Jan 2026 13:29:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598945; x=1769203745; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=uONM9R1vWVCK1JuGiTjfe4v8F/dT89vztLBtuJnLKqI=; b=h5p2nTt/YFTwcjrh9BtBEBDUcQv4VS2JJ3h44SBI5q9Rxd/PspwsPNJ7ZPgnk+5o7U 4nBSrzdoHAF1w4ZiEgoA184GtteijSQSHqLJvAGtuYFj6+KvPDW/PI83mSvAcM6E2JVZ WYyvxrfB0cNL1LAUNA+4osbZwFI8bDP481zBLKHeO+k2tvcyKByWHEjWPqavpuapgzAx f7JBUbW2/3+8CraD+gMaz6B2GKWLFxy9p5GC5htXTy6zLTLPRZuNuFBDjOtOcV8TvJo1 2iPJO6zsNCdxppi3nycjnA6ZXWQRCKRv7XqKWpDxbTMiMZ6N768t6qyaCDc4CcNu39Dg zlQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598945; x=1769203745; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uONM9R1vWVCK1JuGiTjfe4v8F/dT89vztLBtuJnLKqI=; b=s+zHiNttXMbAuC4Ygl1YnNato6MDlEnmWIxwmd29sOhxZuo9TOMO8PH0r2brXhWS6J ApNdSF7vvWfTUotyY0ipCoc7MIX5FZuTbr9Ft2wgLGQdxslEhjwWQvgjShi/QbOeO374 fbX/BfVPlF2nin/3DOXSv5wLlFAnBoFhrxY3ii26BR4QJ7u499rXW58ZBEGWlMSsvTKC 6ooy49Jk1X9FdWm4rKQ/YGLS+AXayTQijGUb08iTIpgytGMZdYn9rjPDoGrM/wzsug+r 6U1K0oRhAkyUPtyGeOR9UmVprsN2zaSZIP/Tb+9DchHpyzJJ0g5h1S4hs7Rl5y/uhxPn 1Rmw== X-Gm-Message-State: AOJu0YwdnQNvOKHmSf8FKONdpJ/kgPlhl87bmV2Xe7qd0W2os5ezgXCI XLS9FfY7WgDLY+ONhBFIMYMkbm4NXeJLk3qctEapO3daOehyPH7/Ccq4 X-Gm-Gg: AY/fxX6ebvpsoNNNVCt0JMVNJb0UBL2aorFf4jClVfzCZ5CxdbpdNvLmhknyrZJjpSH yVJ3QCy0vqNvxAtuKwhf6Wab6ShLKoBQCYgihjIF60dXkratWrixm1Nc7tL3kfPKNc1gDPF6h0m NWHl+Q72nlldmkAdTPc5Oh7+ytusE3b72u5oYiv24DOISWBfN00ZE04lRMO3YrIHyhVySFaMB5F uNeeTMYO+by5W0DZd7zYnMmKWwiS5Aw2//Vbi+149MfW9QrMUSDw/wO6aXQiKIvPMaajHTeQv/K FdEMDJ9cjWGd4WL7nZnsohvA/kVlbZ+A6C9FpacUr2qFskBwjyrHLl8ljkjE0/Vc/MtwVmd224W VSAwQ62L0ibkn5Zkx8YTZF6YSUwDJLNVKVN/dq/imsmvj8YQ1aay9bWTtTOx5rIJiPTxflTa5Q/ oyBQdaOG8sEg== X-Received: by 2002:a05:690c:660d:b0:793:d0b5:9bdb with SMTP id 00721157ae682-793d0b59d27mr16555817b3.36.1768598945309; Fri, 16 Jan 2026 13:29:05 -0800 (PST) Received: from localhost ([2a03:2880:25ff:4c::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c68854a2sm13013697b3.45.2026.01.16.13.29.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:04 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:43 -0800 Subject: [PATCH net-next v15 03/12] vsock: add netns support to virtio transports Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-3-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add netns support to loopback and vhost. Keep netns disabled for virtio-vsock, but add necessary changes to comply with common API updates. This is the patch in the series when vhost-vsock namespaces actually come online. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v15: - add vsock_net_mode_global() (Stefano) Changes in v14: - fixed merge conflicts in drivers/vhost/vsock.c Changes in v13: - do not store or pass the mode around now that net->vsock.mode is immutable - move virtio_transport_stream_allow() into virtio_transport.c because virtio is the only caller now Changes in v12: - change seqpacket_allow() and stream_allow() to return true for loopback and vhost (Stefano) Changes in v11: - reorder with the skb ownership patch for loopback (Stefano) - toggle vhost_transport_supports_local_mode() to true Changes in v10: - Splitting patches complicates the series with meaningless placeholder values that eventually get replaced anyway, so to avoid that this patch combines into one. Links to previous patches here: - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-3-852787a37b= ed@meta.com/ - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-6-852787a37b= ed@meta.com/ - Link: https://lore.kernel.org/all/20251111-vsock-vmtest-v9-7-852787a37b= ed@meta.com/ - remove placeholder values (Stefano) - update comment describe net/net_mode for virtio_transport_reset_no_sock() --- drivers/vhost/vsock.c | 38 ++++++++++++++++------- include/linux/virtio_vsock.h | 5 +-- net/vmw_vsock/virtio_transport.c | 13 ++++++-- net/vmw_vsock/virtio_transport_common.c | 54 +++++++++++++++++++----------= ---- net/vmw_vsock/vsock_loopback.c | 14 +++++++-- 5 files changed, 84 insertions(+), 40 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 647ded6f6ea5..488d7fa6e4ec 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -48,6 +48,8 @@ static DEFINE_READ_MOSTLY_HASHTABLE(vhost_vsock_hash, 8); struct vhost_vsock { struct vhost_dev dev; struct vhost_virtqueue vqs[2]; + struct net *net; + netns_tracker ns_tracker; =20 /* Link to global vhost_vsock_hash, writes use vhost_vsock_mutex */ struct hlist_node hash; @@ -69,7 +71,7 @@ static u32 vhost_transport_get_local_cid(void) /* Callers must be in an RCU read section or hold the vhost_vsock_mutex. * The return value can only be dereferenced while within the section. */ -static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) +static struct vhost_vsock *vhost_vsock_get(u32 guest_cid, struct net *net) { struct vhost_vsock *vsock; =20 @@ -81,9 +83,9 @@ static struct vhost_vsock *vhost_vsock_get(u32 guest_cid) if (other_cid =3D=3D 0) continue; =20 - if (other_cid =3D=3D guest_cid) + if (other_cid =3D=3D guest_cid && + vsock_net_check_mode(net, vsock->net)) return vsock; - } =20 return NULL; @@ -272,7 +274,7 @@ static void vhost_transport_send_pkt_work(struct vhost_= work *work) } =20 static int -vhost_transport_send_pkt(struct sk_buff *skb) +vhost_transport_send_pkt(struct sk_buff *skb, struct net *net) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct vhost_vsock *vsock; @@ -281,7 +283,7 @@ vhost_transport_send_pkt(struct sk_buff *skb) rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid)); + vsock =3D vhost_vsock_get(le64_to_cpu(hdr->dst_cid), net); if (!vsock) { rcu_read_unlock(); kfree_skb(skb); @@ -308,7 +310,8 @@ vhost_transport_cancel_pkt(struct vsock_sock *vsk) rcu_read_lock(); =20 /* Find the vhost_vsock according to guest context id */ - vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid); + vsock =3D vhost_vsock_get(vsk->remote_addr.svm_cid, + sock_net(sk_vsock(vsk))); if (!vsock) goto out; =20 @@ -410,6 +413,12 @@ static bool vhost_transport_msgzerocopy_allow(void) static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid); =20 +static bool +vhost_transport_stream_allow(struct vsock_sock *vsk, u32 cid, u32 port) +{ + return true; +} + static struct virtio_transport vhost_transport =3D { .transport =3D { .module =3D THIS_MODULE, @@ -434,7 +443,7 @@ static struct virtio_transport vhost_transport =3D { .stream_has_space =3D virtio_transport_stream_has_space, .stream_rcvhiwat =3D virtio_transport_stream_rcvhiwat, .stream_is_active =3D virtio_transport_stream_is_active, - .stream_allow =3D virtio_transport_stream_allow, + .stream_allow =3D vhost_transport_stream_allow, =20 .seqpacket_dequeue =3D virtio_transport_seqpacket_dequeue, .seqpacket_enqueue =3D virtio_transport_seqpacket_enqueue, @@ -467,11 +476,12 @@ static struct virtio_transport vhost_transport =3D { static bool vhost_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid) { + struct net *net =3D sock_net(sk_vsock(vsk)); struct vhost_vsock *vsock; bool seqpacket_allow =3D false; =20 rcu_read_lock(); - vsock =3D vhost_vsock_get(remote_cid); + vsock =3D vhost_vsock_get(remote_cid, net); =20 if (vsock) seqpacket_allow =3D vsock->seqpacket_allow; @@ -542,7 +552,8 @@ static void vhost_vsock_handle_tx_kick(struct vhost_wor= k *work) if (le64_to_cpu(hdr->src_cid) =3D=3D vsock->guest_cid && le64_to_cpu(hdr->dst_cid) =3D=3D vhost_transport_get_local_cid()) - virtio_transport_recv_pkt(&vhost_transport, skb); + virtio_transport_recv_pkt(&vhost_transport, skb, + vsock->net); else kfree_skb(skb); =20 @@ -659,6 +670,7 @@ static int vhost_vsock_dev_open(struct inode *inode, st= ruct file *file) { struct vhost_virtqueue **vqs; struct vhost_vsock *vsock; + struct net *net; int ret; =20 /* This struct is large and allocation could fail, fall back to vmalloc @@ -674,6 +686,9 @@ static int vhost_vsock_dev_open(struct inode *inode, st= ruct file *file) goto out; } =20 + net =3D current->nsproxy->net_ns; + vsock->net =3D get_net_track(net, &vsock->ns_tracker, GFP_KERNEL); + vsock->guest_cid =3D 0; /* no CID assigned yet */ vsock->seqpacket_allow =3D false; =20 @@ -715,7 +730,7 @@ static void vhost_vsock_reset_orphans(struct sock *sk) rcu_read_lock(); =20 /* If the peer is still valid, no need to reset connection */ - if (vhost_vsock_get(vsk->remote_addr.svm_cid)) { + if (vhost_vsock_get(vsk->remote_addr.svm_cid, sock_net(sk))) { rcu_read_unlock(); return; } @@ -764,6 +779,7 @@ static int vhost_vsock_dev_release(struct inode *inode,= struct file *file) virtio_vsock_skb_queue_purge(&vsock->send_pkt_queue); =20 vhost_dev_cleanup(&vsock->dev); + put_net_track(vsock->net, &vsock->ns_tracker); kfree(vsock->dev.vqs); vhost_vsock_free(vsock); return 0; @@ -790,7 +806,7 @@ static int vhost_vsock_set_cid(struct vhost_vsock *vsoc= k, u64 guest_cid) =20 /* Refuse if CID is already in use */ mutex_lock(&vhost_vsock_mutex); - other =3D vhost_vsock_get(guest_cid); + other =3D vhost_vsock_get(guest_cid, vsock->net); if (other && other !=3D vsock) { mutex_unlock(&vhost_vsock_mutex); return -EADDRINUSE; diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h index 1845e8d4f78d..f91704731057 100644 --- a/include/linux/virtio_vsock.h +++ b/include/linux/virtio_vsock.h @@ -173,6 +173,7 @@ struct virtio_vsock_pkt_info { u32 remote_cid, remote_port; struct vsock_sock *vsk; struct msghdr *msg; + struct net *net; u32 pkt_len; u16 type; u16 op; @@ -185,7 +186,7 @@ struct virtio_transport { struct vsock_transport transport; =20 /* Takes ownership of the packet */ - int (*send_pkt)(struct sk_buff *skb); + int (*send_pkt)(struct sk_buff *skb, struct net *net); =20 /* Used in MSG_ZEROCOPY mode. Checks, that provided data * (number of buffers) could be transmitted with zerocopy @@ -280,7 +281,7 @@ virtio_transport_dgram_enqueue(struct vsock_sock *vsk, void virtio_transport_destruct(struct vsock_sock *vsk); =20 void virtio_transport_recv_pkt(struct virtio_transport *t, - struct sk_buff *skb); + struct sk_buff *skb, struct net *net); void virtio_transport_inc_tx_pkt(struct virtio_vsock_sock *vvs, struct sk_= buff *skb); u32 virtio_transport_get_credit(struct virtio_vsock_sock *vvs, u32 wanted); void virtio_transport_put_credit(struct virtio_vsock_sock *vvs, u32 credit= ); diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transp= ort.c index f0a9e51118f3..3f7ea2db9bd7 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -231,7 +231,7 @@ static int virtio_transport_send_skb_fast_path(struct v= irtio_vsock *vsock, struc } =20 static int -virtio_transport_send_pkt(struct sk_buff *skb) +virtio_transport_send_pkt(struct sk_buff *skb, struct net *net) { struct virtio_vsock_hdr *hdr; struct virtio_vsock *vsock; @@ -536,6 +536,11 @@ static bool virtio_transport_msgzerocopy_allow(void) return true; } =20 +bool virtio_transport_stream_allow(struct vsock_sock *vsk, u32 cid, u32 po= rt) +{ + return vsock_net_mode_global(vsk); +} + static bool virtio_transport_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid); =20 @@ -665,7 +670,11 @@ static void virtio_transport_rx_work(struct work_struc= t *work) virtio_vsock_skb_put(skb, payload_len); =20 virtio_transport_deliver_tap_pkt(skb); - virtio_transport_recv_pkt(&virtio_transport, skb); + + /* Force virtio-transport into global mode since it + * does not yet support local-mode namespacing. + */ + virtio_transport_recv_pkt(&virtio_transport, skb, NULL); } } while (!virtqueue_enable_cb(vq)); =20 diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio= _transport_common.c index 718be9f33274..c126aa235091 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -413,7 +413,7 @@ static int virtio_transport_send_pkt_info(struct vsock_= sock *vsk, =20 virtio_transport_inc_tx_pkt(vvs, skb); =20 - ret =3D t_ops->send_pkt(skb); + ret =3D t_ops->send_pkt(skb, info->net); if (ret < 0) break; =20 @@ -527,6 +527,7 @@ static int virtio_transport_send_credit_update(struct v= sock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_CREDIT_UPDATE, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1043,12 +1044,6 @@ bool virtio_transport_stream_is_active(struct vsock_= sock *vsk) } EXPORT_SYMBOL_GPL(virtio_transport_stream_is_active); =20 -bool virtio_transport_stream_allow(struct vsock_sock *vsk, u32 cid, u32 po= rt) -{ - return vsock_net_mode(sock_net(sk_vsock(vsk))) =3D=3D VSOCK_NET_MODE_GLOB= AL; -} -EXPORT_SYMBOL_GPL(virtio_transport_stream_allow); - int virtio_transport_dgram_bind(struct vsock_sock *vsk, struct sockaddr_vm *addr) { @@ -1067,6 +1062,7 @@ int virtio_transport_connect(struct vsock_sock *vsk) struct virtio_vsock_pkt_info info =3D { .op =3D VIRTIO_VSOCK_OP_REQUEST, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1082,6 +1078,7 @@ int virtio_transport_shutdown(struct vsock_sock *vsk,= int mode) (mode & SEND_SHUTDOWN ? VIRTIO_VSOCK_SHUTDOWN_SEND : 0), .