kernel/linux.git/include/net/psp, branch v6.19.11

psp: add stats from psp spec to driver facing api

2025-11-08T02:53:57+00:00

Provide a driver api for reporting device statistics required by the "Implementation Requirements" section of the PSP Architecture Specification. Use a warning to ensure drivers report stats required by the spec. Signed-off-by: Daniel Zahka Link: https://patch.msgid.link/20251106002608.1578518-4-daniel.zahka@gmail.com Signed-off-by: Jakub Kicinski

psp: report basic stats from the core

2025-11-08T02:53:56+00:00

Track and report stats common to all psp devices from the core. A 'stale-event' is when the core marks the rx state of an active psp_assoc as incapable of authenticating psp encapsulated data. Signed-off-by: Daniel Zahka Link: https://patch.msgid.link/20251106002608.1578518-2-daniel.zahka@gmail.com Signed-off-by: Jakub Kicinski

net: psp: don't assume reply skbs will have a socket

2025-10-03T17:23:50+00:00

Rx path may be passing around unreferenced sockets, which means that skb_set_owner_edemux() may not set skb->sk and PSP will crash: KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] RIP: 0010:psp_reply_set_decrypted (./include/net/psp/functions.h:132 net/psp/psp_sock.c:287) tcp_v6_send_response.constprop.0 (net/ipv6/tcp_ipv6.c:979) tcp_v6_send_reset (net/ipv6/tcp_ipv6.c:1140 (discriminator 1)) tcp_v6_do_rcv (net/ipv6/tcp_ipv6.c:1683) tcp_v6_rcv (net/ipv6/tcp_ipv6.c:1912) Fixes: 659a2899a57d ("tcp: add datapath logic for PSP with inline key exchange") Reviewed-by: Kuniyuki Iwashima Reviewed-by: Eric Dumazet Link: https://patch.msgid.link/20251001022426.2592750-1-kuba@kernel.org Signed-off-by: Jakub Kicinski

psp: Fix typo in kdoc for struct psp_dev_caps.assoc_drv_spc.

2025-09-20T00:02:27+00:00

assoc_drv_spc is the size of psp_assoc.drv_data[]. Signed-off-by: Kuniyuki Iwashima Reviewed-by: Simon Horman Link: https://patch.msgid.link/20250918192539.1587586-1-kuniyu@google.com Signed-off-by: Jakub Kicinski

psp: don't use flags for checking sk_state

2025-09-20T00:01:20+00:00

Using flags to check sk_state only makes sense to check for a subset of states in parallel e.g. sk_fullsock(). We are not doing that here. Compare for individual states directly. Signed-off-by: Daniel Zahka Link: https://patch.msgid.link/20250918155205.2197603-4-daniel.zahka@gmail.com Signed-off-by: Jakub Kicinski

psp: fix preemptive inet_twsk() cast in psp_sk_get_assoc_rcu()

2025-09-20T00:01:20+00:00

It is weird to cast to a timewait_sock before checking sk_state, even if the use is after such a check. Remove the tw local variable, and use inet_twsk() directly in the timewait branch. Signed-off-by: Daniel Zahka Link: https://patch.msgid.link/20250918155205.2197603-3-daniel.zahka@gmail.com Signed-off-by: Jakub Kicinski

psp: make struct sock argument const in psp_sk_get_assoc_rcu()

2025-09-20T00:01:20+00:00

This function does not need a mutable reference to its argument. Signed-off-by: Daniel Zahka Link: https://patch.msgid.link/20250918155205.2197603-2-daniel.zahka@gmail.com Signed-off-by: Jakub Kicinski

psp: provide decapsulation and receive helper for drivers

2025-09-18T10:32:07+00:00

Create psp_dev_rcv(), which drivers can call to psp decapsulate and attach a psp_skb_ext to an skb. psp_dev_rcv() only supports what the PSP architecture specification refers to as "transport mode" packets, where the L3 header is either IPv6 or IPv4. Reviewed-by: Willem de Bruijn Signed-off-by: Raed Salem Signed-off-by: Rahul Rameshbabu Signed-off-by: Cosmin Ratiu Co-developed-by: Daniel Zahka Signed-off-by: Daniel Zahka Reviewed-by: Eric Dumazet Link: https://patch.msgid.link/20250917000954.859376-18-daniel.zahka@gmail.com Signed-off-by: Paolo Abeni

psp: provide encapsulation helper for drivers

2025-09-18T10:32:07+00:00

Create a new function psp_encapsulate(), which takes a TCP packet and PSP encapsulates it according to the "Transport Mode Packet Format" section of the PSP Architecture Specification. psp_encapsulate() does not push a PSP trailer onto the skb. Both IPv6 and IPv4 are supported. Virtualization cookie is not included. Reviewed-by: Willem de Bruijn Signed-off-by: Raed Salem Signed-off-by: Rahul Rameshbabu Signed-off-by: Cosmin Ratiu Co-developed-by: Daniel Zahka Signed-off-by: Daniel Zahka Reviewed-by: Eric Dumazet Link: https://patch.msgid.link/20250917000954.859376-14-daniel.zahka@gmail.com Signed-off-by: Paolo Abeni

psp: track generations of device key

2025-09-18T10:32:06+00:00

There is a (somewhat theoretical in absence of multi-host support) possibility that another entity will rotate the key and we won't know. This may lead to accepting packets with matching SPI but which used different crypto keys than we expected. The PSP Architecture specification mentions that an implementation should track device key generation when device keys are managed by the NIC. Some PSP implementations may opt to include this key generation state in decryption metadata each time a device key is used to decrypt a packet. If that is the case, that key generation counter can also be used when policy checking a decrypted skb against a psp_assoc. This is an optional feature that is not explicitly part of the PSP spec, but can provide additional security in the case where an attacker may have the ability to force key rotations faster than rekeying can occur. Since we're tracking "key generations" more explicitly now, maintain different lists for associations from different generations. This way we can catch stale associations (the user space should listen to rotation notifications and change the keys). Drivers can "opt out" of generation tracking by setting the generation value to 0. Reviewed-by: Willem de Bruijn Signed-off-by: Jakub Kicinski Signed-off-by: Daniel Zahka Reviewed-by: Eric Dumazet Link: https://patch.msgid.link/20250917000954.859376-11-daniel.zahka@gmail.com Signed-off-by: Paolo Abeni