From nobody Tue Apr  7 10:38:07 2026
Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com
 [209.85.128.178])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D8DA1C68F
	for <linux-kernel@vger.kernel.org>; Sat, 14 Mar 2026 00:00:51 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.178
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1773446452; cv=none;
 b=ete9qG2daKxeKGD7asoIea1T8FOcqgg1cMvec/VRAf74eiWq8Xp9So4uzOFg50tty38iCpGjNEt7PHvkRufOPxJJ4S3HzLoqaATkIxEHT8qF4om6CXPv+qDcXAItyYLknY3p5GgtTM6YNBOsgBaBHThBdQHx09cm632sETr0yTA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1773446452; c=relaxed/simple;
	bh=3QJbJv8nDTe9UFWDuhjUpYU/uYCzaMl40LclqolWBe4=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:
	 In-Reply-To:To:Cc;
 b=SILZd9Iq3jjQtSfeVXKB5Ux10FJHyLSJr5hk8sD5O8BEoxufFl9ECUsJiWtTpeyd3zuDd/44lknjxQ+tX4W8tjVQsSBBJ0BN7r6O3EKa5Xp8sVOEa4/oAcYdyq1SadNrYi+irF1jZwQtM2zWtL6Qu28uhTs/sH/auaI6NW5Mtb4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=KY9C0Kum; arc=none smtp.client-ip=209.85.128.178
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="KY9C0Kum"
Received: by mail-yw1-f178.google.com with SMTP id
 00721157ae682-78fc4425b6bso28723597b3.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 13 Mar 2026 17:00:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1773446450; x=1774051250;
 darn=vger.kernel.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=7Z7785Nihx26mdg32kyA0yD1bLg4oGypoWx8npW/Glg=;
        b=KY9C0KumKzeU02ILZfuBgAwQviCfd0XPb8iCT0FGtxktjJ5mEWdZ5n2ii+WvGZYECf
         niQ22wo9yDCs25cEI+VxGqjb6eTSwg+B+yD0SFufneNbt2EywYbrgHlN9ItLyYTGPtwO
         i8OVPX4fLpO6SYHWXHhPhryYYj4VdJhbOBGLyqmYScFczQPStJXgfOlZwX/AbR7weKXA
         5Rvpgrt3iunzW8nMsg7oBl/ytCeE6X597f0NPF0VKLLOHTkUh8txZd0eN/U9haP75i+t
         U7fAXp7o37v/fidONvqXsXq5UVrMx01sihK0CvkAONn1wtHuzG2QYAjSYzZUP0xENGyS
         VJ0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1773446450; x=1774051250;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=7Z7785Nihx26mdg32kyA0yD1bLg4oGypoWx8npW/Glg=;
        b=BJ0UkcJPZ9qzH+0VtnDcwhQS6bq+42UONVizYFRl5z75Nt/Aj64/g4iEd+/sn9mMTR
         C2BvVFG19pWabE247GWEjosh5SxJ7VAx3s7kSEIdJZWKXO8x1GB0CiKFo1YeiDNFGQDC
         xZ1WjPYFh93cdXaJ9fbqLPMHZ1KJcGZRJzoyCD3v0SQx928+4FWUQqXrOsXMIEr85SRl
         uZqJ8wUUBHjuswtVPmo8uJlRT3gR9a0ixoLPT/a3mmFBUNkE7RM/GAyFf1H3aoGpGF2i
         ts7v5lfY/7yqfjaucAJmnSytBSrZDGptCzK2lsb09PorF+CI0wI59+9WAX3EACMkQD5Z
         6s9w==
X-Forwarded-Encrypted: i=1;
 AJvYcCULMTet5k0SlBh2fnv6BYcjbJVnQmyhp/F6rHDSRgI7VlHdqvR1bzlkRSfWjkQ7MImMa/c8X0cKGUCvCHw=@vger.kernel.org
X-Gm-Message-State: AOJu0YzS7d+foU1gAR9l2IHeZLJbSV1Ht3YibdGwwb20WCYj6p+zxeKi
	kYddoWj1esZbpdnYSSrQklxCJ2zj5DZvR3QibbN6znLXk/2qlr+cw10N
X-Gm-Gg: ATEYQzy3cxHZl8Kc6kX0Byqbc9Ypj+9eDBQikPbpR63fng9NKA1qVtaNCG8LEdmEp0y
	Qnqrv0RfQ4EfB2LA85VfxoaCma+atXeDd9+rv/0zkNkv0eTtlBdtzsb/zWSzFBdNQ3K5PkqutEF
	jemHf07Bz1Ae4CAP94By2pq1zll4T9DQOdfmmk/0Rlrw4Ou2fPsZKi7WNsBaswPVcrBeDx2xaBB
	N0UX2GXsUPX8VpLs3Et79ld1Yg+uTxvABDILbte6v/dRETdls4Nf9bE0yaSuJp/kTx6uRS8AZ4h
	GVAuD56cZ6g8CpzL+B9jOm+KOMLaaTalzGY8rmTaSmWNyL9R0VuW6h8eMz4KAmh03QEdkQ/S6Lz
	mbukg+mluAtP7BfFcKUw9u8FZJY+Bacu0e7WqbaC8gUu0MzWrOEq2930m15r+HOiRcCD4lfAA1B
	ICttW1fFxIG9qH8Z3pyJ8lxw==
X-Received: by 2002:a05:690c:e3ee:b0:799:1773:527d with SMTP id
 00721157ae682-79a1c100004mr58333657b3.29.1773446450219;
        Fri, 13 Mar 2026 17:00:50 -0700 (PDT)
Received: from localhost ([2a03:2880:25ff:55::])
        by smtp.gmail.com with ESMTPSA id
 00721157ae682-79917ee4fdfsm57042447b3.25.2026.03.13.17.00.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 13 Mar 2026 17:00:49 -0700 (PDT)
From: Bobby Eshleman <bobbyeshleman@gmail.com>
Date: Fri, 13 Mar 2026 17:00:14 -0700
Subject: [PATCH net-next 1/2] selftests/vsock: fix vmtest.sh for read-only
 nested VM runners
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20260313-vsock-vmtest-nested-fixes-v1-1-d0e6274c3193@meta.com>
References: <20260313-vsock-vmtest-nested-fixes-v1-0-d0e6274c3193@meta.com>
In-Reply-To: <20260313-vsock-vmtest-nested-fixes-v1-0-d0e6274c3193@meta.com>
To: Stefano Garzarella <sgarzare@redhat.com>, Shuah Khan <shuah@kernel.org>
Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org,
 linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
 Jakub Kicinski <kuba@kernel.org>, Bobby Eshleman <bobbyeshleman@meta.com>
X-Mailer: b4 0.14.3

