From: Daniel Zahka <daniel.zahka@gmail.com>
To: Wei Wang <weibunny.kernel@gmail.com>,
netdev@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
David Wei <dw@davidwei.uk>, Andrew Lunn <andrew+netdev@lunn.ch>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Simon Horman <horms@kernel.org>
Cc: Wei Wang <weibunny@fb.com>
Subject: Re: [PATCH v10 net-next 2/5] psp: add new netlink cmd for dev-assoc and dev-disassoc
Date: Mon, 6 Apr 2026 09:27:20 -0400 [thread overview]
Message-ID: <2758ac3a-50dc-451a-990a-93e4db9d4bd6@gmail.com> (raw)
In-Reply-To: <20260405055853.3285534-3-weibunny.kernel@gmail.com>
On 4/5/26 1:58 AM, Wei Wang wrote:
> From: Wei Wang <weibunny@fb.com>
>
> The main purpose of this cmd is to be able to associate a
> non-psp-capable device (e.g. veth or netkit) with a psp device.
> One use case is if we create a pair of veth/netkit, and assign 1 end
> inside a netns, while leaving the other end within the default netns,
> with a real PSP device, e.g. netdevsim or a physical PSP-capable NIC.
> With this command, we could associate the veth/netkit inside the netns
> with PSP device, so the virtual device could act as PSP-capable device
> to initiate PSP connections, and performs PSP encryption/decryption on
> the real PSP device.
>
> Signed-off-by: Wei Wang <weibunny@fb.com>
> ---
> Documentation/netlink/specs/psp.yaml | 67 +++++-
> include/net/psp/types.h | 15 ++
> include/uapi/linux/psp.h | 13 ++
> net/psp/psp-nl-gen.c | 32 +++
> net/psp/psp-nl-gen.h | 2 +
> net/psp/psp_main.c | 20 ++
> net/psp/psp_nl.c | 319 ++++++++++++++++++++++++++-
> 7 files changed, 457 insertions(+), 11 deletions(-)
>
...
>
> +/**
> + * Admin version of psp_device_get_locked() where it returns psd only if
> + * current netns is the same as psd->main_netdev's netns.
> + */
> int psp_device_get_locked_admin(const struct genl_split_ops *ops,
> struct sk_buff *skb, struct genl_info *info)
> {
> return __psp_device_get_locked(ops, skb, info, true);
> }
>
> +/**
> + * Non-admin version of psp_device_get_locked() where it returns psd in netns
> + * for not only psd->main_netdev but all netdevs in psd->assoc_dev_list.
> + */
> int psp_device_get_locked(const struct genl_split_ops *ops,
> struct sk_buff *skb, struct genl_info *info)
> {
> @@ -103,11 +179,74 @@ psp_device_unlock(const struct genl_split_ops *ops, struct sk_buff *skb,
> sockfd_put(socket);
> }
There's a warning that these comments have the kdoc open sequence, but
are not proper kdoc comments.
> +
> static int
> psp_nl_dev_fill(struct psp_dev *psd, struct sk_buff *rsp,
> const struct genl_info *info)
> {
> + struct net *cur_net;
> void *hdr;
> + int err;
> +
> + cur_net = genl_info_net(info);
> +
> + /* Skip this device if we're in an associated netns but have no
> + * associated devices in cur_net
> + */
> + if (cur_net != dev_net(psd->main_netdev) &&
> + !psp_has_assoc_dev_in_ns(psd, cur_net))
> + return 0;
>
Is this branch dead code given we either arrived here via
psp_dev_check_access(), or psp_nl_build_dev_ntf() which should only use
associated netns's?
