| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200228114155.648f897e@carbon>
Date: Fri, 28 Feb 2020 11:41:55 +0100
From: Jesper Dangaard Brouer <brouer@...hat.com>
To: Toke Høiland-Jørgensen <toke@...hat.com>
Cc: David Ahern <dahern@...italocean.com>, netdev@...r.kernel.org,
davem@...emloft.net, kuba@...nel.org,
prashantbhole.linux@...il.com, jasowang@...hat.com, mst@...hat.com,
toshiaki.makita1@...il.com, daniel@...earbox.net,
john.fastabend@...il.com, ast@...nel.org, kafai@...com,
songliubraving@...com, yhs@...com, andriin@...com,
David Ahern <dsahern@...nel.org>, brouer@...hat.com
Subject: Re: [PATCH RFC v4 bpf-next 03/11] xdp: Add xdp_txq_info to xdp_buff
On Fri, 28 Feb 2020 11:07:23 +0100
Toke Høiland-Jørgensen <toke@...hat.com> wrote:
> David Ahern <dahern@...italocean.com> writes:
>
> > On 2/27/20 1:00 AM, Jesper Dangaard Brouer wrote:
> >>> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> >>> index 7850f8683b81..5e3f8aefad41 100644
> >>> --- a/include/uapi/linux/bpf.h
> >>> +++ b/include/uapi/linux/bpf.h
> >>> @@ -3334,8 +3334,10 @@ struct xdp_md {
> >>> __u32 data;
> >>> __u32 data_end;
> >>> __u32 data_meta;
> >>> - /* Below access go through struct xdp_rxq_info */
> >>> - __u32 ingress_ifindex; /* rxq->dev->ifindex */
> >>> + union {
> >>> + __u32 ingress_ifindex; /* rxq->dev->ifindex */
> >>> + __u32 egress_ifindex; /* txq->dev->ifindex */
> >>> + };
> >>
> >> Are we sure it is wise to "union share" (struct) xdp_md as the
> >> XDP-context in the XDP programs, with different expected_attach_type?
> >> As this allows the XDP-programmer to code an EGRESS program that access
> >> ctx->ingress_ifindex, this will under the hood be translated to
> >> ctx->egress_ifindex, because from the compilers-PoV this will just be an
> >> offset.
> >>
> >> We are setting up the XDP-programmer for a long debugging session, as
> >> she will be expecting to read 'ingress_ifindex', but will be getting
> >> 'egress_ifindex'. (As the compiler cannot warn her, and it is also
> >> correct seen from the verifier).
> >
> > It both cases it means the device handling the packet. ingress_ifindex
> > == device handling the Rx, egress_ifindex == device handling the Tx.
> > Really, it is syntactic sugar for program writers. It would have been
> > better had xdp_md only called it ifindex from the beginning.
>
> Telling users that they are doing it wrong is not going to make their
> debugging session any less frustrating :)
>
> If we keep rx_ifindex a separate field we can unambiguously reject a TX
> program that tries to access it, *and* we keep the option of allowing
> access to it later if it does turn out to be useful. IMO that is worth
> the four extra bytes.
I agree. We need unambiguously to help the program writer.
This is the wrong kind of 'syntactic sugar'. If you want a straight
'ifindex', that translates to the running_ifindex, when you need to add
a new member 'ifindex' that does this rewriting based on attach type.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
LinkedIn: http://www.linkedin.com/in/brouer
Powered by blists - more mailing lists