lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 5 Dec 2023 12:06:36 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Victor Nogueira <victor@...atatu.com>, jhs@...atatu.com,
 xiyou.wangcong@...il.com, jiri@...nulli.us, davem@...emloft.net,
 edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com
Cc: dcaratti@...hat.com, netdev@...r.kernel.org, kernel@...atatu.com
Subject: Re: [PATCH net-next v2 1/3] net: sched: Move drop_reason to struct
 tc_skb_cb

On 12/2/23 12:00 AM, Victor Nogueira wrote:
> Move drop_reason from struct tcf_result to skb cb - more specifically to
> struct tc_skb_cb. With that, we'll be able to also set the drop reason for
> the remaining qdiscs (aside from clsact) that do not have access to
> tcf_result when time comes to set the skb drop reason.
> 
> Signed-off-by: Victor Nogueira <victor@...atatu.com>
> ---
>   include/net/pkt_cls.h     | 14 ++++++++++++--
>   include/net/pkt_sched.h   |  1 +
>   include/net/sch_generic.h |  1 -
>   net/core/dev.c            |  5 +++--
>   net/sched/act_api.c       |  2 +-
>   net/sched/cls_api.c       | 23 ++++++++---------------
>   6 files changed, 25 insertions(+), 21 deletions(-)
> 
> diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h
> index a76c9171db0e..7bd7ea511100 100644
> --- a/include/net/pkt_cls.h
> +++ b/include/net/pkt_cls.h
> @@ -154,10 +154,20 @@ __cls_set_class(unsigned long *clp, unsigned long cl)
>   	return xchg(clp, cl);
>   }
>   
> -static inline void tcf_set_drop_reason(struct tcf_result *res,
> +struct tc_skb_cb;
> +
> +static inline struct tc_skb_cb *tc_skb_cb(const struct sk_buff *skb);
> +
> +static inline enum skb_drop_reason
> +tc_skb_cb_drop_reason(const struct sk_buff *skb)
> +{
> +	return tc_skb_cb(skb)->drop_reason;
> +}
> +
> +static inline void tcf_set_drop_reason(const struct sk_buff *skb,
>   				       enum skb_drop_reason reason)
>   {
> -	res->drop_reason = reason;
> +	tc_skb_cb(skb)->drop_reason = reason;
>   }
>   
>   static inline void
> diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h
> index 9fa1d0794dfa..f09bfa1efed0 100644
> --- a/include/net/pkt_sched.h
> +++ b/include/net/pkt_sched.h
> @@ -277,6 +277,7 @@ static inline void skb_txtime_consumed(struct sk_buff *skb)
>   
>   struct tc_skb_cb {
>   	struct qdisc_skb_cb qdisc_cb;
> +	u32 drop_reason;
>   
>   	u16 mru;

Probably also makes sense to reorder zone below mru.

>   	u8 post_ct:1;
> diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
> index dcb9160e6467..c499b56bb215 100644
> --- a/include/net/sch_generic.h
> +++ b/include/net/sch_generic.h
> @@ -332,7 +332,6 @@ struct tcf_result {
>   		};
>   		const struct tcf_proto *goto_tp;
>   	};
> -	enum skb_drop_reason		drop_reason;
>   };
>   
>   struct tcf_chain;
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 3950ced396b5..323496ca0dc3 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -3924,14 +3924,15 @@ static int tc_run(struct tcx_entry *entry, struct sk_buff *skb,
>   
>   	tc_skb_cb(skb)->mru = 0;
>   	tc_skb_cb(skb)->post_ct = false;
> -	res.drop_reason = *drop_reason;
> +	tc_skb_cb(skb)->post_ct = false;

Why the double assignment ?

> +	tcf_set_drop_reason(skb, *drop_reason);
>   
>   	mini_qdisc_bstats_cpu_update(miniq, skb);
>   	ret = tcf_classify(skb, miniq->block, miniq->filter_list, &res, false);
>   	/* Only tcf related quirks below. */
>   	switch (ret) {
>   	case TC_ACT_SHOT:
> -		*drop_reason = res.drop_reason;
> +		*drop_reason = tc_skb_cb_drop_reason(skb);

nit: I'd rename into tcf_get_drop_reason() so it aligns with the tcf_set_drop_reason().
It's weird to name the getter tc_skb_cb_drop_reason() instead.

