lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 12 Jun 2023 10:23:00 -0700
From: Stanislav Fomichev <sdf@...gle.com>
To: bpf@...r.kernel.org
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org, 
	martin.lau@...ux.dev, song@...nel.org, yhs@...com, john.fastabend@...il.com, 
	kpsingh@...nel.org, sdf@...gle.com, haoluo@...gle.com, jolsa@...nel.org, 
	willemb@...gle.com, dsahern@...nel.org, magnus.karlsson@...el.com, 
	bjorn@...nel.org, maciej.fijalkowski@...el.com, netdev@...r.kernel.org
Subject: [RFC bpf-next 0/7] bpf: netdev TX metadata

--- Use cases ---

The goal of this series is to add two new standard-ish places
in the transmit path:

1. Right before the packet is transmitted (with access to TX
   descriptors)
2. Right after the packet is actually transmitted and we've received the
   completion (again, with access to TX completion descriptors)

Accessing TX descriptors unlocks the following use-cases:

- Setting device hints at TX: XDP/AF_XDP might use these new hooks to
use device offloads. The existing case implements TX timestamp.
- Observability: global per-netdev hooks can be used for tracing
the packets and exploring completion descriptors for all sorts of
device errors.

Accessing TX descriptors also means that the hooks have to be called
from the drivers.

The hooks are a light-weight alternative to XDP at egress and currently
don't provide any packet modification abilities. However, eventually,
can expose new kfuncs to operate on the packet (or, rather, the actual
descriptors; for performance sake).

--- UAPI ---

The hooks are implemented in a HID-BPF style. Meaning they don't
expose any UAPI and are implemented as tracing programs that call
a bunch of kfuncs. The attach/detach operation happen via BPF syscall
programs. The series expands device-bound infrastructure to tracing
programs.

--- skb vs xdp ---

The hooks operate on a new light-weight devtx_frame which contains:
- data
- len
- sinfo

This should allow us to have a unified (from BPF POW) place at TX
and not be super-taxing (we need to copy 2 pointers + len to the stack
for each invocation).

--- Multiprog attachment ---

Currently, attach/detach don't expose links and don't support multiple
programs. I'm planning to use Daniel's bpf_mprog once it lands.

--- TODO ---

Things that I'm planning to do for the non-RFC series:
- have some real device support to verify xdp_hw_metadata works
- freplace
- Documentation/networking/xdp-rx-metadata.rst - like documentation

--- CC ---

CC'ing people only on the cover letter. Hopefully can find the rest via
lore.

Cc: willemb@...gle.com
Cc: dsahern@...nel.org
Cc: john.fastabend@...il.com
Cc: magnus.karlsson@...el.com
Cc: bjorn@...nel.org
Cc: maciej.fijalkowski@...el.com
Cc: netdev@...r.kernel.org

Stanislav Fomichev (7):
  bpf: rename some xdp-metadata functions into dev-bound
  bpf: resolve single typedef when walking structs
  bpf: implement devtx hook points
  bpf: implement devtx timestamp kfunc
  net: veth: implement devtx timestamp kfuncs
  selftests/bpf: extend xdp_metadata with devtx kfuncs
  selftests/bpf: extend xdp_hw_metadata with devtx kfuncs

 MAINTAINERS                                   |   2 +
 drivers/net/veth.c                            |  94 ++++++-
 include/linux/netdevice.h                     |   6 +
 include/net/devtx.h                           |  76 +++++
 include/net/offload.h                         |  38 +++
 include/net/xdp.h                             |  18 +-
 kernel/bpf/btf.c                              |   2 +
 kernel/bpf/offload.c                          |  40 ++-
 kernel/bpf/verifier.c                         |   4 +-
 net/core/Makefile                             |   1 +
 net/core/dev.c                                |   2 +
 net/core/devtx.c                              | 266 ++++++++++++++++++
 net/core/xdp.c                                |  20 +-
 .../selftests/bpf/prog_tests/xdp_metadata.c   |  82 +++++-
 .../selftests/bpf/progs/xdp_hw_metadata.c     |  59 ++++
 .../selftests/bpf/progs/xdp_metadata.c        | 101 +++++++
 tools/testing/selftests/bpf/xdp_hw_metadata.c | 160 ++++++++++-
 tools/testing/selftests/bpf/xdp_metadata.h    |  13 +
 18 files changed, 934 insertions(+), 50 deletions(-)
 create mode 100644 include/net/devtx.h
 create mode 100644 include/net/offload.h
 create mode 100644 net/core/devtx.c

-- 
2.41.0.162.gfafddb0af9-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