net: modify core data structures for PSP datapath support

Add pointers to psp data structures to core networking structs,
and an SKB extension to carry the PSP information from the drivers
to the socket layer.

Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Co-developed-by: Daniel Zahka <daniel.zahka@gmail.com>
Signed-off-by: Daniel Zahka <daniel.zahka@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250917000954.859376-4-daniel.zahka@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 62e7addccdf6f5dd7eb20466e76440b3bd86cd8c..78ecfa7d00d0f0b957ffa0d902fc954abaa535dc 100644 (file)
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -4901,6 +4901,9 @@ enum skb_ext_id {
 #endif
 #if IS_ENABLED(CONFIG_MCTP_FLOWS)
        SKB_EXT_MCTP,
+#endif
+#if IS_ENABLED(CONFIG_INET_PSP)
+       SKB_EXT_PSP,
 #endif
        SKB_EXT_NUM, /* must be last */
 };

diff --git a/include/net/inet_timewait_sock.h b/include/net/inet_timewait_sock.h
index 67a313575780992a1b55aa26aaa2055111eb7e8d..c1295246216c7fea23978faa402d580142b35a2e 100644 (file)
--- a/include/net/inet_timewait_sock.h
+++ b/include/net/inet_timewait_sock.h
@@ -81,6 +81,9 @@ struct inet_timewait_sock {
        struct timer_list       tw_timer;
        struct inet_bind_bucket *tw_tb;
        struct inet_bind2_bucket        *tw_tb2;
+#if IS_ENABLED(CONFIG_INET_PSP)
+       struct psp_assoc __rcu    *psp_assoc;
+#endif
 };
 #define tw_tclass tw_tos
 

diff --git a/include/net/psp/functions.h b/include/net/psp/functions.h
index 074f9df9afc3bb00fffeea5c519a388db03b3e2c..d0043bd14299a02415cd70c032ef25f75599249d 100644 (file)
--- a/include/net/psp/functions.h
+++ b/include/net/psp/functions.h
@@ -5,10 +5,16 @@
 
 #include <net/psp/types.h>
 
+struct inet_timewait_sock;
+
 /* Driver-facing API */
 struct psp_dev *
 psp_dev_create(struct net_device *netdev, struct psp_dev_ops *psd_ops,
               struct psp_dev_caps *psd_caps, void *priv_ptr);
 void psp_dev_unregister(struct psp_dev *psd);
 
+/* Kernel-facing API */
+static inline void psp_sk_assoc_free(struct sock *sk) { }
+static inline void psp_twsk_assoc_free(struct inet_timewait_sock *tw) { }
+
 #endif /* __NET_PSP_HELPERS_H */

diff --git a/include/net/psp/types.h b/include/net/psp/types.h
index d242b1ecee7dc332df5fdc4a6896f228946c22d0..4922fc8d42fd8b39fdecd6c5af72ba2bee957261 100644 (file)
--- a/include/net/psp/types.h
+++ b/include/net/psp/types.h
@@ -84,6 +84,13 @@ struct psp_dev_caps {
 
 #define PSP_MAX_KEY    32
 
+struct psp_skb_ext {
+       __be32 spi;
+       u16 dev_id;
+       u8 generation;
+       u8 version;
+};
+
 /**
  * struct psp_dev_ops - netdev driver facing PSP callbacks
  */

diff --git a/include/net/sock.h b/include/net/sock.h
index 0fd465935334160eeda7c1ea608f5d6161f02cb1..d1d3d36e39ae66180444d7c465f51a9f5f1d72b9 100644 (file)
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -249,6 +249,7 @@ struct sk_filter;
   *    @sk_dst_cache: destination cache
   *    @sk_dst_pending_confirm: need to confirm neighbour
   *    @sk_policy: flow policy
+  *    @psp_assoc: PSP association, if socket is PSP-secured
   *    @sk_receive_queue: incoming packets
   *    @sk_wmem_alloc: transmit queue bytes committed
   *    @sk_tsq_flags: TCP Small Queues flags
@@ -450,6 +451,9 @@ struct sock {
 #endif
 #ifdef CONFIG_XFRM
        struct xfrm_policy __rcu *sk_policy[2];
+#endif
+#if IS_ENABLED(CONFIG_INET_PSP)
+       struct psp_assoc __rcu  *psp_assoc;
 #endif
        struct numa_drop_counters *sk_drop_counters;
        __cacheline_group_end(sock_read_rxtx);

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 23b776cd98796cf8eb4d19868a0506423226914d..d331e607edfbe03315c7d25bdd48f74ce0e33d5b 100644 (file)
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -79,6 +79,7 @@
 #include <net/mptcp.h>
 #include <net/mctp.h>
 #include <net/page_pool/helpers.h>
+#include <net/psp/types.h>
 #include <net/dropreason.h>
 
 #include <linux/uaccess.h>
@@ -5062,6 +5063,9 @@ static const u8 skb_ext_type_len[] = {
 #if IS_ENABLED(CONFIG_MCTP_FLOWS)
        [SKB_EXT_MCTP] = SKB_EXT_CHUNKSIZEOF(struct mctp_flow),
 #endif
+#if IS_ENABLED(CONFIG_INET_PSP)
+       [SKB_EXT_PSP] = SKB_EXT_CHUNKSIZEOF(struct psp_skb_ext),
+#endif
 };
 
 static __always_inline unsigned int skb_ext_total_length(void)

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 76e38092cd8a3b90c688e8d9461f42a549050e77..e298dacb4a06471da69f52ebfdf1256d4a83dd2e 100644 (file)
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -102,6 +102,7 @@
 #include <net/gro.h>
 #include <net/gso.h>
 #include <net/tcp.h>
+#include <net/psp.h>
 #include <net/udp.h>
 #include <net/udplite.h>
 #include <net/ping.h>
@@ -158,6 +159,7 @@ void inet_sock_destruct(struct sock *sk)
        kfree(rcu_dereference_protected(inet->inet_opt, 1));
        dst_release(rcu_dereference_protected(sk->sk_dst_cache, 1));
        dst_release(rcu_dereference_protected(sk->sk_rx_dst, 1));
+       psp_sk_assoc_free(sk);
 }
 EXPORT_SYMBOL(inet_sock_destruct);
 

diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 327095ef95effb4180483aeaf43175bf05113dda..ddb67015ba28fc6ce2f7809851c733e14777a31a 100644 (file)
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -24,6 +24,7 @@
 #include <net/xfrm.h>
 #include <net/busy_poll.h>
 #include <net/rstreason.h>
+#include <net/psp.h>
 
 static bool tcp_in_window(u32 seq, u32 end_seq, u32 s_win, u32 e_win)
 {
@@ -392,6 +393,7 @@ void tcp_twsk_destructor(struct sock *sk)
        }
 #endif
        tcp_ao_destroy_sock(sk, true);
+       psp_twsk_assoc_free(inet_twsk(sk));
 }
 
 void tcp_twsk_purge(struct list_head *net_exit_list)