mirror of
git://git.yoctoproject.org/linux-yocto.git
synced 2026-01-27 12:47:24 +01:00
659a2899a5
Add validation points and state propagation to support PSP key exchange inline, on TCP connections. The expectation is that application will use some well established mechanism like TLS handshake to establish a secure channel over the connection and if both endpoints are PSP-capable - exchange and install PSP keys. Because the connection can existing in PSP-unsecured and PSP-secured state we need to make sure that there are no race conditions or retransmission leaks. On Tx - mark packets with the skb->decrypted bit when PSP key is at the enqueue time. Drivers should only encrypt packets with this bit set. This prevents retransmissions getting encrypted when original transmission was not. Similarly to TLS, we'll use sk->sk_validate_xmit_skb to make sure PSP skbs can't "escape" via a PSP-unaware device without being encrypted. On Rx - validation is done under socket lock. This moves the validation point later than xfrm, for example. Please see the documentation patch for more details on the flow of securing a connection, but for the purpose of this patch what's important is that we want to enforce the invariant that once connection is secured any skb in the receive queue has been encrypted with PSP. Add GRO and coalescing checks to prevent PSP authenticated data from being combined with cleartext data, or data with non-matching PSP state. On Rx, check skb's with psp_skb_coalesce_diff() at points before psp_sk_rx_policy_check(). After skb's are policy checked and on the socket receive queue, skb_cmp_decrypted() is sufficient for checking for coalescable PSP state. On Tx, tcp_write_collapse_fence() should be called when transitioning a socket into PSP Tx state to prevent data sent as cleartext from being coalesced with PSP encapsulated data. This change only adds the validation points, for ease of review. Subsequent change will add the ability to install keys, and flesh the enforcement logic out Reviewed-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Co-developed-by: Daniel Zahka <daniel.zahka@gmail.com> Signed-off-by: Daniel Zahka <daniel.zahka@gmail.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20250917000954.859376-5-daniel.zahka@gmail.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> |
||
|---|---|---|
| .. | ||
| ila | ||
| netfilter | ||
| addrconf_core.c | ||
| addrconf.c | ||
| addrlabel.c | ||
| af_inet6.c | ||
| ah6.c | ||
| anycast.c | ||
| calipso.c | ||
| datagram.c | ||
| esp6_offload.c | ||
| esp6.c | ||
| exthdrs_core.c | ||
| exthdrs_offload.c | ||
| exthdrs.c | ||
| fib6_notifier.c | ||
| fib6_rules.c | ||
| fou6.c | ||
| icmp.c | ||
| inet6_connection_sock.c | ||
| inet6_hashtables.c | ||
| ioam6_iptunnel.c | ||
| ioam6.c | ||
| ip6_checksum.c | ||
| ip6_fib.c | ||
| ip6_flowlabel.c | ||
| ip6_gre.c | ||
| ip6_icmp.c | ||
| ip6_input.c | ||
| ip6_offload.c | ||
| ip6_offload.h | ||
| ip6_output.c | ||
| ip6_tunnel.c | ||
| ip6_udp_tunnel.c | ||
| ip6_vti.c | ||
| ip6mr.c | ||
| ipcomp6.c | ||
| ipv6_sockglue.c | ||
| Kconfig | ||
| Makefile | ||
| mcast_snoop.c | ||
| mcast.c | ||
| mip6.c | ||
| ndisc.c | ||
| netfilter.c | ||
| output_core.c | ||
| ping.c | ||
| proc.c | ||
| protocol.c | ||
| raw.c | ||
| reassembly.c | ||
| route.c | ||
| rpl_iptunnel.c | ||
| rpl.c | ||
| seg6_hmac.c | ||
| seg6_iptunnel.c | ||
| seg6_local.c | ||
| seg6.c | ||
| sit.c | ||
| syncookies.c | ||
| sysctl_net_ipv6.c | ||
| tcp_ao.c | ||
| tcp_ipv6.c | ||
| tcpv6_offload.c | ||
| tunnel6.c | ||
| udp_impl.h | ||
| udp_offload.c | ||
| udp.c | ||
| udplite.c | ||
| xfrm6_input.c | ||
| xfrm6_output.c | ||
| xfrm6_policy.c | ||
| xfrm6_protocol.c | ||
| xfrm6_state.c | ||
| xfrm6_tunnel.c | ||