From: Bobby Eshleman <bobbyeshleman@gmail.com>
To: "Stefano Garzarella" <sgarzare@redhat.com>,
"Shuah Khan" <shuah@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Simon Horman" <horms@kernel.org>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Xuan Zhuo" <xuanzhuo@linux.alibaba.com>,
"Eugenio Pérez" <eperezma@redhat.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
"Haiyang Zhang" <haiyangz@microsoft.com>,
"Wei Liu" <wei.liu@kernel.org>,
"Dexuan Cui" <decui@microsoft.com>,
"Bryan Tan" <bryan-bt.tan@broadcom.com>,
"Vishnu Dasa" <vishnu.dasa@broadcom.com>,
"Broadcom internal kernel review list"
<bcm-kernel-feedback-list@broadcom.com>
Cc: virtualization@lists.linux.dev, netdev@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, linux-hyperv@vger.kernel.org,
Bobby Eshleman <bobbyeshleman@gmail.com>,
berrange@redhat.com, Bobby Eshleman <bobbyeshleman@meta.com>
Subject: [PATCH net-next v6 1/9] vsock: a per-net vsock NS mode state
Date: Tue, 16 Sep 2025 16:43:45 -0700 [thread overview]
Message-ID: <20250916-vsock-vmtest-v6-1-064d2eb0c89d@meta.com> (raw)
In-Reply-To: <20250916-vsock-vmtest-v6-0-064d2eb0c89d@meta.com>
From: Bobby Eshleman <bobbyeshleman@meta.com>
Add the per-net vsock NS mode state. This only adds the structure for
holding the mode and some of the functions for setting/getting and
checking the mode, but does not integrate the functionality yet.
Signed-off-by: Bobby Eshleman <bobbyeshleman@meta.com>
---
Changes in v6:
- add orig_net_mode to store mode at creation time which will be used to
avoid breakage when namespace changes mode during socket/VM lifespan
Changes in v5:
- use /proc/sys/net/vsock/ns_mode instead of /proc/net/vsock_ns_mode
- change from net->vsock.ns_mode to net->vsock.mode
- change vsock_net_set_mode() to vsock_net_write_mode()
- vsock_net_write_mode() returns bool for write success to avoid
need to use vsock_net_mode_can_set()
- remove vsock_net_mode_can_set()
---
MAINTAINERS | 1 +
include/net/af_vsock.h | 55 +++++++++++++++++++++++++++++++++++++++++++++
include/net/net_namespace.h | 4 ++++
include/net/netns/vsock.h | 20 +++++++++++++++++
4 files changed, 80 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 47bc35743f22..bc53c67e0926 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -26634,6 +26634,7 @@ L: netdev@vger.kernel.org
S: Maintained
F: drivers/vhost/vsock.c
F: include/linux/virtio_vsock.h
+F: include/net/netns/vsock.h
F: include/uapi/linux/virtio_vsock.h
F: net/vmw_vsock/virtio_transport.c
F: net/vmw_vsock/virtio_transport_common.c
diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h
index d40e978126e3..2857e97699de 100644
--- a/include/net/af_vsock.h
+++ b/include/net/af_vsock.h
@@ -10,6 +10,7 @@
#include <linux/kernel.h>
#include <linux/workqueue.h>
+#include <net/netns/vsock.h>
#include <net/sock.h>
#include <uapi/linux/vm_sockets.h>
@@ -65,6 +66,7 @@ struct vsock_sock {
u32 peer_shutdown;
bool sent_request;
bool ignore_connecting_rst;
+ enum vsock_net_mode orig_net_mode;
/* Protected by lock_sock(sk) */
u64 buffer_size;
@@ -256,4 +258,57 @@ static inline bool vsock_msgzerocopy_allow(const struct vsock_transport *t)
{
return t->msgzerocopy_allow && t->msgzerocopy_allow();
}
+
+static inline enum vsock_net_mode vsock_net_mode(struct net *net)
+{
+ enum vsock_net_mode ret;
+
+ spin_lock_bh(&net->vsock.lock);
+ ret = net->vsock.mode;
+ spin_unlock_bh(&net->vsock.lock);
+ return ret;
+}
+
+static inline bool vsock_net_write_mode(struct net *net, u8 mode)
+{
+ bool ret;
+
+ spin_lock_bh(&net->vsock.lock);
+
+ if (net->vsock.written) {
+ ret = false;
+ goto skip;
+ }
+
+ net->vsock.mode = mode;
+ net->vsock.written = true;
+ ret = true;
+
+skip:
+ spin_unlock_bh(&net->vsock.lock);
+ return ret;
+}
+
+/* Return true if vsock_sock passes the mode rules for a given net and
+ * orig_net_mode. Otherwise, return false.
+ *
+ * net is the current net namespace of the object being checked. orig_net_mode
+ * is the mode of net when the object was created.
+ *
+ * orig_net_mode is the mode of arg 'net' at the time of creation for the
+ * object being checked. For example, if searching for a vsock_sock then
+ * orig_net_mode is arg net's mode at the time the vsock_sock was created.
+ *
+ * Read more about modes in the comment header of net/vmw_vsock/af_vsock.c.
+ */
+static inline bool vsock_net_check_mode(struct vsock_sock *vsk, struct net *net,
+ enum vsock_net_mode orig_net_mode)
+{
+ struct net *vsk_net = sock_net(sk_vsock(vsk));
+
+ if (net_eq(vsk_net, net))
+ return true;
+
+ return orig_net_mode == VSOCK_NET_MODE_GLOBAL && vsk->orig_net_mode == VSOCK_NET_MODE_GLOBAL;
+}
#endif /* __AF_VSOCK_H__ */
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 025a7574b275..005c0da4fb62 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -37,6 +37,7 @@
#include <net/netns/smc.h>
#include <net/netns/bpf.h>
#include <net/netns/mctp.h>
+#include <net/netns/vsock.h>
#include <net/net_trackers.h>
#include <linux/ns_common.h>
#include <linux/idr.h>
@@ -196,6 +197,9 @@ struct net {
/* Move to a better place when the config guard is removed. */
struct mutex rtnl_mutex;
#endif
+#if IS_ENABLED(CONFIG_VSOCKETS)
+ struct netns_vsock vsock;
+#endif
} __randomize_layout;
#include <linux/seq_file_net.h>
diff --git a/include/net/netns/vsock.h b/include/net/netns/vsock.h
new file mode 100644
index 000000000000..d4593c0b8dc4
--- /dev/null
+++ b/include/net/netns/vsock.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __NET_NET_NAMESPACE_VSOCK_H
+#define __NET_NET_NAMESPACE_VSOCK_H
+
+#include <linux/types.h>
+
+enum vsock_net_mode {
+ VSOCK_NET_MODE_GLOBAL,
+ VSOCK_NET_MODE_LOCAL,
+};
+
+struct netns_vsock {
+ struct ctl_table_header *vsock_hdr;
+ spinlock_t lock;
+
+ /* protected by lock */
+ enum vsock_net_mode mode;
+ bool written;
+};
+#endif /* __NET_NET_NAMESPACE_VSOCK_H */
--
2.47.3
next prev parent reply other threads:[~2025-09-16 23:43 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 23:43 [PATCH net-next v6 0/9] vsock: add namespace support to vhost-vsock Bobby Eshleman
2025-09-16 23:43 ` Bobby Eshleman [this message]
2025-09-26 16:09 ` [PATCH net-next v6 1/9] vsock: a per-net vsock NS mode state Stefano Garzarella
2025-09-16 23:43 ` [PATCH net-next v6 2/9] vsock: add net to vsock skb cb Bobby Eshleman
2025-09-26 16:15 ` Stefano Garzarella
2025-09-16 23:43 ` [PATCH net-next v6 3/9] vsock: add netns to vsock core Bobby Eshleman
2025-09-17 22:12 ` kernel test robot
2025-09-26 16:39 ` Stefano Garzarella
2025-09-16 23:43 ` [PATCH net-next v6 4/9] vsock/loopback: add netns support Bobby Eshleman
2025-09-26 15:01 ` Stefano Garzarella
2025-09-16 23:43 ` [PATCH net-next v6 5/9] vsock/virtio: add netns to virtio transport common Bobby Eshleman
2025-09-26 16:43 ` Stefano Garzarella
2025-09-16 23:43 ` [PATCH net-next v6 6/9] vhost/vsock: add netns support Bobby Eshleman
2025-09-26 16:52 ` Stefano Garzarella
2025-09-16 23:43 ` [PATCH net-next v6 7/9] selftests/vsock: improve logging in vmtest.sh Bobby Eshleman
2025-09-30 8:26 ` Stefano Garzarella
2025-09-16 23:43 ` [PATCH net-next v6 8/9] selftests/vsock: invoke vsock_test through helpers Bobby Eshleman
2025-09-30 8:37 ` Stefano Garzarella
2025-09-16 23:43 ` [PATCH net-next v6 9/9] selftests/vsock: add namespace tests Bobby Eshleman
2025-09-30 8:58 ` Stefano Garzarella
2025-10-09 16:59 ` Bobby Eshleman
2025-09-17 16:19 ` [PATCH net-next v6 0/9] vsock: add namespace support to vhost-vsock Simon Horman
2025-09-17 16:33 ` Bobby Eshleman
2025-09-17 18:40 ` Simon Horman
2025-09-26 13:52 ` Stefano Garzarella
2025-09-26 16:56 ` Stefano Garzarella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250916-vsock-vmtest-v6-1-064d2eb0c89d@meta.com \
--to=bobbyeshleman@gmail.com \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=berrange@redhat.com \
--cc=bobbyeshleman@meta.com \
--cc=bryan-bt.tan@broadcom.com \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=edumazet@google.com \
--cc=eperezma@redhat.com \
--cc=haiyangz@microsoft.com \
--cc=horms@kernel.org \
--cc=jasowang@redhat.com \
--cc=kuba@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sgarzare@redhat.com \
--cc=shuah@kernel.org \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux.dev \
--cc=vishnu.dasa@broadcom.com \
--cc=wei.liu@kernel.org \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).