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1108,6 +1105,7 @@ virtio_transport_stream_enqueue(struct vsock_sock *vs= k, .msg =3D msg, .pkt_len =3D len, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1145,6 +1143,7 @@ static int virtio_transport_reset(struct vsock_sock *= vsk, .op =3D VIRTIO_VSOCK_OP_RST, .reply =3D !!skb, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 /* Send RST only if the original pkt is not a RST pkt */ @@ -1156,9 +1155,13 @@ static int virtio_transport_reset(struct vsock_sock = *vsk, =20 /* Normally packets are associated with a socket. There may be no socket = if an * attempt was made to connect to a socket that does not exist. + * + * net refers to the namespace of whoever sent the invalid message. For + * loopback, this is the namespace of the socket. For vhost, this is the + * namespace of the VM (i.e., vhost_vsock). */ static int virtio_transport_reset_no_sock(const struct virtio_transport *t, - struct sk_buff *skb) + struct sk_buff *skb, struct net *net) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct virtio_vsock_pkt_info info =3D { @@ -1171,6 +1174,12 @@ static int virtio_transport_reset_no_sock(const stru= ct virtio_transport *t, * sock_net(sk) until the reply skb is freed. */ .vsk =3D vsock_sk(skb->sk), + + /* net is not defined here because we pass it directly to + * t->send_pkt(), instead of relying on + * virtio_transport_send_pkt_info() to pass it. It is not needed + * by virtio_transport_alloc_skb(). + */ }; struct sk_buff *reply; =20 @@ -1189,7 +1198,7 @@ static int virtio_transport_reset_no_sock(const struc= t virtio_transport *t, if (!reply) return -ENOMEM; =20 - return t->send_pkt(reply); + return t->send_pkt(reply, net); } =20 /* This function should be called with sk_lock held and SOCK_DONE set */ @@ -1471,6 +1480,7 @@ virtio_transport_send_response(struct vsock_sock *vsk, .remote_port =3D le32_to_cpu(hdr->src_port), .reply =3D true, .vsk =3D vsk, + .net =3D sock_net(sk_vsock(vsk)), }; =20 return virtio_transport_send_pkt_info(vsk, &info); @@ -1513,12 +1523,12 @@ virtio_transport_recv_listen(struct sock *sk, struc= t sk_buff *skb, int ret; =20 if (le16_to_cpu(hdr->op) !=3D VIRTIO_VSOCK_OP_REQUEST) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk)); return -EINVAL; } =20 if (sk_acceptq_is_full(sk)) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk)); return -ENOMEM; } =20 @@ -1526,13 +1536,13 @@ virtio_transport_recv_listen(struct sock *sk, struc= t sk_buff *skb, * Subsequent enqueues would lead to a memory leak. */ if (sk->sk_shutdown =3D=3D SHUTDOWN_MASK) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk)); return -ESHUTDOWN; } =20 child =3D vsock_create_connected(sk); if (!child) { - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk)); return -ENOMEM; } =20 @@ -1554,7 +1564,7 @@ virtio_transport_recv_listen(struct sock *sk, struct = sk_buff *skb, */ if (ret || vchild->transport !=3D &t->transport) { release_sock(child); - virtio_transport_reset_no_sock(t, skb); + virtio_transport_reset_no_sock(t, skb, sock_net(sk)); sock_put(child); return ret; } @@ -1582,7 +1592,7 @@ static bool virtio_transport_valid_type(u16 type) * lock. */ void virtio_transport_recv_pkt(struct virtio_transport *t, - struct sk_buff *skb) + struct sk_buff *skb, struct net *net) { struct virtio_vsock_hdr *hdr =3D virtio_vsock_hdr(skb); struct sockaddr_vm src, dst; @@ -1605,24 +1615,24 @@ void virtio_transport_recv_pkt(struct virtio_transp= ort *t, le32_to_cpu(hdr->fwd_cnt)); =20 if (!virtio_transport_valid_type(le16_to_cpu(hdr->type))) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net); goto free_pkt; } =20 /* The socket must be in connected or bound table * otherwise send reset back */ - sk =3D vsock_find_connected_socket(&src, &dst); + sk =3D vsock_find_connected_socket_net(&src, &dst, net); if (!sk) { - sk =3D vsock_find_bound_socket(&dst); + sk =3D vsock_find_bound_socket_net(&dst, net); if (!sk) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net); goto free_pkt; } } =20 if (virtio_transport_get_type(sk) !=3D le16_to_cpu(hdr->type)) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net); sock_put(sk); goto free_pkt; } @@ -1641,7 +1651,7 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, */ if (sock_flag(sk, SOCK_DONE) || (sk->sk_state !=3D TCP_LISTEN && vsk->transport !=3D &t->transport)) { - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net); release_sock(sk); sock_put(sk); goto free_pkt; @@ -1673,7 +1683,7 @@ void virtio_transport_recv_pkt(struct virtio_transpor= t *t, kfree_skb(skb); break; default: - (void)virtio_transport_reset_no_sock(t, skb); + (void)virtio_transport_reset_no_sock(t, skb, net); kfree_skb(skb); break; } diff --git a/net/vmw_vsock/vsock_loopback.c b/net/vmw_vsock/vsock_loopback.c index deff68c64a09..8068d1b6e851 100644 --- a/net/vmw_vsock/vsock_loopback.c +++ b/net/vmw_vsock/vsock_loopback.c @@ -26,7 +26,7 @@ static u32 vsock_loopback_get_local_cid(void) return VMADDR_CID_LOCAL; } =20 -static int vsock_loopback_send_pkt(struct sk_buff *skb) +static int vsock_loopback_send_pkt(struct sk_buff *skb, struct net *net) { struct vsock_loopback *vsock =3D &the_vsock_loopback; int len =3D skb->len; @@ -48,6 +48,13 @@ static int vsock_loopback_cancel_pkt(struct vsock_sock *= vsk) =20 static bool vsock_loopback_seqpacket_allow(struct vsock_sock *vsk, u32 remote_cid); + +static bool vsock_loopback_stream_allow(struct vsock_sock *vsk, u32 cid, + u32 port) +{ + return true; +} + static bool vsock_loopback_msgzerocopy_allow(void) { return true; @@ -77,7 +84,7 @@ static struct virtio_transport loopback_transport =3D { .stream_has_space =3D virtio_transport_stream_has_space, .stream_rcvhiwat =3D virtio_transport_stream_rcvhiwat, .stream_is_active =3D virtio_transport_stream_is_active, - .stream_allow =3D virtio_transport_stream_allow, + .stream_allow =3D vsock_loopback_stream_allow, =20 .seqpacket_dequeue =3D virtio_transport_seqpacket_dequeue, .seqpacket_enqueue =3D virtio_transport_seqpacket_enqueue, @@ -132,7 +139,8 @@ static void vsock_loopback_work(struct work_struct *wor= k) */ virtio_transport_consume_skb_sent(skb, false); virtio_transport_deliver_tap_pkt(skb); - virtio_transport_recv_pkt(&loopback_transport, skb); + virtio_transport_recv_pkt(&loopback_transport, skb, + sock_net(skb->sk)); } } =20 --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE8DF30C630 for ; Fri, 16 Jan 2026 21:29:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598950; cv=none; b=pQxiYgktJSgs8LfeqyCK1lnXjPlUffauF93jmgfFyYaM+nq6t72cHl0arAOnDHXif6jgK5E1/HyBljdxarT5vu1DRXwcKhrb0pEjZGdRGIXuBp2BWVizZfUNiH6Wx7KpMytxczV4ZlwzI0degX3q2oGYdhJ5j66D/P1WCSQ8zZM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598950; c=relaxed/simple; bh=QFGTndIZnCvd5tocHyARHg0OdzlZifxdeujSy28wwJs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RVf9fXKurW3yH/CABvsQHdgDt/8mDaqnqaPw1tDMdknYXFy7P3mGAtYiKiEMTry+mZuu8mHOMRSe3wy58PY7pGrLMbgbWc6/TtzVyrl3iHNXATfwuzWHjeOu4kENOpzy+iaz7UcUV6ipNpWpyycJmgKUaIlTxzbPoV36BXU39FI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=N6ZuMxt9; arc=none smtp.client-ip=209.85.128.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="N6ZuMxt9" Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-78fb5764382so26919617b3.0 for ; Fri, 16 Jan 2026 13:29:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598946; x=1769203746; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=mqm0dBa6mjJHml1X9kPKSm15M0oyticD3F9JJwXOMvg=; b=N6ZuMxt97tRHsctEEofq6oCk4HrU+Bc4QwXdsJmotoTXAOmHwj31WOS8aazpc/8MmR ie6rVcjI4jO5c2YBazRZC6Jysgi1HYSF+nKRUQ+ANXgmo3xmlJgIsIx3xI7ssB9UTNGG An9nQhkeL9c7ftpUxYfA7cyz4PG8msfg75fyWelol/Iir3k/WYNZHKz2VWbyBrUPlOWI G0EBl9XgKRIDxsTIMA83B6PcMvJNvpKBlIWZJ32KYNtmZRkSb4XpB/3gBj4WP2QpxMh8 R2z9Qgi3gU+Ns+2ZE2+9DxM6wvJfOtdSjDLIGM55lfKLwxqlN97GHOSRt+QSzNSNYxDK C+Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598946; x=1769203746; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mqm0dBa6mjJHml1X9kPKSm15M0oyticD3F9JJwXOMvg=; b=tdAn9QklICYvH8Cisd9C4z6lD39Zm/nlp7O04NLMSVD+omKQvrSCEy4NsHL+FYn8Hv u3bcN6TxupYFW5YfEnM6C8XvuGXKxwDcilsvQ1JhN9uoh+wp/7SSfYVJWI4v5W8EOepc hcMQ8RnYhDjhI2WrKhB2oiLHND+cx8YHGEIwjTssSBSa8JBuUZxrfuZ/eFDrj27KR/QS vIjFoJI13jQPQrDm1W+KnNARWmTmHe7+95lFm4scM2jiTXDVFSXaOzkkP83r0EsgZmlL 7GH/0dqRUUz5IOfX4gIRv5TgiQWuLqGgUvLuSZmYxVza+Xa2Lf6jO/p2Eb4keo3sjJRh 5www== X-Gm-Message-State: AOJu0YxWHVx27RCGNJknXgyOh1kOidbmkP1b1qUaXZZIvNKScBePDt77 1wHgJOTSZwx3rBEE1WLX+Pp27a1xTIYGnUoRlakO7i10VUs9xiTgZEQH X-Gm-Gg: AY/fxX5RO4CjN4lPZj+h0RV0YJs7FGiAUeBK8V7pjST31mARckkaagwcSTWV7kCiZl3 +Oyzqzz4b0sxnWOG7uZZS0c3vDdtzcOayBp/+XTyIcXPtGpoBIbrV5VGKkM2xJDc27klfsQ3sSN QqdUhsJqM3UHLww1/cCv3pbxJYlaXBQgup6HStmrh/EuoUeHjInOvO7TAzoiHGuJCBp7UGYWWwL GBJNeqdVRDn+Qq6UXiVWEzHL7KVqw5q2jQZSUABpiIgOHmy/VWfOp5YJGSZZHWPkrmCG5jfXkxz xWS/Ovx0y9dWeYsHGIuTKCDdxl3PF36drfZierZLpFFc1Ranjkw5ymwBd4UCoZBUuyMcMSCo3dE Xqekq/40T4r9cVEmO4BmYnnwzsiyO5MG88YlUbhrpDSSVb/ppU5gjNyoActYhuMpbZc+676HVlM AoyTokiubI X-Received: by 2002:a05:690c:e3ea:b0:793:ad61:b5d3 with SMTP id 00721157ae682-793c52e44e4mr31233967b3.31.1768598946238; Fri, 16 Jan 2026 13:29:06 -0800 (PST) Received: from localhost ([2a03:2880:25ff:a::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c6882ea7sm13097717b3.44.2026.01.16.13.29.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:05 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:44 -0800 Subject: [PATCH net-next v15 04/12] selftests/vsock: increase timeout to 1200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-4-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Increase the timeout from 300s to 1200s. On a modern bare metal server my last run showed the new set of tests taking ~400s. Multiply by an (arbitrary) factor of three to account for slower/nested runners. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/settings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/vsock/settings b/tools/testing/selftes= ts/vsock/settings index 694d70710ff0..79b65bdf05db 100644 --- a/tools/testing/selftests/vsock/settings +++ b/tools/testing/selftests/vsock/settings @@ -1 +1 @@ -timeout=3D300 +timeout=3D1200 --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8EDF330E852 for ; Fri, 16 Jan 2026 21:29:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598951; cv=none; b=dcOW2Tsz7x7cBPlXhlZJDib6Sxxpnw/k049qK/jG9Ro/LKUzlNzmaQgqbc0n1ACViShJVYMbuSBKCOEu6HhAdUTHpPgj70RJvSBvhUqh7V2BFsPrAowIFHHNM6wrZ91Qj9bdqRtBJZWbOtB0eqoI/5ypt9rxeu9YUqzGU9RWr/M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598951; c=relaxed/simple; bh=FRcd1avd4PB9PmO5dQgmUicVEjm2xp4QOwjVLS7lcRo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=cftSK3NVAyFdBJb2MoSXm6kzd8Cqcadm8eR5GeGQPjSxc6c19IjnyRYxbxTBkOH/lJz/fyNM3mvQJc5FLMfhAhURlMrYko1zqNVvwk3/7H11+2GMMwvAV8j6upQg745ZAxpj5WWCHog+gNM2F0h1/SeqvxgFJ6aaxI0QgPhYcsM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Osn+NoiR; arc=none smtp.client-ip=209.85.128.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Osn+NoiR" Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-79028cb7f92so20362507b3.2 for ; Fri, 16 Jan 2026 13:29:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598947; x=1769203747; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=I07oD5ozWqHJLvu76IbvCT33HoDsgDmgjc920I58eyc=; b=Osn+NoiRUJBgwuOv7pxlurjOBPbLXJUuE+lcy93gFLwXujgUYLZWhSR829JhVurRYi 65SnBwiPcePiJ6/Q1GeCz3WyhdqZid6C0LpwAaBVs8cvBPIBPRVWCL06lr4JJrYdhlaN +Bmi196Hn1wxBgayhyEe/RFnhlfaks0dd3uq8cDCiHRQUlVGWaTb6HdvJ6JUU8BYyBlP aWotOM535PYs9+rDG3Ug/Y6Nf/RIXdWfZeHaSKJ4Iki9UF6PM/TWLfHGSLi3/GJEXQTi g5u9/eN1topAcLapSF1R0sEA26rFoFKgEyx2G9ThwN351Nuag8oZ75WAD28NBlAFqS0K e9mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598947; x=1769203747; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=I07oD5ozWqHJLvu76IbvCT33HoDsgDmgjc920I58eyc=; b=T/rYHY40ZkbQJ+SRxv5RvKZGrVaib6rwe7nGyqu7alV/m+YSca3IFydHiNuOjGB8gv ime3wj8IGK+D3GiXgG13NAa3XAcazD4c1LTveedkrzTvea3nIaGd/XFBjefAv+NpMs0N j2Va2NV9nk3wWbwRHpZ5VuATytuK1Ap0nsFLSWB3QC+tX8R1kFpgKuX2tx+lPw+nj4ED /L86wMF/89QYQoUg8pYpTbIUVjy05JJ5Jr+m0YejiT6P1JIf+grajGJQbpCtzFoEPUPP C1DSlgJR+aGCGpbbCWKFcCaE2y6NcaddO5kGnlDJtg4lOm/W+vpRZJfyF7aza7iAf8nq x0Dw== X-Gm-Message-State: AOJu0Ywvcsv626vjIcZqTBghHKDXOSYeyQfPbmFi/jmDKkEv1V3nbR8i /SnUQAjuHRq1+wZTESTkorU+pp44SKT9ID0b4fWe1st57IVx5bMJEb4b X-Gm-Gg: AY/fxX4Qj3s+eZozuedMZiXqv/fAnBrPBh/YsuvGrpaJ81aHo4RkvW8lz5AZiho1c8X p3gPn+DeW/Ko6HuI8Zl9zgl08+TC+zuMINvbZHqWWgINllH1RkLDZ+fmhWZfjLd2caon0htYIQE YS4V5smgGJ5DgwsFzSyGxcpPp01oLRNe/ru+I/EJhkVHk9coH30KqfgxGV1sIGscY0wkLGqzMyu XzUBUzSjeUPrNUbvnH5XbaGk6hn1CAyl32Qvekanwxz2Axo6slnB6DyrjWccYo46l2FuFDFJrmy i46QHFlVoZ8KOu3ZCTeUY4ksSfkEPnyKhiXefnsqkrfar7WJjOO7KCIs8yg7jV75x94Vhhrcr0w ABq/64NL4Ij4xNZLn8NCn7Nphh/9mmQGTeKfG8qNTKXcHVsIJQxaKEZ6L4skfsvqmfcLtNvIZZc QskRL46LSR7g== X-Received: by 2002:a05:690c:b15:b0:792:6c16:110c with SMTP id 00721157ae682-793c6878c95mr28874267b3.61.1768598947252; Fri, 16 Jan 2026 13:29:07 -0800 (PST) Received: from localhost ([2a03:2880:25ff:53::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c66f3284sm13566387b3.17.2026.01.16.13.29.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:06 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:45 -0800 Subject: [PATCH net-next v15 05/12] selftests/vsock: add namespace helpers to vmtest.sh Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-5-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add functions for initializing namespaces with the different vsock NS modes. Callers can use add_namespaces() and del_namespaces() to create namespaces global0, global1, local0, and local1. The add_namespaces() function initializes global0, local0, etc... with their respective vsock NS mode by toggling child_ns_mode before creating the namespace. Remove namespaces upon exiting the program in cleanup(). This is unlikely to be needed for a healthy run, but it is useful for tests that are manually killed mid-test. This patch is in preparation for later namespace tests. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v13: - intialize namespaces to use the child_ns_mode mechanism - remove setting modes from init_namespaces() function (this function only sets up the lo device now) - remove ns_set_mode(ns) because ns_mode is no longer mutable --- tools/testing/selftests/vsock/vmtest.sh | 32 +++++++++++++++++++++++++++++= +++ 1 file changed, 32 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index c7b270dd77a9..c2bdc293b94c 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -49,6 +49,7 @@ readonly TEST_DESCS=3D( ) =20 readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly NS_MODES=3D("local" "global") =20 VERBOSE=3D0 =20 @@ -103,6 +104,36 @@ check_result() { fi } =20 +add_namespaces() { + local orig_mode + orig_mode=3D$(cat /proc/sys/net/vsock/child_ns_mode) + + for mode in "${NS_MODES[@]}"; do + echo "${mode}" > /proc/sys/net/vsock/child_ns_mode + ip netns add "${mode}0" 2>/dev/null + ip netns add "${mode}1" 2>/dev/null + done + + echo "${orig_mode}" > /proc/sys/net/vsock/child_ns_mode +} + +init_namespaces() { + for mode in "${NS_MODES[@]}"; do + # we need lo for qemu port forwarding + ip netns exec "${mode}0" ip link set dev lo up + ip netns exec "${mode}1" ip link set dev lo up + done +} + +del_namespaces() { + for mode in "${NS_MODES[@]}"; do + ip netns del "${mode}0" &>/dev/null + ip netns del "${mode}1" &>/dev/null + log_host "removed ns ${mode}0" + log_host "removed ns ${mode}1" + done +} + vm_ssh() { ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" return $? @@ -110,6 +141,7 @@ vm_ssh() { =20 cleanup() { terminate_pidfiles "${!PIDFILES[@]}" + del_namespaces } =20 check_args() { --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9AC6730FC04 for ; Fri, 16 Jan 2026 21:29:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598952; cv=none; b=YHigWrOkQ+LyDgSYpV9368d480EDMdCGh4la2grA/XhpmnonLloALhPa/WO0djllx5hEINFRIL0Y6DnpQd8JInP7ZNXp9apywDF3K9T008THiosmLUMX2cgj5qp3aqjDP91D1LRQviQV/d9baz3pwCKsXPRX6Xf6fBet/2UeBhg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598952; c=relaxed/simple; bh=1Q26HXpW7TYNGutKg90p+BWQKQP/kUEHf57kmmFmrxY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=PBi+Drp1lvY+Jd9dMarAEHnNEoBDWAZgv7NMubHTrsZrBZebme3TYGDvaShJcxKFwWamWMBe5IRqVbk3f16kTKvXGKEbGUZ1SRglBUEdclO/uMhMa3k1Ryb7YqjLMEduHizXgOlz4mXf6+zm5uGrbPHVtuDW31s8z2Nra9Bt8uo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MQOcpz5M; arc=none smtp.client-ip=209.85.128.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MQOcpz5M" Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-790992528f6so23320517b3.1 for ; Fri, 16 Jan 2026 13:29:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598948; x=1769203748; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=lG0BScxKvY/q9QPoykPF18FCgS+okYK88nxhg8/Kgqs=; b=MQOcpz5M11mInoEuv2G8jKvKY/BIrnZsbNIaMX3kSehgaMGIfTdqniY3c4ZbXzlgiR IDcnikL2v372frJZk6mLcCD/cxIDdeZbk3QA3ZCZSfzwryiF0XZ1o6SJdbI9syS17zw8 3HLK7BrxKzxPI1wHLP2h51Qq+ItVkQZA18yzzM8oeJ3/Lp56WHU0uGtjiVtn5Vz0jgOC 7PE7rBfTm4GGdXOxTrHhc8aiGzciiWAjsc2psy/rH2LF5MQSordjEpOupZJtnMWWCNT/ Q+RfhylTg6QQMkfO7aTYHLmwVc0EgkSBdPRmNqSfRW0Ldbi9UmgOT+SH3RZjUjCUBxLD aLBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598948; x=1769203748; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=lG0BScxKvY/q9QPoykPF18FCgS+okYK88nxhg8/Kgqs=; b=GMAIdy3HBrKoPQM+L5LiT3jnEs8YBLRnXhUuSPz6BndfVGKV1sDyD4ivvDtiuNbcKv hYi8LyUmQAVL0XpA7+8hgRz3S53QFDPf8vpuFB9/rFzdQLL12zB06oomYDynYGmI3wE2 YJ2H5Rycn4lm6XT+UOUho5mQPevTujAQQI4jBQRuxERwilFTULoMxCcn/3VQbm2iwxO2 AVeOY5K85pVJyUCcl552h0cNo1FV7lB3+4lr2ovZMjhGrqhU/m8UFJJ0mpikbIPQKWy6 cV1ZhwN2znHbf2ey0nqDyE868F/BkPl+C2H995zybAPHQro+sghihhHHRD3P89oylh8a rUpA== X-Gm-Message-State: AOJu0YwreD9gqVQpGc7t/dAvnV80mf9/8sTEV56B5tJSqJc7LiPGImNv Y2DXbF2eCOoKLObTnSGWKEVRS/Xj/97ZZlgkrQTGFs93KsL7kSXMQd9F X-Gm-Gg: AY/fxX5HSnxTdf0WybZl9+VqZLVmum4HyIkbtIZk+I7MOGWUtWahzHOW3OaqIbpMuNe L+uhUAhp63EESLmesDkylOEP7sYHJcle7CoWBOQ1Eil5HQV9SRen3sL1ijOGj21LRuB4A7sS9F3 839h1WuqrXerhsy/YAhSgWbVBozSZwHfihaGjuMuYmETvY11jAXPXnRA8jqCYiCOuG+TlxxshSh wJSqcXoa9fsb6V/R6QKdZkS+Cgofr+dZYXnLh++bLdtsj51b44ZFMFTaEy4qDsox6CA/QNA5TpK HLY5pb3zT7m1ciQLowGMmiNpsWNeXybOjLrtwxt1913TxkRDKNECxMOygH12CQCScYMXDuDmKu1 BSXfGl1+DfLXKjvdHJ9TS4pdi7hX89oaK8Nb8RUrYJJ06Htwuogry5hbUNM57Sfk0nSanAx4Gd6 Msx9MGbDFwKw== X-Received: by 2002:a05:690c:6185:b0:786:5ebb:483f with SMTP id 00721157ae682-793c54062b6mr33737067b3.65.1768598948005; Fri, 16 Jan 2026 13:29:08 -0800 (PST) Received: from localhost ([2a03:2880:25ff:56::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c686db17sm13146287b3.38.2026.01.16.13.29.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:07 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:46 -0800 Subject: [PATCH net-next v15 06/12] selftests/vsock: prepare vm management helpers for namespaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-6-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add namespace support to vm management, ssh helpers, and vsock_test wrapper functions. This enables running VMs and test helpers in specific namespaces, which is required for upcoming namespace isolation tests. The functions still work correctly within the init ns, though the caller must now pass "init_ns" explicitly. No functional changes for existing tests. All have been updated to pass "init_ns" explicitly. Affected functions (such as vm_start() and vm_ssh()) now wrap their commands with 'ip netns exec' when executing commands in non-init namespaces. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/vmtest.sh | 93 +++++++++++++++++++++++------= ---- 1 file changed, 65 insertions(+), 28 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index c2bdc293b94c..1d03acb62347 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -135,7 +135,18 @@ del_namespaces() { } =20 vm_ssh() { - ssh -q -o UserKnownHostsFile=3D/dev/null -p ${SSH_HOST_PORT} localhost "$= @" + local ns_exec + + if [[ "${1}" =3D=3D init_ns ]]; then + ns_exec=3D"" + else + ns_exec=3D"ip netns exec ${1}" + fi + + shift + + ${ns_exec} ssh -q -o UserKnownHostsFile=3D/dev/null -p "${SSH_HOST_PORT}"= localhost "$@" + return $? } =20 @@ -258,10 +269,12 @@ terminate_pidfiles() { =20 vm_start() { local pidfile=3D$1 + local ns=3D$2 local logfile=3D/dev/null local verbose_opt=3D"" local kernel_opt=3D"" local qemu_opts=3D"" + local ns_exec=3D"" local qemu =20 qemu=3D$(command -v "${QEMU}") @@ -282,7 +295,11 @@ vm_start() { kernel_opt=3D"${KERNEL_CHECKOUT}" fi =20 - vng \ + if [[ "${ns}" !=3D "init_ns" ]]; then + ns_exec=3D"ip netns exec ${ns}" + fi + + ${ns_exec} vng \ --run \ ${kernel_opt} \ ${verbose_opt} \ @@ -297,6 +314,7 @@ vm_start() { } =20 vm_wait_for_ssh() { + local ns=3D$1 local i =20 i=3D0 @@ -304,7 +322,8 @@ vm_wait_for_ssh() { if [[ ${i} -gt ${WAIT_PERIOD_MAX} ]]; then die "Timed out waiting for guest ssh" fi - if vm_ssh -- true; then + + if vm_ssh "${ns}" -- true; then break fi i=3D$(( i + 1 )) @@ -338,30 +357,41 @@ wait_for_listener() } =20 vm_wait_for_listener() { - local port=3D$1 + local ns=3D$1 + local port=3D$2 =20 - vm_ssh <&1 | log_guest rc=3D$? else - vm_ssh -- "${VSOCK_TEST}" \ + vm_ssh "${ns}" -- "${VSOCK_TEST}" \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ --control-port=3D"${port}" \ @@ -381,7 +411,7 @@ vm_vsock_test() { return $rc fi =20 - vm_wait_for_listener "${port}" + vm_wait_for_listener "${ns}" "${port}" rc=3D$? fi set +o pipefail @@ -390,22 +420,28 @@ vm_vsock_test() { } =20 host_vsock_test() { - local host=3D$1 - local cid=3D$2 - local port=3D$3 + local ns=3D$1 + local host=3D$2 + local cid=3D$3 + local port=3D$4 local rc =20 + local cmd=3D"${VSOCK_TEST}" + if [[ "${ns}" !