[PATCH RFC net-next v4 00/11] vsock: add namespace support to vhost-vsock

[Bobby Eshleman <bobbyeshleman@gmail.com>]

This series adds namespace support to vhost-vsock. It does not add
namespaces to any of the guest transports (virtio-vsock, hyperv, or
vmci).

The current revision only supports two modes: local or global. Local
mode is complete isolation of namespaces, while global mode is complete
sharing between namespaces of CIDs (the original behavior).

If it is deemed necessary to add mixed mode up front, it is doable but
at the cost of more complexity than local and global modes. Mixed will
require adding the notion of allocation to the socket lookup functions
(like vhost_vsock_get()) and also more logic will be necessary for
controlling or using lookups differently based on mixed-to-global or
global-to-mixed scenarios.

The current implementation takes into consideration the future need for mixed
mode and makes sure it is possible by making vsock_ns_mode per-namespace, as for
mixed mode we need at least one "global" namespace and one "mixed"
namespace for it to work. Is it feasible to support local and global
modes only initially?

I've demoted this series to RFC, as I haven't been able to re-run the
tests after rebasing onto the upstreamed vmtest.sh, some of the code is
still pretty messy, there are still some TODOs, stale comments, and
other work to do. I thought reviewers might want to see the current
state even though unfinished, since I'll be OoO until the second week of
July and that just feels like a long time of silence given we've already
all done work on this together.

Thanks again for everyone's help and reviews!

Signed-off-by: Bobby Eshleman <bobbyeshleman@gmail.com>
---
Changes in v3:
- add notion of "modes"
- add procfs /proc/net/vsock_ns_mode
- local and global modes only
- no /dev/vhost-vsock-netns
- vmtest.sh already merged, so new patch just adds new tests for NS
- Link to v2:
  https://lore.kernel.org/kvm/20250312-vsock-netns-v2-0-84bffa1aa97a@gmail.com

Changes in v2:
- only support vhost-vsock namespaces
- all g2h namespaces retain old behavior, only common API changes
  impacted by vhost-vsock changes
- add /dev/vhost-vsock-netns for "opt-in"
- leave /dev/vhost-vsock to old behavior
- removed netns module param
- Link to v1:
  https://lore.kernel.org/r/20200116172428.311437-1-sgarzare@redhat.com

Changes in v1:
- added 'netns' module param to vsock.ko to enable the
  network namespace support (disabled by default)
- added 'vsock_net_eq()' to check the "net" assigned to a socket
  only when 'netns' support is enabled
- Link to RFC: https://patchwork.ozlabs.org/cover/1202235/

---
Bobby Eshleman (11):
      selftests/vsock: add NS tests to vmtest.sh
      vsock: a per-net vsock NS mode state
      vsock: add vsock net ns helpers
      vsock: add net to vsock skb cb
      vsock: add common code for vsock NS support
      virtio-vsock: add netns to common code
      vhost/vsock: add netns support
      vsock/virtio: add netns hooks
      hv_sock: add netns hooks
      vsock/vmci: add netns hooks
      vsock/loopback: add netns support

 MAINTAINERS                             |   1 +
 drivers/vhost/vsock.c                   |  48 ++-
 include/linux/virtio_vsock.h            |  12 +
 include/net/af_vsock.h                  |  53 ++-
 include/net/net_namespace.h             |   4 +
 include/net/netns/vsock.h               |  19 ++
 net/vmw_vsock/af_vsock.c                | 203 +++++++++++-
 net/vmw_vsock/hyperv_transport.c        |   2 +-
 net/vmw_vsock/virtio_transport.c        |   5 +-
 net/vmw_vsock/virtio_transport_common.c |  14 +-
 net/vmw_vsock/vmci_transport.c          |   4 +-
 net/vmw_vsock/vsock_loopback.c          |   4 +-
 tools/testing/selftests/vsock/vmtest.sh | 555 +++++++++++++++++++++++++++++---
 13 files changed, 843 insertions(+), 81 deletions(-)
---
base-commit: 8909f5f4ecd551c2299b28e05254b77424c8c7dc
change-id: 20250325-vsock-vmtest-b3a21d2102c2

Best regards,
-- 
Bobby Eshleman <bobbyeshleman@meta.com>