From: Jakub Kicinski <kuba@kernel.org>
To: Wei Wang <weibunny.kernel@gmail.com>
Cc: netdev@vger.kernel.org, Daniel Zahka <daniel.zahka@gmail.com>,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
David Wei <dw@davidwei.uk>, Andrew Lunn <andrew+netdev@lunn.ch>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
Wei Wang <weibunny@fb.com>
Subject: Re: [PATCH v14 net-next 2/5] psp: add new netlink cmd for dev-assoc and dev-disassoc
Date: Wed, 13 May 2026 18:31:20 -0700 [thread overview]
Message-ID: <20260513183120.4ccc0acb@kernel.org> (raw)
In-Reply-To: <20260508042611.130945-3-weibunny.kernel@gmail.com>
On Thu, 7 May 2026 21:26:07 -0700 Wei Wang wrote:
> From: Wei Wang <weibunny@fb.com>
>
> The main purpose of this cmd is to be able to associate a
> non-psp-capable device (e.g. veth or netkit) with a psp device.
> One use case is if we create a pair of veth/netkit, and assign 1 end
> inside a netns, while leaving the other end within the default netns,
> with a real PSP device, e.g. netdevsim or a physical PSP-capable NIC.
> With this command, we could associate the veth/netkit inside the netns
> with PSP device, so the virtual device could act as PSP-capable device
> to initiate PSP connections, and performs PSP encryption/decryption on
> the real PSP device.
> --- a/net/psp/psp_main.c
> +++ b/net/psp/psp_main.c
> @@ -37,8 +37,18 @@ struct mutex psp_devs_lock;
> */
> int psp_dev_check_access(struct psp_dev *psd, struct net *net, bool admin)
> {
> + struct psp_assoc_dev *entry;
> +
> if (dev_net(psd->main_netdev) == net)
> return 0;
> +
> + if (!admin) {
> + list_for_each_entry(entry, &psd->assoc_dev_list, dev_list) {
> + if (dev_net(entry->assoc_dev) == net)
Would
if (psp_has_assoc_dev_in_ns(psd, net)) ?
work here?
> + return 0;
> + }
> + }
> +
> return -ENOENT;
> }
> static struct psp_dev *
> @@ -79,18 +147,58 @@ static int __psp_device_get_locked(const struct genl_split_ops *ops,
> return PTR_ERR_OR_ZERO(info->user_ptr[0]);
> }
>
> +/*
> + * Admin version of psp_device_get_locked() where it returns psd only if
> + * current netns is the same as psd->main_netdev's netns.
> + */
this..
> int psp_device_get_locked_admin(const struct genl_split_ops *ops,
> struct sk_buff *skb, struct genl_info *info)
> {
> return __psp_device_get_locked(ops, skb, info, true);
> }
>
> +/*
> + * Non-admin version of psp_device_get_locked() where it returns psd in netns
> + * for not only psd->main_netdev but all netdevs in psd->assoc_dev_list.
> + */
.. and this belong in previous commit. But TBH they seem unnecessary.
> int psp_device_get_locked(const struct genl_split_ops *ops,
> struct sk_buff *skb, struct genl_info *info)
> {
> return __psp_device_get_locked(ops, skb, info, false);
> }
> +int psp_nl_dev_assoc_doit(struct sk_buff *skb, struct genl_info *info)
> +{
> + struct psp_dev *psd = info->user_ptr[0];
> + struct psp_assoc_dev *psp_assoc_dev;
> + struct net_device *assoc_dev;
> + struct sk_buff *rsp;
> + u32 assoc_ifindex;
> + struct net *net;
> + int err;
> +
> + if (psd->assoc_dev_cnt >= PSP_ASSOC_DEV_MAX) {
> + NL_SET_ERR_MSG(info->extack,
> + "Maximum number of associated devices reached");
> + return -ENOSPC;
> + }
> +
> + net = psp_nl_resolve_assoc_dev_ns(psd, info);
> + if (IS_ERR(net))
> + return PTR_ERR(net);
> +
> + psp_assoc_dev = kzalloc_obj(*psp_assoc_dev, GFP_KERNEL);
nit: I think GFP_KERNEL is implicit if flags are not specified.
> + if (!psp_assoc_dev) {
> + err = -ENOMEM;
> + goto err_put_net;
> + }
next prev parent reply other threads:[~2026-05-14 1:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-08 4:26 [PATCH v14 net-next 0/5] psp: Add support for dev-assoc/disassoc Wei Wang
2026-05-08 4:26 ` [PATCH v14 net-next 1/5] psp: add admin/non-admin version of psp_device_get_locked Wei Wang
2026-05-08 4:26 ` [PATCH v14 net-next 2/5] psp: add new netlink cmd for dev-assoc and dev-disassoc Wei Wang
2026-05-14 1:31 ` Jakub Kicinski [this message]
2026-05-08 4:26 ` [PATCH v14 net-next 3/5] psp: add a new netdev event for dev unregister Wei Wang
2026-05-14 1:41 ` Jakub Kicinski
2026-05-08 4:26 ` [PATCH v14 net-next 4/5] selftests/net: Add bpf skb forwarding program Wei Wang
2026-05-08 4:26 ` [PATCH v14 net-next 5/5] selftests/net: psp: Add test for dev-assoc/disassoc Wei Wang
2026-05-14 1:46 ` Jakub Kicinski
2026-05-12 8:30 ` [PATCH v14 net-next 0/5] psp: Add support " Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260513183120.4ccc0acb@kernel.org \
--to=kuba@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=daniel.zahka@gmail.com \
--cc=davem@davemloft.net \
--cc=dw@davidwei.uk \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=weibunny.kernel@gmail.com \
--cc=weibunny@fb.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.