From: "Michael S. Tsirkin" <mst@redhat.com>
To: Bobby Eshleman <bobbyeshleman@gmail.com>
Cc: "Stefano Garzarella" <sgarzare@redhat.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"K. Y. Srinivasan" <kys@microsoft.com>,
"Haiyang Zhang" <haiyangz@microsoft.com>,
"Wei Liu" <wei.liu@kernel.org>,
"Dexuan Cui" <decui@microsoft.com>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Xuan Zhuo" <xuanzhuo@linux.alibaba.com>,
"Eugenio Pérez" <eperezma@redhat.com>,
"Bryan Tan" <bryan-bt.tan@broadcom.com>,
"Vishnu Dasa" <vishnu.dasa@broadcom.com>,
"Broadcom internal kernel review list"
<bcm-kernel-feedback-list@broadcom.com>,
"David S. Miller" <davem@davemloft.net>,
virtualization@lists.linux.dev, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org,
kvm@vger.kernel.org
Subject: Re: [PATCH v2 0/3] vsock: add namespace support to vhost-vsock
Date: Fri, 21 Mar 2025 15:49:38 -0400 [thread overview]
Message-ID: <20250321154922-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20250312-vsock-netns-v2-0-84bffa1aa97a@gmail.com>
On Wed, Mar 12, 2025 at 01:59:34PM -0700, Bobby Eshleman wrote:
> Picking up Stefano's v1 [1], this series adds netns support to
> vhost-vsock. Unlike v1, this series does not address guest-to-host (g2h)
> namespaces, defering that for future implementation and discussion.
>
> Any vsock created with /dev/vhost-vsock is a global vsock, accessible
> from any namespace. Any vsock created with /dev/vhost-vsock-netns is a
> "scoped" vsock, accessible only to sockets in its namespace. If a global
> vsock or scoped vsock share the same CID, the scoped vsock takes
> precedence.
>
> If a socket in a namespace connects with a global vsock, the CID becomes
> unavailable to any VMM in that namespace when creating new vsocks. If
> disconnected, the CID becomes available again.
yea that's a sane way to do it.
Thanks!
> Testing
>
> QEMU with /dev/vhost-vsock-netns support:
> https://github.com/beshleman/qemu/tree/vsock-netns
>
> Test: Scoped vsocks isolated by namespace
>
> host# ip netns add ns1
> host# ip netns add ns2
> host# ip netns exec ns1 \
> qemu-system-x86_64 \
> -m 8G -smp 4 -cpu host -enable-kvm \
> -serial mon:stdio \
> -drive if=virtio,file=${IMAGE1} \
> -device vhost-vsock-pci,netns=on,guest-cid=15
> host# ip netns exec ns2 \
> qemu-system-x86_64 \
> -m 8G -smp 4 -cpu host -enable-kvm \
> -serial mon:stdio \
> -drive if=virtio,file=${IMAGE2} \
> -device vhost-vsock-pci,netns=on,guest-cid=15
>
> host# socat - VSOCK-CONNECT:15:1234
> 2025/03/10 17:09:40 socat[255741] E connect(5, AF=40 cid:15 port:1234, 16): No such device
>
> host# echo foobar1 | sudo ip netns exec ns1 socat - VSOCK-CONNECT:15:1234
> host# echo foobar2 | sudo ip netns exec ns2 socat - VSOCK-CONNECT:15:1234
>
> vm1# socat - VSOCK-LISTEN:1234
> foobar1
> vm2# socat - VSOCK-LISTEN:1234
> foobar2
>
> Test: Global vsocks accessible to any namespace
>
> host# qemu-system-x86_64 \
> -m 8G -smp 4 -cpu host -enable-kvm \
> -serial mon:stdio \
> -drive if=virtio,file=${IMAGE2} \
> -device vhost-vsock-pci,guest-cid=15,netns=off
>
> host# echo foobar | sudo ip netns exec ns1 socat - VSOCK-CONNECT:15:1234
>
> vm# socat - VSOCK-LISTEN:1234
> foobar
>
> Test: Connecting to global vsock makes CID unavailble to namespace
>
> host# qemu-system-x86_64 \
> -m 8G -smp 4 -cpu host -enable-kvm \
> -serial mon:stdio \
> -drive if=virtio,file=${IMAGE2} \
> -device vhost-vsock-pci,guest-cid=15,netns=off
>
> vm# socat - VSOCK-LISTEN:1234
>
> host# sudo ip netns exec ns1 socat - VSOCK-CONNECT:15:1234
> host# ip netns exec ns1 \
> qemu-system-x86_64 \
> -m 8G -smp 4 -cpu host -enable-kvm \
> -serial mon:stdio \
> -drive if=virtio,file=${IMAGE1} \
> -device vhost-vsock-pci,netns=on,guest-cid=15
>
> qemu-system-x86_64: -device vhost-vsock-pci,netns=on,guest-cid=15: vhost-vsock: unable to set guest cid: Address already in use
>
> Signed-off-by: Bobby Eshleman <bobbyeshleman@gmail.com>
> ---
> Changes in v2:
> - only support vhost-vsock namespaces
