| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Nov 2022 23:04:22 -0800
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Stanislav Fomichev <sdf@...gle.com>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
song@...nel.org, yhs@...com, john.fastabend@...il.com,
kpsingh@...nel.org, haoluo@...gle.com, jolsa@...nel.org,
David Ahern <dsahern@...il.com>,
Jakub Kicinski <kuba@...nel.org>,
Willem de Bruijn <willemb@...gle.com>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Anatoly Burakov <anatoly.burakov@...el.com>,
Alexander Lobakin <alexandr.lobakin@...el.com>,
Magnus Karlsson <magnus.karlsson@...il.com>,
Maryam Tahhan <mtahhan@...hat.com>, xdp-hints@...-project.net,
netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next 06/11] xdp: Carry over xdp metadata into skb
context
On 11/14/22 7:02 PM, Stanislav Fomichev wrote:
> Implement new bpf_xdp_metadata_export_to_skb kfunc which
> prepares compatible xdp metadata for kernel consumption.
> This kfunc should be called prior to bpf_redirect
> or when XDP_PASS'ing the frame into the kernel (note, the drivers
> have to be updated to enable consuming XDP_PASS'ed metadata).
>
> veth driver is amended to consume this metadata when converting to skb.
>
> Internally, XDP_FLAGS_HAS_SKB_METADATA flag is used to indicate
> whether the frame has skb metadata. The metadata is currently
> stored prior to xdp->data_meta. bpf_xdp_adjust_meta refuses
> to work after a call to bpf_xdp_metadata_export_to_skb (can lift
> this requirement later on if needed, we'd have to memmove
> xdp_skb_metadata).
It is ok to refuse bpf_xdp_adjust_meta() after bpf_xdp_metadata_export_to_skb()
for now. However, it will also need to refuse bpf_xdp_adjust_head().
[ ... ]
> +/* For the packets directed to the kernel, this kfunc exports XDP metadata
> + * into skb context.
> + */
> +noinline int bpf_xdp_metadata_export_to_skb(const struct xdp_md *ctx)
> +{
> + return 0;
> +}
> +
I think it is still better to return 'struct xdp_skb_metata *' instead of
true/false. Like:
noinline struct xdp_skb_metata *bpf_xdp_metadata_export_to_skb(const struct
xdp_md *ctx)
{
return 0;
}
The KF_RET_NULL has already been set in
BTF_SET8_START_GLOBAL(xdp_metadata_kfunc_ids). There is
"xdp_btf_struct_access()" that can allow write access to 'struct xdp_skb_metata'
What else is missing? We can try to solve it.
Then there is no need for this double check in patch 8 selftest which is not
easy to use:
+ if (bpf_xdp_metadata_export_to_skb(ctx) < 0) {
+ bpf_printk("bpf_xdp_metadata_export_to_skb failed");
+ return XDP_DROP;
+ }
[ ... ]
+ skb_metadata = ctx->skb_metadata;
+ if (!skb_metadata) {
+ bpf_printk("no ctx->skb_metadata");
+ return XDP_DROP;
+ }
[ ... ]
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index b444b1118c4f..71e3bc7ad839 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -6116,6 +6116,12 @@ enum xdp_action {
> XDP_REDIRECT,
> };
>
> +/* Subset of XDP metadata exported to skb context.
> + */
> +struct xdp_skb_metadata {
> + __u64 rx_timestamp;
> +};
> +
> /* user accessible metadata for XDP packet hook
> * new fields must be added to the end of this structure
> */
> @@ -6128,6 +6134,7 @@ struct xdp_md {
> __u32 rx_queue_index; /* rxq->queue_index */
>
> __u32 egress_ifindex; /* txq->dev->ifindex */
> + __bpf_md_ptr(struct xdp_skb_metadata *, skb_metadata);
Once the above bpf_xdp_metadata_export_to_skb() returning a pointer works, then
it can be another kfunc 'struct xdp_skb_metata * bpf_xdp_get_skb_metadata(const
struct xdp_md *ctx)' to return the skb_metadata which was a similar point
discussed in the previous RFC.
Powered by blists - more mailing lists