| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <095d241a-44d5-461f-8d64-356676a44e8b@linux.dev>
Date: Wed, 16 Oct 2024 17:48:20 -0700
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Jason Xing <kerneljasonxing@...il.com>
Cc: Jakub Sitnicki <jakub@...udflare.com>, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, dsahern@...nel.org,
willemdebruijn.kernel@...il.com, willemb@...gle.com, ast@...nel.org,
daniel@...earbox.net, andrii@...nel.org, eddyz87@...il.com, song@...nel.org,
yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, bpf@...r.kernel.org,
netdev@...r.kernel.org, Jason Xing <kernelxing@...cent.com>
Subject: Re: [PATCH net-next v2 04/12] net-timestamp: add static key to
control the whole bpf extension
On 10/16/24 3:36 AM, Jason Xing wrote:
>>> If the skb carries the timestamp, there are three cases:
>>> 1) non-bpf case and users uses setsockopt()
>>> 2) cmsg case
>>> 3) bpf case
These should have tests in the selftests/bpf/ sooner than later. (More below).
>>>
>>> #1 and #2 are already handled well before this patch. I only need to
>>> test if sk_tsflags_bpf has those flags. If so, it means we hit #3, or
>>> else it could be #1 or #2, then we will let the old way print
>>> timestamps in __skb_tstamp_tx().
>>
>> hmm... I am still not sure I fully understand...but I think I may start getting it.
>
> Sorry, my bad. I gave the wrong answer...
>
> It should be:
> Testing if if sk_tsflags has SOF_TIMESTAMPING_SOFTWARE flag should
You meant adding SOF_TIMESTAMPING_SOFTWARE test to the sk_tstamp_tx_flags()?
Before any bpf changes, if I read __skb_tstamp_tx() correctly, the current
behavior is to just queue to the sk_error_queue as long as there is
"SOF_TIMESTAMPING_TX_*" set in the skb's tx_flags and it is regardless of the
sk_tsflags. This will eventually get ignored when user read it from the error
queue because the SOF_TIMESTAMPING_SOFTWARE is not set in sk_tsflags? I suspect
the user space will still read something from the error queue unless there is
SOF_TIMESTAMPING_OPT_TSONLY but it won't have the tstamp cmsg.
Adding SOF_TIMESTAMPING_SOFTWARE test to the sk_tstamp_tx_flags() will stop it
from even queuing to the error queue? I think it is ok but I am not sure if
anyone is depending on the above behavior.
> work fine. If it has the flag, we could use skb_tstamp_tx_output() to
> print based on patch [4/12]; if not, we will use
> bpf_skb_tstamp_tx_output() to print.
>
> If users use traditional ways of deploying SO_TIMESTAMPING, sk_tsflags
> always has SOF_TIMESTAMPING_SOFTWARE which is a software report flag
> (please see Documentation/networking/timestamping.rst). We can see a
> good example on how to use in
> tools/testing/selftests/net/txtimestamp.c:
> do_test()
> {
> sock_opt = SOF_TIMESTAMPING_SOFTWARE |
> ...
> if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPING,
> (char *) &sock_opt, sizeof(sock_opt)))
> }
>
>>
>> Is it the reason that the bpf_setsockopt() cannot clear the sk_tsflags_bpf once
>> it is set in patch 2? It is not a usable api tbh. It will be a surprise to many.
>> It has to be able to set and clear.
>
> I cannot find a good time to clear all the sockets which are set
> through the BPF program. If we detach the BPF program, it will not
> print of course. Does it really matter if we don't clear the
> sk_tsflags_bpf?
Yes, it matters. The same reason goes for why the existing bpf prog can clear
the tp->bpf_sock_ops_cb_flags. Yes, detach will automatically not taking the
timestamp. For sockops program that stays forever, not all usages expect to do
timestamping for the whole lifetime of the connection. If there is a way for the
prog to turn it on, it should have a way for the prog to turn it off.
What is the concern of allowing the bpf prog to disable something that it has
enabled before?
While we are on bpf_sock_ops_cb_flags, the
BPF_SOCK_OPS_TX_TIMESTAMPING_OPT_CB_FLAG addition is mostly a dup of whatever in
the new sk_tsflags_bpf. It is something we need to clean up later when we decide
what interface to use for bpf timestamping.
>
>>
>> Does it also mean either the bpf or the user space can enable the timetstamping
>> but not both? I don't think we can assume this also. It will be hard to deploy
>> the bpf prog in production to collect continuous data. The user space may have
>> some timestamping enabled but the bpf may want to do its parallel investigation
>> also. The user space may rollout timestamping in the future and suddenly break
>> the bpf prog.
>
> Well, IIUC, it's also the basic idea from the current series which
> allows both happening at the same time. Let us put it in a simple way,
> I hope that if the app uses the SO_TIMESTAMPING feature already, then
> one admin deploys the BPF program, that app should be traced both in
> bpf and non-bpf ways.
>
> But Willem doesn't agree about this approach[1] because of hard to debug.
>
> [1]: https://lore.kernel.org/all/670dda9437147_2e6c4029461@willemb.c.googlers.com.notmuch/
> Regarding to this link, I have a few more words to say: the socket
> could be set through bpf_setsockopt() in different phases not like
> setsockopt(), so in some cases we cannot make setsockopt hard failed.
>
> After rethinking this point more, I still reckon that letting BPF
> program trace timestamping parallelly without caring whether the
> socket is set to the SO_TIMESTAMPING feature through setsockopt()
I am afraid having both work in parallel is needed. Otherwise, it will be very
hard to deploy a bpf prog to run continuously in scale. Being able to collect
timestamp without worrying about application changes/updates/downgrades is
important. e.g. App changes from no time stamping to time stamping
Please help to add selftests to show how the above cases (1), (2), (3), and
other tsflags/txflags sharing cases will work. This should not be delayed until
the discussion is done. It is needed sooner or later to prove both bpf and
non-bpf ways can work at the same time. It will help the reviewer and also help
to think about the design with a real use case in bpf prog.
The example in patch 0 only prints the reported tstamp, can you share how it
will be used to investigate issue? Is it also useful to know when the skb is
written to the kernel during sendmsg()?
Regarding the bpf_setsockopt() can be called in different phase,
bpf_setsockopt() is not limited to sockops program. e.g. it can also be called
from a bpf-tcp-cc (congestion control). Not a tcp-cc expert but I won't be
surprised people will try to trigger some on-and-off timestamping from
bpf-tcp-cc to measure some delay.
More about bpf_setsockopt() in different phase, understand that UDP is not your
priority. However, it needs to have some clarity on how UDP will work and how to
enable it. UDP usually has no connect/established phase.
Regarding the SOF_TIMESTAMPING_* support, can you list out what else you are
planning to support in the future. You mentioned the SOF_TIMESTAMPING_TX_ACK in
another thread. What else?
> method. It means I would like to keep this part in patch [04/12]:
> @@ -5601,6 +5636,9 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb,
> if (!sk)
> return;
>
> + if (static_branch_unlikely(&bpf_tstamp_control))
> + bpf_skb_tstamp_tx_output(sk, tstype);
> +
> skb_tstamp_tx_output(orig_skb, ack_skb, hwtstamps, sk,
> tstype);
> }
> EXPORT_SYMBOL_GPL(__skb_tstamp_tx);
>
>>
>> [ getting late here. will continue later. ]
>
> Thanks for your effort :)
>
> Thanks,
> Jason
Powered by blists - more mailing lists