From: Daniel Zahka <daniel.zahka@gmail.com>
To: Wei Wang <weibunny.kernel@gmail.com>,
netdev@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
David Wei <dw@davidwei.uk>, Andrew Lunn <andrew+netdev@lunn.ch>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Simon Horman <horms@kernel.org>
Cc: Wei Wang <weibunny@fb.com>
Subject: Re: [PATCH v10 net-next 2/5] psp: add new netlink cmd for dev-assoc and dev-disassoc
Date: Mon, 6 Apr 2026 09:27:20 -0400 [thread overview]
Message-ID: <2758ac3a-50dc-451a-990a-93e4db9d4bd6@gmail.com> (raw)
In-Reply-To: <20260405055853.3285534-3-weibunny.kernel@gmail.com>
On 4/5/26 1:58 AM, Wei Wang wrote:
> From: Wei Wang <weibunny@fb.com>
>
> The main purpose of this cmd is to be able to associate a
> non-psp-capable device (e.g. veth or netkit) with a psp device.
> One use case is if we create a pair of veth/netkit, and assign 1 end
> inside a netns, while leaving the other end within the default netns,
> with a real PSP device, e.g. netdevsim or a physical PSP-capable NIC.
> With this command, we could associate the veth/netkit inside the netns
> with PSP device, so the virtual device could act as PSP-capable device
> to initiate PSP connections, and performs PSP encryption/decryption on
> the real PSP device.
>
> Signed-off-by: Wei Wang <weibunny@fb.com>
> ---
> Documentation/netlink/specs/psp.yaml | 67 +++++-
> include/net/psp/types.h | 15 ++
> include/uapi/linux/psp.h | 13 ++
> net/psp/psp-nl-gen.c | 32 +++
> net/psp/psp-nl-gen.h | 2 +
> net/psp/psp_main.c | 20 ++
> net/psp/psp_nl.c | 319 ++++++++++++++++++++++++++-
> 7 files changed, 457 insertions(+), 11 deletions(-)
>
...
>
> +/**
> + * Admin version of psp_device_get_locked() where it returns psd only if
> + * current netns is the same as psd->main_netdev's netns.
> + */
> int psp_device_get_locked_admin(const struct genl_split_ops *ops,
> struct sk_buff *skb, struct genl_info *info)
> {
> return __psp_device_get_locked(ops, skb, info, true);
> }
>
> +/**
> + * Non-admin version of psp_device_get_locked() where it returns psd in netns
> + * for not only psd->main_netdev but all netdevs in psd->assoc_dev_list.
> + */
> int psp_device_get_locked(const struct genl_split_ops *ops,
> struct sk_buff *skb, struct genl_info *info)
> {
> @@ -103,11 +179,74 @@ psp_device_unlock(const struct genl_split_ops *ops, struct sk_buff *skb,
> sockfd_put(socket);
> }
There's a warning that these comments have the kdoc open sequence, but
are not proper kdoc comments.
> +
> static int
> psp_nl_dev_fill(struct psp_dev *psd, struct sk_buff *rsp,
> const struct genl_info *info)
> {
> + struct net *cur_net;
> void *hdr;
> + int err;
> +
> + cur_net = genl_info_net(info);
> +
> + /* Skip this device if we're in an associated netns but have no
> + * associated devices in cur_net
> + */
> + if (cur_net != dev_net(psd->main_netdev) &&
> + !psp_has_assoc_dev_in_ns(psd, cur_net))
> + return 0;
>
Is this branch dead code given we either arrived here via
psp_dev_check_access(), or psp_nl_build_dev_ntf() which should only use
associated netns's?
>
> +int psp_nl_dev_assoc_doit(struct sk_buff *skb, struct genl_info *info)
> +{
> + struct psp_dev *psd = info->user_ptr[0];
> + struct psp_assoc_dev *psp_assoc_dev;
> + struct net_device *assoc_dev;
> + struct sk_buff *rsp;
> + u32 assoc_ifindex;
> + struct net *net;
> + int nsid;
> +
> + if (GENL_REQ_ATTR_CHECK(info, PSP_A_DEV_IFINDEX))
> + return -EINVAL;
> +
> + if (info->attrs[PSP_A_DEV_NSID]) {
> + nsid = nla_get_s32(info->attrs[PSP_A_DEV_NSID]);
> +
> + net = get_net_ns_by_id(genl_info_net(info), nsid);
> + if (!net) {
> + NL_SET_BAD_ATTR(info->extack,
> + info->attrs[PSP_A_DEV_NSID]);
> + return -EINVAL;
> + }
> + } else {
> + net = get_net(genl_info_net(info));
> + }
> +
> + psp_assoc_dev = kzalloc(sizeof(*psp_assoc_dev), GFP_KERNEL);
> + if (!psp_assoc_dev) {
> + put_net(net);
> + return -ENOMEM;
> + }
> +
> + assoc_ifindex = nla_get_u32(info->attrs[PSP_A_DEV_IFINDEX]);
> + assoc_dev = netdev_get_by_index(net, assoc_ifindex,
> + &psp_assoc_dev->dev_tracker,
> + GFP_KERNEL);
> + if (!assoc_dev) {
> + put_net(net);
> + kfree(psp_assoc_dev);
> + NL_SET_BAD_ATTR(info->extack, info->attrs[PSP_A_DEV_IFINDEX]);
> + return -ENODEV;
> + }
> +
> + /* Check if device is already associated with a PSP device */
> + if (cmpxchg(&assoc_dev->psp_dev, NULL, RCU_INITIALIZER(psd))) {
> + NL_SET_ERR_MSG(info->extack,
> + "Device already associated with a PSP device");
> + netdev_put(assoc_dev, &psp_assoc_dev->dev_tracker);
> + put_net(net);
> + kfree(psp_assoc_dev);
> + return -EBUSY;
> + }
> +
> + psp_assoc_dev->assoc_dev = assoc_dev;
> + rsp = psp_nl_reply_new(info);
> + if (!rsp) {
> + rcu_assign_pointer(assoc_dev->psp_dev, NULL);
> + netdev_put(assoc_dev, &psp_assoc_dev->dev_tracker);
> + put_net(net);
> + kfree(psp_assoc_dev);
> + return -ENOMEM;
> + }
> +
> + list_add_tail(&psp_assoc_dev->dev_list, &psd->assoc_dev_list);
> +
> + put_net(net);
> +
> + psp_nl_notify_dev(psd, PSP_CMD_DEV_CHANGE_NTF);
> +
> + return psp_nl_reply_send(rsp, info);
> +}
> +
This function could probably benefit from a goto style cleanup chain,
given the overlapping set of actions to unwind at each error.
>
> int psp_assoc_device_get_locked(const struct genl_split_ops *ops,
> @@ -320,7 +617,9 @@ int psp_assoc_device_get_locked(const struct genl_split_ops *ops,
>
> psd = psp_dev_get_for_sock(socket->sk);
> if (psd) {
> + mutex_lock(&psd->lock);
> err = psp_dev_check_access(psd, genl_info_net(info), false);
> + mutex_unlock(&psd->lock);
This looks like a "TOCTOU" issue on the mutable assoc_dev_list, but I
think it ends up being a benign race.
> if (err) {
> psp_dev_put(psd);
> psd = NULL;
Some minor comments, but otherwise:
Reviewed-by: Daniel Zahka <daniel.zahka@gmail.com>
next prev parent reply other threads:[~2026-04-06 13:27 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-05 5:58 [PATCH v10 net-next 0/5] psp: Add support for dev-assoc/disassoc Wei Wang
2026-04-05 5:58 ` [PATCH v10 net-next 1/5] psp: add admin/non-admin version of psp_device_get_locked Wei Wang
2026-04-06 11:11 ` Daniel Zahka
2026-04-05 5:58 ` [PATCH v10 net-next 2/5] psp: add new netlink cmd for dev-assoc and dev-disassoc Wei Wang
2026-04-06 13:27 ` Daniel Zahka [this message]
2026-04-05 5:58 ` [PATCH v10 net-next 3/5] psp: add a new netdev event for dev unregister Wei Wang
2026-04-06 14:12 ` Daniel Zahka
2026-04-05 5:58 ` [PATCH v10 net-next 4/5] selftests/net: Add bpf skb forwarding program Wei Wang
2026-04-05 5:58 ` [PATCH v10 net-next 5/5] selftest/net: psp: Add test for dev-assoc/disassoc Wei Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2758ac3a-50dc-451a-990a-93e4db9d4bd6@gmail.com \
--to=daniel.zahka@gmail.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=dw@davidwei.uk \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=weibunny.kernel@gmail.com \
--cc=weibunny@fb.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox