From nobody Tue Apr 7 09:05:36 2026 Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com [209.85.128.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D8DA1C68F for ; Sat, 14 Mar 2026 00:00:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773446452; cv=none; b=ete9qG2daKxeKGD7asoIea1T8FOcqgg1cMvec/VRAf74eiWq8Xp9So4uzOFg50tty38iCpGjNEt7PHvkRufOPxJJ4S3HzLoqaATkIxEHT8qF4om6CXPv+qDcXAItyYLknY3p5GgtTM6YNBOsgBaBHThBdQHx09cm632sETr0yTA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773446452; c=relaxed/simple; bh=3QJbJv8nDTe9UFWDuhjUpYU/uYCzaMl40LclqolWBe4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=SILZd9Iq3jjQtSfeVXKB5Ux10FJHyLSJr5hk8sD5O8BEoxufFl9ECUsJiWtTpeyd3zuDd/44lknjxQ+tX4W8tjVQsSBBJ0BN7r6O3EKa5Xp8sVOEa4/oAcYdyq1SadNrYi+irF1jZwQtM2zWtL6Qu28uhTs/sH/auaI6NW5Mtb4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KY9C0Kum; arc=none smtp.client-ip=209.85.128.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KY9C0Kum" Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-78fc4425b6bso28723597b3.1 for ; Fri, 13 Mar 2026 17:00:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773446450; x=1774051250; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=7Z7785Nihx26mdg32kyA0yD1bLg4oGypoWx8npW/Glg=; b=KY9C0KumKzeU02ILZfuBgAwQviCfd0XPb8iCT0FGtxktjJ5mEWdZ5n2ii+WvGZYECf niQ22wo9yDCs25cEI+VxGqjb6eTSwg+B+yD0SFufneNbt2EywYbrgHlN9ItLyYTGPtwO i8OVPX4fLpO6SYHWXHhPhryYYj4VdJhbOBGLyqmYScFczQPStJXgfOlZwX/AbR7weKXA 5Rvpgrt3iunzW8nMsg7oBl/ytCeE6X597f0NPF0VKLLOHTkUh8txZd0eN/U9haP75i+t U7fAXp7o37v/fidONvqXsXq5UVrMx01sihK0CvkAONn1wtHuzG2QYAjSYzZUP0xENGyS VJ0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773446450; x=1774051250; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=7Z7785Nihx26mdg32kyA0yD1bLg4oGypoWx8npW/Glg=; b=BJ0UkcJPZ9qzH+0VtnDcwhQS6bq+42UONVizYFRl5z75Nt/Aj64/g4iEd+/sn9mMTR C2BvVFG19pWabE247GWEjosh5SxJ7VAx3s7kSEIdJZWKXO8x1GB0CiKFo1YeiDNFGQDC xZ1WjPYFh93cdXaJ9fbqLPMHZ1KJcGZRJzoyCD3v0SQx928+4FWUQqXrOsXMIEr85SRl uZqJ8wUUBHjuswtVPmo8uJlRT3gR9a0ixoLPT/a3mmFBUNkE7RM/GAyFf1H3aoGpGF2i ts7v5lfY/7yqfjaucAJmnSytBSrZDGptCzK2lsb09PorF+CI0wI59+9WAX3EACMkQD5Z 6s9w== X-Forwarded-Encrypted: i=1; AJvYcCULMTet5k0SlBh2fnv6BYcjbJVnQmyhp/F6rHDSRgI7VlHdqvR1bzlkRSfWjkQ7MImMa/c8X0cKGUCvCHw=@vger.kernel.org X-Gm-Message-State: AOJu0YzS7d+foU1gAR9l2IHeZLJbSV1Ht3YibdGwwb20WCYj6p+zxeKi kYddoWj1esZbpdnYSSrQklxCJ2zj5DZvR3QibbN6znLXk/2qlr+cw10N X-Gm-Gg: ATEYQzy3cxHZl8Kc6kX0Byqbc9Ypj+9eDBQikPbpR63fng9NKA1qVtaNCG8LEdmEp0y Qnqrv0RfQ4EfB2LA85VfxoaCma+atXeDd9+rv/0zkNkv0eTtlBdtzsb/zWSzFBdNQ3K5PkqutEF jemHf07Bz1Ae4CAP94By2pq1zll4T9DQOdfmmk/0Rlrw4Ou2fPsZKi7WNsBaswPVcrBeDx2xaBB N0UX2GXsUPX8VpLs3Et79ld1Yg+uTxvABDILbte6v/dRETdls4Nf9bE0yaSuJp/kTx6uRS8AZ4h GVAuD56cZ6g8CpzL+B9jOm+KOMLaaTalzGY8rmTaSmWNyL9R0VuW6h8eMz4KAmh03QEdkQ/S6Lz mbukg+mluAtP7BfFcKUw9u8FZJY+Bacu0e7WqbaC8gUu0MzWrOEq2930m15r+HOiRcCD4lfAA1B ICttW1fFxIG9qH8Z3pyJ8lxw== X-Received: by 2002:a05:690c:e3ee:b0:799:1773:527d with SMTP id 00721157ae682-79a1c100004mr58333657b3.29.1773446450219; Fri, 13 Mar 2026 17:00:50 -0700 (PDT) Received: from localhost ([2a03:2880:25ff:55::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-79917ee4fdfsm57042447b3.25.2026.03.13.17.00.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Mar 2026 17:00:49 -0700 (PDT) From: Bobby Eshleman Date: Fri, 13 Mar 2026 17:00:14 -0700 Subject: [PATCH net-next 1/2] selftests/vsock: fix vmtest.sh for read-only nested VM runners Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260313-vsock-vmtest-nested-fixes-v1-1-d0e6274c3193@meta.com> References: <20260313-vsock-vmtest-nested-fixes-v1-0-d0e6274c3193@meta.com> In-Reply-To: <20260313-vsock-vmtest-nested-fixes-v1-0-d0e6274c3193@meta.com> To: Stefano Garzarella , Shuah Khan Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Jakub Kicinski , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman When running vmtest.sh inside a nested VM, there occurs a problem with stacking two sets of virtiofs/overlay layers (the first set from the outer VM and the second set from the inner VM). The virtme init scripts (sshd, udhcpd, etc...) fail to execute basic programs (e.g., /bin/cat) and load library dependencies (e.g., libpam) due to ESTALE. This only occurs when both layers (outer and inner) use virtiofs. Work around this by using 9p in the inner VM via --force-9p. Additionally, when the outer VM is read-only, the inner VM's attempt at populating SSH keys to the root filesystem fails: virtme-ng-init: mkdir: cannot create directory '/root/.cache': Read-only fi= le system Work around this by creating a temporary home directory with generated SSH keys and passing it through to the guest as /root via --rwdir. Disable strict host key checking in vm_ssh() since the VM will be seen as a new host each run. The --rw arg had to be removed to prevent a vng complaint about overlay (in combination with the other parameters). The guest doesn't really need write access anyway, so this was probably overly permissive to begin with. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index 86e338886b33..c2cfcdf05d99 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -42,6 +42,8 @@ readonly KERNEL_CMDLINE=3D"\ virtme.ssh virtme_ssh_channel=3Dtcp virtme_ssh_user=3D$USER \ " readonly LOG=3D$(mktemp /tmp/vsock_vmtest_XXXX.log) +readonly TEST_HOME=3D$(mktemp -d /tmp/vmtest_home_XXXX) +readonly SSH_KEY_PATH=3D"${TEST_HOME}"/.ssh/id_ed25519 =20 # Namespace tests must use the ns_ prefix. This is checked in check_netns(= ) and # is used to determine if a test needs namespace setup before test executi= on. @@ -257,7 +259,12 @@ vm_ssh() { =20 shift =20 - ${ns_exec} ssh -q -o UserKnownHostsFile=3D/dev/null -p "${SSH_HOST_PORT}"= localhost "$@" + ${ns_exec} ssh -q \ + -i "${SSH_KEY_PATH}" \ + -o UserKnownHostsFile=3D/dev/null \ + -o StrictHostKeyChecking=3Dno \ + -p "${SSH_HOST_PORT}" \ + localhost "$@" =20 return $? } @@ -265,6 +272,7 @@ vm_ssh() { cleanup() { terminate_pidfiles "${!PIDFILES[@]}" del_namespaces + rm -rf "${TEST_HOME}" } =20 check_args() { @@ -382,6 +390,11 @@ handle_build() { popd &>/dev/null } =20 +setup_home() { + mkdir -p "$(dirname "${SSH_KEY_PATH}")" + ssh-keygen -t ed25519 -f "${SSH_KEY_PATH}" -N "" -q +} + create_pidfile() { local pidfile =20 @@ -451,11 +464,14 @@ vm_start() { --run \ ${kernel_opt} \ ${verbose_opt} \ + --rwdir=3D/root=3D${TEST_HOME} \ + --force-9p \ + --cwd /root \ --qemu-opts=3D"${qemu_opts}" \ --qemu=3D"${qemu}" \ --user root \ --append "${KERNEL_CMDLINE}" \ - --rw &> ${logfile} & + &> ${logfile} & =20 timeout "${WAIT_QEMU}" \ bash -c 'while [[ ! -s '"${pidfile}"' ]]; do sleep 1; done; exit 0' @@ -1532,6 +1548,7 @@ check_deps check_vng check_socat handle_build +setup_home =20 echo "1..${#ARGS[@]}" =20 --=20 2.52.0 From nobody Tue Apr 7 09:05:36 2026 Received: from mail-yw1-f169.google.com (mail-yw1-f169.google.com [209.85.128.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE086189F20 for ; Sat, 14 Mar 2026 00:00:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773446455; cv=none; b=Ud82p3jc8Wdh4tgJv4JnKlJtZPzy2RAFFNZXy/vHfmisIoz9yBB3yW4U7ktiMN4UX/mvrZVuPs7LbLas/y4xyIIKSZhY+rCOtRcx8rlg2oHu2HSwuzJUhk4c0lUIjhjY80bh3tPOoIfjC3+Ftu/P8iE4CpK0sXt1QpDRy0n9GOg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773446455; c=relaxed/simple; bh=qQSv/5WdpZH4XBXZwbx9dzgQ4o8yOA7GNQGX0IAwggY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=rlMKJReodaGbHAiFV6O7c0OVWL7qcersMjzl+Ka2+PdQozgUCdxTjpP9vY21eDzN87EAGvgxF33krPFoZIPkJbuJIgzgJ9DCX2rjCIHm7rq1fIbrRzWAjMOkjcybuCYKxzmJ+yYWjEo9tzX/+3geZPc+HRsPrJsbJqYOqmOfluA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hsmJ+vuU; arc=none smtp.client-ip=209.85.128.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hsmJ+vuU" Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-7986d231b3cso56352207b3.1 for ; Fri, 13 Mar 2026 17:00:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773446452; x=1774051252; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=W86A6Y/31ihOHZ6/xNMK1KyCGKpHT+7je3oM4+QBYPA=; b=hsmJ+vuUSP3+l9K7+ZZrsfasOwOkxFRpqvn0JQex614/Zzu1lqLoddBjnygLZp5v/G BmMD5Dx5oIkvZxDMZs/K3tmHRnqDAQ4mmAJkzR17Z40KQ0r/mjSslcRI1nrVTcokDvVG x9zLIrVEdzmMUnfk7ihMl5Wk75Y2boItaGjCHFa7RnIQ+j5dqKZ75ygdrAyxmcBrUxY1 z6ZdL3j3TCcAZ9WjBMXpg7Aiqgmgkg4xaQ+8AaL/kM/MmVay5HZSlxRANySTkXNICLh2 iR984qlbdaRVOJWvw3Uwnjt4fS3DFcSpilF7sVJq3vSASHRLNIBNU9dcyBPbgNHcWmwp hL9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773446452; x=1774051252; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=W86A6Y/31ihOHZ6/xNMK1KyCGKpHT+7je3oM4+QBYPA=; b=Yu3UlYIfGP7Lv66Ztp4J/YcoLlkBiYuDc5JRDxVCjf0eaTYS12/YLdpKvTezj9thbi lKtBqw1V6Q2tZgnE0Ed8TPPKa/yS9EEoan4f27f96EUis8X6PCvBQ+IqxMwzsFFf4v8V 3IuOdEpxjnJ7+ZDlbpQdd3KxUw4KzkNdD7ErBYdcB9rujGH3kkJpibwVv7lGX4z9KQhd yz3CjOEQmOnpeI4D5AO2PQyrnsv7q6YJcM2FC6SgRYT89hJWoMqjac/PLy9LVTzNQclI TwrwtYr00tALmyedhNQcQoVibbo3CBoIExNV6h1Vy0lA5kNS87N1mu6kUQLXDa6JgBeJ GMeA== X-Forwarded-Encrypted: i=1; AJvYcCWXrMvlQ/Nkvoq47TH05DI5nHg2/cpTjKDeU5UIcaRafrh2O5I5mnazsGKN+ddmcx3VC9YwhDbdgtUFeF4=@vger.kernel.org X-Gm-Message-State: AOJu0Yw22Tj61IS0cLvYHv/PFCeg32oNRYonaBgqOMcit26HF5FBKktI Jt+XFMp4vGB72ofGZQSEWObmpLG95akqb/EKzaxqvdo/meklMfPjcSeu X-Gm-Gg: ATEYQzz9eJdn82rI0JPlqcW9C4BUxrRHRbloq/AGJ+2hJteGMGacZVonltIcfN1pz7l pyji7sYPoVvErlsARw/N7/6OjU+hxxms1xpNpplaQTIqb05xHp5CFtOCej5rWxtha4GIivEugtD AQXBP98CD65xtDOOfNhgIk4+TghaHAkOagU6VqrKly4gnrc3QjVU6hVx3CnXL5kApDoSGLYrpR4 tzVv4x00AD2rmJYGuS2ybKS9JtgfoDVOu3Hix4YGIhvkHeEgEo7x1jn6QIpIAlzY0rPF2qeoq08 KwG6BvF1evYEPU5T/Wq1J2ER4HkW3hAyV3p0QCwi9ThJCOL7hcX1HuYX7ndMNuEu/FXAuAymbhG hzTQMuHQRukzqAfT3frW8tAt0Ga6bI+2YSEQkfGgMEs1bt3rMsuG9xNsjw7XZiliDvCLPKKXsUm hGSriYvEKKnbEjcfqxto8v3A== X-Received: by 2002:a05:690c:348a:b0:794:a8ea:f04a with SMTP id 00721157ae682-799475ee218mr90550227b3.20.1773446452052; Fri, 13 Mar 2026 17:00:52 -0700 (PDT) Received: from localhost ([2a03:2880:25ff:54::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-79917f1ecd9sm54769307b3.45.2026.03.13.17.00.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Mar 2026 17:00:51 -0700 (PDT) From: Bobby Eshleman Date: Fri, 13 Mar 2026 17:00:15 -0700 Subject: [PATCH net-next 2/2] selftests/vsock: fix vsock_test path shadowing in nested VMs Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260313-vsock-vmtest-nested-fixes-v1-2-d0e6274c3193@meta.com> References: <20260313-vsock-vmtest-nested-fixes-v1-0-d0e6274c3193@meta.com> In-Reply-To: <20260313-vsock-vmtest-nested-fixes-v1-0-d0e6274c3193@meta.com> To: Stefano Garzarella , Shuah Khan Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Jakub Kicinski , Bobby Eshleman X-Mailer: b4 0.14.3 From: Bobby Eshleman The /root mount introduced for nested VM support shadows any host paths under /root. This breaks systems where the outer VM runs as root and the vsock_test binary path is something like: /root/linux/tools/testing/selftests/vsock/vsock_test Fix this by copying vsock_test into the temporary home directory that gets mounted as /root in the guest, and using a relative path to invoke it. Signed-off-by: Bobby Eshleman --- tools/testing/selftests/vsock/vmtest.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte= sts/vsock/vmtest.sh index c2cfcdf05d99..8182c748f214 100755 --- a/tools/testing/selftests/vsock/vmtest.sh +++ b/tools/testing/selftests/vsock/vmtest.sh @@ -393,6 +393,7 @@ handle_build() { setup_home() { mkdir -p "$(dirname "${SSH_KEY_PATH}")" ssh-keygen -t ed25519 -f "${SSH_KEY_PATH}" -N "" -q + cp "${VSOCK_TEST}" "${TEST_HOME}"/vsock_test } =20 create_pidfile() { @@ -601,7 +602,7 @@ vm_vsock_test() { # log output and use pipefail to respect vsock_test errors set -o pipefail if [[ "${host}" !=3D server ]]; then - vm_ssh "${ns}" -- "${VSOCK_TEST}" \ + vm_ssh "${ns}" -- ./vsock_test \ --mode=3Dclient \ --control-host=3D"${host}" \ --peer-cid=3D"${cid}" \ @@ -609,7 +610,7 @@ vm_vsock_test() { 2>&1 | log_guest rc=3D$? else - vm_ssh "${ns}" -- "${VSOCK_TEST}" \ + vm_ssh "${ns}" -- ./vsock_test \ --mode=3Dserver \ --peer-cid=3D"${cid}" \ --control-port=3D"${port}" \ --=20 2.52.0