Re: [PATCH net-next 3/3] selftests: net: psp: add crypt-offset and spi-threshold test cases

[Akhilesh Samineni]

On Wed, Apr 8, 2026 at 3:22 AM Willem de Bruijn
<willemdebruijn.kernel@xxxxxxxxx> wrote:
>
> Akhilesh Samineni wrote:
> > Add test cases to set and get crypt-offset and spi-threshold attributes,
> > verifying both the applied value and the restored prior value.
> >
> > Signed-off-by: Akhilesh Samineni <akhilesh.samineni@xxxxxxxxxxxx>
> > Reviewed-by: Kiran Kella <kiran.kella@xxxxxxxxxxxx>
> > Reviewed-by: Ajit Kumar Khaparde <ajit.khaparde@xxxxxxxxxxxx>
> > ---
> >  tools/testing/selftests/drivers/net/psp.py | 32 ++++++++++++++++++++++
> >  1 file changed, 32 insertions(+)
> >
> > diff --git a/tools/testing/selftests/drivers/net/psp.py b/tools/testing/selftests/drivers/net/psp.py
> > index 864d9fce1094..9253aab29ded 100755
> > --- a/tools/testing/selftests/drivers/net/psp.py
> > +++ b/tools/testing/selftests/drivers/net/psp.py
> > @@ -171,6 +171,38 @@ def dev_get_device_bad(cfg):
> >      ksft_true(raised)
> >
> >
> > +def dev_set_crypt_offset(cfg):
> > +    """ Set and get the crypt-offset """
> > +    _init_psp_dev(cfg)
> > +
> > +    dev = cfg.pspnl.dev_get({'id': cfg.psp_dev_id})
> > +    orig = dev['crypt-offset']
> > +    cfg.pspnl.dev_set({"id": cfg.psp_dev_id,
> > +                       "crypt-offset": 5})
> > +    dev = cfg.pspnl.dev_get({'id': cfg.psp_dev_id})
> > +    ksft_eq(dev['crypt-offset'], 5)
> > +    cfg.pspnl.dev_set({"id": cfg.psp_dev_id,
> > +                       "crypt-offset": orig})
> > +    dev = cfg.pspnl.dev_get({'id': cfg.psp_dev_id})
> > +    ksft_eq(dev['crypt-offset'], orig)
> > +
> > +
> > +def dev_set_spi_threshold(cfg):
> > +    """ Set and get the spi-threshold """
> > +    _init_psp_dev(cfg)
> > +
> > +    dev = cfg.pspnl.dev_get({'id': cfg.psp_dev_id})
> > +    orig = dev['spi-threshold']
> > +    cfg.pspnl.dev_set({"id": cfg.psp_dev_id,
> > +                       "spi-threshold": 10})
> > +    dev = cfg.pspnl.dev_get({'id': cfg.psp_dev_id})
> > +    ksft_eq(dev['spi-threshold'], 10)
> > +    cfg.pspnl.dev_set({"id": cfg.psp_dev_id,
> > +                       "spi-threshold": orig})
> > +    dev = cfg.pspnl.dev_get({'id': cfg.psp_dev_id})
> > +    ksft_eq(dev['spi-threshold'], orig)
>
> These tests mainly verify that netlink works as intended. Not sure how
> much value that brings.
>
> Once crypt-offset requires bounds checking (say), such control ops
> functional tests may become more valuable.
Agree. I will include bounds checking for the crypt-offset in the v2
submission. This will ensure the control path is properly validated as
suggested.

>
> More interesting would be to see the effect on the datapath. E.g.,
> a crypt-offset that actually leaves plaintext. Not sure how easy or
> hard this is, so don't take this as a requirement. But maybe something
> that achievable with PSP packetdrill (eventually)?

Regarding datapath verification, because PSP encryption and decryption
occur within the hardware offload path, the host cannot directly
observe the encrypted/plaintext transition for self-received packets.

We verified the crypt-offset effect by capturing and inspecting
traffic on an external switch between the hosts. While integrating
this into packetdrill is a valuable suggestion for long-term testing,
the current hardware-based offload makes host-side snooping difficult.
We will investigate packetdrill support for a future update.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature