lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 30 Nov 2021 20:19:20 -0800
From:   Cong Wang <xiyou.wangcong@...il.com>
To:     Song Liu <song@...nel.org>
Cc:     Andrii Nakryiko <andrii@...nel.org>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Cong Wang <cong.wang@...edance.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        John Fastabend <john.fastabend@...il.com>,
        Jakub Sitnicki <jakub@...udflare.com>
Subject: Re: [PATCH bpf] libbpf: fix missing section "sk_skb/skb_verdict"

On Tue, Nov 30, 2021 at 3:33 PM Song Liu <song@...nel.org> wrote:
>
> On Mon, Nov 29, 2021 at 12:51 PM Cong Wang <xiyou.wangcong@...il.com> wrote:
> >
> > On Fri, Nov 26, 2021 at 04:20:34PM -0800, Song Liu wrote:
> > > On Fri, Nov 26, 2021 at 12:45 PM Cong Wang <xiyou.wangcong@...il.com> wrote:
> > > >
> > > > From: Cong Wang <cong.wang@...edance.com>
> > > >
> > > > When BPF_SK_SKB_VERDICT was introduced, I forgot to add
> > > > a section mapping for it in libbpf.
> > > >
> > > > Fixes: a7ba4558e69a ("sock_map: Introduce BPF_SK_SKB_VERDICT")
> > > > Cc: Daniel Borkmann <daniel@...earbox.net>
> > > > Cc: John Fastabend <john.fastabend@...il.com>
> > > > Cc: Jakub Sitnicki <jakub@...udflare.com>
> > > > Signed-off-by: Cong Wang <cong.wang@...edance.com>
> > >
> > > The patch looks good to me. But seems the selftests are OK without this. So,
> > > do we really need this?
> > >
> >
> > Not sure if I understand this question.
> >
> > At least BPF_SK_SKB_STREAM_PARSER and BPF_SK_SKB_STREAM_VERDICT are already
> > there, so either we should remove all of them or add BPF_SK_SKB_VERDICT for
> > completeness.
> >
> > Or are you suggesting we should change it back in selftests too? Note, it was
> > changed by Andrii in commit 15669e1dcd75fe6d51e495f8479222b5884665b6:
> >
> > -SEC("sk_skb/skb_verdict")
> > +SEC("sk_skb")
>
> Yes, I noticed that Andrii made the change, and it seems to work
> as-is. Therefore,
> I had the question "do we really need it".

Same question from me: why still keep sk_skb/stream_parser and
sk_skb/stream_verdict? ;) I don't see any reason these two are more
special than sk_skb/skb_verdict, therefore we should either keep all
of them or remove all of them.

>
> If we do need to differentiate skb_verdict from just sk_skb, could you

Are you sure sk_skb is a real attach type?? To me, it is an umbrella to
catch all of them:

SEC_DEF("sk_skb",               SK_SKB, 0, SEC_NONE | SEC_SLOPPY_PFX),

whose expected_attach_type is 0. The reason why it works is
probably because we don't check BPF_PROG_TYPE_SK_SKB in
bpf_prog_load_check_attach().

> please add a
> case selftest for skb_verdict?

Ah, sure, I didn't know we have sec_name_test.

>
> Also, maybe we can name it as "sk_skb/verdict" to avoid duplication?

At least we used to call it sk_skb/skb_verdict before commit 15669e1dcd.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