lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 26 Jan 2022 23:01:35 -0800
From:   Martin KaFai Lau <kafai@...com>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
CC:     Pavel Begunkov <asml.silence@...il.com>,
        Network Development <netdev@...r.kernel.org>,
        bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>,
        Song Liu <songliubraving@...com>,
        LKML <linux-kernel@...r.kernel.org>,
        Stanislav Fomichev <sdf@...gle.com>
Subject: Re: [PATCH for-next v4] cgroup/bpf: fast path skb BPF filtering

On Wed, Jan 26, 2022 at 09:08:24PM -0800, Alexei Starovoitov wrote:
> On Wed, Jan 26, 2022 at 1:29 PM Pavel Begunkov <asml.silence@...il.com> wrote:
> >
> > On 1/26/22 20:30, Martin KaFai Lau wrote:
> > > On Wed, Jan 26, 2022 at 12:22:13AM +0000, Pavel Begunkov wrote:
> > >>   #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb)                        \
> > >>   ({                                                                       \
> > >>      int __ret = 0;                                                        \
> > >> -    if (cgroup_bpf_enabled(CGROUP_INET_INGRESS))                  \
> > >> +    if (cgroup_bpf_enabled(CGROUP_INET_INGRESS) && sk &&                  \
> > >  From reading sk_filter_trim_cap() where this will be called, sk cannot be NULL.
> > > If yes, the new sk test is not needed.
> >
> > Well, there is no sane way to verify how it's used considering
> >
> > EXPORT_SYMBOL(__cgroup_bpf_run_filter_skb);
> 
> BPF_CGROUP_RUN_PROG_INET_INGRESS() is used in one place.
> Are you folks saying that you want to remove !sk check
> from __cgroup_bpf_run_filter_skb()?
I meant to remove the newly added "&& sk" test in this patch
instead of the existing "!sk" test in __cgroup_bpf_run_filter_skb().
I think it may be where the confusion is.

There is little reason to add a new unnecessary test.

> Seems like micro optimization, but sure why not.
The whole "if (!sk || !sk_fullsock(sk))" test can probably be
removed from __cgroup_bpf_run_filter_skb().  It would be
a nice clean up but I don't think it has to be done together
with this no-bpf-prog to run optimization-patch.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