lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87sg1brzcl.fsf@toke.dk>
Date:   Mon, 21 Jun 2021 17:50:34 +0200
From:   Toke Høiland-Jørgensen <toke@...hat.com>
To:     Kumar Kartikeya Dwivedi <memxor@...il.com>, netdev@...r.kernel.org
Cc:     Kumar Kartikeya Dwivedi <memxor@...il.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        Martin KaFai Lau <kafai@...com>, bpf@...r.kernel.org
Subject: Re: [PATCH net-next 3/4] bpf: devmap: implement devmap prog
 execution for generic XDP

Kumar Kartikeya Dwivedi <memxor@...il.com> writes:

> This lifts the restriction on running devmap BPF progs in generic
> redirect mode. To match native XDP behavior, it is invoked right before
> generic_xdp_tx is called, and only supports XDP_PASS/XDP_ABORTED/
> XDP_DROP actions.
>
> We also return 0 even if devmap program drops the packet, as
> semantically redirect has already succeeded and the devmap prog is the
> last point before TX of the packet to device where it can deliver a
> verdict on the packet.
>
> This also means it must take care of freeing the skb, as
> xdp_do_generic_redirect callers only do that in case an error is
> returned.
>
> Signed-off-by: Kumar Kartikeya Dwivedi <memxor@...il.com>
> ---
>  kernel/bpf/devmap.c | 42 +++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 41 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/devmap.c b/kernel/bpf/devmap.c
> index 2a75e6c2d27d..db3ed8b20c8c 100644
> --- a/kernel/bpf/devmap.c
> +++ b/kernel/bpf/devmap.c
> @@ -322,7 +322,8 @@ bool dev_map_can_have_prog(struct bpf_map *map)
>  {
>  	if ((map->map_type == BPF_MAP_TYPE_DEVMAP ||
>  	     map->map_type == BPF_MAP_TYPE_DEVMAP_HASH) &&
> -	    map->value_size != offsetofend(struct bpf_devmap_val, ifindex))
> +	    map->value_size != offsetofend(struct bpf_devmap_val, ifindex) &&
> +	    map->value_size != offsetofend(struct bpf_devmap_val, bpf_prog.fd))
>  		return true;

With this you've basically removed the need for the check that calls
this, so why not just get rid of it entirely? Same thing for cpumap,
instead of updating cpu_map_prog_allowed(), just get rid of it...

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