>   		mini_qdisc_qstats_cpu_drop(miniq);
>   		break;
>   	case TC_ACT_OK:
> diff --git a/net/sched/act_api.c b/net/sched/act_api.c
> index c39252d61ebb..12ac05857045 100644
> --- a/net/sched/act_api.c
> +++ b/net/sched/act_api.c
> @@ -1098,7 +1098,7 @@ int tcf_action_exec(struct sk_buff *skb, struct tc_action **actions,
>   			}
>   		} else if (TC_ACT_EXT_CMP(ret, TC_ACT_GOTO_CHAIN)) {
>   			if (unlikely(!rcu_access_pointer(a->goto_chain))) {
> -				tcf_set_drop_reason(res, SKB_DROP_REASON_TC_ERROR);
> +				tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
>   				return TC_ACT_SHOT;
>   			}
>   			tcf_action_goto_chain_exec(a, res);
> diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
> index 1976bd163986..32457a236d77 100644
> --- a/net/sched/cls_api.c
> +++ b/net/sched/cls_api.c
> @@ -1658,7 +1658,6 @@ static inline int __tcf_classify(struct sk_buff *skb,
>   				 int act_index,
>   				 u32 *last_executed_chain)
>   {
> -	u32 orig_reason = res->drop_reason;
>   #ifdef CONFIG_NET_CLS_ACT
>   	const int max_reclassify_loop = 16;
>   	const struct tcf_proto *first_tp;
> @@ -1683,13 +1682,13 @@ static inline int __tcf_classify(struct sk_buff *skb,
>   			 */
>   			if (unlikely(n->tp != tp || n->tp->chain != n->chain ||
>   				     !tp->ops->get_exts)) {
> -				tcf_set_drop_reason(res, SKB_DROP_REASON_TC_ERROR);
> +				tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
>   				return TC_ACT_SHOT;
>   			}
>   
>   			exts = tp->ops->get_exts(tp, n->handle);
>   			if (unlikely(!exts || n->exts != exts)) {
> -				tcf_set_drop_reason(res, SKB_DROP_REASON_TC_ERROR);
> +				tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
>   				return TC_ACT_SHOT;
>   			}
>   
> @@ -1713,18 +1712,12 @@ static inline int __tcf_classify(struct sk_buff *skb,
>   			goto reset;
>   		}
>   #endif
> -		if (err >= 0) {
> -			/* Policy drop or drop reason is over-written by
> -			 * classifiers with a bogus value(0) */
> -			if (err == TC_ACT_SHOT &&
> -			    res->drop_reason == SKB_NOT_DROPPED_YET)
> -				tcf_set_drop_reason(res, orig_reason);
> +		if (err >= 0)
>   			return err;
> -		}
>   	}
>   
>   	if (unlikely(n)) {
> -		tcf_set_drop_reason(res, SKB_DROP_REASON_TC_ERROR);
> +		tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
>   		return TC_ACT_SHOT;
>   	}
>   
> @@ -1736,7 +1729,7 @@ static inline int __tcf_classify(struct sk_buff *skb,
>   				       tp->chain->block->index,
>   				       tp->prio & 0xffff,
>   				       ntohs(tp->protocol));
> -		tcf_set_drop_reason(res, SKB_DROP_REASON_TC_ERROR);
> +		tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
>   		return TC_ACT_SHOT;
>   	}
>   
> @@ -1774,7 +1767,7 @@ int tcf_classify(struct sk_buff *skb,
>   				n = tcf_exts_miss_cookie_lookup(ext->act_miss_cookie,
>   								&act_index);
>   				if (!n) {
> -					tcf_set_drop_reason(res, SKB_DROP_REASON_TC_ERROR);
> +					tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
>   					return TC_ACT_SHOT;
>   				}
>   
> @@ -1785,7 +1778,7 @@ int tcf_classify(struct sk_buff *skb,
>   
>   			fchain = tcf_chain_lookup_rcu(block, chain);
>   			if (!fchain) {
> -				tcf_set_drop_reason(res, SKB_DROP_REASON_TC_ERROR);
> +				tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
>   				return TC_ACT_SHOT;
>   			}
>   
> @@ -1807,7 +1800,7 @@ int tcf_classify(struct sk_buff *skb,
>   
>   			ext = tc_skb_ext_alloc(skb);
>   			if (WARN_ON_ONCE(!ext)) {
> -				tcf_set_drop_reason(res, SKB_DROP_REASON_TC_ERROR);
> +				tcf_set_drop_reason(skb, SKB_DROP_REASON_TC_ERROR);
>   				return TC_ACT_SHOT;
>   			}
>   
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