lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <61b14e4ae483b_979572082c@john.notmuch>
Date:   Wed, 08 Dec 2021 16:31:06 -0800
From:   John Fastabend <john.fastabend@...il.com>
To:     Toke Høiland-Jørgensen <toke@...hat.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Jesper Dangaard Brouer <hawk@...nel.org>
Cc:     Toke Høiland-Jørgensen <toke@...hat.com>,
        netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: RE: [PATCH bpf-next 5/8] xdp: add xdp_do_redirect_frame() for
 pre-computed xdp_frames

Toke Høiland-Jørgensen wrote:
> Add an xdp_do_redirect_frame() variant which supports pre-computed
> xdp_frame structures. This will be used in bpf_prog_run() to avoid having
> to write to the xdp_frame structure when the XDP program doesn't modify the
> frame boundaries.
> 
> Signed-off-by: Toke Høiland-Jørgensen <toke@...hat.com>
> ---
>  include/linux/filter.h |  4 ++++
>  net/core/filter.c      | 28 +++++++++++++++++++++-------
>  2 files changed, 25 insertions(+), 7 deletions(-)
> 
> diff --git a/include/linux/filter.h b/include/linux/filter.h
> index b6a216eb217a..845452c83e0f 100644
> --- a/include/linux/filter.h
> +++ b/include/linux/filter.h
> @@ -1022,6 +1022,10 @@ int xdp_do_generic_redirect(struct net_device *dev, struct sk_buff *skb,
>  int xdp_do_redirect(struct net_device *dev,
>  		    struct xdp_buff *xdp,
>  		    struct bpf_prog *prog);
> +int xdp_do_redirect_frame(struct net_device *dev,
> +			  struct xdp_buff *xdp,
> +			  struct xdp_frame *xdpf,
> +			  struct bpf_prog *prog);

I don't really like that we are passing both the xdp_buff ptr and
xdp_frame *xdpf around when one is always null it looks like?

>  void xdp_do_flush(void);
>  
>  /* The xdp_do_flush_map() helper has been renamed to drop the _map suffix, as
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 1e86130a913a..d8fe74cc8b66 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -3957,14 +3957,13 @@ u32 xdp_master_redirect(struct xdp_buff *xdp)
>  }
>  EXPORT_SYMBOL_GPL(xdp_master_redirect);
>  
> -int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
> -		    struct bpf_prog *xdp_prog)
> +static int __xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
> +			     struct xdp_frame *xdpf, struct bpf_prog *xdp_prog)
>  {
>  	struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
>  	enum bpf_map_type map_type = ri->map_type;
>  	void *fwd = ri->tgt_value;
>  	u32 map_id = ri->map_id;
> -	struct xdp_frame *xdpf;
>  	struct bpf_map *map;
>  	int err;
>  
> @@ -3976,10 +3975,12 @@ int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
>  		goto out;
>  	}
>  
> -	xdpf = xdp_convert_buff_to_frame(xdp);
> -	if (unlikely(!xdpf)) {
> -		err = -EOVERFLOW;
> -		goto err;
> +	if (!xdpf) {
> +		xdpf = xdp_convert_buff_to_frame(xdp);
> +		if (unlikely(!xdpf)) {
> +			err = -EOVERFLOW;
> +			goto err;
> +		}

This is a bit ugly imo. Can we just decide what gets handed to the function
rather than having this mid function conversion?

If we can't get consistency at least a xdpf_do_redirect() and then make
a xdp_do_redirect( return xdpf_do_redirect(xdp_convert_buff_to_frame(xdp)))
that just does the conversion and passes it through.

Or did I miss something?

>  	}
>  
>  	switch (map_type) {
> @@ -4024,8 +4025,21 @@ int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
>  	_trace_xdp_redirect_map_err(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index, err);
>  	return err;
>  }
> +
> +int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
> +		    struct bpf_prog *xdp_prog)
> +{
> +	return __xdp_do_redirect(dev, xdp, NULL, xdp_prog);

same here. Just do the conversion and call,

 __xdpf_do_redirect(dev, xdpf, xdp_prog)

skipping the null pointr?

> +}
>  EXPORT_SYMBOL_GPL(xdp_do_redirect);
>  
> +int xdp_do_redirect_frame(struct net_device *dev, struct xdp_buff *xdp,
> +			  struct xdp_frame *xdpf, struct bpf_prog *xdp_prog)
> +{
> +	return __xdp_do_redirect(dev, xdp, xdpf, xdp_prog);
> +}
> +EXPORT_SYMBOL_GPL(xdp_do_redirect_frame);
> +
>  static int xdp_do_generic_redirect_map(struct net_device *dev,
>  				       struct sk_buff *skb,
>  				       struct xdp_buff *xdp,
> -- 
> 2.34.0
> 

Thanks,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