From: Daniel Zahka <daniel.zahka@gmail.com>
To: Paolo Abeni <pabeni@redhat.com>,
Donald Hunter <donald.hunter@gmail.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Simon Horman <horms@kernel.org>, Jonathan Corbet <corbet@lwn.net>,
Andrew Lunn <andrew+netdev@lunn.ch>
Cc: "Saeed Mahameed" <saeedm@nvidia.com>,
"Leon Romanovsky" <leon@kernel.org>,
"Tariq Toukan" <tariqt@nvidia.com>,
"Boris Pismenny" <borisp@nvidia.com>,
"Kuniyuki Iwashima" <kuniyu@google.com>,
"Willem de Bruijn" <willemb@google.com>,
"David Ahern" <dsahern@kernel.org>,
"Neal Cardwell" <ncardwell@google.com>,
"Patrisious Haddad" <phaddad@nvidia.com>,
"Raed Salem" <raeds@nvidia.com>,
"Jianbo Liu" <jianbol@nvidia.com>,
"Dragos Tatulea" <dtatulea@nvidia.com>,
"Rahul Rameshbabu" <rrameshbabu@nvidia.com>,
"Stanislav Fomichev" <sdf@fomichev.me>,
"Toke Høiland-Jørgensen" <toke@redhat.com>,
"Alexander Lobakin" <aleksander.lobakin@intel.com>,
"Kiran Kella" <kiran.kella@broadcom.com>,
"Jacob Keller" <jacob.e.keller@intel.com>,
netdev@vger.kernel.org
Subject: Re: [PATCH net-next v6 10/19] psp: track generations of device key
Date: Thu, 14 Aug 2025 11:53:21 -0400 [thread overview]
Message-ID: <32b6cce4-6751-486a-b853-5604a48572e3@gmail.com> (raw)
In-Reply-To: <324f1785-80a8-4178-937a-c3d6a47e6d79@redhat.com>
On 8/14/25 10:07 AM, Paolo Abeni wrote:
> On 8/12/25 2:29 AM, Daniel Zahka wrote:
>> +void psp_assocs_key_rotated(struct psp_dev *psd)
>> +{
>> + struct psp_assoc *pas, *next;
>> +
>> + /* Mark the stale associations as invalid, they will no longer
>> + * be able to Rx any traffic.
>> + */
>> + list_for_each_entry_safe(pas, next, &psd->prev_assocs, assocs_list)
>> + pas->generation |= ~PSP_GEN_VALID_MASK;
>> + list_splice_init(&psd->prev_assocs, &psd->stale_assocs);
>> + list_splice_init(&psd->active_assocs, &psd->prev_assocs);
> AFAICS the prev_assocs size is unbounded, and keep increasing at each
> key rotation, am I correct?
psp_assoc objects are added to the active list during psp_assoc_create()
in the rx-assoc netlink op, and then removed from whichever of the three
lists it happens to be on during psp_assoc_free(), which is called when
its refcount goes to 0. So basically, a key rotation will shift the
psp_assoc's associated with the device around in terms of bookkeeping,
but the total length of these three lists combined is determined only by
the number of sockets in the system that have entered the rx-assoc
state, and have yet to be closed. For now, there can only ever be one
assoc per socket.
> In case of extreme long uptime (sometime
> happens :) or if the user-space goes wild, that could potentially
> consume unbound amount of memory. Could memory accounting or some hard
> limit make sense here?
I suppose a hard limit could make sense if adding one assoc per socket
could be abused, but that is a different issue than if there is some way
to use the uapi to create a psp_assoc leak.
