[PATCH net 0/2] vsock: fix child netns mode initialization and restriction

[PATCH net 0/2] vsock: fix child netns mode initialization and restriction · Stefano Garzarella <sgarzare@redhat.com> · 2026-02-12
[PATCH net 1/2] vsock: fix child netns mode initialization · Stefano Garzarella <sgarzare@redhat.com> · 2026-02-12
Re: [PATCH net 1/2] vsock: fix child netns mode initialization · Bobby Eshleman <hidden> · 2026-02-13
[PATCH net 2/2] vsock: prevent child netns mode switch from local to global · Stefano Garzarella <sgarzare@redhat.com> · 2026-02-12
Re: [PATCH net 2/2] vsock: prevent child netns mode switch from local to global · Bobby Eshleman <hidden> · 2026-02-13
Re: [PATCH net 0/2] vsock: fix child netns mode initialization and restriction · patchwork-bot+netdevbpf@kernel.org · 2026-02-13

STALE127d

From: Stefano Garzarella <sgarzare@redhat.com>
Date: 2026-02-12 20:59:23
Also in: lkml, virtualization

This series fixes two issues in the vsock network namespace support
recently introduced by commit eafb64f40ca4 ("vsock: add netns to vsock
core").

Patch 1 fixes `child_ns_mode` being always hardcoded to "global" for new
namespaces, breaking propagation of the "local" mode through nested
namespaces.

Patch 2 prevents a "local" namespace from switching `child_ns_mode` to
"global", which would allow nested namespaces to escape vsock isolation
and access global CIDs.

Stefano Garzarella (2):
  vsock: fix child netns mode initialization
  vsock: prevent child netns mode switch from local to global

 net/vmw_vsock/af_vsock.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

-- 
2.53.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help