lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Mar 2022 05:13:06 +0530 From: Kumar Kartikeya Dwivedi <memxor@...il.com> To: bpf@...r.kernel.org Cc: Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Martin KaFai Lau <kafai@...com>, Toke Høiland-Jørgensen <toke@...hat.com>, Jesper Dangaard Brouer <hawk@...nel.org>, Lorenzo Bianconi <lorenzo@...nel.org>, John Fastabend <john.fastabend@...il.com>, Jakub Kicinski <kuba@...nel.org>, Lorenz Bauer <linux@....io>, netdev@...r.kernel.org Subject: [PATCH bpf-next v1 0/5] Introduce bpf_packet_pointer helper Expose existing 'bpf_xdp_pointer' as a BPF helper named 'bpf_packet_pointer' returning a packet pointer with a fixed immutable range. This can be useful to enable DPA without having to use memcpy (currently the case in bpf_xdp_load_bytes and bpf_xdp_store_bytes). The intended usage to read and write data for multi-buff XDP is: int err = 0; char buf[N]; off &= 0xffff; ptr = bpf_packet_pointer(ctx, off, sizeof(buf), &err); if (unlikely(!ptr)) { if (err < 0) return XDP_ABORTED; err = bpf_xdp_load_bytes(ctx, off, buf, sizeof(buf)); if (err < 0) return XDP_ABORTED; ptr = buf; } ... // Do some stores and loads in [ptr, ptr + N) region ... if (unlikely(ptr == buf)) { err = bpf_xdp_store_bytes(ctx, off, buf, sizeof(buf)); if (err < 0) return XDP_ABORTED; } Note that bpf_packet_pointer returns a PTR_TO_PACKET, not PTR_TO_MEM, because these pointers need to be invalidated on clear_all_pkt_pointers invocation, and it is also more meaningful to the user to see return value as R0=pkt. This series is meant to collect feedback on the approach, next version can include a bpf_skb_pointer and exposing it as bpf_packet_pointer helper for TC hooks, and explore not resetting range to zero on r0 += rX, instead check access like check_mem_region_access (var_off + off < range), since there would be no data_end to compare against and obtain a new range. The common name and func_id is supposed to allow writing generic code using bpf_packet_pointer that works for both XDP and TC programs. Please see the individual patches for implementation details. Kumar Kartikeya Dwivedi (5): bpf: Add ARG_SCALAR and ARG_CONSTANT bpf: Introduce pkt_uid concept for PTR_TO_PACKET bpf: Introduce bpf_packet_pointer helper to do DPA selftests/bpf: Add verifier tests for pkt pointer with pkt_uid selftests/bpf: Update xdp_adjust_frags to use bpf_packet_pointer include/linux/bpf.h | 4 + include/linux/bpf_verifier.h | 9 +- include/uapi/linux/bpf.h | 12 ++ kernel/bpf/verifier.c | 97 ++++++++++-- net/core/filter.c | 48 +++--- tools/include/uapi/linux/bpf.h | 12 ++ .../bpf/prog_tests/xdp_adjust_frags.c | 46 ++++-- .../bpf/progs/test_xdp_update_frags.c | 46 ++++-- tools/testing/selftests/bpf/verifier/xdp.c | 146 ++++++++++++++++++ 9 files changed, 358 insertions(+), 62 deletions(-) -- 2.35.1
Powered by blists - more mailing lists