From nobody Sun Feb 8 12:19:00 2026 Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com [209.85.128.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C78A1E56A for ; Tue, 28 Oct 2025 00:00:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761609625; cv=none; b=ReO+8QYVdHG5mo6M3KSXILxhPHA9qlfp0e9+GOkErFiAAIdh29vgENo15+pJVBvkGpEGCsrcVMownAtPXB0nNaJJrEg3i8GWa0J2ZFx6Gxw0k0KuWRooMRern2EryvNuJWfNR7pHPvGAvxMzh3dR8LCCYjWOszBfZI1cWUwuzUY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761609625; c=relaxed/simple; bh=4MYN7EAgWnSODODG6A19x6ijHGlK8gmMv8zjON/zh+s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=R6L8p4BjYL6OyEKOpH2vtj2apgobUg4mgN0VbvrI4JGoANkUcG4d2ZxlQI7IvFqIDC0GZ52zbUWj1o1o153gIIlrS3Cj0iVmcXpnmieQT4h96UnWZVATR2rdRzYfAx+fLVJ5wxRge2YYU6CUjJUXSrrKbUwShJuWUFU6t/5YY7Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=K9WiNUHf; arc=none smtp.client-ip=209.85.128.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="K9WiNUHf" Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-78356c816fdso55122757b3.3 for ; Mon, 27 Oct 2025 17:00:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761609622; x=1762214422; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Fj6rW30AFi0w9W9uK7Qpyv8PnHs6M2XJTUrrQLC3IC8=; b=K9WiNUHfdiiz6D/lkx1HLgRx267AD//0INUAdkH7Td7OLjGTVsH2ZJEWfA69SbcUWD Q35Td94rykP5D7Nkjxdw3hm+2J7qJSMWb0t5dU/eiX72tD62kPJL6WBnOvRCj1JUbCMb 6DzJwcxxCNr0dsHGCzdiCLszyeydPtPnGerQRRrNXXyKxKQA96rCjB5bV+5TlYKSr7CE 8k9KMdC/d2DlLasBoRsAWrUMyZ5hRiIsJCmEAFcWc6VLFax/KRKLFx4gXmO/I+9JMiat 6X3pYxXoOLUXapMvlcJzXU+3gKKeyjUVrP0ptvjfXZNYdQEOEuOI3zXtvNV7UxLlTEbx M51g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761609622; x=1762214422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Fj6rW30AFi0w9W9uK7Qpyv8PnHs6M2XJTUrrQLC3IC8=; b=K/2tBb8WJoU6h28A3RHfoHPmKus6C3dUox3eFvOaayAYjEh9d4ec0Pq6yiI9ct1EmR Jogd7mt96LKGF7HAGKSWE+i9w32X0DRt0EIfLnBRekCIP8OtEV3jY/tmH6l8aZg5DAKa 8gPiWrAhhAvCQB3perif2Dr7i3z6sZc9Kn06tRP834OQlmSKfLMRn6+1gGB0BCgOfxVz hJL1YswydB6SCv2sRTYBNbZNxPN8Meaqu6UpwWEcAu1OilONI18DwG6108O3vV8D4AiY dQtgqVQX7Utag7F1My4Oo8N8D9EvBVSZ35wefBiEwU8RN3upNh3MbLFnDVD82Ihm/smy mNfA== X-Forwarded-Encrypted: i=1; AJvYcCXQG9RDeLnxy4AWil6rq4jpDaPG86TFZdCU+NAyuEA6MVGGsbzt8tt7Sw5dsgFIE51y51pAok/mdEaY/+U=@vger.kernel.org X-Gm-Message-State: AOJu0YzLHIGwdUnIClz5B1fZwrhuxuINz5lt9yCtumhigYc6oYS5wkk9 LtP4eaP1m+4IPUJRFQiDovFjiv7T+PYki8benpZYV7pOJQl+bt0OnkTj X-Gm-Gg: ASbGnctx+/F/fHGhAA9t26Yv79RGRKRP2yuHF+R9+TxCBd1zqQ9+hzHtM7ejVX6LD/l mV7H2oPuX0Lqf+Q41JoTCmeCkRQLSr9hZ+sRvAgF8U1ruQm8S4kFQf6Gzpfw0kf0XkANoBMHo3l /0//zJGWqJKhj4rIORKS03ZG+3WuVgrzcQBnydS4N1XN6dX89levMW2b+HZaGXh1yhJnr7Mcuoo vKUSzqpsWZAwoOA5I3S7dWC14fKhMDCSS1xIpm1Yyc5f5W6+ZiK79Q/XFuLzQEYwJFPDSdVbdq7 LMM+yoCYyHnMChmwuDOY8mw5R75ti/GoR9K4eh0YdaJJ0T0GTx9+2Ic1CMv1yrVJ7k/zbNlwHdu Hlk2zhosE5vDQhVnvjNzIDJyJV0j6k6UK4xJ4By3Bx/swCIH4gdQIiJDT0Mjt/Gd2/dKKtTY7/z CXGQp3gKECpmZMPvseHDkw X-Google-Smtp-Source: AGHT+IEtNhRbUqJpwZGM8HVJkKiz5qUA6NwVSOw0LZb3oruArjnuV5wMId10sJYQfZpsNjoZann6RA== X-Received: by 2002:a05:690c:8689:20b0:781:226c:533f with SMTP id 00721157ae682-78617e9f364mr15508417b3.20.1761609621624; Mon, 27 Oct 2025 17:00:21 -0700 (PDT) Received: from localhost ([2a03:2880:25ff:50::]) by smtp.gmail.com with ESMTPSA id 00721157ae682-785ed1423f5sm23187217b3.5.2025.10.27.17.00.