lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <bgntskdmtb3usi6izcxywuhpvyldnoaxnomub4t7vfclv3xqhx@gjcs5ay4mkyt>
Date: Tue, 17 Jun 2025 17:24:36 +0200
From: Stefano Garzarella <sgarzare@...hat.com>
To: Bobby Eshleman <bobbyeshleman@...il.com>, berrange@...hat.com
Cc: Stefan Hajnoczi <stefanha@...hat.com>, Shuah Khan <shuah@...nel.org>, 
	kvm@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, 
	Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, linux-kernel@...r.kernel.org, 
	virtualization@...ts.linux.dev, netdev@...r.kernel.org, linux-kselftest@...r.kernel.org, 
	Bobby Eshleman <bobbyeshleman@...a.com>
Subject: Re: [PATCH RFC net-next v4 00/11] vsock: add namespace support to
 vhost-vsock

CCing Daniel who commented v2.

On Mon, Jun 16, 2025 at 09:32:49PM -0700, Bobby Eshleman wrote:
>This series adds namespace support to vhost-vsock. It does not add
>namespaces to any of the guest transports (virtio-vsock, hyperv, or
>vmci).
>
>The current revision only supports two modes: local or global. Local
>mode is complete isolation of namespaces, while global mode is complete
>sharing between namespaces of CIDs (the original behavior).
>
>If it is deemed necessary to add mixed mode up front, it is doable but
>at the cost of more complexity than local and global modes. Mixed will
>require adding the notion of allocation to the socket lookup functions
>(like vhost_vsock_get()) and also more logic will be necessary for
>controlling or using lookups differently based on mixed-to-global or
>global-to-mixed scenarios.
>
>The current implementation takes into consideration the future need for mixed
>mode and makes sure it is possible by making vsock_ns_mode per-namespace, as for
>mixed mode we need at least one "global" namespace and one "mixed"
>namespace for it to work. Is it feasible to support local and global
>modes only initially?
>
>I've demoted this series to RFC, as I haven't been able to re-run the
>tests after rebasing onto the upstreamed vmtest.sh, some of the code is
>still pretty messy, there are still some TODOs, stale comments, and
>other work to do. I thought reviewers might want to see the current
>state even though unfinished, since I'll be OoO until the second week of
>July and that just feels like a long time of silence given we've already
>all done work on this together.
>
>Thanks again for everyone's help and reviews!
>
>Signed-off-by: Bobby Eshleman <bobbyeshleman@...il.com>
>---
>Changes in v3:
>- add notion of "modes"
>- add procfs /proc/net/vsock_ns_mode
>- local and global modes only
>- no /dev/vhost-vsock-netns
>- vmtest.sh already merged, so new patch just adds new tests for NS
>- Link to v2:
>  https://lore.kernel.org/kvm/20250312-vsock-netns-v2-0-84bffa1aa97a@gmail.com

Thanks for this!
FYI I'll be off for the next days, I hope to comment next week.

Thanks,
Stefano

>
>Changes in v2:
>- only support vhost-vsock namespaces
>- all g2h namespaces retain old behavior, only common API changes
>  impacted by vhost-vsock changes
>- add /dev/vhost-vsock-netns for "opt-in"
>- leave /dev/vhost-vsock to old behavior
>- removed netns module param
>- Link to v1:
>  https://lore.kernel.org/r/20200116172428.311437-1-sgarzare@redhat.com
>
>Changes in v1:
>- added 'netns' module param to vsock.ko to enable the
>  network namespace support (disabled by default)
>- added 'vsock_net_eq()' to check the "net" assigned to a socket
>  only when 'netns' support is enabled
>- Link to RFC: https://patchwork.ozlabs.org/cover/1202235/
>
>---
>Bobby Eshleman (11):
>      selftests/vsock: add NS tests to vmtest.sh
>      vsock: a per-net vsock NS mode state
>      vsock: add vsock net ns helpers
>      vsock: add net to vsock skb cb
>      vsock: add common code for vsock NS support
>      virtio-vsock: add netns to common code
>      vhost/vsock: add netns support
>      vsock/virtio: add netns hooks
>      hv_sock: add netns hooks
>      vsock/vmci: add netns hooks
>      vsock/loopback: add netns support
>
> MAINTAINERS                             |   1 +
> drivers/vhost/vsock.c                   |  48 ++-
> include/linux/virtio_vsock.h            |  12 +
> include/net/af_vsock.h                  |  53 ++-
> include/net/net_namespace.h             |   4 +
> include/net/netns/vsock.h               |  19 ++
> net/vmw_vsock/af_vsock.c                | 203 +++++++++++-
> net/vmw_vsock/hyperv_transport.c        |   2 +-
> net/vmw_vsock/virtio_transport.c        |   5 +-
> net/vmw_vsock/virtio_transport_common.c |  14 +-
> net/vmw_vsock/vmci_transport.c          |   4 +-
> net/vmw_vsock/vsock_loopback.c          |   4 +-
> tools/testing/selftests/vsock/vmtest.sh | 555 +++++++++++++++++++++++++++++---
> 13 files changed, 843 insertions(+), 81 deletions(-)
>---
>base-commit: 8909f5f4ecd551c2299b28e05254b77424c8c7dc
>change-id: 20250325-vsock-vmtest-b3a21d2102c2
>
>Best regards,
>-- 
>Bobby Eshleman <bobbyeshleman@...a.com>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