next prev parent reply other threads:[~2025-08-14 15:53 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-12 0:29 [PATCH net-next v6 00/19] add basic PSP encryption for TCP connections Daniel Zahka
2025-08-12 0:29 ` [PATCH net-next v6 01/19] psp: add documentation Daniel Zahka
2025-08-12 0:29 ` [PATCH net-next v6 02/19] psp: base PSP device support Daniel Zahka
2025-08-14 14:21 ` Paolo Abeni
2025-08-14 15:14 ` Daniel Zahka
2025-08-14 15:46 ` Paolo Abeni
2025-08-12 0:29 ` [PATCH net-next v6 03/19] net: modify core data structures for PSP datapath support Daniel Zahka
2025-08-14 13:09 ` Paolo Abeni
2025-08-18 17:36 ` Daniel Zahka
2025-08-12 0:29 ` [PATCH net-next v6 04/19] tcp: add datapath logic for PSP with inline key exchange Daniel Zahka
2025-08-14 13:18 ` Paolo Abeni
2025-08-14 14:43 ` Daniel Zahka
2025-08-14 15:12 ` Jakub Kicinski
2025-08-12 0:29 ` [PATCH net-next v6 05/19] psp: add op for rotation of device key Daniel Zahka
2025-08-12 0:29 ` [PATCH net-next v6 06/19] net: move sk_validate_xmit_skb() to net/core/dev.c Daniel Zahka
2025-08-12 0:29 ` [PATCH net-next v6 07/19] net: tcp: allow tcp_timewait_sock to validate skbs before handing to device Daniel Zahka
2025-08-12 0:29 ` [PATCH net-next v6 08/19] net: psp: add socket security association code Daniel Zahka
2025-08-12 0:29 ` [PATCH net-next v6 09/19] net: psp: update the TCP MSS to reflect PSP packet overhead Daniel Zahka
2025-08-14 13:58 ` Paolo Abeni
2025-08-14 14:50 ` Daniel Zahka
2025-08-14 16:38 ` Paolo Abeni
2025-08-14 17:12 ` Daniel Zahka
2025-08-12 0:29 ` [PATCH net-next v6 10/19] psp: track generations of device key Daniel Zahka
2025-08-14 14:07 ` Paolo Abeni
2025-08-14 15:53 ` Daniel Zahka [this message]
2025-08-14 16:47 ` Paolo Abeni
2025-08-12 0:29 ` [PATCH net-next v6 11/19] net/mlx5e: Support PSP offload functionality Daniel Zahka
2025-08-14 14:12 ` Paolo Abeni
2025-08-12 0:29 ` [PATCH net-next v6 12/19] net/mlx5e: Implement PSP operations .assoc_add and .assoc_del Daniel Zahka
2025-08-12 0:30 ` [PATCH net-next v6 13/19] psp: provide encapsulation helper for drivers Daniel Zahka
2025-08-12 0:30 ` [PATCH net-next v6 14/19] net/mlx5e: Implement PSP Tx data path Daniel Zahka
2025-08-12 0:30 ` [PATCH net-next v6 15/19] net/mlx5e: Add PSP steering in local NIC RX Daniel Zahka
2025-08-12 0:30 ` [PATCH net-next v6 16/19] net/mlx5e: Configure PSP Rx flow steering rules Daniel Zahka
2025-08-12 0:30 ` [PATCH net-next v6 17/19] psp: provide decapsulation and receive helper for drivers Daniel Zahka
2025-08-12 0:30 ` [PATCH net-next v6 18/19] net/mlx5e: Add Rx data path offload Daniel Zahka
2025-08-12 0:30 ` [PATCH net-next v6 19/19] net/mlx5e: Implement PSP key_rotate operation Daniel Zahka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=32b6cce4-6751-486a-b853-5604a48572e3@gmail.com \
--to=daniel.zahka@gmail.com \
--cc=aleksander.lobakin@intel.com \
--cc=andrew+netdev@lunn.ch \
--cc=borisp@nvidia.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=dsahern@kernel.org \
--cc=dtatulea@nvidia.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jacob.e.keller@intel.com \
--cc=jianbol@nvidia.com \
--cc=kiran.kella@broadcom.com \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=leon@kernel.org \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=phaddad@nvidia.com \
--cc=raeds@nvidia.com \
--cc=rrameshbabu@nvidia.com \
--cc=saeedm@nvidia.com \
--cc=sdf@fomichev.me \
--cc=tariqt@nvidia.com \
--cc=toke@redhat.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).