>
> +int psp_nl_dev_assoc_doit(struct sk_buff *skb, struct genl_info *info)
> +{
> + struct psp_dev *psd = info->user_ptr[0];
> + struct psp_assoc_dev *psp_assoc_dev;
> + struct net_device *assoc_dev;
> + struct sk_buff *rsp;
> + u32 assoc_ifindex;
> + struct net *net;
> + int nsid;
> +
> + if (GENL_REQ_ATTR_CHECK(info, PSP_A_DEV_IFINDEX))
> + return -EINVAL;
> +
> + if (info->attrs[PSP_A_DEV_NSID]) {
> + nsid = nla_get_s32(info->attrs[PSP_A_DEV_NSID]);
> +
> + net = get_net_ns_by_id(genl_info_net(info), nsid);
> + if (!net) {
> + NL_SET_BAD_ATTR(info->extack,
> + info->attrs[PSP_A_DEV_NSID]);
> + return -EINVAL;
> + }
> + } else {
> + net = get_net(genl_info_net(info));
> + }
> +
> + psp_assoc_dev = kzalloc(sizeof(*psp_assoc_dev), GFP_KERNEL);
> + if (!psp_assoc_dev) {
> + put_net(net);
> + return -ENOMEM;
> + }
> +
> + assoc_ifindex = nla_get_u32(info->attrs[PSP_A_DEV_IFINDEX]);
> + assoc_dev = netdev_get_by_index(net, assoc_ifindex,
> + &psp_assoc_dev->dev_tracker,
> + GFP_KERNEL);
> + if (!assoc_dev) {
> + put_net(net);
> + kfree(psp_assoc_dev);
> + NL_SET_BAD_ATTR(info->extack, info->attrs[PSP_A_DEV_IFINDEX]);
> + return -ENODEV;
> + }
> +
> + /* Check if device is already associated with a PSP device */
> + if (cmpxchg(&assoc_dev->psp_dev, NULL, RCU_INITIALIZER(psd))) {
> + NL_SET_ERR_MSG(info->extack,
> + "Device already associated with a PSP device");
> + netdev_put(assoc_dev, &psp_assoc_dev->dev_tracker);
> + put_net(net);
> + kfree(psp_assoc_dev);
> + return -EBUSY;
> + }
> +
> + psp_assoc_dev->assoc_dev = assoc_dev;
> + rsp = psp_nl_reply_new(info);
> + if (!rsp) {
> + rcu_assign_pointer(assoc_dev->psp_dev, NULL);
> + netdev_put(assoc_dev, &psp_assoc_dev->dev_tracker);
> + put_net(net);
> + kfree(psp_assoc_dev);
> + return -ENOMEM;
> + }
> +
> + list_add_tail(&psp_assoc_dev->dev_list, &psd->assoc_dev_list);
> +
> + put_net(net);
> +
> + psp_nl_notify_dev(psd, PSP_CMD_DEV_CHANGE_NTF);
> +
> + return psp_nl_reply_send(rsp, info);
> +}
> +
This function could probably benefit from a goto style cleanup chain,
given the overlapping set of actions to unwind at each error.
>
> int psp_assoc_device_get_locked(const struct genl_split_ops *ops,
> @@ -320,7 +617,9 @@ int psp_assoc_device_get_locked(const struct genl_split_ops *ops,
>
> psd = psp_dev_get_for_sock(socket->sk);
> if (psd) {
> + mutex_lock(&psd->lock);
> err = psp_dev_check_access(psd, genl_info_net(info), false);
> + mutex_unlock(&psd->lock);
This looks like a "TOCTOU" issue on the mutable assoc_dev_list, but I
think it ends up being a benign race.
> if (err) {
> psp_dev_put(psd);
> psd = NULL;
Some minor comments, but otherwise:
Reviewed-by: Daniel Zahka <daniel.zahka@gmail.com>
next prev parent reply other threads:[~2026-04-06 13:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-05 5:58 [PATCH v10 net-next 0/5] psp: Add support for dev-assoc/disassoc Wei Wang
2026-04-05 5:58 ` [PATCH v10 net-next 1/5] psp: add admin/non-admin version of psp_device_get_locked Wei Wang
2026-04-06 11:11 ` Daniel Zahka
2026-04-08 18:24 ` Wei Wang
2026-04-05 5:58 ` [PATCH v10 net-next 2/5] psp: add new netlink cmd for dev-assoc and dev-disassoc Wei Wang
2026-04-06 13:27 ` Daniel Zahka [this message]
2026-04-07 23:36 ` Wei Wang
2026-04-05 5:58 ` [PATCH v10 net-next 3/5] psp: add a new netdev event for dev unregister Wei Wang
2026-04-06 14:12 ` Daniel Zahka
2026-04-08 0:01 ` Wei Wang
2026-04-05 5:58 ` [PATCH v10 net-next 4/5] selftests/net: Add bpf skb forwarding program Wei Wang
2026-04-05 5:58 ` [PATCH v10 net-next 5/5] selftest/net: psp: Add test for dev-assoc/disassoc Wei Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2758ac3a-50dc-451a-990a-93e4db9d4bd6@gmail.com \
--to=daniel.zahka@gmail.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=dw@davidwei.uk \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=weibunny.kernel@gmail.com \
--cc=weibunny@fb.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.