From nobody Fri Apr  3 06:26:51 2026
Received: from mail-yx1-f50.google.com (mail-yx1-f50.google.com
 [74.125.224.50])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 216A83451CC
	for <linux-kernel@vger.kernel.org>; Wed, 18 Feb 2026 18:11:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.224.50
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1771438274; cv=none;
 b=N1pd1DqSmBqKdrfik+I7sbYvttsmGLgHTPbdH4R1RDbVr61hvr9Wnr73MTe2S4ZOYZu2D3+Sq5zcUg6FyQL8xfmSmBWzclz2g+WxAwy3zmVS11EdN2EHVXOpLse8AMBXSssYb0QSsH/+DzU0U5exSd9KFiDo08yxKXX1ev+mRYI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1771438274; c=relaxed/simple;
	bh=Cq8ZzrMm3CGi0RM5HOgynfAVi/zZ/p+NhaJGJ/csZCo=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=ujFdOLD7+LSkvoL5CrOmZwnt3PwBcE4pD1Ke0c+gJ+1xOicUN96yme+JwenRygTWYrqGHLxoeWv95bCJIyfyDh6gFvZ0tL8nQtJ8bJHMKwk6VhtVJ9ByV57OcOkuhTd2UH98h6c/bKNaZCzeqxUaF12SVCH8Fyc6aeeRkSn1SeM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=lQ3vfek1; arc=none smtp.client-ip=74.125.224.50
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="lQ3vfek1"
Received: by mail-yx1-f50.google.com with SMTP id
 956f58d0204a3-64ad79dfb6eso40210d50.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 18 Feb 2026 10:11:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1771438272; x=1772043072;
 darn=vger.kernel.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PAWE751YSOrD9FsbhK2tX9K0BdH9Fj+XqGCptsOgLbc=;
        b=lQ3vfek19/TPDGVoW0qJolBoOaC9v4wx70NXe9In4xQ7zUngHnQnQRAjTcgxZX6zlI
         Pbd0JQpjx6Mr48dnUmj4I083ockdOXWHXLwgB8p6af1GXEwLvJKNry1uW3UWRLW6reBf
         WtL1/JeYQ+bd9JWTSYDf/P0SfJO4O/jDYbd2C/EWaYfBCwcPTNKkNriMJzfBnqnBVHGz
         A8kOMUvpBuY6WIu8JKX4YyrijerCvoNhqO6gWYea82udAHojLZWP6jOwP8r3Pt9lVT6W
         Su/8dJ9dYppKw2BmuEX8RUX1/wmgzWsj0dLWpuJX6WpvThyRC91JTmNF8FQJPGGfIwlW
         LRXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1771438272; x=1772043072;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=PAWE751YSOrD9FsbhK2tX9K0BdH9Fj+XqGCptsOgLbc=;
        b=KeX1s1/mI7qEs/Ydbf4P3XAAgKJAYOaFJlJsCS0JidXytoMgM+vK/cThE+a3sm6h+S
         4hjzmNr2cuLIcynYZGQf66++3XujI6h9XLHX3mMQlowrrECVBvDjNRErCGhfwWlD496c
         LNtIq5hNQJ4bhrXtUTQkM5zuUx4Hb1WLNkOZgWT+1CEgylsYSwvsL4g7IWfoPbWgJKNk
         MQnuH/R87YLl9YEGhfz1lDywcHBw4HtRsg2mookyqwrLU5dGm/82DjLb5BJ0NyQv9iVy
         NYhj5SB4i3cg9YQAQy4yIqVkpvGRFtRz+PyQLzUlkW9w6nkwOJz8v/ZQKrQXTMHV92uI
         tCeg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVPhQBhZQ7VIG5NClFjhk0W+1sUs/YVJjDBXyTORlJyz9YOER0k4bpnodLSjYj+ZlFTAhvlfDj3xZq5DT8=@vger.kernel.org
X-Gm-Message-State: AOJu0Yxkz+64NmJpiqow+/HUYZ0+INtVO7rQ4x0XbhRutc5+YwpeMdTg
