Hey all, Apologies for forgetting the 'net-next' prefix on this one. Should I resend or no? Best, Bobby On Wed, Mar 12, 2025 at 01:59:34PM -0700, Bobby Eshleman wrote: > Picking up Stefano's v1 [1], this series adds netns support to > vhost-vsock. Unlike v1, this series does not address guest-to-host (g2h) > namespaces, defering that for future implementation and discussion. > > Any vsock created with /dev/vhost-vsock is a global vsock, accessible > from any namespace. Any vsock created with /dev/vhost-vsock-netns is a > "scoped" vsock, accessible only to sockets in its namespace. If a global > vsock or scoped vsock share the same CID, the scoped vsock takes > precedence. > > If a socket in a namespace connects with a global vsock, the CID becomes > unavailable to any VMM in that namespace when creating new vsocks. If > disconnected, the CID becomes available again. > > Testing > > QEMU with /dev/vhost-vsock-netns support: > https://github.com/beshleman/qemu/tree/vsock-netns > > Test: Scoped vsocks isolated by namespace > > host# ip netns add ns1 > host# ip netns add ns2 > host# ip netns exec ns1 \ > qemu-system-x86_64 \ > -m 8G -smp 4 -cpu host -enable-kvm \ > -serial mon:stdio \ > -drive if=virtio,file=${IMAGE1} \ > -device vhost-vsock-pci,netns=on,guest-cid=15 > host# ip netns exec ns2 \ > qemu-system-x86_64 \ > -m 8G -smp 4 -cpu host -enable-kvm \ > -serial mon:stdio \ > -drive if=virtio,file=${IMAGE2} \ > -device vhost-vsock-pci,netns=on,guest-cid=15 > > host# socat - VSOCK-CONNECT:15:1234 > 2025/03/10 17:09:40 socat[255741] E connect(5, AF=40 cid:15 port:1234, 16): No such device > > host# echo foobar1 | sudo ip netns exec ns1 socat - VSOCK-CONNECT:15:1234 > host# echo foobar2 | sudo ip netns exec ns2 socat - VSOCK-CONNECT:15:1234 > > vm1# socat - VSOCK-LISTEN:1234 > foobar1 > vm2# socat - VSOCK-LISTEN:1234 > foobar2 > > Test: Global vsocks accessible to any namespace > > host# qemu-system-x86_64 \ > -m 8G -smp 4 -cpu host -enable-kvm \ > -serial mon:stdio \ > -drive if=virtio,file=${IMAGE2} \ > -device vhost-vsock-pci,guest-cid=15,netns=off > > host# echo foobar | sudo ip netns exec ns1 socat - VSOCK-CONNECT:15:1234 > > vm# socat - VSOCK-LISTEN:1234 > foobar > > Test: Connecting to global vsock makes CID unavailble to namespace > > host# qemu-system-x86_64 \ > -m 8G -smp 4 -cpu host -enable-kvm \ > -serial mon:stdio \ > -drive if=virtio,file=${IMAGE2} \ > -device vhost-vsock-pci,guest-cid=15,netns=off > > vm# socat - VSOCK-LISTEN:1234 > > host# sudo ip netns exec ns1 socat - VSOCK-CONNECT:15:1234 > host# ip netns exec ns1 \ > qemu-system-x86_64 \ > -m 8G -smp 4 -cpu host -enable-kvm \ > -serial mon:stdio \ > -drive if=virtio,file=${IMAGE1} \ > -device vhost-vsock-pci,netns=on,guest-cid=15 > > qemu-system-x86_64: -device vhost-vsock-pci,netns=on,guest-cid=15: vhost-vsock: unable to set guest cid: Address already in use > > Signed-off-by: Bobby Eshleman <bobbyeshleman@xxxxxxxxx> > --- > Changes in v2: > - only support vhost-vsock namespaces > - all g2h namespaces retain old behavior, only common API changes > impacted by vhost-vsock changes > - add /dev/vhost-vsock-netns for "opt-in" > - leave /dev/vhost-vsock to old behavior > - removed netns module param > - Link to v1: https://lore.kernel.org/r/20200116172428.311437-1-sgarzare@xxxxxxxxxx > > Changes in v1: > - added 'netns' module param to vsock.ko to enable the > network namespace support (disabled by default) > - added 'vsock_net_eq()' to check the "net" assigned to a socket > only when 'netns' support is enabled > - Link to RFC: https://patchwork.ozlabs.org/cover/1202235/ > > --- > Stefano Garzarella (3): > vsock: add network namespace support > vsock/virtio_transport_common: handle netns of received packets > vhost/vsock: use netns of process that opens the vhost-vsock-netns device > > drivers/vhost/vsock.c | 96 +++++++++++++++++++++++++++------ > include/linux/miscdevice.h | 1 + > include/linux/virtio_vsock.h | 2 + > include/net/af_vsock.h | 10 ++-- > net/vmw_vsock/af_vsock.c | 85 +++++++++++++++++++++++------ > net/vmw_vsock/hyperv_transport.c | 2 +- > net/vmw_vsock/virtio_transport.c | 5 +- > net/vmw_vsock/virtio_transport_common.c | 14 ++++- > net/vmw_vsock/vmci_transport.c | 4 +- > net/vmw_vsock/vsock_loopback.c | 4 +- > 10 files changed, 180 insertions(+), 43 deletions(-) > --- > base-commit: 0ea09cbf8350b70ad44d67a1dcb379008a356034 > change-id: 20250312-vsock-netns-45da9424f726 > > Best regards, > -- > Bobby Eshleman <bobbyeshleman@xxxxxxxxx> >
