From: David Howells <dhowells@redhat.com>
To: netdev@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>,
Marc Dionne <marc.dionne@auristor.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>,
linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH net-next v2 10/13] rxrpc: Display security params in the afs_cb_call tracepoint
Date: Mon, 7 Apr 2025 17:11:23 +0100 [thread overview]
Message-ID: <20250407161130.1349147-11-dhowells@redhat.com> (raw)
In-Reply-To: <20250407161130.1349147-1-dhowells@redhat.com>
Make the afs_cb_call tracepoint display some security parameters to make
debugging easier.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: netdev@vger.kernel.org
---
Documentation/networking/rxrpc.rst | 1 +
fs/afs/internal.h | 2 ++
fs/afs/rxrpc.c | 4 ++++
include/net/af_rxrpc.h | 2 ++
include/trace/events/afs.h | 11 +++++++++--
net/rxrpc/ar-internal.h | 1 +
net/rxrpc/call_object.c | 20 ++++++++++++++++++++
net/rxrpc/rxgk.c | 2 ++
8 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/Documentation/networking/rxrpc.rst b/Documentation/networking/rxrpc.rst
index a01f0c81ca4b..fe2ea73be441 100644
--- a/Documentation/networking/rxrpc.rst
+++ b/Documentation/networking/rxrpc.rst
@@ -1178,6 +1178,7 @@ API Function Reference
======================
.. kernel-doc:: net/rxrpc/af_rxrpc.c
+.. kernel-doc:: net/rxrpc/call_object.c
.. kernel-doc:: net/rxrpc/key.c
.. kernel-doc:: net/rxrpc/oob.c
.. kernel-doc:: net/rxrpc/peer_object.c
diff --git a/fs/afs/internal.h b/fs/afs/internal.h
index b3612b700c6a..178804817efb 100644
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -176,8 +176,10 @@ struct afs_call {
bool intr; /* T if interruptible */
bool unmarshalling_error; /* T if an unmarshalling error occurred */
bool responded; /* Got a response from the call (may be abort) */
+ u8 security_ix; /* Security class */
u16 service_id; /* Actual service ID (after upgrade) */
unsigned int debug_id; /* Trace ID */
+ u32 enctype; /* Security encoding type */
u32 operation_ID; /* operation ID for an incoming call */
u32 count; /* count for use in unmarshalling */
union { /* place to extract temporary data */
diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c
index 212af2aa85bf..00b3bc087f61 100644
--- a/fs/afs/rxrpc.c
+++ b/fs/afs/rxrpc.c
@@ -813,6 +813,10 @@ static int afs_deliver_cm_op_id(struct afs_call *call)
if (!afs_cm_incoming_call(call))
return -ENOTSUPP;
+ call->security_ix = rxrpc_kernel_query_call_security(call->rxcall,
+ &call->service_id,
+ &call->enctype);
+
trace_afs_cb_call(call);
call->work.func = call->type->work;
diff --git a/include/net/af_rxrpc.h b/include/net/af_rxrpc.h
index 0b209f703ffc..f15341594cc8 100644
--- a/include/net/af_rxrpc.h
+++ b/include/net/af_rxrpc.h
@@ -112,5 +112,7 @@ int rxkad_kernel_respond_to_challenge(struct sk_buff *challenge);
u32 rxgk_kernel_query_challenge(struct sk_buff *challenge);
int rxgk_kernel_respond_to_challenge(struct sk_buff *challenge,
struct krb5_buffer *appdata);
+u8 rxrpc_kernel_query_call_security(struct rxrpc_call *call,
+ u16 *_service_id, u32 *_enctype);
#endif /* _NET_RXRPC_H */
diff --git a/include/trace/events/afs.h b/include/trace/events/afs.h
index 8857f5ea77d4..7f83d242c8e9 100644
--- a/include/trace/events/afs.h
+++ b/include/trace/events/afs.h
@@ -663,19 +663,26 @@ TRACE_EVENT(afs_cb_call,
__field(unsigned int, call)
__field(u32, op)
__field(u16, service_id)
+ __field(u8, security_ix)
+ __field(u32, enctype)
),
TP_fast_assign(
__entry->call = call->debug_id;
__entry->op = call->operation_ID;
__entry->service_id = call->service_id;
+ __entry->security_ix = call->security_ix;
+ __entry->enctype = call->enctype;
),
- TP_printk("c=%08x %s",
+ TP_printk("c=%08x %s sv=%u sx=%u en=%u",
__entry->call,
__entry->service_id == 2501 ?
__print_symbolic(__entry->op, yfs_cm_operations) :
- __print_symbolic(__entry->op, afs_cm_operations))
+ __print_symbolic(__entry->op, afs_cm_operations),
+ __entry->service_id,
+ __entry->security_ix,
+ __entry->enctype)
);
TRACE_EVENT(afs_call,
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index d23ea4710cb2..767aed319fca 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -740,6 +740,7 @@ struct rxrpc_call {
u32 call_id; /* call ID on connection */
u32 cid; /* connection ID plus channel index */
u32 security_level; /* Security level selected */
+ u32 security_enctype; /* Security-specific encoding type (or 0) */
int debug_id; /* debug ID for printks */
unsigned short rx_pkt_offset; /* Current recvmsg packet offset */
unsigned short rx_pkt_len; /* Current recvmsg packet len */
diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c
index a4fedf639396..6f1815e4d69d 100644
--- a/net/rxrpc/call_object.c
+++ b/net/rxrpc/call_object.c
@@ -760,3 +760,23 @@ void rxrpc_destroy_all_calls(struct rxrpc_net *rxnet)
atomic_dec(&rxnet->nr_calls);
wait_var_event(&rxnet->nr_calls, !atomic_read(&rxnet->nr_calls));
}
+
+/**
+ * rxrpc_kernel_query_call_security - Query call's security parameters
+ * @call: The call to query
+ * @_service_id: Where to return the service ID
+ * @_enctype: Where to return the "encoding type"
+ *
+ * This queries the security parameters of a call, setting *@_service_id and
+ * *@_enctype and returning the security class.
+ *
+ * Return: The security class protocol number.
+ */
+u8 rxrpc_kernel_query_call_security(struct rxrpc_call *call,
+ u16 *_service_id, u32 *_enctype)
+{
+ *_service_id = call->dest_srx.srx_service;
+ *_enctype = call->security_enctype;
+ return call->security_ix;
+}
+EXPORT_SYMBOL(rxrpc_kernel_query_call_security);
diff --git a/net/rxrpc/rxgk.c b/net/rxrpc/rxgk.c
index 8b1ccdf8bc58..6175fc54ba90 100644
--- a/net/rxrpc/rxgk.c
+++ b/net/rxrpc/rxgk.c
@@ -443,6 +443,7 @@ static int rxgk_secure_packet(struct rxrpc_call *call, struct rxrpc_txbuf *txb)
if (ret < 0)
return ret;
+ call->security_enctype = gk->krb5->etype;
txb->cksum = htons(gk->key_number);
switch (call->conn->security_level) {
@@ -590,6 +591,7 @@ static int rxgk_verify_packet(struct rxrpc_call *call, struct sk_buff *skb)
}
}
+ call->security_enctype = gk->krb5->etype;
switch (call->conn->security_level) {
case RXRPC_SECURITY_PLAIN:
return 0;
next prev parent reply other threads:[~2025-04-07 16:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-07 16:11 [PATCH net-next v2 00/13] rxrpc, afs: Add AFS GSSAPI security class to AF_RXRPC and kafs David Howells
2025-04-07 16:11 ` [PATCH net-next v2 01/13] rxrpc: kdoc: Update function descriptions and add link from rxrpc.rst David Howells
2025-04-07 16:11 ` [PATCH net-next v2 02/13] rxrpc: Pull out certain app callback funcs into an ops table David Howells
2025-04-07 16:11 ` [PATCH net-next v2 03/13] rxrpc: Allow CHALLENGEs to the passed to the app for a RESPONSE David Howells
2025-04-10 2:06 ` Jakub Kicinski
2025-04-10 6:48 ` David Howells
2025-04-07 16:11 ` [PATCH net-next v2 04/13] rxrpc: Add the security index for yfs-rxgk David Howells
2025-04-07 16:11 ` [PATCH net-next v2 05/13] rxrpc: Add YFS RxGK (GSSAPI) security class David Howells
2025-04-07 16:11 ` [PATCH net-next v2 06/13] rxrpc: rxgk: Provide infrastructure and key derivation David Howells
2025-04-10 2:03 ` Jakub Kicinski
2025-04-10 6:54 ` David Howells
2025-04-10 23:31 ` Jakub Kicinski
2025-04-11 7:46 ` David Howells
2025-04-07 16:11 ` [PATCH net-next v2 07/13] rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI) David Howells
2025-04-07 16:11 ` [PATCH net-next v2 08/13] rxrpc: rxgk: Implement connection rekeying David Howells
2025-04-07 16:11 ` [PATCH net-next v2 09/13] rxrpc: Allow the app to store private data on peer structs David Howells
2025-04-07 16:11 ` David Howells [this message]
2025-04-07 16:11 ` [PATCH net-next v2 11/13] afs: Use rxgk RESPONSE to pass token for callback channel David Howells
2025-04-07 16:11 ` [PATCH net-next v2 12/13] rxrpc: Add more CHALLENGE/RESPONSE packet tracing David Howells
2025-04-07 16:11 ` [PATCH net-next v2 13/13] rxrpc: rxperf: Add test RxGK server keys David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250407161130.1349147-11-dhowells@redhat.com \
--to=dhowells@redhat.com \
--cc=brauner@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).