	YgGTrwYic3rrw83ZqR33/oSY1f8jm5/PALeXJJsn2WbOCjMHPKbXi2Pf
X-Gm-Gg: AZuq6aItAqkIwK9As9scCv8vQfWG4NgAo+6crBjnwQ+/h3fH0ux5E22OWjCMEqXDgh2
	sIevcBc8Fl4crmI6EpDwbaZuUdM4VOee7+ZXEtbARy5HuJ0OZZ9d5mQoAPOFus0EF6sITQfrONs
	PGO5ec+i5woz6WXlSVUuvu59u9Jwj7Gn/Jtpx8iOGU19BpswgFrW7zgFicAIPuN8NcodmHQCA3Y
	fkke5sUXfySHwArQq8UFag44RiVWiS4Uk5WZ7tFp208wYsPQgnw1ZkUziUfCWzu6mr4Ko1rAqWg
	oaBBTXYXJ1zX9t5O5QUcZKm6bqQLs80ZfbPcYQ06E6ePVhulxtD7jZH414zRXnguL2T0+j9Mrb6
	yLg8+d/fMAEGPsyNzAAmtKNPfYS7jvxmOrfaRv8hTN8JA5ZzHeqJU/Rj122UXBpt+qomYW6t3DJ
	QEKuzdOofYcDyq1NhCG81emw==
X-Received: by 2002:a05:690e:1384:b0:64a:e063:d3ad with SMTP id
 956f58d0204a3-64c556dfed0mr2342999d50.94.1771438271947;
        Wed, 18 Feb 2026 10:11:11 -0800 (PST)
Received: from localhost ([2a03:2880:25ff:45::])
        by smtp.gmail.com with ESMTPSA id
 956f58d0204a3-64c22fc4bb9sm6143499d50.20.2026.02.18.10.11.11
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 Feb 2026 10:11:11 -0800 (PST)
From: Bobby Eshleman <bobbyeshleman@gmail.com>
Date: Wed, 18 Feb 2026 10:10:36 -0800
Subject: [PATCH net v2 1/3] selftests/vsock: change tests to respect
 write-once child ns mode
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20260218-vsock-ns-write-once-v2-1-19e4c50d509a@meta.com>
References: <20260218-vsock-ns-write-once-v2-0-19e4c50d509a@meta.com>
In-Reply-To: <20260218-vsock-ns-write-once-v2-0-19e4c50d509a@meta.com>
To: Stefano Garzarella <sgarzare@redhat.com>,
 "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>,
 Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
 Simon Horman <horms@kernel.org>, Stefan Hajnoczi <stefanha@redhat.com>,
 Shuah Khan <shuah@kernel.org>, Bobby Eshleman <bobbyeshleman@meta.com>,
 "Michael S. Tsirkin" <mst@redhat.com>, Jonathan Corbet <corbet@lwn.net>,
 Shuah Khan <skhan@linuxfoundation.org>
Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org,
 linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
 linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org
X-Mailer: b4 0.14.3

From: Bobby Eshleman <bobbyeshleman@meta.com>

The child_ns_mode sysctl parameter becomes write-once in a future patch
in this series, which breaks existing tests. This patch updates the
tests to respect this new policy. No additional tests are added.

Add "global-parent" and "local-parent" namespaces as intermediaries to
spawn namespaces in the given modes. This avoids the need to change
"child_ns_mode" in the init_ns. nsenter must be used because ip netns
unshares the mount namespace so nested "ip netns add" breaks exec calls
from the init ns. Adds nsenter to the deps check.

