This series adds namespace support to vhost-vsock. It does not add namespaces to any of the guest transports (virtio-vsock, hyperv, or vmci).
The current revision only supports two modes: local or global. Local mode is complete isolation of namespaces, while global mode is complete sharing between namespaces of CIDs (the original behavior).
If it is deemed necessary to add mixed mode up front, it is doable but at the cost of more complexity than local and global modes. Mixed will require adding the notion of allocation to the socket lookup functions (like vhost_vsock_get()) and also more logic will be necessary for controlling or using lookups differently based on mixed-to-global or global-to-mixed scenarios.
The current implementation takes into consideration the future need for mixed mode and makes sure it is possible by making vsock_ns_mode per-namespace, as for mixed mode we need at least one "global" namespace and one "mixed" namespace for it to work. Is it feasible to support local and global modes only initially?
I've demoted this series to RFC, as I haven't been able to re-run the tests after rebasing onto the upstreamed vmtest.sh, some of the code is still pretty messy, there are still some TODOs, stale comments, and other work to do. I thought reviewers might want to see the current state even though unfinished, since I'll be OoO until the second week of July and that just feels like a long time of silence given we've already all done work on this together.
Thanks again for everyone's help and reviews!
Signed-off-by: Bobby Eshleman bobbyeshleman@gmail.com --- Changes in v3: - add notion of "modes" - add procfs /proc/net/vsock_ns_mode - local and global modes only - no /dev/vhost-vsock-netns - vmtest.sh already merged, so new patch just adds new tests for NS - Link to v2: https://lore.kernel.org/kvm/20250312-vsock-netns-v2-0-84bffa1aa97a@gmail.com
Changes in v2: - only support vhost-vsock namespaces - all g2h namespaces retain old behavior, only common API changes impacted by vhost-vsock changes - add /dev/vhost-vsock-netns for "opt-in" - leave /dev/vhost-vsock to old behavior - removed netns module param - Link to v1: https://lore.kernel.org/r/20200116172428.311437-1-sgarzare@redhat.com
Changes in v1: - added 'netns' module param to vsock.ko to enable the network namespace support (disabled by default) - added 'vsock_net_eq()' to check the "net" assigned to a socket only when 'netns' support is enabled - Link to RFC: https://patchwork.ozlabs.org/cover/1202235/
--- Bobby Eshleman (11): selftests/vsock: add NS tests to vmtest.sh vsock: a per-net vsock NS mode state vsock: add vsock net ns helpers vsock: add net to vsock skb cb vsock: add common code for vsock NS support virtio-vsock: add netns to common code vhost/vsock: add netns support vsock/virtio: add netns hooks hv_sock: add netns hooks vsock/vmci: add netns hooks vsock/loopback: add netns support
MAINTAINERS | 1 + drivers/vhost/vsock.c | 48 ++- include/linux/virtio_vsock.h | 12 + include/net/af_vsock.h | 53 ++- include/net/net_namespace.h | 4 + include/net/netns/vsock.h | 19 ++ net/vmw_vsock/af_vsock.c | 203 +++++++++++- net/vmw_vsock/hyperv_transport.c | 2 +- net/vmw_vsock/virtio_transport.c | 5 +- net/vmw_vsock/virtio_transport_common.c | 14 +- net/vmw_vsock/vmci_transport.c | 4 +- net/vmw_vsock/vsock_loopback.c | 4 +- tools/testing/selftests/vsock/vmtest.sh | 555 +++++++++++++++++++++++++++++--- 13 files changed, 843 insertions(+), 81 deletions(-) --- base-commit: 8909f5f4ecd551c2299b28e05254b77424c8c7dc change-id: 20250325-vsock-vmtest-b3a21d2102c2
Best regards,