From: Bobby Eshleman <bobbyeshleman@meta.com>

When running vmtest.sh inside a nested VM, there occurs a problem
with stacking two sets of virtiofs/overlay layers (the first set from
the outer VM and the second set from the inner VM). The virtme init
scripts (sshd, udhcpd, etc...) fail to execute basic programs (e.g.,
/bin/cat) and load library dependencies (e.g., libpam) due to ESTALE.
This only occurs when both layers (outer and inner) use virtiofs. Work
around this by using 9p in the inner VM via --force-9p.

Additionally, when the outer VM is read-only, the inner VM's attempt at
populating SSH keys to the root filesystem fails:

virtme-ng-init: mkdir: cannot create directory '/root/.cache': Read-only fi=
le system

Work around this by creating a temporary home directory with generated
SSH keys and passing it through to the guest as /root via --rwdir.
Disable strict host key checking in vm_ssh() since the VM will be seen
as a new host each run.

The --rw arg had to be removed to prevent a vng complaint about overlay
(in combination with the other parameters). The guest doesn't really
need write access anyway, so this was probably overly permissive to
begin with.

Signed-off-by: Bobby Eshleman <bobbyeshleman@meta.com>
---
 tools/testing/selftests/vsock/vmtest.sh | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/vsock/vmtest.sh b/tools/testing/selfte=
sts/vsock/vmtest.sh
index 86e338886b33..c2cfcdf05d99 100755
--- a/tools/testing/selftests/vsock/vmtest.sh
+++ b/tools/testing/selftests/vsock/vmtest.sh
@@ -42,6 +42,8 @@ readonly KERNEL_CMDLINE=3D"\
 	virtme.ssh virtme_ssh_channel=3Dtcp virtme_ssh_user=3D$USER \
 "
 readonly LOG=3D$(mktemp /tmp/vsock_vmtest_XXXX.log)
+readonly TEST_HOME=3D$(mktemp -d /tmp/vmtest_home_XXXX)
+readonly SSH_KEY_PATH=3D"${TEST_HOME}"/.ssh/id_ed25519
=20
 # Namespace tests must use the ns_ prefix. This is checked in check_netns(=
) and
 # is used to determine if a test needs namespace setup before test executi=
on.
@@ -257,7 +259,12 @@ vm_ssh() {
=20
 	shift
=20
-	${ns_exec} ssh -q -o UserKnownHostsFile=3D/dev/null -p "${SSH_HOST_PORT}"=
 localhost "$@"
+	${ns_exec} ssh -q \
+		-i "${SSH_KEY_PATH}" \
+		-o UserKnownHostsFile=3D/dev/null \
+		-o StrictHostKeyChecking=3Dno \
+		-p "${SSH_HOST_PORT}" \
+		localhost "$@"
=20
 	return $?
 }
@@ -265,6 +272,7 @@ vm_ssh() {
 cleanup() {
 	terminate_pidfiles "${!PIDFILES[@]}"
 	del_namespaces
+	rm -rf "${TEST_HOME}"
 }
=20
 check_args() {
@@ -382,6 +390,11 @@ handle_build() {
 	popd &>/dev/null
 }
=20
+setup_home() {
+	mkdir -p "$(dirname "${SSH_KEY_PATH}")"
+	ssh-keygen -t ed25519 -f "${SSH_KEY_PATH}" -N "" -q
+}
+
 create_pidfile() {
 	local pidfile
=20
@@ -451,11 +464,14 @@ vm_start() {
 		--run \
 		${kernel_opt} \
 		${verbose_opt} \
+		--rwdir=3D/root=3D${TEST_HOME} \
+		--force-9p \
+		--cwd /root \
 		--qemu-opts=3D"${qemu_opts}" \
 		--qemu=3D"${qemu}" \
 		--user root \
 		--append "${KERNEL_CMDLINE}" \
-		--rw  &> ${logfile} &
+		&> ${logfile} &
=20
 	timeout "${WAIT_QEMU}" \
 		bash -c 'while [[ ! -s '"${pidfile}"' ]]; do sleep 1; done; exit 0'
@@ -1532,6 +1548,7 @@ check_deps
 check_vng
 check_socat
 handle_build
+setup_home
=20
 echo "1..${#ARGS[@]}"
=20

--=20
2.52.0