Signed-off-by: Bobby Eshleman <bobbyeshleman@meta.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
---
 tools/testing/selftests/vsock/vmtest.sh | 35 +++++++++++++++--------------=
----
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte=
sts/vsock/vmtest.sh
index dc8dbe74a6d0..e1e78b295e41 100755
--- a/tools/testing/selftests/vsock/vmtest.sh
+++ b/tools/testing/selftests/vsock/vmtest.sh
@@ -210,16 +210,17 @@ check_result() {
 }
=20
 add_namespaces() {
-	local orig_mode
-	orig_mode=3D$(cat /proc/sys/net/vsock/child_ns_mode)
+	ip netns add "global-parent" 2>/dev/null
+	echo "global" | ip netns exec "global-parent" \
+		tee /proc/sys/net/vsock/child_ns_mode &>/dev/null
+	ip netns add "local-parent" 2>/dev/null
+	echo "local" | ip netns exec "local-parent" \
+		tee /proc/sys/net/vsock/child_ns_mode &>/dev/null
=20
-	for mode in "${NS_MODES[@]}"; do
-		echo "${mode}" > /proc/sys/net/vsock/child_ns_mode
-		ip netns add "${mode}0" 2>/dev/null
-		ip netns add "${mode}1" 2>/dev/null
-	done
-
-	echo "${orig_mode}" > /proc/sys/net/vsock/child_ns_mode
+	nsenter --net=3D/var/run/netns/global-parent ip netns add "global0" 2>/de=
v/null
+	nsenter --net=3D/var/run/netns/global-parent ip netns add "global1" 2>/de=
v/null
+	nsenter --net=3D/var/run/netns/local-parent ip netns add "local0" 2>/dev/=
null
+	nsenter --net=3D/var/run/netns/local-parent ip netns add "local1" 2>/dev/=
null
 }
=20
 init_namespaces() {
@@ -237,6 +238,8 @@ del_namespaces() {
 		log_host "removed ns ${mode}0"
 		log_host "removed ns ${mode}1"
 	done
+	ip netns del "global-parent" &>/dev/null
+	ip netns del "local-parent" &>/dev/null
 }
=20
 vm_ssh() {
@@ -287,7 +290,7 @@ check_args() {
 }
=20
 check_deps() {
-	for dep in vng ${QEMU} busybox pkill ssh ss socat; do
+	for dep in vng ${QEMU} busybox pkill ssh ss socat nsenter; do
 		if [[ ! -x $(command -v "${dep}") ]]; then
 			echo -e "skip:    dependency ${dep} not found!\n"
 			exit "${KSFT_SKIP}"
@@ -1231,12 +1234,8 @@ test_ns_local_same_cid_ok() {
 }
=20
 test_ns_host_vsock_child_ns_mode_ok() {
-	local orig_mode
-	local rc
-
-	orig_mode=3D$(cat /proc/sys/net/vsock/child_ns_mode)
+	local rc=3D"${KSFT_PASS}"
=20
-	rc=3D"${KSFT_PASS}"
 	for mode in "${NS_MODES[@]}"; do
 		local ns=3D"${mode}0"
=20
@@ -1246,15 +1245,13 @@ test_ns_host_vsock_child_ns_mode_ok() {
 			continue
 		fi
=20
-		if ! echo "${mode}" > /proc/sys/net/vsock/child_ns_mode; then
-			log_host "child_ns_mode should be writable to ${mode}"
+		if ! echo "${mode}" | ip netns exec "${ns}" \
+			tee /proc/sys/net/vsock/child_ns_mode &>/dev/null; then
 			rc=3D"${KSFT_FAIL}"
 			continue
 		fi
 	done
=20
-	echo "${orig_mode}" > /proc/sys/net/vsock/child_ns_mode
-
 	return "${rc}"
 }
=20

--=20
2.47.3
From nobody Fri Apr  3 06:26:51 2026
Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com
 [209.85.128.180])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8CFFA346A1B
	for <linux-kernel@vger.kernel.org>; Wed, 18 Feb 2026 18:11:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.180
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1771438275; cv=none;
 b=WNKg6C53TOPAG0ZoUnTiaRweDX4QOanNnNPWpX1jNGu8ynwIRCiCyqmM1+Ar8vjGsqXs0GgSkAMdOmYMi9WIX8CQ7ja6VGxUtrQQIWfDL6lPSF79eAJ4z0huri83UtdPE5iOY9VMLFoiy6p23tts3VRpUj5S4kbItPvuqh3xys4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1771438275; c=relaxed/simple;
	bh=nlAlDEhBcV2bHlFAryaUj7ZOcWtIQPl+cHubqkhJz4A=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=FYGgA8gDfmQ4oEgSNpWJ1SgJB8S62bv3uFMU9i9Kn1tDq7h0U6bntxa338qPwTzX7jpGw2D+ta8+ywRjcoeAHjH7oZjA0rqT/T+f5NNBKT/OZprMgjQNVvgC43KtKSxtllLoySI9mgPfTdjnyR1VAK5q9BsHHyX50faJ+lNHtK0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=hUp7oJdp; arc=none smtp.client-ip=209.85.128.180
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="hUp7oJdp"
Received: by mail-yw1-f180.google.com with SMTP id
 00721157ae682-79427f739b0so956847b3.3
        for <linux-kernel@vger.kernel.org>;
 Wed, 18 Feb 2026 10:11:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1771438273; x=1772043073;
 darn=vger.kernel.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=EYXQVsGZ6QB5W8jT2tab5YPGUexmQcws943nTeNPNNs=;
        b=hUp7oJdp3Hotae+s6O2fU5aY27/6OUVkspJ/J1FKgfyZnP1J8y3i/tT0h+me+TXuVz
         LFZnwKmOMEZjCPwT9kZy0MxO3u2adyIArKxflc79iNOk1+meLeqJgvG+UddxMJGU7k95
         X1yc/DoHlDbA5gSEUF65wXAMXpdXQG9hMpv8Urdy3h0zdinnnEJOH6amloSk26ufsenZ
         xwYZYGz9d2xwSXYpdtIhwVSha3eSG+QU3dh+zZ9L85SyHX0X6agnkTRV+v2wcV5TKnSH
         NP6bngIRgVCtAUmOvC9nKQRRMNpFKei1Ze1UpUimKVaE+994K9sCpjnMJLo9ZeOBSuv0
         HmLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1771438273; x=1772043073;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=EYXQVsGZ6QB5W8jT2tab5YPGUexmQcws943nTeNPNNs=;
        b=UQSNgDz9Tl8/JQr5XOFAAzU8bcO2vbTODCBcI75KUPqh2j4dA4z2eGH6wf1ZArhWRW
         8MO9wstnGaqLgLWgYlum95gesIiVIsaA+WkBUTUoB0pmxClIsOqNZTkh4bb3fd8WNuet
         BAIeqa/DJ7BVXMH6CIvaRhn/RSHWGpbRHfxJl6HCxO+HzRTjdKwg1Xjk9ejc0jZox0ja
         7h9GMJJxeZhemdoDlD9HOfxr5SS/eg2Ldcun9EjIRfkb9viNGuVK1uRZaq4YTqD2UEOr
         AF/09r9tjZiBYvk/+UwfGZRlPvWkIY+6ZJZClfiuKogC9Kiq5zOulCw+XBQeJKovz93V
         qsUw==
X-Forwarded-Encrypted: i=1;
 AJvYcCWr4gXSdFpwQek0nbzjm5WAeNi5ni7jxYa0CiFnX2mOQGTOUIK3mPvnqWCYRukfkt1n09rHGO99zRg2UuM=@vger.kernel.org
X-Gm-Message-State: AOJu0Yyou5eHzlhDrOIhpDKrP3pWQ40aoAPhdpn2mPIvgu5QoEqmb/gH
	DwuDKdIm8uofFWhzM2/g8g8HUy8zw0VrD2YxiolTRM/zZSVpEBoz6tny
X-Gm-Gg: AZuq6aKxKCnRDRzjhXsJJRzEzr4j57Gjf1WGSymAzSZ8ZDCHQPq2J15aQtOawxHzUQK
	g10QNQ1t6A4Z7/8EbxaHcHtdzq9ueAzCjuPQ1kJXPIqBXbOc+5Q8q1qm7E5DfKxLyNkUIX+BL23
	wIWxmIujrL7JiARlKc2WqA96l2OrKp8FTYJwuly62B4W4R6VSeWh4ceKoMK42qbf9QsjaAtoQMy
	njQ3bU6gYnGXaEUNh2ieCWqIhvD0jVm0y04FRB0CP+QH3FnmF6eHDwNtJ+KRsF94fzYlZIjqFak
	tiABj/QAX9PhxgH6m+9fW5+wZqh6zu7eymdimn57QmE4upMpy5kmBbdQ0aIE8tGdwknYWRleut9
	iXlVLDA+d2giAV17hlg9uY0ulpNmHeRB/w2UMls+ltKAsk8Kl/fvlqVcqr8ER9Dv9QvCmiCz4ZU
	1ufw7lBniUGpQcOnaSiiykoA==
X-Received: by 2002:a05:690c:d8d:b0:794:7be0:8217 with SMTP id
 00721157ae682-79803d031ffmr1521947b3.52.1771438272580;
        Wed, 18 Feb 2026 10:11:12 -0800 (PST)
Received: from localhost ([2a03:2880:25ff:5f::])
        by smtp.gmail.com with ESMTPSA id
 00721157ae682-7966c254d5asm129169257b3.43.2026.02.18.10.11.12
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 Feb 2026 10:11:12 -0800 (PST)
From: Bobby Eshleman <bobbyeshleman@gmail.com>
Date: Wed, 18 Feb 2026 10:10:37 -0800
Subject: [PATCH net v2 2/3] vsock: lock down child_ns_mode as write-once