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Oct 2025 17:00:21 -0700 (PDT) From: Daniel Zahka To: "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Andrew Lunn , Shuah Khan , Boris Pismenny , Saeed Mahameed , Leon Romanovsky , Tariq Toukan , Mark Bloch Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH net-next v2 1/5] psp: report basic stats from the core Date: Mon, 27 Oct 2025 17:00:12 -0700 Message-ID: <20251028000018.3869664-2-daniel.zahka@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251028000018.3869664-1-daniel.zahka@gmail.com> References: <20251028000018.3869664-1-daniel.zahka@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jakub Kicinski Track and report stats common to all psp devices from the core. A 'stale-event' is when the core marks the rx state of an active psp_assoc as incapable of authenticating psp encapsulated data. Signed-off-by: Jakub Kicinski Signed-off-by: Daniel Zahka --- Notes: v2: - don't return skb->len from psp_nl_get_stats_dumpit() on success and EMSGSIZE Documentation/netlink/specs/psp.yaml | 40 +++++++++++++++ include/net/psp/types.h | 9 ++++ include/uapi/linux/psp.h | 10 ++++ net/psp/psp-nl-gen.c | 19 +++++++ net/psp/psp-nl-gen.h | 2 + net/psp/psp_nl.c | 74 ++++++++++++++++++++++++++++ net/psp/psp_sock.c | 4 +- 7 files changed, 157 insertions(+), 1 deletion(-) diff --git a/Documentation/netlink/specs/psp.yaml b/Documentation/netlink/s= pecs/psp.yaml index 944429e5c9a8..914148221384 100644 --- a/Documentation/netlink/specs/psp.yaml +++ b/Documentation/netlink/specs/psp.yaml @@ -76,6 +76,28 @@ attribute-sets: name: spi doc: Security Parameters Index (SPI) of the association. type: u32 + - + name: stats + attributes: + - + name: dev-id + doc: PSP device ID. + type: u32 + checks: + min: 1 + - + name: key-rotations + type: uint + doc: | + Number of key rotations during the lifetime of the device. + Kernel statistic. + - + name: stale-events + type: uint + doc: | + Number of times a socket's Rx got shut down due to using + a key which went stale (fully rotated out). + Kernel statistic. =20 operations: list: @@ -177,6 +199,24 @@ operations: pre: psp-assoc-device-get-locked post: psp-device-unlock =20 + - + name: get-stats + doc: Get device statistics. + attribute-set: stats + do: + request: + attributes: + - dev-id + reply: &stats-all + attributes: + - dev-id + - key-rotations + - stale-events + pre: psp-device-get-locked + post: psp-device-unlock + dump: + reply: *stats-all + mcast-groups: list: - diff --git a/include/net/psp/types.h b/include/net/psp/types.h index 31cee64b7c86..5b0ccaac3882 100644 --- a/include/net/psp/types.h +++ b/include/net/psp/types.h @@ -59,6 +59,10 @@ struct psp_dev_config { * device key * @stale_assocs: associations which use a rotated out key * + * @stats: statistics maintained by the core + * @stats.rotations: See stats attr key-rotations + * @stats.stales: See stats attr stale-events + * * @rcu: RCU head for freeing the structure */ struct psp_dev { @@ -81,6 +85,11 @@ struct psp_dev { struct list_head prev_assocs; struct list_head stale_assocs; =20 + struct { + unsigned long rotations; + unsigned long stales; + } stats; + struct rcu_head rcu; }; =20 diff --git a/include/uapi/linux/psp.h b/include/uapi/linux/psp.h index 607c42c39ba5..31592760ad79 100644 --- a/include/uapi/linux/psp.h +++ b/include/uapi/linux/psp.h @@ -45,6 +45,15 @@ enum { PSP_A_KEYS_MAX =3D (__PSP_A_KEYS_MAX - 1) }; =20 +enum { + PSP_A_STATS_DEV_ID =3D 1, + PSP_A_STATS_KEY_ROTATIONS, + PSP_A_STATS_STALE_EVENTS, + + __PSP_A_STATS_MAX, + PSP_A_STATS_MAX =3D (__PSP_A_STATS_MAX - 1) +}; + enum { PSP_CMD_DEV_GET =3D 1, PSP_CMD_DEV_ADD_NTF, @@ -55,6 +64,7 @@ enum { PSP_CMD_KEY_ROTATE_NTF, PSP_CMD_RX_ASSOC, PSP_CMD_TX_ASSOC, + PSP_CMD_GET_STATS, =20 __PSP_CMD_MAX, PSP_CMD_MAX =3D (__PSP_CMD_MAX - 1) diff --git a/net/psp/psp-nl-gen.c b/net/psp/psp-nl-gen.c index 9fdd6f831803..73f8b06d66f0 100644 --- a/net/psp/psp-nl-gen.c +++ b/net/psp/psp-nl-gen.c @@ -47,6 +47,11 @@ static const struct nla_policy psp_tx_assoc_nl_policy[PS= P_A_ASSOC_SOCK_FD + 1] =3D [PSP_A_ASSOC_SOCK_FD] =3D { .type =3D NLA_U32, }, }; =20 +/* PSP_CMD_GET_STATS - do */ +static const struct nla_policy psp_get_stats_nl_policy[PSP_A_STATS_DEV_ID = + 1] =3D { + [PSP_A_STATS_DEV_ID] =3D NLA_POLICY_MIN(NLA_U32, 1), +}; + /* Ops table for psp */ static const struct genl_split_ops psp_nl_ops[] =3D { { @@ -99,6 +104,20 @@ static const struct genl_split_ops psp_nl_ops[] =3D { .maxattr =3D PSP_A_ASSOC_SOCK_FD, .flags =3D GENL_CMD_CAP_DO, }, + { + .cmd =3D PSP_CMD_GET_STATS, + .pre_doit =3D psp_device_get_locked, + .doit =3D psp_nl_get_stats_doit, + .post_doit =3D psp_device_unlock, + .policy =3D psp_get_stats_nl_policy, + .maxattr =3D PSP_A_STATS_DEV_ID, + .flags =3D GENL_CMD_CAP_DO, + }, + { + .cmd =3D PSP_CMD_GET_STATS, + .dumpit =3D psp_nl_get_stats_dumpit, + .flags =3D GENL_CMD_CAP_DUMP, + }, }; =20 static const struct genl_multicast_group psp_nl_mcgrps[] =3D { diff --git a/net/psp/psp-nl-gen.h b/net/psp/psp-nl-gen.h index 25268ed11fb5..5bc3b5d5a53e 100644 --- a/net/psp/psp-nl-gen.h +++ b/net/psp/psp-nl-gen.h @@ -28,6 +28,8 @@ int psp_nl_dev_set_doit(struct sk_buff *skb, struct genl_= info *info); int psp_nl_key_rotate_doit(struct sk_buff *skb, struct genl_info *info); int psp_nl_rx_assoc_doit(struct sk_buff *skb, struct genl_info *info); int psp_nl_tx_assoc_doit(struct sk_buff *skb, struct genl_info *info); +int psp_nl_get_stats_doit(struct sk_buff *skb, struct genl_info *info); +int