| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <99b6f3f7-4130-436a-bfef-3ef35832e02c@redhat.com> Date: Wed, 7 Jan 2026 10:47:56 +0100 From: Paolo Abeni <pabeni@...hat.com> To: Bobby Eshleman <bobbyeshleman@...il.com> Cc: Stefano Garzarella <sgarzare@...hat.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Simon Horman <horms@...nel.org>, Stefan Hajnoczi <stefanha@...hat.com>, "Michael S. Tsirkin" <mst@...hat.com>, Jason Wang <jasowang@...hat.com>, Eugenio PĂ©rez <eperezma@...hat.com>, Xuan Zhuo <xuanzhuo@...ux.alibaba.com>, "K. Y. Srinivasan" <kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>, Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>, Bryan Tan <bryan-bt.tan@...adcom.com>, Vishnu Dasa <vishnu.dasa@...adcom.com>, Broadcom internal kernel review list <bcm-kernel-feedback-list@...adcom.com>, Shuah Khan <shuah@...nel.org>, linux-kernel@...r.kernel.org, virtualization@...ts.linux.dev, netdev@...r.kernel.org, kvm@...r.kernel.org, linux-hyperv@...r.kernel.org, linux-kselftest@...r.kernel.org, berrange@...hat.com, Sargun Dhillon <sargun@...gun.me>, Bobby Eshleman <bobbyeshleman@...a.com> Subject: Re: [PATCH net-next v12 04/12] vsock: add netns support to virtio transports Hi, On 12/2/25 11:01 PM, Bobby Eshleman wrote: > On Tue, Dec 02, 2025 at 09:47:19PM +0100, Paolo Abeni wrote: >> I still have some concern WRT the dynamic mode change after netns >> creation. I fear some 'unsolvable' (or very hard to solve) race I can't >> see now. A tcp_child_ehash_entries-like model will avoid completely the >> issue, but I understand it would be a significant change over the >> current status. >> >> "Luckily" the merge window is on us and we have some time to discuss. Do >> you have a specific use-case for the ability to change the netns mode >> after creation? >> >> /P > > I don't think there is a hard requirement that the mode be change-able > after creation. Though I'd love to avoid such a big change... or at > least leave unchanged as much of what we've already reviewed as > possible. > > In the scheme of defining the mode at creation and following the > tcp_child_ehash_entries-ish model, what I'm imagining is: > - /proc/sys/net/vsock/child_ns_mode can be set to "local" or "global" > - /proc/sys/net/vsock/child_ns_mode is not immutable, can change any > number of times > > - when a netns is created, the new netns mode is inherited from > child_ns_mode, being assigned using something like: > > net->vsock.ns_mode = > get_net_ns_by_pid(current->pid)->child_ns_mode > > - /proc/sys/net/vsock/ns_mode queries the current mode, returning > "local" or "global", returning value of net->vsock.ns_mode > - /proc/sys/net/vsock/ns_mode and net->vsock.ns_mode are immutable and > reject writes > > Does that align with what you have in mind? Sorry for the latency. This fell of my radar while I still processed PW before EoY and afterwards I had some break. Yes, the above aligns with what I suggested, and I think it should solve possible race-related concerns (but I haven't looked at the RFC). /P
Powered by blists - more mailing lists