=3D "init_ns" ]]; then + cmd=3D"ip netns exec ${ns} ${cmd}" + fi + # log output and use pipefail to respect vsock_test errors set -o pipefail if [[ "${host}" !=3D server ]]; then - ${VSOCK_TEST} \ + ${cmd} \ --mode=3Dclient \ --peer-cid=3D"${cid}" \ --control-host=3D"${host}" \ --control-port=3D"${port}" 2>&1 | log_host rc=3D$? else - ${VSOCK_TEST} \ + ${cmd} \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ --control-port=3D"${port}" 2>&1 | log_host & @@ -416,7 +452,7 @@ host_vsock_test() { return $rc fi =20 - host_wait_for_listener "${port}" + host_wait_for_listener "${ns}" "${port}" rc=3D$? fi set +o pipefail @@ -460,11 +496,11 @@ log_guest() { } =20 test_vm_server_host_client() { - if ! vm_vsock_test "server" 2 "${TEST_GUEST_PORT}"; then + if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" fi =20 - if ! host_vsock_test "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}"; then + if ! host_vsock_test "init_ns" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PO= RT}"; then return "${KSFT_FAIL}" fi =20 @@ -472,11 +508,11 @@ test_vm_server_host_client() { } =20 test_vm_client_host_server() { - if ! host_vsock_test "server" "${VSOCK_CID}" "${TEST_HOST_PORT_LISTENER}"= ; then + if ! host_vsock_test "init_ns" "server" "${VSOCK_CID}" "${TEST_HOST_PORT_= LISTENER}"; then return "${KSFT_FAIL}" fi =20 - if ! vm_vsock_test "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}"; then + if ! vm_vsock_test "init_ns" "10.0.2.2" 2 "${TEST_HOST_PORT_LISTENER}"; t= hen return "${KSFT_FAIL}" fi =20 @@ -486,13 +522,14 @@ test_vm_client_host_server() { test_vm_loopback() { local port=3D60000 # non-forwarded local port =20 - vm_ssh -- modprobe vsock_loopback &> /dev/null || : + vm_ssh "init_ns" -- modprobe vsock_loopback &> /dev/null || : =20 - if ! vm_vsock_test "server" 1 "${port}"; then + if ! vm_vsock_test "init_ns" "server" 1 "${port}"; then return "${KSFT_FAIL}" fi =20 - if ! vm_vsock_test "127.0.0.1" 1 "${port}"; then + + if ! vm_vsock_test "init_ns" "127.0.0.1" 1 "${port}"; then return "${KSFT_FAIL}" fi =20 @@ -621,8 +658,8 @@ cnt_total=3D0 if shared_vm_tests_requested "${ARGS[@]}"; then log_host "Booting up VM" pidfile=3D"$(create_pidfile)" - vm_start "${pidfile}" - vm_wait_for_ssh + vm_start "${pidfile}" "init_ns" + vm_wait_for_ssh "init_ns" log_host "VM booted up" =20 run_shared_vm_tests "${ARGS[@]}" --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yx1-f41.google.com (mail-yx1-f41.google.com [74.125.224.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E6FC63090CD for ; Fri, 16 Jan 2026 21:29:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598953; cv=none; b=U5FYglV8NkTb4/teaNo3SS4bO9ndE/iO/J8nRFzCC4JDbPA0c9nd7kbxZGUlWeK9sofVVRzl2ILH5RJj4vaHOpbczr9sDOchjOQs5rKWt4s/A+9l6Yy5GEtZbz9F/VNkvB8LVW1DdEREPRGNdiqtTxZK7hTSmaU2NuH4S/TVHpc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598953; c=relaxed/simple; bh=uCgr9JbNpxUqM9gbGsf2Jmk4aJqJ6fTLHuKaFTvudAQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Q08kUSyMgNQ3TrRujkEGc2AiUs6UUvoFTk901UcB9e3AA7FjVNXqFOoF+cZTGqCt9fNMtuVWXC2gMJpb+T35f/0UaKa7mvMu4q9jHLTXMymzJsfr48OyBMPPZ3m5Zrse/g9FNazgqdDAOzuLW3u9ayRtfwVf+U4x3wONtGCWMgI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=QTngvH+a; arc=none smtp.client-ip=74.125.224.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QTngvH+a" Received: by mail-yx1-f41.google.com with SMTP id 956f58d0204a3-6455a60c12bso2218335d50.3 for ; Fri, 16 Jan 2026 13:29:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598949; x=1769203749; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=9UqzpQf1IlJwSFAKiovBpo5/3/EPxdibd9liBmZD9wA=; b=QTngvH+aHSlgpc6sbkMxQQXQgVjpHfvo8/ybabtKjpTSprv3GfeKKJBTALE6RgtdDg RswwtkZl+IAqTCdFrDCPHorrsMHWw0aGSIuwfImh/UGEDyme9oneRL6kbIwX9Efx4xYB mSieuSGsc5RLrst1Mabf/Ewlk7C2Dqx2NlbGcdszebK3DDxj6a+r+epSXdjJn0nDPKzT LlHE6x72Cg7y9/xaxwXYp/AuW6SFdnS4tBfDYGej85+UwalYdyDNm/lmAXapIFWbnshx Zf+/2YilCh3DnjHITvjH31s0Dihvq+0QcEtewyuuNiLeDx3Zqzetfk728lYJ+zB4Ell/ 0pBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598949; x=1769203749; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=9UqzpQf1IlJwSFAKiovBpo5/3/EPxdibd9liBmZD9wA=; b=AqmjB5WUv7xLsBcf6I+1dK/jKnHf/kSza67u+ZJAu4Kao5ndSh8qdgS7q9zicVBlON uAVxNH7rSnumjka9iYg28zOD9p21IV2sl94P0CLc9sOUV15PhOJky21WG3kX01Z6iDcR mtHDEK4spd5+06AUQTxsPTvlLExwOWMu7RUcSZTTYeKobPlNEPIHsYfvvPgUKjndvGNw GgtQ6xrsLV2Z1r61if0gMdtLp5DIcOr3WXZEad5K9l0MHnI2U7rojUeAoXx4oWn1r7MT DAeQMemY2Lu6KN7SOGn9JQGq+O0UfTZ+f7fdeka3SP59MyEYLtwlkT3tdEqmVMWpkxIi e4Cw== X-Gm-Message-State: AOJu0Yye3QcsjcRcOof+ptHOiQw92nMM9llwAxQLd9bs6UXULGaBbuIf t6MZx2349bVE5bw21XDhK4M1KRFYyHM9PeK6oSJdp7W0n+WZd7qrlWfc X-Gm-Gg: AY/fxX4SOLeWVPHNcngV/ojhZR7G3XJQwYYY5Uo7EHdIWokQQxTZMdMTPuROCkKHIII cntTteuPOrNvE/QyB2vofAUwyJkrBqQBizKmTFxaNr6S6OLDDR2bKbqSjSg5cUpVvSQjw+Yf7i4 99Np9tePEUVK3EstBAvKr1/n324sYHH/v40dEhIEOl4f9dVub/KAt2C53WCrA4NjgGWwXFqll3w md+NLFtrUj16gHOTESQ9SLycghlhBP6iQK6FNrKO6YAg38DbTuOfmfHL1q4CtU/SEhc9H7IDcus fcxNg1T40bBMLH772za2UFuHUhn1B2nwCylJcB+j7sNL52oj+DwMaMYRqbDtE0Ia0qFKX+kVRMj IaCDrJfetvYkr8DZxav5G5Ms1NabRpUeMsGSsiCWbOvtoATcEwVrPBuJuF8aXyo0TLFbIRPO/xM vaKHcicekC X-Received: by 2002:a05:690e:d8d:b0:644:60d9:8667 with SMTP id 956f58d0204a3-64917773d86mr2650287d50.88.1768598948802; Fri, 16 Jan 2026 13:29:08 -0800 (PST) Received: from localhost ([2a03:2880:25ff:8::]) by smtp.gmail.com with ESMTPSA id 956f58d0204a3-649170d2f04sm1663457d50.22.2026.01.16.13.29.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:08 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:47 -0800 Subject: [PATCH net-next v15 07/12] selftests/vsock: add vm_dmesg_{warn,oops}_count() helpers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-7-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman These functions are reused by the VM tests to collect and compare dmesg warnings and oops counts. The future VM-specific tests use them heavily. This patches relies on vm_ssh() already supporting namespaces. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v11: - break these out into an earlier patch so that they can be used directly in new patches (instead of causing churn by adding this later) --- tools/testing/selftests/vsock/vmtest.sh | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 1d03acb62347..4b5929ffc9eb 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -380,6 +380,17 @@ host_wait_for_listener() { fi } =20 +vm_dmesg_oops_count() { + local ns=3D$1 + + vm_ssh "${ns}" -- dmesg 2>/dev/null | grep -c -i 'Oops' +} + +vm_dmesg_warn_count() { + local ns=3D$1 + + vm_ssh "${ns}" -- dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock' +} =20 vm_vsock_test() { local ns=3D$1 @@ -587,8 +598,8 @@ run_shared_vm_test() { =20 host_oops_cnt_before=3D$(dmesg | grep -c -i 'Oops') host_warn_cnt_before=3D$(dmesg --level=3Dwarn | grep -c -i 'vsock') - vm_oops_cnt_before=3D$(vm_ssh -- dmesg | grep -c -i 'Oops') - vm_warn_cnt_before=3D$(vm_ssh -- dmesg --level=3Dwarn | grep -c -i 'vsock= ') + vm_oops_cnt_before=3D$(vm_dmesg_oops_count "init_ns") + vm_warn_cnt_before=3D$(vm_dmesg_warn_count "init_ns") =20 name=3D$(echo "${1}" | awk '{ print $1 }') eval test_"${name}" @@ -606,13 +617,13 @@ run_shared_vm_test() { rc=3D$KSFT_FAIL fi =20 - vm_oops_cnt_after=3D$(vm_ssh -- dmesg | grep -i 'Oops' | wc -l) + vm_oops_cnt_after=3D$(vm_dmesg_oops_count "init_ns") if [[ ${vm_oops_cnt_after} -gt ${vm_oops_cnt_before} ]]; then echo "FAIL: kernel oops detected on vm" | log_host rc=3D$KSFT_FAIL fi =20 - vm_warn_cnt_after=3D$(vm_ssh -- dmesg --level=3Dwarn | grep -c -i 'vsock') + vm_warn_cnt_after=3D$(vm_dmesg_warn_count "init_ns") if [[ ${vm_warn_cnt_after} -gt ${vm_warn_cnt_before} ]]; then echo "FAIL: kernel warning detected on vm" | log_host rc=3D$KSFT_FAIL --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 39840311C2D for ; Fri, 16 Jan 2026 21:29:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598955; cv=none; b=oewdHXxKD4Pbst99VZDt2zKHeb/84rjJPCU2sWtCKHL1nsYciWhSlkDMwHiNvPVsssj68PN0mdh3BHTNOmviNrKXKoI1BXz7viTy5qG3ACaPcNxXksrCbweHBetvLqWjYKa6e+Xz7rTK+rJCurbYfBM31TNWTIPfr3/Z3S2qXEg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598955; c=relaxed/simple; bh=P4erHizl27nbkGk13UaQgtaMcmfPrCQL8OW5nr9GtQs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=oWVQ1zvUZJzLnh3N9WbLJBTW+OcLH7FyxJ4l+Wf7RVUyeJyoO2VexbWWLjmbS1cAwtnS+aKLiMVxW2JGLX/txtHyh54LBB3xfYT7oCfUBSuLoSUbaPQJCGF9ovgfzHY1CE/XmTKJWiTiqMhIIF9rQUmQYFHCbhEPK1HSSPrrwl4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KZwkSOaH; arc=none smtp.client-ip=209.85.128.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KZwkSOaH" Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-7927b1620ddso38027927b3.0 for ; Fri, 16 Jan 2026 13:29:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598950; x=1769203750; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=pnWUXZAQs2u/RX1G1g/cLNdC4zcJTVF/JpiRxAH0cLc=; b=KZwkSOaH++WfAsT49gS6t09jAWBAhA1owZm4eUIbZ52rNMphxh4zJkKjRoPpCXrHw9 ZQObJOt/c/5VwQN7p0orGkYUlA/SCKzMqYuRAu6HjXgP19Z8zWwQ4DlDHu46wqVCGx+i ydGgwgrmfKnv72aWDp0eDHC8i4t/jkIy4tIvKRa7vmTZfEGt045PtpaVBNQmT0VhnA4m HTfXawhEkjdQGoj9w3pBumXqeRSOxCwVWCoS45AL7uGhPwEEzxWNKzYVzfpC5RyRu/eW JpYAwZuGbPZshge3y01Q9NbRfCJuSJHQOwpkuEPzXy4WUrGsnW/gZdtgRid1ySQnyHr2 Gdsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598950; x=1769203750; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=pnWUXZAQs2u/RX1G1g/cLNdC4zcJTVF/JpiRxAH0cLc=; b=bZTMnbY00Qut99vglRhlETcyk69WC4rLlNMm6dJEwLhkc5Pq/J+8zCeZ5LA6jrtsxj sNf7F6IyC5Fn+avVGs7qCA7Zl05NY2RXCF5VwyJQ0GAYWD1s7VoQBH88rdaoF6qn/hoj gsfFXzN6jZo4X9cE7+gqdLvdoSEfO8p9T1+U6heB7GXBryjAMGRF1SeV2OocZXo7K7KL s65fxjD2BhpHa9KeermFlR8LhDsV27OQN0w35i1+mIedsVDNeKQ/e0FThAQhIqz1fIGE fG+qq1YQLM3IL2gEs9LE7qRmunm3RUGb4WHtB5Ya7Kzc832RhwkY6jy03Xet+TP0IIVU Ei9g== X-Gm-Message-State: AOJu0YzdjtN9Bu3Bq6VUi1lhhCXAVAsUb5klp9PE3lvKroxmEHGPRE09 6QzOtDxb1VxQPSnOKUSgVfQsa2b3YVMnrCtV9oV4U5egImHezUr5mXxa X-Gm-Gg: AY/fxX6yuGW3WcN1/ivy4ctZLfzMxySmROcrLaAlvydjoWcLi7Pyd7BTUIToNEvqW0I 6zndOB7ZhyGi71grxaE0QD0Pk2HADWcR8kgr31giLd6gwXh+BKLDsDKmtVA+tyRfv2UYrol9K+Q 7+VMZuyczSB7EIsr2tzjhjADXLCLIwSYJAOJApKn5WnFbTXHRlGMVrsHkEGlBYqbEL9102BPU9K 51JA7VJvoVfYYoa4ur/UGp7LLYOewhEgxKA0PLY9PUtMzaQ7OcOkmj5RVTYmAIFw/PWgsZIUA2n RlV9ka7sl7cT7NM+N9wKNtz/FlYD5YFta2cgHrAf52tqEKZG3xVQ7oFV/IYW9B3WoSQKq8mw2tZ Y4y6mUYVfHnmCefjf+IOxAg89XdztEN5esCmJHz+3OpKWZlAuRLjZfKZ6np9i2Q59J6GW6xNZHQ CwyZ0YlPlb X-Received: by 2002:a05:690c:dd4:b0:793:baf5:ffcc with SMTP id 00721157ae682-793c57be153mr40080797b3.2.1768598949786; Fri, 16 Jan 2026 13:29:09 -0800 (PST) Received: from localhost ([2a03:2880:25ff:6::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c66f6f97sm13467037b3.16.2026.01.16.13.29.