psp_nl_get_stats_dumpit(struct sk_buff *skb, struct netlink_callback *= cb); =20 enum { PSP_NLGRP_MGMT, diff --git a/net/psp/psp_nl.c b/net/psp/psp_nl.c index 8aaca62744c3..f990cccbe99c 100644 --- a/net/psp/psp_nl.c +++ b/net/psp/psp_nl.c @@ -262,6 +262,7 @@ int psp_nl_key_rotate_doit(struct sk_buff *skb, struct = genl_info *info) psd->generation & ~PSP_GEN_VALID_MASK); =20 psp_assocs_key_rotated(psd); + psd->stats.rotations++; =20 nlmsg_end(ntf, (struct nlmsghdr *)ntf->data); genlmsg_multicast_netns(&psp_nl_family, dev_net(psd->main_netdev), ntf, @@ -503,3 +504,76 @@ int psp_nl_tx_assoc_doit(struct sk_buff *skb, struct g= enl_info *info) nlmsg_free(rsp); return err; } + +static int +psp_nl_stats_fill(struct psp_dev *psd, struct sk_buff *rsp, + const struct genl_info *info) +{ + void *hdr; + + hdr =3D genlmsg_iput(rsp, info); + if (!hdr) + return -EMSGSIZE; + + if (nla_put_u32(rsp, PSP_A_STATS_DEV_ID, psd->id) || + nla_put_uint(rsp, PSP_A_STATS_KEY_ROTATIONS, + psd->stats.rotations) || + nla_put_uint(rsp, PSP_A_STATS_STALE_EVENTS, psd->stats.stales)) + goto err_cancel_msg; + + genlmsg_end(rsp, hdr); + return 0; + +err_cancel_msg: + genlmsg_cancel(rsp, hdr); + return -EMSGSIZE; +} + +int psp_nl_get_stats_doit(struct sk_buff *skb, struct genl_info *info) +{ + struct psp_dev *psd =3D info->user_ptr[0]; + struct sk_buff *rsp; + int err; + + rsp =3D genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_KERNEL); + if (!rsp) + return -ENOMEM; + + err =3D psp_nl_stats_fill(psd, rsp, info); + if (err) + goto err_free_msg; + + return genlmsg_reply(rsp, info); + +err_free_msg: + nlmsg_free(rsp); + return err; +} + +static int +psp_nl_stats_get_dumpit_one(struct sk_buff *rsp, struct netlink_callback *= cb, + struct psp_dev *psd) +{ + if (psp_dev_check_access(psd, sock_net(rsp->sk))) + return 0; + + return psp_nl_stats_fill(psd, rsp, genl_info_dump(cb)); +} + +int psp_nl_get_stats_dumpit(struct sk_buff *rsp, struct netlink_callback *= cb) +{ + struct psp_dev *psd; + int err =3D 0; + + mutex_lock(&psp_devs_lock); + xa_for_each_start(&psp_devs, cb->args[0], psd, cb->args[0]) { + mutex_lock(&psd->lock); + err =3D psp_nl_stats_get_dumpit_one(rsp, cb, psd); + mutex_unlock(&psd->lock); + if (err) + break; + } + mutex_unlock(&psp_devs_lock); + + return err; +} diff --git a/net/psp/psp_sock.c b/net/psp/psp_sock.c index a931d825d1cc..f785672b7df6 100644 --- a/net/psp/psp_sock.c +++ b/net/psp/psp_sock.c @@ -253,8 +253,10 @@ void psp_assocs_key_rotated(struct psp_dev *psd) /* Mark the stale associations as invalid, they will no longer * be able to Rx any traffic. */ - list_for_each_entry_safe(pas, next, &psd->prev_assocs, assocs_list) + list_for_each_entry_safe(pas, next, &psd->prev_assocs, assocs_list) { pas->generation |=3D ~PSP_GEN_VALID_MASK; + psd->stats.stales++; + } list_splice_init(&psd->prev_assocs, &psd->stale_assocs); list_splice_init(&psd->active_assocs, &psd->prev_assocs); =20 --=20 2.47.3