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20260218-vsock-ns-write-once-v2-2-19e4c50d509a@meta.com>
References: <20260218-vsock-ns-write-once-v2-0-19e4c50d509a@meta.com>
In-Reply-To: <20260218-vsock-ns-write-once-v2-0-19e4c50d509a@meta.com>
To: Stefano Garzarella <sgarzare@redhat.com>,
 "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>,
 Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
 Simon Horman <horms@kernel.org>, Stefan Hajnoczi <stefanha@redhat.com>,
 Shuah Khan <shuah@kernel.org>, Bobby Eshleman <bobbyeshleman@meta.com>,
 "Michael S. Tsirkin" <mst@redhat.com>, Jonathan Corbet <corbet@lwn.net>,
 Shuah Khan <skhan@linuxfoundation.org>
Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org,
 linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
 linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org,
 Daan De Meyer <daan.j.demeyer@gmail.com>
X-Mailer: b4 0.14.3

From: Bobby Eshleman <bobbyeshleman@meta.com>

Two administrator processes may race when setting child_ns_mode as one
process sets child_ns_mode to "local" and then creates a namespace, but
another process changes child_ns_mode to "global" between the write and
the namespace creation. The first process ends up with a namespace in
"global" mode instead of "local". While this can be detected after the
fact by reading ns_mode and retrying, it is fragile and error-prone.

Make child_ns_mode write-once so that a namespace manager can set it
once and be sure it won't change. Writing a different value after the
first write returns -EBUSY. This applies to all namespaces, including
init_net, where an init process can write "local" to lock all future
namespaces into local mode.

Fixes: eafb64f40ca4 ("vsock: add netns to vsock core")
Signed-off-by: Bobby Eshleman <bobbyeshleman@meta.com>
Suggested-by: Daan De Meyer <daan.j.demeyer@gmail.com>
Suggested-by: Stefano Garzarella <sgarzare@redhat.com>
---
 include/net/af_vsock.h    | 20 +++++++++++++++++---
 include/net/netns/vsock.h |  9 ++++++++-
 net/vmw_vsock/af_vsock.c  | 15 ++++++++++-----
 3 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h
index d3ff48a2fbe0..9bd42147626d 100644
--- a/include/net/af_vsock.h
+++ b/include/net/af_vsock.h
@@ -276,15 +276,29 @@ static inline bool vsock_net_mode_global(struct vsock=
_sock *vsk)
 	return vsock_net_mode(sock_net(sk_vsock(vsk))) =3D=3D VSOCK_NET_MODE_GLOB=
AL;
 }
=20
-static inline void vsock_net_set_child_mode(struct net *net,
+static inline bool vsock_net_set_child_mode(struct net *net,
 					    enum vsock_net_mode mode)
 {
-	WRITE_ONCE(net->vsock.child_ns_mode, mode);
+	int locked =3D mode + VSOCK_NET_MODE_LOCKED;
+	int cur;
+
+	cur =3D READ_ONCE(net->vsock.child_ns_mode);
+	if (cur =3D=3D locked)
+		return true;
+	if (cur >=3D VSOCK_NET_MODE_LOCKED)
+		return false;
+
+	if (try_cmpxchg(&net->vsock.child_ns_mode, &cur, locked))
+		return true;
+
+	return cur =3D=3D locked;
 }
=20
 static inline enum vsock_net_mode vsock_net_child_mode(struct net *net)
 {
-	return READ_ONCE(net->vsock.child_ns_mode);
+	int mode =3D READ_ONCE(net->vsock.child_ns_mode);
+
+	return mode & (VSOCK_NET_MODE_LOCKED - 1);
 }
=20
 /* Return true if two namespaces pass the mode rules. Otherwise, return fa=
lse.
diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h
index b34d69a22fa8..d20ab6269342 100644
--- a/include/net/netns/vsock.h
+++ b/include/net/netns/vsock.h
@@ -7,6 +7,7 @@
 enum vsock_net_mode {
 	VSOCK_NET_MODE_GLOBAL,
 	VSOCK_NET_MODE_LOCAL,
+	VSOCK_NET_MODE_LOCKED,
 };
=20
 struct netns_vsock {
@@ -16,6 +17,12 @@ struct netns_vsock {
 	u32 port;
=20
 	enum vsock_net_mode mode;
-	enum vsock_net_mode child_ns_mode;
+
+	/* 0 (GLOBAL)
+	 * 1 (LOCAL)
+	 * 2 (GLOBAL + LOCKED)
+	 * 3 (LOCAL + LOCKED)
+	 */
+	int child_ns_mode;
 };
 #endif /* __NET_NET_NAMESPACE_VSOCK_H */
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 9880756d9eff..50044a838c89 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -90,16 +90,20 @@
  *
  *   - /proc/sys/net/vsock/ns_mode (read-only) reports the current namespa=
ce's
  *     mode, which is set at namespace creation and immutable thereafter.
- *   - /proc/sys/net/vsock/child_ns_mode (writable) controls what mode fut=
ure
+ *   - /proc/sys/net/vsock/child_ns_mode (write-once) controls what mode f=
uture
  *     child namespaces will inherit when created. The initial value match=
es
  *     the namespace's own ns_mode.
  *
  *   Changing child_ns_mode only affects newly created namespaces, not the
  *   current namespace or existing children. A "local" namespace cannot set
- *   child_ns_mode to "global". At namespace creation, ns_mode is inherited
- *   from the parent's child_ns_mode.
+ *   child_ns_mode to "global". child_ns_mode is write-once, so that it ma=
y be
+ *   configured and locked down by a namespace manager. Writing a different
+ *   value after the first write returns -EBUSY. At namespace creation, ns=
_mode
+ *   is inherited from the parent's child_ns_mode.
  *
- *   The init_net mode is "global" and cannot be modified.
+ *   The init_net mode is "global" and cannot be modified. The init_net
+ *   child_ns_mode is also write-once, so an init process (e.g. systemd) c=
an
+ *   set it to "local" to ensure all new namespaces inherit local mode.
