[PATCH net 0/2] vsock: fix child netns mode initialization and restriction

Next message: Stefano Garzarella: "[PATCH net 1/2] vsock: fix child netns mode initialization"
Previous message: Liam R. Howlett: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in mas_walk"
Next in thread: Stefano Garzarella: "[PATCH net 1/2] vsock: fix child netns mode initialization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stefano Garzarella

Date: Thu Feb 12 2026 - 15:59:35 EST

This series fixes two issues in the vsock network namespace support
recently introduced by commit eafb64f40ca4 ("vsock: add netns to vsock
core").

Patch 1 fixes `child_ns_mode` being always hardcoded to "global" for new
namespaces, breaking propagation of the "local" mode through nested
namespaces.

Patch 2 prevents a "local" namespace from switching `child_ns_mode` to
"global", which would allow nested namespaces to escape vsock isolation
and access global CIDs.

Stefano Garzarella (2):
vsock: fix child netns mode initialization
vsock: prevent child netns mode switch from local to global

net/vmw_vsock/af_vsock.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)

--
2.53.0