> - all g2h namespaces retain old behavior, only common API changes
> impacted by vhost-vsock changes
> - add /dev/vhost-vsock-netns for "opt-in"
> - leave /dev/vhost-vsock to old behavior
> - removed netns module param
> - Link to v1: https://lore.kernel.org/r/20200116172428.311437-1-sgarzare@redhat.com
>
> Changes in v1:
> - added 'netns' module param to vsock.ko to enable the
> network namespace support (disabled by default)
> - added 'vsock_net_eq()' to check the "net" assigned to a socket
> only when 'netns' support is enabled
> - Link to RFC: https://patchwork.ozlabs.org/cover/1202235/
>
> ---
> Stefano Garzarella (3):
> vsock: add network namespace support
> vsock/virtio_transport_common: handle netns of received packets
> vhost/vsock: use netns of process that opens the vhost-vsock-netns device
>
> drivers/vhost/vsock.c | 96 +++++++++++++++++++++++++++------
> include/linux/miscdevice.h | 1 +
> include/linux/virtio_vsock.h | 2 +
> include/net/af_vsock.h | 10 ++--
> net/vmw_vsock/af_vsock.c | 85 +++++++++++++++++++++++------
> net/vmw_vsock/hyperv_transport.c | 2 +-
> net/vmw_vsock/virtio_transport.c | 5 +-
> net/vmw_vsock/virtio_transport_common.c | 14 ++++-
> net/vmw_vsock/vmci_transport.c | 4 +-
> net/vmw_vsock/vsock_loopback.c | 4 +-
> 10 files changed, 180 insertions(+), 43 deletions(-)
> ---
> base-commit: 0ea09cbf8350b70ad44d67a1dcb379008a356034
> change-id: 20250312-vsock-netns-45da9424f726
>
> Best regards,
> --
> Bobby Eshleman <bobbyeshleman@gmail.com>
next prev parent reply other threads:[~2025-03-21 19:49 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-12 20:59 [PATCH v2 0/3] vsock: add namespace support to vhost-vsock Bobby Eshleman
2025-03-12 20:59 ` [PATCH v2 1/3] vsock: add network namespace support Bobby Eshleman
2025-03-19 13:02 ` Stefano Garzarella
2025-03-19 19:00 ` Bobby Eshleman
2025-03-20 8:57 ` Stefano Garzarella
2025-03-20 20:56 ` Bobby Eshleman
2025-03-12 20:59 ` [PATCH v2 2/3] vsock/virtio_transport_common: handle netns of received packets Bobby Eshleman
2025-03-19 13:26 ` Stefano Garzarella
2025-03-19 19:05 ` Bobby Eshleman
2025-03-12 20:59 ` [PATCH v2 3/3] vhost/vsock: use netns of process that opens the vhost-vsock-netns device Bobby Eshleman
2025-03-19 14:15 ` Stefano Garzarella
2025-03-19 19:28 ` Bobby Eshleman
2025-03-19 21:09 ` Paolo Abeni
2025-03-20 9:08 ` Stefano Garzarella
2025-03-20 21:05 ` Bobby Eshleman
2025-03-21 10:02 ` Stefano Garzarella
2025-03-21 16:43 ` Bobby Eshleman
2025-03-26 0:11 ` Bobby Eshleman
2025-03-27 9:14 ` Stefano Garzarella
2025-03-28 16:07 ` Bobby Eshleman
2025-03-28 16:19 ` Stefano Garzarella
2025-03-28 20:14 ` Bobby Eshleman
2025-03-20 20:57 ` Bobby Eshleman
2025-03-13 2:28 ` [PATCH v2 0/3] vsock: add namespace support to vhost-vsock Bobby Eshleman
2025-03-13 15:37 ` Stefano Garzarella
2025-03-13 16:20 ` Bobby Eshleman
2025-03-21 19:49 ` Michael S. Tsirkin [this message]
2025-03-22 1:04 ` Bobby Eshleman
2025-03-28 17:03 ` Stefano Garzarella
2025-03-28 20:13 ` Bobby Eshleman
2025-04-01 19:05 ` Daniel P. Berrangé
2025-04-02 0:21 ` Bobby Eshleman
2025-04-02 8:13 ` Stefano Garzarella
2025-04-02 9:21 ` Daniel P. Berrangé
2025-04-02 22:18 ` Bobby Eshleman
2025-04-02 22:28 ` Bobby Eshleman
2025-04-03 9:33 ` Stefano Garzarella
2025-04-03 19:42 ` Bobby Eshleman
2025-04-04 13:05 ` Daniel P. Berrangé
2025-04-18 17:57 ` Bobby Eshleman
2025-04-22 13:35 ` Stefano Garzarella
2025-04-03 9:01 ` Stefano Garzarella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250321154922-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=bobbyeshleman@gmail.com \
--cc=bryan-bt.tan@broadcom.com \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=eperezma@redhat.com \
--cc=haiyangz@microsoft.com \
--cc=jasowang@redhat.com \
--cc=kuba@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sgarzare@redhat.com \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux.dev \
--cc=vishnu.dasa@broadcom.com \
--cc=wei.liu@kernel.org \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).