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:09 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:48 -0800 Subject: [PATCH net-next v15 08/12] selftests/vsock: use ss to wait for listeners instead of /proc/net Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-8-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Replace /proc/net parsing with ss(8) for detecting listening sockets in wait_for_listener() functions and add support for TCP, VSOCK, and Unix socket protocols. The previous implementation parsed /proc/net/tcp using awk to detect listening sockets, but this approach could not support vsock because vsock does not export socket information to /proc/net/. Instead, use ss so that we can detect listeners on tcp, vsock, and unix. The protocol parameter is now required for all wait_for_listener family functions (wait_for_listener, vm_wait_for_listener, host_wait_for_listener) to explicitly specify which socket type to wait for. ss is added to the dependency check in check_deps(). Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- tools/testing/selftests/vsock/vmtest.sh | 47 +++++++++++++++++++++--------= ---- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 4b5929ffc9eb..0e681d4c3a15 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -182,7 +182,7 @@ check_args() { } =20 check_deps() { - for dep in vng ${QEMU} busybox pkill ssh; do + for dep in vng ${QEMU} busybox pkill ssh ss; do if [[ ! -x $(command -v "${dep}") ]]; then echo -e "skip: dependency ${dep} not found!\n" exit "${KSFT_SKIP}" @@ -337,21 +337,32 @@ wait_for_listener() local port=3D$1 local interval=3D$2 local max_intervals=3D$3 - local protocol=3Dtcp - local pattern + local protocol=3D$4 local i =20 - pattern=3D":$(printf "%04X" "${port}") " - - # for tcp protocol additionally check the socket state - [ "${protocol}" =3D "tcp" ] && pattern=3D"${pattern}0A" - for i in $(seq "${max_intervals}"); do - if awk -v pattern=3D"${pattern}" \ - 'BEGIN {rc=3D1} $2" "$4 ~ pattern {rc=3D0} END {exit rc}' \ - /proc/net/"${protocol}"*; then + case "${protocol}" in + tcp) + if ss --listening --tcp --numeric | grep -q ":${port} "; then + break + fi + ;; + vsock) + if ss --listening --vsock --numeric | grep -q ":${port} "; then + break + fi + ;; + unix) + # For unix sockets, port is actually the socket path + if ss --listening --unix | grep -q "${port}"; then + break + fi + ;; + *) + echo "Unknown protocol: ${protocol}" >&2 break - fi + ;; + esac sleep "${interval}" done } @@ -359,23 +370,25 @@ wait_for_listener() vm_wait_for_listener() { local ns=3D$1 local port=3D$2 + local protocol=3D$3 =20 vm_ssh "${ns}" <; Fri, 16 Jan 2026 21:29:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598955; cv=none; b=AQ7uqJL1Qd+vqvYnfVUwZw2zAG0cHYYE+LPcG5yc3UPlCLfPKIoDXeJfeEKfgm4TxyeJbWIgcS04I485uHBlyl+cqtKwTEF15NfzbZfM6gVkwS4koAkkNoRmRgBpeakCMEIiCno+ucGxPzyiQmzLJQ1j3P2BLUce3BlWLXzp4Iw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598955; c=relaxed/simple; bh=FIcglHOWrEg8hIuKGpVPQi7ir3gvt3puG14NMEVOHaI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=IA2N8Dv69Llw8/cZJq3N9fHan9a6w6sv4VHCXuKE+u4j/7SoajY9dcGazb4zfdx78hA04Cl93/eX0EH4xE6Zh200M2RCFPbTlY93ieWbEpHiYbkwDbSRyGjLSOI3+JszLZ00DKwOQxlq5emtK0ErO8II1hPP/KVbSMAjuuYacJU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AvhfVHsD; arc=none smtp.client-ip=74.125.224.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AvhfVHsD" Received: by mail-yx1-f47.google.com with SMTP id 956f58d0204a3-646d9eb45afso2209330d50.2 for ; Fri, 16 Jan 2026 13:29:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598951; x=1769203751; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=CfX5aCEAXTMRHVqkeJXb/fPPli7OvyVPTLJ4OZc+4kA=; b=AvhfVHsD2WmNwe/00gmgljdjyzjNPr5KDDTDBq09LZa7epDUyjTeh9AdtV9euGud4f nWdqmVLKIPWHMC8mttxZLtmaogifay7tRVBd1ZE2vPw/DTrM/a5BBlZ9jIdh8JXS35eg 2nIXQlpdK26TsHbSC7IYoB2YZeaPFMgj85zXP7Z+v4Ii7z0QBkj7g0bwlRaJIXOqGeKu vN6IADqdJHeYEJOVwMSUdFymZsxoCR/LkA2FncXIs6hFe6Xl+DVqvjqMjSrLm/rxeqIj Gv8bpQ3uv74XvAMB/lpX5KzIWd8iYbWuKpejphh5TSBSP3DIEAK/DdjshKo4g1ITDj2h WO9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598951; x=1769203751; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CfX5aCEAXTMRHVqkeJXb/fPPli7OvyVPTLJ4OZc+4kA=; b=R7969fTTlxb1aHYNuUGLjnlDjmJe4rdpAMFsGK6GGQR3IJP9zkgw4YvZCCnssw/PNS yh5bVbn6ZehlVARjYzX2F+mcNkk5WnjHsEAEpLVI3LEF0t4GaNNmDF21WOfAGGJafyQG g1FN6/5DMvl2YpOYhXj6YIviIADyZbEL+sXSvZU9aOBbcUdHkXTiIidCLiMPx3U/tQCn 9TY/QFql0T8TwyrYwHyHLdyY88DKVo7U4dmVHoun41pIBCl/vEv2OGkQJNSzrrdfY5KS DOctAJpYPfuuRto2Q4otXkXBzMe3Gqi7Si7GS1z6VuDVoM9QbEK/yytlFpJ8g4FxAHg/ CH7Q== X-Gm-Message-State: AOJu0YxWZerQBNv4lEtX3gx/XNKlOHA9qfMqfaBAm0X45aB6Lm40Gd13 fY1RtOxuklBajFUEkapoyXSuQ9iE7B32k14h3n1poU/C0wCisd1QrQMn X-Gm-Gg: AY/fxX7mPAUjhbpgQAtUXnZP1tPwm9I4TX2Lgf35o4yNps70iqTdKI5ImFmg4sSEGlM oqreAnd3XxDE1TRCt/9Z7GShg706kXxiZtjD+APz/46pry2nvbLZPCbEiEemKdAQpAjifTfIFZK bzNbJDt4xfyUlRhrKi5O019SDRHkMz4Sj+6pzgANrUL3kO57+E6M6walpSj4tDFNVmZrRbh0Uq1 n7n1GVeyy1SN4SZRBgH2OVE+xVTygIfK8w8tGnyoi0hAodiEIl2/14PbFTTZGZXeT7t6dt02s/u l4XLnP6f1t8lbXwywwR1gcs4na2G3ABa6uoEQYuXteQjkGaZr8kZewNGJgqgthgKVDtcuUlHATC RVdtvVws75NBL5TstVzDRGOq2GLAoh2h9VCk1tq58+GyheUh1zlHWEd3k1LNzEqB2DcniJMojm1 R9LIm/+RcU X-Received: by 2002:a05:690e:1344:b0:646:7ae4:11e9 with SMTP id 956f58d0204a3-6491648afe7mr3823738d50.15.1768598950861; Fri, 16 Jan 2026 13:29:10 -0800 (PST) Received: from localhost ([2a03:2880:25ff:1::]) by smtp.gmail.com with ESMTPSA id 956f58d0204a3-649170be316sm1663704d50.20.2026.01.16.13.29.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:10 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:49 -0800 Subject: [PATCH net-next v15 09/12] selftests/vsock: add tests for proc sys vsock ns_mode Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-9-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests for the /proc/sys/net/vsock/{ns_mode,child_ns_mode} interfaces. Namely, that they accept/report "global" and "local" strings and enforce their access policies. Start a convention of commenting the test name over the test description. Add test name comments over test descriptions that existed before this convention. Add a check_netns() function that checks if the test requires namespaces and if the current kernel supports namespaces. Skip tests that require namespaces if the system does not have namespace support. This patch is the first to add tests that do *not* re-use the same shared VM. For that reason, it adds a run_ns_tests() function to run these tests and filter out the shared VM tests. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v13: - remove write-once test ns_host_vsock_ns_mode_write_once_ok to reflect removing the write-once policy - add child_ns_mode test test_ns_host_vsock_child_ns_mode_ok - modify test_ns_host_vsock_ns_mode_ok() to check that the correct mode was inherited from child_ns_mode Changes in v12: - remove ns_vm_local_mode_rejected test, due to dropping that constraint Changes in v11: - Document ns_ prefix above TEST_NAMES (Stefano) Changes in v10: - Remove extraneous add_namespaces/del_namespaces calls. - Rename run_tests() to run_ns_tests() since it is designed to only run ns tests. Changes in v9: - add test ns_vm_local_mode_rejected to check that guests cannot use local mode --- tools/testing/selftests/vsock/vmtest.sh | 140 ++++++++++++++++++++++++++++= +++- 1 file changed, 138 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 0e681d4c3a15..38785a102236 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -41,14 +41,38 @@ readonly KERNEL_CMDLINE=3D"\ virtme.ssh virtme_ssh_channel=3Dtcp virtme_ssh_user=3D$USER \ " readonly LOG=3D$(mktemp /tmp/vsock_vmtest_XXXX.log) -readonly TEST_NAMES=3D(vm_server_host_client vm_client_host_server vm_loop= back) + +# Namespace tests must use the ns_ prefix. This is checked in check_netns(= ) and +# is used to determine if a test needs namespace setup before test executi= on. +readonly TEST_NAMES=3D( + vm_server_host_client + vm_client_host_server + vm_loopback + ns_host_vsock_ns_mode_ok + ns_host_vsock_child_ns_mode_ok +) readonly TEST_DESCS=3D( + # vm_server_host_client "Run vsock_test in server mode on the VM and in client mode on the host." + + # vm_client_host_server "Run vsock_test in client mode on the VM and in server mode on the host." + + # vm_loopback "Run vsock_test using the loopback transport in the VM." + + # ns_host_vsock_ns_mode_ok + "Check /proc/sys/net/vsock/ns_mode strings on the host." + + # ns_host_vsock_child_ns_mode_ok + "Check /proc/sys/net/vsock/ns_mode is read-only and child_ns_mode is writ= able." ) =20 -readonly USE_SHARED_VM=3D(vm_server_host_client vm_client_host_server vm_l= oopback) +readonly USE_SHARED_VM=3D( + vm_server_host_client + vm_client_host_server + vm_loopback +) readonly NS_MODES=3D("local" "global") =20 VERBOSE=3D0 @@ -196,6 +220,20 @@ check_deps() { fi } =20 +check_netns() { + local tname=3D$1 + + # If the test requires NS support, check if NS support exists + # using /proc/self/ns + if [[ "${tname}" =3D~ ^ns_ ]] && + [[ ! -e /proc/self/ns ]]; then + log_host "No NS support detected for test ${tname}" + return 1 + fi + + return 0 +} + check_vng() { local tested_versions local version @@ -519,6 +557,54 @@ log_guest() { LOG_PREFIX=3Dguest log "$@" } =20 +ns_get_mode() { + local ns=3D$1 + + ip netns exec "${ns}" cat /proc/sys/net/vsock/ns_mode 2>/dev/null +} + +test_ns_host_vsock_ns_mode_ok() { + for mode in "${NS_MODES[@]}"; do + local actual + + actual=3D$(ns_get_mode "${mode}0") + if [[ "${actual}" !=3D "${mode}" ]]; then + log_host "expected mode ${mode}, got ${actual}" + return "${KSFT_FAIL}" + fi + done + + return "${KSFT_PASS}" +} + +test_ns_host_vsock_child_ns_mode_ok() { + local orig_mode + local rc + + orig_mode=3D$(cat /proc/sys/net/vsock/child_ns_mode) + + rc=3D"${KSFT_PASS}" + for mode in "${NS_MODES[@]}"; do + local ns=3D"${mode}0" + + if echo "${mode}" 2>/dev/null > /proc/sys/net/vsock/ns_mode; then + log_host "ns_mode should be read-only but write succeeded" + rc=3D"${KSFT_FAIL}" + continue + fi + + if ! echo "${mode}" > /proc/sys/net/vsock/child_ns_mode; then + log_host "child_ns_mode should be writable to ${mode}" + rc=3D"${KSFT_FAIL}" + continue + fi + done + + echo "${orig_mode}" > /proc/sys/net/vsock/child_ns_mode + + return "${rc}" +} + test_vm_server_host_client() { if ! vm_vsock_test "init_ns" "server" 2 "${TEST_GUEST_PORT}"; then return "${KSFT_FAIL}" @@ -592,6 +678,11 @@ run_shared_vm_tests() { continue fi =20 + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" "${arg}" + continue + fi + run_shared_vm_test "${arg}" check_result "$?" "${arg}" done @@ -645,6 +736,49 @@ run_shared_vm_test() { return "${rc}" } =20 +run_ns_tests() { + for arg in "${ARGS[@]}"; do + if shared_vm_test "${arg}"; then + continue + fi + + if ! check_netns "${arg}"; then + check_result "${KSFT_SKIP}" "${arg}" + continue + fi + + add_namespaces + + name=3D$(echo "${arg}" | awk '{ print $1 }') + log_host "Executing test_${name}" + + host_oops_before=3D$(dmesg 2>/dev/null | grep -c -i 'Oops') + host_warn_before=3D$(dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsoc= k') + eval test_"${name}" + rc=3D$? + + host_oops_after=3D$(dmesg 2>/dev/null | grep -c -i 'Oops') + if [[ "${host_oops_after}" -gt "${host_oops_before}" ]]; then + echo "FAIL: kernel oops detected on host" | log_host + check_result "${KSFT_FAIL}" "${name}" + del_namespaces + continue + fi + + host_warn_after=3D$(dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock= ') + if [[ "${host_warn_after}" -gt "${host_warn_before}" ]]; then + echo "FAIL: kernel warning detected on host" | log_host + check_result "${KSFT_FAIL}" "${name}" + del_namespaces + continue + fi + + check_result "${rc}" "${name}" + + del_namespaces + done +} + BUILD=3D0 QEMU=3D"qemu-system-$(uname -m)" =20 @@ -690,6 +824,8 @@ if shared_vm_tests_requested "${ARGS[@]}"; then terminate_pidfiles "${pidfile}" fi =20 +run_ns_tests "${ARGS[@]}" + echo "SUMMARY: PASS=3D${cnt_pass} SKIP=3D${cnt_skip} FAIL=3D${cnt_fail}" echo "Log: ${LOG}" =20 --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com [209.85.128.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5EDB3315775 for ; Fri, 16 Jan 2026 21:29:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598957; cv=none; b=LIR8BXpNGx8g22p1rOgzrvNQStwNRFv8vk9yiDI+/vzmsh9VQ5c+YBSr6/OVY2dhJBKLOZmT3ICGN4WNJTtw3SzRtn6kchYmV3QUD8S0gnEkOai6LzPT1rNwyCcIxbhrkgP5IB5XM+/dcuUi11nuv2+mjMHTbSg2ur/AjcAKc3Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598957; c=relaxed/simple; bh=43YZlXDQmW65hszyjr5m3UtpfpB8+72+oSXEtxR8B+c=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=O+S73Faot+x3hrICyBWZm/4Ni5ONmlzMYf26DJPEQ7KUtlkZghJe+2bphi97ZmwJiDfduEenc83HnQ+YZg+7gH5NspVS78j984B/Z75nTq3gW/SMvmW2Ce93ULwdKpCQAlRP9yO/97AxVzT01wuUd+RPg69tXrhV6hzwQx8KuWw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=a+J7wDKz; arc=none smtp.client-ip=209.85.128.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="a+J7wDKz" Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-790948758c1so23987217b3.1 for ; Fri, 16 Jan 2026 13:29:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598952; x=1769203752; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Y3I8QcIsIeOrh9cIrz38ZjjL+G5z3ujRC9KA0ugGud8=; b=a+J7wDKzdI1mlppUc/PLN0epC9FKHMylZ9qQ7pjLvDrF2NQ816/qpleabYhKpysNn5 WCsm3sBt7ZIuz8NMJBOJzIcE38lAGLol06hqMZF7wzF9RnvgKQwW8dP0mYpSFWFwKmtB MpV/pVvgsa417gDMCpjvE66PucWD5ES9Zce2IRL+ZcGk1KFZc1calnP2piQ8DQ/GvX0r SwdOX9mw3/++2/Dk6ue2ibRSC9sb5KyKo+5Sy1kpqSlJ3+dX4mSIpVLgnsGS82l+2lsy K193RTcJBZ66ErcbCrrwE5GS1m/oeR87fx1bPfm5BA3caHxrjvwRLYq1SAjnyESQiBGe suqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598952; x=1769203752; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Y3I8QcIsIeOrh9cIrz38ZjjL+G5z3ujRC9KA0ugGud8=; b=Z21+bm+M6+fQW9Rcs472mobAnoDo8YVfBpXEMwcosGpe+nZHLd9DQJsn3/sKgWdu+b rcOrBERH984RUksk5/QZUJCSpHqTDplFaJQ5o9xSTysaXr24V6nVo3SoOIgOlwBeJWK6 9YkQATI+O5oKgYmKsrRgMwZFo35uu9VQ1uvQFYg5Com0FA/DWtehUFdhcsWrgH0k3hUS BUNGcHmXb2XGNmaQIjOV1NHiuZxidmXBEGxIH10iUwvnN58KSNmWoz1psaUZT3lqSEMU BcEX2R+TweTPJYMyFmFyHQ/5Gm/YqWLUhgLs/KphWBOHP+BHYyJqIiH71D5wPUh5nOcy WyRg== X-Gm-Message-State: AOJu0Yy3Y/9QscMgRlAUGFGTyk/FcpYdq529IFNcsM2hz1UiD852eq+T IwhLIV8jd/C+TBeQqyu7A/CKtEn9vAwvAwXtP3iETIMTC4ucchm5yU7L X-Gm-Gg: AY/fxX7I8cBqqB3aJLEeClgrUaTT7ikezMNUMjK2nH7lL+S84Sgp1LTF1vvYkkOAPF1 kcf2Tf2RegfbXO50ooIJB1pDAepH0SAjcBhW0afIJKQ4cgc4wn8UPt6LzYS++iUddQEWyDDHiPK +Py8jXdPEzMflshN/fc/8oiq5I/amEs30ZYRCl8DTEAYPO2RSeykVhHO8wHByDOQlGP5T8zaUcM X2hPOlOemvxKivoLgdDnvuihcYDwH2yxXDe+fMB4wJ/oBTminEGjOctI5Ull1toz8ag77NtCquT xvBsXSpO1mREKhfe82bKf0T4Vz3UHHPwTDlEJVqedQ0yoSOwCiLYQIVNZeoLaq+y8V3Gm40dApJ /fbLuyIoQ7rbqXGKH3AWXfDD/EDg3PF2QjDskgQR/VD+tOD9FTVx6nHdSZd0JuYnqhGO0xv7/4W Wt4qKiKOT0WAvJ+Vn/OOc= X-Received: by 2002:a05:690c:883:b0:78d:6657:fd1a with SMTP id 00721157ae682-793c5393f96mr32809527b3.37.1768598951767; Fri, 16 Jan 2026 13:29:11 -0800 (PST) Received: from localhost ([2a03:2880:25ff:1::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c66ed7a1sm13166067b3.14.2026.01.16.13.29.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:11 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:50 -0800 Subject: [PATCH net-next v15 10/12] selftests/vsock: add namespace tests for CID collisions Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-10-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to verify CID collision rules across different vsock namespace modes. 1. Two VMs with the same CID cannot start in different global namespaces (ns_global_same_cid_fails) 2. Two VMs with the same CID can start in different local namespaces (ns_local_same_cid_ok) 3. VMs with the same CID can coexist when one is in a global namespace and another is in a local namespace (ns_global_local_same_cid_ok and ns_local_global_same_cid_ok) The tests ns_global_local_same_cid_ok and ns_local_global_same_cid_ok make sure that ordering does not matter. The tests use a shared helper function namespaces_can_boot_same_cid() that attempts to start two VMs with identical CIDs in the specified namespaces and verifies whether VM initialization failed or succeeded. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v11: - check vm_start() rc in namespaces_can_boot_same_cid() (Stefano) - fix ns_local_same_cid_ok() to use local0 and local1 instead of reusing local0 twice. This check should pass, ensuring local namespaces do not collide (Stefano) --- tools/testing/selftests/vsock/vmtest.sh | 78 +++++++++++++++++++++++++++++= ++++ 1 file changed, 78 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 38785a102236..1bf537410ea6 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -50,6 +50,10 @@ readonly TEST_NAMES=3D( vm_loopback ns_host_vsock_ns_mode_ok ns_host_vsock_child_ns_mode_ok + ns_global_same_cid_fails + ns_local_same_cid_ok + ns_global_local_same_cid_ok + ns_local_global_same_cid_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -66,6 +70,18 @@ readonly TEST_DESCS=3D( =20 # ns_host_vsock_child_ns_mode_ok "Check /proc/sys/net/vsock/ns_mode is read-only and child_ns_mode is writ= able." + + # ns_global_same_cid_fails + "Check QEMU fails to start two VMs with same CID in two different global = namespaces." + + # ns_local_same_cid_ok + "Check QEMU successfully starts two VMs with same CID in two different lo= cal namespaces." + + # ns_global_local_same_cid_ok + "Check QEMU successfully starts one VM in a global ns and then another VM= in a local ns with the same CID." + + # ns_local_global_same_cid_ok + "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." ) =20 readonly USE_SHARED_VM=3D( @@ -577,6 +593,68 @@ test_ns_host_vsock_ns_mode_ok() { return "${KSFT_PASS}" } =20 +namespaces_can_boot_same_cid() { + local ns0=3D$1 + local ns1=3D$2 + local pidfile1 pidfile2 + local rc + + pidfile1=3D"$(create_pidfile)" + + # The first VM should be able to start. If it can't then we have + # problems and need to return non-zero. + if ! vm_start "${pidfile1}" "${ns0}"; then + return 1 + fi + + pidfile2=3D"$(create_pidfile)" + vm_start "${pidfile2}" "${ns1}" + rc=3D$? + terminate_pidfiles "${pidfile1}" "${pidfile2}" + + return "${rc}" +} + +test_ns_global_same_cid_fails() { + init_namespaces + + if namespaces_can_boot_same_cid "global0" "global1"; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_local_global_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_global_local_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_local_same_cid_ok() { + init_namespaces + + if namespaces_can_boot_same_cid "local0" "local1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + test_ns_host_vsock_child_ns_mode_ok() { local orig_mode local rc --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yx1-f48.google.com (mail-yx1-f48.google.com [74.125.224.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04CA630EF8F for ; Fri, 16 Jan 2026 21:29:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598959; cv=none; b=BnYX1Ql+/72e0/79O5VrCSE5uzyINdALgzMQmORN7wQSINOXoQm10sEY2ee4NxCdLoGw79ZQrwD8sy15rB5nuGzzKO+n8mMemvfp1aAL71asM9l6Mjg7ea3mMGbs4gNAIU5OcIosbNNX1uiuFLo77sb+cACdANb7CGqnU1fHIc0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598959; c=relaxed/simple; bh=vL5YpgYxz0FfLIIl5csPYBNFRkmEcElkoa8UW4/4fuc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=IXGMPJOV6IGFRr4Lgk7Ea8UUXZbbzHB1NiP25XHkr7o6/27UyLOA1EwY8lqik+l/wYuATp8PdLILXw3pxBwGL+pHdSP+GZoC/aLJXkVdjkoMRq1eS35znSULijWVwPuIyr6uGs3NCPtD91Mnk2avAfcFFpjjAp5V5FmHR2jZIdk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GFW7J2j0; arc=none smtp.client-ip=74.125.224.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GFW7J2j0" Received: by mail-yx1-f48.google.com with SMTP id 956f58d0204a3-644798bb299so2273862d50.3 for ; Fri, 16 Jan 2026 13:29:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598953; x=1769203753; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=kDPkpLUOyafJq1ujPR6WZLawhOFGoQnGZ+I2HIEtiX8=; b=GFW7J2j0DxrIosuKIo6dcFYwBnE8XwEnGuUHmyMwcQegAsb473Wf1Rk1pRQgOOuTKt N97u/MpuXJom3MnIKvihNXSjRamBB2x1dBhDMUReFnilOR4c4ArkClAC4JavwsxAKb7D xdvOI4I5iGbB79KnPpipyqMaYPxLDvGmLqcFWorjtaJf72yjeVKDSUcpiuoB+/Tx0ahF aBY5YEjZjwJ3cyviM2zNPLBVlfNoOphzwarAoEkViDwq5w7uPdLC+89VezUBzCOBS/ai vb3QxqwB+8ky4mpfiDth7rqXgxjV7QOLtcUXCKMCFapqSWAc5XL6vur0CTPxYANlbdSw KZJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598953; x=1769203753; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=kDPkpLUOyafJq1ujPR6WZLawhOFGoQnGZ+I2HIEtiX8=; b=FifrCv+RHwAzXqWkKupHcLYK8Bv+w6mrKurc419Kta41WORNFyZ+N6O2FzKA13yKgw WGuDVZC/O/7Z9TmiqbTwZ4DYaOVgD7Zlv1kUvGSfc1Iv86Mm9o73VY1aDStuyHrNGN24 A+cgNs2G5A+OPZmzmZ7nEYvSnoXbAIQg+WtRJCz2NjI5oEsWyAdso2MsCrnOWcaxjEbK 3pHhnCfbwdi+ycv/94ygzeDDyuwGIx9kPcWnDRzsqov+XA7qsKtMZf5O2NoQ5BtJiMXr Z2GMdTI9dwfSJD5wfnM+SNlvB2G5g+sEwjUpiXtaEDRldg7EabHN7JlGnoZV30Ib+s65 vCMw== X-Gm-Message-State: AOJu0YwCj0drWV4FILH079Q2gCt4tDsWtNZIzLdXs5O4Xfvr78HpwP0j pdgkyVozkoYsFshxWdHuQzkm33cAuoqr1WfjuHxp19m3zHduHxMsL+oT X-Gm-Gg: AY/fxX6QQVlkIeAd/CJfFBrxwia3ik+VEUV76swaKCzMJZbf0RVqB8Xjgz1+QY0cr5f Qf6Z94VapafJK7+rEYxhIeex+fhsL91JH4X8JYXNOE9eCdugCKC8Mk/0XS1Pf5wqQcIdku4Bp4p JgrD+NpsnOglEJf3CDrkswxfJ8l5MeZ0uILgbGcjhw+i4ao6S0DLtJfXBZSuWlJAfbIMosWNaGX K+zb6iVFbgcT2oIlPNNT/D5ERydkgTGu6C6LZLq00n8X4g9GFZk+XxOoecPEva5uZJieswRaGzG qVSZ0RN4KbVZmP+KxrKBSMeNKGCppjatC97vJnYfufMwTO1u4nUOQE/bobLlQst3LmCzYZ8JThS EejrASRsG44AdyqM68hH5fboahSiL1RLgxU9CkGVf2ByFsFWW3X0nXYTAWgR9ygVSwAqph4ciaP /e2ghHi/dFkA== X-Received: by 2002:a05:690e:1881:b0:643:1a5f:aaec with SMTP id 956f58d0204a3-649177115c5mr3199299d50.47.1768598952663; Fri, 16 Jan 2026 13:29:12 -0800 (PST) Received: from localhost ([2a03:2880:25ff:5e::]) by smtp.gmail.com with ESMTPSA id 956f58d0204a3-64916ffae51sm1681351d50.1.2026.01.16.13.29.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:12 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:51 -0800 Subject: [PATCH net-next v15 11/12] selftests/vsock: add tests for host <-> vm connectivity with namespaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-11-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests to validate namespace correctness using vsock_test and socat. The vsock_test tool is used to validate expected success tests, but socat is used for expected failure tests. socat is used to ensure that connections are rejected outright instead of failing due to some other socket behavior (as tested in vsock_test). Additionally, socat is already required for tunneling TCP traffic from vsock_test. Using only one of the vsock_test tests like 'test_stream_client_close_client' would have yielded a similar result, but doing so wouldn't remove the socat dependency. Additionally, check for the dependency socat. socat needs special handling beyond just checking if it is on the path because it must be compiled with support for both vsock and unix. The function check_socat() checks that this support exists. Add more padding to test name printf strings because the tests added in this patch would otherwise overflow. Add vm_dmesg_* helpers to encapsulate checking dmesg for oops and warnings. Add ability to pass extra args to host-side vsock_test so that tests that cause false positives may be skipped with arg --skip. