| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Aug 2023 09:40:45 +0200
From: Jakub Sitnicki <jakub@...udflare.com>
To: Liu Jian <liujian56@...wei.com>
Cc: john.fastabend@...il.com, ast@...nel.org, daniel@...earbox.net,
andrii@...nel.org, martin.lau@...ux.dev, song@...nel.org,
yonghong.song@...ux.dev, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
dsahern@...nel.org, netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 1/7] bpf, sockmap: add BPF_F_PERMANENTLY
flag for skmsg redirect
On Fri, Aug 11, 2023 at 05:32 PM +08, Liu Jian wrote:
> If the sockmap msg redirection function is used only to forward packets
> and no other operation, the execution result of the BPF_SK_MSG_VERDICT
> program is the same each time. In this case, the BPF program only needs to
> be run once. Add BPF_F_PERMANENTLY flag to bpf_msg_redirect_map() and
> bpf_msg_redirect_hash() to implement this ability.
>
> Then we can enable this function in the bpf program as follows:
> bpf_msg_redirect_hash(xx, xx, xx, BPF_F_INGRESS | BPF_F_PERMANENTLY);
>
> Test results using netperf TCP_STREAM mode:
> for i in 1 64 128 512 1k 2k 32k 64k 100k 500k 1m;then
> netperf -T 1,2 -t TCP_STREAM -H 127.0.0.1 -l 20 -- -m $i -s 100m,100m -S 100m,100m
> done
>
> before:
> 3.84 246.52 496.89 1885.03 3415.29 6375.03 40749.09 48764.40 51611.34 55678.26 55992.78
> after:
> 4.43 279.20 555.82 2080.79 3870.70 7105.44 41836.41 49709.75 51861.56 55211.00 54566.85
>
> Signed-off-by: Liu Jian <liujian56@...wei.com>
> ---
> include/linux/skmsg.h | 1 +
> include/uapi/linux/bpf.h | 7 +++++--
> net/core/skmsg.c | 1 +
> net/core/sock_map.c | 4 ++--
> net/ipv4/tcp_bpf.c | 21 +++++++++++++++------
> tools/include/uapi/linux/bpf.h | 7 +++++--
> 6 files changed, 29 insertions(+), 12 deletions(-)
>
[...]
> diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c
> index 81f0dff69e0b..36cf2b0fa6f8 100644
> --- a/net/ipv4/tcp_bpf.c
> +++ b/net/ipv4/tcp_bpf.c
> @@ -419,8 +419,10 @@ static int tcp_bpf_send_verdict(struct sock *sk, struct sk_psock *psock,
> if (!psock->apply_bytes) {
> /* Clean up before releasing the sock lock. */
> eval = psock->eval;
> - psock->eval = __SK_NONE;
> - psock->sk_redir = NULL;
> + if (!psock->eval_permanently) {
> + psock->eval = __SK_NONE;
> + psock->sk_redir = NULL;
> + }
> }
> if (psock->cork) {
> cork = true;
> @@ -433,9 +435,15 @@ static int tcp_bpf_send_verdict(struct sock *sk, struct sk_psock *psock,
> ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,
> msg, tosend, flags);
> sent = origsize - msg->sg.size;
> + /* disable the ability when something wrong */
> + if (unlikely(ret < 0))
> + psock->eval_permanently = 0;
>
> - if (eval == __SK_REDIRECT)
> + if (!psock->eval_permanently && eval == __SK_REDIRECT) {
> sock_put(sk_redir);
> + psock->sk_redir = NULL;
> + psock->eval = __SK_NONE;
> + }
>
> lock_sock(sk);
> if (unlikely(ret < 0)) {
Looking at the above changes, I'm wondering - have you considered
introducing a dedicated a __sk_action for this? Like
__SK_REDIRECT_PERMANENT?
Just a gut feeling. Maybe it would make the code easier to ready if we
don't have to have another flag remember about.
Also, eval_permenently is not a great name, IMHO, because eval can be
also PASS or NONE, to which this flag does not apply. If the flag needs
to stay, it could be named something like redir_permanent so it's
obvious that it applies just to REDIRECT action.
[...]
Powered by blists - more mailing lists