  *
  *   The modes affect the allocation and accessibility of CIDs as follows:
  *
@@ -2853,7 +2857,8 @@ static int vsock_net_child_mode_string(const struct c=
tl_table *table, int write,
 		    new_mode =3D=3D VSOCK_NET_MODE_GLOBAL)
 			return -EPERM;
=20
-		vsock_net_set_child_mode(net, new_mode);
+		if (!vsock_net_set_child_mode(net, new_mode))
+			return -EBUSY;
 	}
=20
 	return 0;

--=20
2.47.3
From nobody Fri Apr  3 06:26:51 2026
Received: from mail-yw1-f194.google.com (mail-yw1-f194.google.com
 [209.85.128.194])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B0CC346AC3
	for <linux-kernel@vger.kernel.org>; Wed, 18 Feb 2026 18:11:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.194
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1771438276; cv=none;
 b=FXA/fG7FlNmu7U2QHIR9cyndkQbLoCFQ0jyd7ng2F2V4FAnrwi7ygmQyKV+Jn1KUNktttFcuUH50+o3iZTkGDB2GFEeDE/Ub1rLTV+AHhBo+nzlNQ1ZAc1hMy7sp8aFxF8ll3VC3WO40Uba8Lz43zvZD+ScnESJpOHjqjzEULWY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1771438276; c=relaxed/simple;
	bh=uGK41uj6PP/iNYJl90nhzFCAJOq4jOu74IyB8IEiN9Q=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=HHNDApRDEvI6Azf7duVxkjyTMgqDnxx4Xt7Ye0APMs6PJwBkE/i6IjDs5B8cQjdAgxkfk8gTHan3F5SG+Q8RpTDKh0WUG75DfQXtoRDcP2ElUJBSk4//YvIOJzRuty8S6VmGuQVOImdhYB3SyaYLbV2iiEdl14UcRIYyanhkzyI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=Sxjp1ngr; arc=none smtp.client-ip=209.85.128.194
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="Sxjp1ngr"
Received: by mail-yw1-f194.google.com with SMTP id
 00721157ae682-794911acb04so1754457b3.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 18 Feb 2026 10:11:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1771438273; x=1772043073;
 darn=vger.kernel.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=l1wgGIa8//Y21Q1yl9IMhAVoEJrPKjw/0p7B3ammqNo=;
        b=Sxjp1ngrbm61KM1SssCgtg53oRQ57xddq335xU0Tr5P9gbgY3OvVgSzoHEjupl7Qiz
         qeShLNItOV+R3zhWkx+a49rTqh4sozGV9SvpO82vAtoBN+Rj7nV8rVpv8Lk92TbpqBcZ
         bfCZLNXGQubvFMGEUg5p7dAxzqmq5zAWL9tXQmhlx+F1w8Ka8X8lZdHUhRcCus/5dNPS
         sOYNDLYVwrz+8awLMJhb4QWtGUz1zXTFYwd5lR0zUkRgiPSYjJ/SsGcHqhck9Ihw//ac
         37aNH6AxotXpF3p2ChXd3VIXZJQMovwbHgWXD9xpsMQAaslXWg2P+pLSz/fzEZAiD8Kd
         RblQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1771438273; x=1772043073;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=l1wgGIa8//Y21Q1yl9IMhAVoEJrPKjw/0p7B3ammqNo=;
        b=S2Nr/wBmH/R78ATmz9AGdVFaQLN3rwAjzMKi/rVz6UkoxKKhZ/ltkEGJZtYe7ThWuo
         KJXMvf18JBaAVmtGB9BZwpLySOu3DU6nOpFpc1Ahk7ppFnJHk81PyLowzQ9cPVzF6yNj
         RTLISR/2Onp8gxHp9spPCEHhs1je3q5noQktOymqzF/zWtEpbfV9Hfk0djCf+ike5Qo+
         8yjDZl+GAZVyvlFJ108DC3C20e9QWa39hdKMLfGT39q1Sr4f2MmOVuwKes03DzJyo4RE
         QoWXsorkPhIUwvdQbCmZLHMjEkfEeNZmAz6LmIXU1uOtOpH0qhe8dNBK2Bzf/1vvpxDV
         pdsw==
X-Forwarded-Encrypted: i=1;
 AJvYcCU9iHc26HptiGLs79E+UOmLE786DjkqayYyKvGX2mIzXtdSrNiBmTlcy6TU9I1cSLZGE/eyJoQH0bR+PHI=@vger.kernel.org
X-Gm-Message-State: AOJu0Yz+8g3+CYZFv936UZNizyCibrmk6hBge+AXDQlEd0GnQD91O4m/
	Ym5HLdZ7kDu4cZ45pqStRHWeRZETnsdlLGdPiIXuKvEPVenrnVGXu5KH
X-Gm-Gg: AZuq6aKA9RdG/QyR4oYS61jybP/apdkRVqQExyeydd18gdwYCsayrquoNJPjJ9zHkPo
	RlPml3CD47/hF/LePffI3VpyrC9jRbVYftiDsTVbGHNEYiw30zAgIjR8F5THluM4l+d1F6d24Tp
	IKgbnvU0IsiYS8ppZy2mFI0RJPTGvrkpe1JcMVICw6EeiIqOhgTCPG9oqfyQaFQ20g2uByuCvEI
	lyBWI7rzEhFMMsY0UguqiAXDNM4pIT9WlLLt44HjxgvX41N004W9ABh85zbxTqM4wAvLquuAlSk
	H9rP2KcdHFfpBzhpwzzVSb3PpPW8u+adWJWHGAXJAjQP3MtqyEPSzf4SAUx78E49porKXhLgCM+
	VFQ200YVRHyJ4p03roDrGjQDdiS2Mt42wApBM9XDUfABRDAblYqPY6qDXttLRIUYc5iVx00B7BG
	PE4tS5E0wk3KwJxF6KNgWiFQ==
X-Received: by 2002:a05:690c:dc6:b0:798:3a6:3f4 with SMTP id
 00721157ae682-79803a60431mr1995927b3.43.1771438273356;
        Wed, 18 Feb 2026 10:11:13 -0800 (PST)
Received: from localhost ([2a03:2880:25ff:54::])
        by smtp.gmail.com with ESMTPSA id
 00721157ae682-7966c257ed5sm124246567b3.45.2026.02.18.10.11.12
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 Feb 2026 10:11:13 -0800 (PST)
From: Bobby Eshleman <bobbyeshleman@gmail.com>
Date: Wed, 18 Feb 2026 10:10:38 -0800
Subject: [PATCH net v2 3/3] vsock: document write-once behavior of the
 child_ns_mode sysctl
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20260218-vsock-ns-write-once-v2-3-19e4c50d509a@meta.com>
References: <20260218-vsock-ns-write-once-v2-0-19e4c50d509a@meta.com>
In-Reply-To: <20260218-vsock-ns-write-once-v2-0-19e4c50d509a@meta.com>
To: Stefano Garzarella <sgarzare@redhat.com>,
 "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>,
 Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
 Simon Horman <horms@kernel.org>, Stefan Hajnoczi <stefanha@redhat.com>,
 Shuah Khan <shuah@kernel.org>, Bobby Eshleman <bobbyeshleman@meta.com>,
 "Michael S. Tsirkin" <mst@redhat.com>, Jonathan Corbet <corbet@lwn.net>,
 Shuah Khan <skhan@linuxfoundation.org>
Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org,
 linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
 linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org
X-Mailer: b4 0.14.3

From: Bobby Eshleman <bobbyeshleman@meta.com>

Update the vsock child_ns_mode documentation to include the new the
write-once semantics of setting child_ns_mode. The semantics are
implemented in a different patch in this series.

Signed-off-by: Bobby Eshleman <bobbyeshleman@meta.com>
---
 Documentation/admin-guide/sysctl/net.rst | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/Documentation/admin-guide/sysctl/net.rst b/Documentation/admin=
-guide/sysctl/net.rst
index c10530624f1e..976a176fb451 100644
--- a/Documentation/admin-guide/sysctl/net.rst
+++ b/Documentation/admin-guide/sysctl/net.rst
@@ -581,9 +581,9 @@ The init_net mode is always ``global``.
 child_ns_mode
 -------------
=20
-Controls what mode newly created child namespaces will inherit. At namespa=
ce
-creation, ``ns_mode`` is inherited from the parent's ``child_ns_mode``. The
-initial value matches the namespace's own ``ns_mode``.
+Write-once. Controls what mode newly created child namespaces will inherit=
. At
+namespace creation, ``ns_mode`` is inherited from the parent's
+``child_ns_mode``. The initial value matches the namespace's own ``ns_mode=
``.
=20
 Values:
=20
@@ -594,6 +594,10 @@ Values:
 	  their sockets will only be able to connect within their own
 	  namespace.
=20
+``child_ns_mode`` can only be written once per namespace. Writing the same
+value that is already set succeeds. Writing a different value after the fi=
rst
+write returns ``-EBUSY``.
+
 Changing ``child_ns_mode`` only affects namespaces created after the chang=
e;
 it does not modify the current namespace or any existing children.
=20

--=20
2.47.3