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v12: - add test skip (vsock_test test 29) when host_vsock_test() uses client mode in a local namespace. Test 29 causes a false positive to trigger. Changes in v11: - add 'sleep "${WAIT_PERIOD}"' after any non-TCP socat LISTEN cmd (Stefano) - add host_wait_for_listener() after any socat TCP-LISTEN (Stefano) - reuse vm_dmesg_{oops,warn}_count() inside vm_dmesg_check() - fix copy-paste in test_ns_same_local_vm_connect_to_local_host_ok() (Stefano) Changes in v10: - add vm_dmesg_start() and vm_dmesg_check() Changes in v9: - consistent variable quoting --- tools/testing/selftests/vsock/vmtest.sh | 572 ++++++++++++++++++++++++++++= +++- 1 file changed, 568 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 1bf537410ea6..a9eaf37bc31b 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -7,6 +7,7 @@ # * virtme-ng # * busybox-static (used by virtme-ng) # * qemu (used by virtme-ng) +# * socat # # shellcheck disable=3DSC2317,SC2119 =20 @@ -54,6 +55,19 @@ readonly TEST_NAMES=3D( ns_local_same_cid_ok ns_global_local_same_cid_ok ns_local_global_same_cid_ok + ns_diff_global_host_connect_to_global_vm_ok + ns_diff_global_host_connect_to_local_vm_fails + ns_diff_global_vm_connect_to_global_host_ok + ns_diff_global_vm_connect_to_local_host_fails + ns_diff_local_host_connect_to_local_vm_fails + ns_diff_local_vm_connect_to_local_host_fails + ns_diff_global_to_local_loopback_local_fails + ns_diff_local_to_global_loopback_fails + ns_diff_local_to_local_loopback_fails + ns_diff_global_to_global_loopback_ok + ns_same_local_loopback_ok + ns_same_local_host_connect_to_local_vm_ok + ns_same_local_vm_connect_to_local_host_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -82,6 +96,45 @@ readonly TEST_DESCS=3D( =20 # ns_local_global_same_cid_ok "Check QEMU successfully starts one VM in a local ns and then another VM = in a global ns with the same CID." + + # ns_diff_global_host_connect_to_global_vm_ok + "Run vsock_test client in global ns with server in VM in another global n= s." + + # ns_diff_global_host_connect_to_local_vm_fails + "Run socat to test a process in a global ns fails to connect to a VM in a= local ns." + + # ns_diff_global_vm_connect_to_global_host_ok + "Run vsock_test client in VM in a global ns with server in another global= ns." + + # ns_diff_global_vm_connect_to_local_host_fails + "Run socat to test a VM in a global ns fails to connect to a host process= in a local ns." + + # ns_diff_local_host_connect_to_local_vm_fails + "Run socat to test a host process in a local ns fails to connect to a VM = in another local ns." + + # ns_diff_local_vm_connect_to_local_host_fails + "Run socat to test a VM in a local ns fails to connect to a host process = in another local ns." + + # ns_diff_global_to_local_loopback_local_fails + "Run socat to test a loopback vsock in a global ns fails to connect to a = vsock in a local ns." + + # ns_diff_local_to_global_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in a global ns." + + # ns_diff_local_to_local_loopback_fails + "Run socat to test a loopback vsock in a local ns fails to connect to a v= sock in another local ns." + + # ns_diff_global_to_global_loopback_ok + "Run socat to test a loopback vsock in a global ns successfully connects = to a vsock in another global ns." + + # ns_same_local_loopback_ok + "Run socat to test a loopback vsock in a local ns successfully connects t= o a vsock in the same ns." + + # ns_same_local_host_connect_to_local_vm_ok + "Run vsock_test client in a local ns with server in VM in same ns." + + # ns_same_local_vm_connect_to_local_host_ok + "Run vsock_test client in VM in a local ns with server in same ns." ) =20 readonly USE_SHARED_VM=3D( @@ -112,7 +165,7 @@ usage() { for ((i =3D 0; i < ${#TEST_NAMES[@]}; i++)); do name=3D${TEST_NAMES[${i}]} desc=3D${TEST_DESCS[${i}]} - printf "\t%-35s%-35s\n" "${name}" "${desc}" + printf "\t%-55s%-35s\n" "${name}" "${desc}" done echo =20 @@ -222,7 +275,7 @@ check_args() { } =20 check_deps() { - for dep in vng ${QEMU} busybox pkill ssh ss; do + for dep in vng ${QEMU} busybox pkill ssh ss socat; do if [[ ! -x $(command -v "${dep}") ]]; then echo -e "skip: dependency ${dep} not found!\n" exit "${KSFT_SKIP}" @@ -273,6 +326,20 @@ check_vng() { fi } =20 +check_socat() { + local support_string + + support_string=3D"$(socat -V)" + + if [[ "${support_string}" !=3D *"WITH_VSOCK 1"* ]]; then + die "err: socat is missing vsock support" + fi + + if [[ "${support_string}" !=3D *"WITH_UNIX 1"* ]]; then + die "err: socat is missing unix support" + fi +} + handle_build() { if [[ ! "${BUILD}" -eq 1 ]]; then return @@ -321,6 +388,14 @@ terminate_pidfiles() { done } =20 +terminate_pids() { + local pid + + for pid in "$@"; do + kill -SIGTERM "${pid}" &>/dev/null || : + done +} + vm_start() { local pidfile=3D$1 local ns=3D$2 @@ -459,6 +534,28 @@ vm_dmesg_warn_count() { vm_ssh "${ns}" -- dmesg --level=3Dwarn 2>/dev/null | grep -c -i 'vsock' } =20 +vm_dmesg_check() { + local pidfile=3D$1 + local ns=3D$2 + local oops_before=3D$3 + local warn_before=3D$4 + local oops_after warn_after + + oops_after=3D$(vm_dmesg_oops_count "${ns}") + if [[ "${oops_after}" -gt "${oops_before}" ]]; then + echo "FAIL: kernel oops detected on vm in ns ${ns}" | log_host + return 1 + fi + + warn_after=3D$(vm_dmesg_warn_count "${ns}") + if [[ "${warn_after}" -gt "${warn_before}" ]]; then + echo "FAIL: kernel warning detected on vm in ns ${ns}" | log_host + return 1 + fi + + return 0 +} + vm_vsock_test() { local ns=3D$1 local host=3D$2 @@ -502,6 +599,8 @@ host_vsock_test() { local host=3D$2 local cid=3D$3 local port=3D$4 + shift 4 + local extra_args=3D("$@") local rc =20 local cmd=3D"${VSOCK_TEST}" @@ -516,13 +615,15 @@ host_vsock_test() { --mode=3Dclient \ --peer-cid=3D"${cid}" \ --control-host=3D"${host}" \ - --control-port=3D"${port}" 2>&1 | log_host + --control-port=3D"${port}" \ + "${extra_args[@]}" 2>&1 | log_host rc=3D$? else ${cmd} \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ - --control-port=3D"${port}" 2>&1 | log_host & + --control-port=3D"${port}" \ + "${extra_args[@]}" 2>&1 | log_host & rc=3D$? =20 if [[ $rc -ne 0 ]]; then @@ -593,6 +694,468 @@ test_ns_host_vsock_ns_mode_ok() { return "${KSFT_PASS}" } =20 +test_ns_diff_global_host_connect_to_global_vm_ok() { + local oops_before warn_before + local pids pid pidfile + local ns0 ns1 port + declare -a pids + local unixfile + ns0=3D"global0" + ns1=3D"global1" + port=3D1234 + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns0}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + ip netns exec "${ns1}" \ + socat TCP-LISTEN:"${TEST_HOST_PORT}",fork \ + UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + host_wait_for_listener "${ns1}" "${TEST_HOST_PORT}" "tcp" + + ip netns exec "${ns0}" socat UNIX-LISTEN:"${unixfile}",fork \ + TCP-CONNECT:localhost:"${TEST_HOST_PORT}" & + pids+=3D($!) + host_wait_for_listener "${ns0}" "${unixfile}" "unix" + + vm_vsock_test "${ns0}" "server" 2 "${TEST_GUEST_PORT}" + vm_wait_for_listener "${ns0}" "${TEST_GUEST_PORT}" "tcp" + host_vsock_test "${ns1}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pids "${pids[@]}" + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_diff_global_host_connect_to_local_vm_fails() { + local oops_before warn_before + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + outfile=3D$(mktemp) + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns1}"; then + log_host "failed to start vm (cid=3D${VSOCK_CID}, ns=3D${ns0})" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns1}" + oops_before=3D$(vm_dmesg_oops_count "${ns1}") + warn_before=3D$(vm_dmesg_warn_count "${ns1}") + + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + vm_wait_for_listener "${ns1}" "${port}" "vsock" + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + vm_dmesg_check "${pidfile}" "${ns1}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" =3D=3D "TEST" ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_diff_global_vm_connect_to_global_host_ok() { + local oops_before warn_before + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local unixfile + local dmesg_rc + local pidfile + local pids + local rc + + init_namespaces + + declare -a pids + + log_host "Setup socat bridge from ns ${ns0} to ns ${ns1} over port ${port= }" + + unixfile=3D$(mktemp -u /tmp/XXXX.sock) + + ip netns exec "${ns0}" \ + socat TCP-LISTEN:"${port}" UNIX-CONNECT:"${unixfile}" & + pids+=3D($!) + host_wait_for_listener "${ns0}" "${port}" "tcp" + + ip netns exec "${ns1}" \ + socat UNIX-LISTEN:"${unixfile}" TCP-CONNECT:127.0.0.1:"${port}" & + pids+=3D($!) + host_wait_for_listener "${ns1}" "${unixfile}" "unix" + + log_host "Launching ${VSOCK_TEST} in ns ${ns1}" + host_vsock_test "${ns1}" "server" "${VSOCK_CID}" "${port}" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_vsock_test "${ns0}" "10.0.2.2" 2 "${port}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${unixfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" + +} + +test_ns_diff_global_vm_connect_to_local_host_fails() { + local ns0=3D"global0" + local ns1=3D"local0" + local port=3D12345 + local oops_before warn_before + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT &> "${outfile}= " & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + terminate_pids "${pid}" + rm -f "${outfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_host_connect_to_local_vm_fails() { + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local oops_before warn_before + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + outfile=3D$(mktemp) + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns1}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns1}" + oops_before=3D$(vm_dmesg_oops_count "${ns1}") + warn_before=3D$(vm_dmesg_warn_count "${ns1}") + + vm_ssh "${ns1}" -- socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}" & + vm_wait_for_listener "${ns1}" "${port}" "vsock" + + echo TEST | ip netns exec "${ns0}" \ + socat STDIN VSOCK-CONNECT:"${VSOCK_CID}":"${port}" 2>/dev/null + + vm_dmesg_check "${pidfile}" "${ns1}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_vm_connect_to_local_host_fails() { + local oops_before warn_before + local ns0=3D"local0" + local ns1=3D"local1" + local port=3D12345 + local dmesg_rc + local pidfile + local result + local pid + + init_namespaces + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT &> "${outfile}= " & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + log_host "failed to start vm (cid=3D${cid}, ns=3D${ns0})" + rm -f "${outfile}" + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns0}" + oops_before=3D$(vm_dmesg_oops_count "${ns0}") + warn_before=3D$(vm_dmesg_warn_count "${ns0}") + + vm_ssh "${ns0}" -- \ + bash -c "echo TEST | socat STDIN VSOCK-CONNECT:2:${port}" 2>&1 | log_gue= st + + vm_dmesg_check "${pidfile}" "${ns0}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" !=3D TEST ]] && [[ "${dmesg_rc}" -eq 0 ]]; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +__test_loopback_two_netns() { + local ns0=3D$1 + local ns1=3D$2 + local port=3D12345 + local result + local pid + + modprobe vsock_loopback &> /dev/null || : + + log_host "Launching socat in ns ${ns1}" + outfile=3D$(mktemp) + + ip netns exec "${ns1}" socat VSOCK-LISTEN:"${port}" STDOUT > "${outfile}"= 2>/dev/null & + pid=3D$! + host_wait_for_listener "${ns1}" "${port}" "vsock" + + log_host "Launching socat in ns ${ns0}" + echo TEST | ip netns exec "${ns0}" socat STDIN VSOCK-CONNECT:1:"${port}" = 2>/dev/null + terminate_pids "${pid}" + + result=3D$(cat "${outfile}") + rm -f "${outfile}" + + if [[ "${result}" =3D=3D TEST ]]; then + return 0 + fi + + return 1 +} + +test_ns_diff_global_to_local_loopback_local_fails() { + init_namespaces + + if ! __test_loopback_two_netns "global0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_to_global_loopback_fails() { + init_namespaces + + if ! __test_loopback_two_netns "local0" "global0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_local_to_local_loopback_fails() { + init_namespaces + + if ! __test_loopback_two_netns "local0" "local1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_diff_global_to_global_loopback_ok() { + init_namespaces + + if __test_loopback_two_netns "global0" "global1"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_same_local_loopback_ok() { + init_namespaces + + if __test_loopback_two_netns "local0" "local0"; then + return "${KSFT_PASS}" + fi + + return "${KSFT_FAIL}" +} + +test_ns_same_local_host_connect_to_local_vm_ok() { + local oops_before warn_before + local ns=3D"local0" + local port=3D1234 + local dmesg_rc + local pidfile + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns}" + oops_before=3D$(vm_dmesg_oops_count "${ns}") + warn_before=3D$(vm_dmesg_warn_count "${ns}") + + vm_vsock_test "${ns}" "server" 2 "${TEST_GUEST_PORT}" + + # Skip test 29 (transport release use-after-free): This test attempts + # binding both G2H and H2G CIDs. Because virtio-vsock (G2H) doesn't + # support local namespaces the test will fail when + # transport_g2h->stream_allow() returns false. This edge case only + # happens for vsock_test in client mode on the host in a local + # namespace. This is a false positive. + host_vsock_test "${ns}" "127.0.0.1" "${VSOCK_CID}" "${TEST_HOST_PORT}" --= skip=3D29 + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + +test_ns_same_local_vm_connect_to_local_host_ok() { + local oops_before warn_before + local ns=3D"local0" + local port=3D1234 + local dmesg_rc + local pidfile + local rc + + init_namespaces + + pidfile=3D"$(create_pidfile)" + + if ! vm_start "${pidfile}" "${ns}"; then + return "${KSFT_FAIL}" + fi + + vm_wait_for_ssh "${ns}" + oops_before=3D$(vm_dmesg_oops_count "${ns}") + warn_before=3D$(vm_dmesg_warn_count "${ns}") + + host_vsock_test "${ns}" "server" "${VSOCK_CID}" "${port}" + vm_vsock_test "${ns}" "10.0.2.2" 2 "${port}" + rc=3D$? + + vm_dmesg_check "${pidfile}" "${ns}" "${oops_before}" "${warn_before}" + dmesg_rc=3D$? + + terminate_pidfiles "${pidfile}" + + if [[ "${rc}" -ne 0 ]] || [[ "${dmesg_rc}" -ne 0 ]]; then + return "${KSFT_FAIL}" + fi + + return "${KSFT_PASS}" +} + namespaces_can_boot_same_cid() { local ns0=3D$1 local ns1=3D$2 @@ -882,6 +1445,7 @@ fi check_args "${ARGS[@]}" check_deps check_vng +check_socat handle_build =20 echo "1..${#ARGS[@]}" --=20 2.47.3 From nobody Sun Feb 8 05:42:42 2026 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3ED2333ADA4 for ; Fri, 16 Jan 2026 21:29:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598959; cv=none; b=HlCHVbIVc7nwtuVWdXVWOlUBuZeDnNMb+FpLmVzsqziUd7c5z8gGlpJ9Iv84wrzv9f3eWcITIoVJdp+J7m99C5r22rnEiYqYgHKmblLIYvX8AOqFWgydCWQFan7Kuu+UcLNpHGAPSRw5zHWLCr28K3aCYzjweWOszk+gkXHeN7Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768598959; c=relaxed/simple; bh=JAQQN7P77tr97fU7vyuVMrvCiNP4sSFAq43cZhTlmi0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XFGqz7B5FjkavF5I/UciCvgBWMxs7mBX/HUxFPim/0MemiXVfU73iUZom/i41lpDyOg8oUJcXQvYVJECVaLyrm+U6k5cenOfbeaP+5iPKlipEh4hPhuWogb06egDySBWpMe+WASVjyQEHV7wGXevNu1/MOwyGOpAozz3UyWKSiE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CN+ICmwO; arc=none smtp.client-ip=209.85.128.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CN+ICmwO" Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-78e6dc6d6d7so25869797b3.3 for ; Fri, 16 Jan 2026 13:29:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768598954; x=1769203754; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=2mpdsMRuLW1cRrssyJH9GNY+tfbuaJ3H6voxC/Fdtqg=; b=CN+ICmwOOFDAWqLFXVe+ehEYsYDe98ZwRORTNMXXMYcxmuarAT0xWcWw/OCPblOyMw taj9HLX0kv/8r2lXtWWsZhjtOvMnUTzlj05hcIi3AqK3dt7Iyb2xvgUY7f4Iw1yym/DL AqIDdsUH0+04vM6xp9JE36eCT7E5yHMIYOSFHs9XJnXNj//5v/rgy33OheR2In9uPe2j d5vZpszV0S+3xe5EiATdWudw3TyvoVc0N+OkL8UABr4wKc5lv43fCnk4wbgTGIDp5dNu QKs6xhR5DFyz3VIPILYqjKKqJ1q0KoK9YcxlM0Ym/cnveXwEWugCcmDBtzEyl5UzkELw Vppw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768598954; x=1769203754; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=2mpdsMRuLW1cRrssyJH9GNY+tfbuaJ3H6voxC/Fdtqg=; b=rlmMZZLjbeS13unx3caytrpJfVhwW3tFo/8v6pVqVYjbE3AXA4aNccVSGWwABcLWvl d7kPM5cHk2vKzVSI38o8+8T3P2b6l8dc6yB8xSFhaF4UKMfnQBhDdUXxICMgrtrii79d pEnMnuLzFZ7IhJAvKBRhj29MPbcYaNcPR5A/3z4k7d6zvNylQnzlJOdm0qiLxKYB1ZM4 etguRqGdWFbs9IKr7FOfh66EW+7i83ek5n8Ghp/ac6JSJsOzT0TVCSNutanGOWn9uODN vBJ94iWa38NJnfA0hRqGykABbv7Y5211cSeHNQ1PJ6cLahy6yyAbDifUQwcboKBNpnLl TSKA== X-Gm-Message-State: AOJu0YwnMd//kHdl1cpUqYvSXT0JfvVOn7BeTM8iZOvtTXGpBGD7f2oS 5o81Ki5uWkrzJn8uFEk4BLUVy+J3B9qXxpQwgfb65m3Ln01j4Yl8XzMu X-Gm-Gg: AY/fxX5yhKLYG14FoExYb/dd/B7Jps0Kn2g/1Cgmcdf0TQB03urRi0N/W2ZWlS+jaXU eymUCEZ/4G5KcZ9VCZyPmM9Yp7nPrAFWkTm6ff3SvbHV8qIy7TAOoXf+Rfe5xDWjHF78H+EpbaF EI/gVBtC5fziTyZofQp6ZFFyKoqhp920i+XBcZLzGbeqn5M8hlc55wRWUljssVnYQfcnzhkpZcj aAxJymoo6PPFiKCXB2aYOe4qKUhnOTPkm4YhLTOfTcN9MC2mNkeAAdDSBV6cPBeLjRnQOSQHk4p KFNLVuQ4ceRbFmxt6SoX8G23ntSqhK0izHYe2QPG1KQtq/jKP1LiL6hmFffENGQ5IyOMrzrlihB xKvodEPX2+C2yWHamJd6N2wyTUeoOxotxnS+hzZIkatkWA+aJSmIqZGrviwsrY+X6oWyiXUQ4Ol xYb+VmowFJ5GCeCwAhBjZH X-Received: by 2002:a05:690c:7010:b0:78c:6ae6:3c7c with SMTP id 00721157ae682-793c6824cf7mr29133577b3.48.1768598953565; Fri, 16 Jan 2026 13:29:13 -0800 (PST) Received: from localhost ([2a03:2880:25ff:50::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-793c68ceebfsm13175697b3.56.2026.01.16.13.29.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 13:29:13 -0800 (PST) From: Bobby Eshleman Date: Fri, 16 Jan 2026 13:28:52 -0800 Subject: [PATCH net-next v15 12/12] selftests/vsock: add tests for namespace deletion Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260116-vsock-vmtest-v15-12-bbfd1a668548@meta.com> References: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> In-Reply-To: <20260116-vsock-vmtest-v15-0-bbfd1a668548@meta.com> To: Stefano Garzarella , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Stefan Hajnoczi , "Michael S. Tsirkin" , Jason Wang , =?utf-8?q?Eugenio_P=C3=A9rez?= , Xuan Zhuo , "K. Y. Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Bryan Tan , Vishnu Dasa , Broadcom internal kernel review list , Shuah Khan , Long Li , Jonathan Corbet Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, netdev@vger.kernel.org, kvm@vger.kernel.org, linux-hyperv@vger.kernel.org, linux-kselftest@vger.kernel.org, berrange@redhat.com, Sargun Dhillon , linux-doc@vger.kernel.org, Bobby Eshleman , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman Add tests that validate vsock sockets are resilient to deleting namespaces. The vsock sockets should still function normally. The function check_ns_delete_doesnt_break_connection() is added to re-use the step-by-step logic of 1) setup connections, 2) delete ns, 3) check that the connections are still ok. Reviewed-by: Stefano Garzarella Signed-off-by: Bobby Eshleman Suggested-by: Sargun Dhillon --- Changes in v13: - remove tests that change the mode after socket creation (this is not supported behavior now and the immutability property is tested in other tests) - remove "change_mode" behavior of check_ns_changes_dont_break_connection() and rename to check_ns_delete_doesnt_break_connection() because we only need to test namespace deletion (other tests confirm that the mode cannot change) Changes in v11: - remove pipefile (Stefano) Changes in v9: - more consistent shell style - clarify -u usage comment for pipefile --- tools/testing/selftests/vsock/vmtest.sh | 84 +++++++++++++++++++++++++++++= ++++ 1 file changed, 84 insertions(+) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index a9eaf37bc31b..dc8dbe74a6d0 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -68,6 +68,9 @@ readonly TEST_NAMES=3D( ns_same_local_loopback_ok ns_same_local_host_connect_to_local_vm_ok ns_same_local_vm_connect_to_local_host_ok + ns_delete_vm_ok + ns_delete_host_ok + ns_delete_both_ok ) readonly TEST_DESCS=3D( # vm_server_host_client @@ -135,6 +138,15 @@ readonly TEST_DESCS=3D( =20 # ns_same_local_vm_connect_to_local_host_ok "Run vsock_test client in VM in a local ns with server in same ns." + + # ns_delete_vm_ok + "Check that deleting the VM's namespace does not break the socket connect= ion" + + # ns_delete_host_ok + "Check that deleting the host's namespace does not break the socket conne= ction" + + # ns_delete_both_ok + "Check that deleting the VM and host's namespaces does not break the sock= et connection" ) =20 readonly USE_SHARED_VM=3D( @@ -1287,6 +1299,78 @@ test_vm_loopback() { return "${KSFT_PASS}" } =20 +check_ns_delete_doesnt_break_connection() { + local pipefile pidfile outfile + local ns0=3D"global0" + local ns1=3D"global1" + local port=3D12345 + local pids=3D() + local rc=3D0 + + init_namespaces + + pidfile=3D"$(create_pidfile)" + if ! vm_start "${pidfile}" "${ns0}"; then + return "${KSFT_FAIL}" + fi + vm_wait_for_ssh "${ns0}" + + outfile=3D$(mktemp) + vm_ssh "${ns0}" -- \ + socat VSOCK-LISTEN:"${port}",fork STDOUT > "${outfile}" 2>/dev/null & + pids+=3D($!) + vm_wait_for_listener "${ns0}" "${port}" "vsock" + + # We use a pipe here so that we can echo into the pipe instead of using + # socat and a unix socket file. We just need a name for the pipe (not a + # regular file) so use -u. + pipefile=3D$(mktemp -u /tmp/vmtest_pipe_XXXX) + ip netns exec "${ns1}" \ + socat PIPE:"${pipefile}" VSOCK-CONNECT:"${VSOCK_CID}":"${port}" & + pids+=3D($!) + + timeout "${WAIT_PERIOD}" \ + bash -c 'while [[ ! -e '"${pipefile}"' ]]; do sleep 1; done; exit 0' + + if [[ "$1" =3D=3D "vm" ]]; then + ip netns del "${ns0}" + elif [[ "$1" =3D=3D "host" ]]; then + ip netns del "${ns1}" + elif [[ "$1" =3D=3D "both" ]]; then + ip netns del "${ns0}" + ip netns del "${ns1}" + fi + + echo "TEST" > "${pipefile}" + + timeout "${WAIT_PERIOD}" \ + bash -c 'while [[ ! -s '"${outfile}"' ]]; do sleep 1; done; exit 0' + + if grep -q "TEST" "${outfile}"; then + rc=3D"${KSFT_PASS}" + else + rc=3D"${KSFT_FAIL}" + fi + + terminate_pidfiles "${pidfile}" + terminate_pids "${pids[@]}" + rm -f "${outfile}" "${pipefile}" + + return "${rc}" +} + +test_ns_delete_vm_ok() { + check_ns_delete_doesnt_break_connection "vm" +} + +test_ns_delete_host_ok() { + check_ns_delete_doesnt_break_connection "host" +} + +test_ns_delete_both_ok() { + check_ns_delete_doesnt_break_connection "both" +} + shared_vm_test() { local tname =20 --=20 2.47.3