| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250716-skb-metadata-thru-dynptr-v2-3-5f580447e1df@cloudflare.com>
Date: Wed, 16 Jul 2025 18:16:47 +0200
From: Jakub Sitnicki <jakub@...udflare.com>
To: bpf@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>,
Andrii Nakryiko <andrii@...nel.org>, Arthur Fabre <arthur@...hurfabre.com>,
Daniel Borkmann <daniel@...earbox.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Jesper Dangaard Brouer <hawk@...nel.org>,
Jesse Brandeburg <jbrandeburg@...udflare.com>,
Joanne Koong <joannelkoong@...il.com>,
Lorenzo Bianconi <lorenzo@...nel.org>,
Toke Høiland-Jørgensen <thoiland@...hat.com>,
Yan Zhai <yan@...udflare.com>, kernel-team@...udflare.com,
netdev@...r.kernel.org, Stanislav Fomichev <sdf@...ichev.me>
Subject: [PATCH bpf-next v2 03/13] bpf: Enable write access to skb metadata
with bpf_dynptr_write
Make it possible to write to skb metadata area using the
bpf_dynptr_write() BPF helper.
This prepares ground for access to skb metadata from all BPF hooks
which operate on __sk_buff context.
Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
---
include/linux/filter.h | 8 ++++++++
kernel/bpf/helpers.c | 2 +-
net/core/filter.c | 12 ++++++++++++
3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index de0d1ce34f0d..7709e30ce2bb 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -1774,6 +1774,8 @@ void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off,
void *buf, unsigned long len, bool flush);
int bpf_skb_meta_load_bytes(const struct sk_buff *src, u32 offset,
void *dst, u32 len);
+int bpf_skb_meta_store_bytes(struct sk_buff *dst, u32 offset,
+ const void *src, u32 len);
#else /* CONFIG_NET */
static inline int __bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset,
void *to, u32 len)
@@ -1814,6 +1816,12 @@ static inline int bpf_skb_meta_load_bytes(const struct sk_buff *src, u32 offset,
{
return -EOPNOTSUPP;
}
+
+static inline int bpf_skb_meta_store_bytes(struct sk_buff *dst, u32 offset,
+ const void *src, u32 len)
+{
+ return -EOPNOTSUPP;
+}
#endif /* CONFIG_NET */
#endif /* __LINUX_FILTER_H__ */
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 54b0e8dd747e..a264a6a3b4e4 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -1834,7 +1834,7 @@ int __bpf_dynptr_write(const struct bpf_dynptr_kern *dst, u32 offset, void *src,
return -EINVAL;
return __bpf_xdp_store_bytes(dst->data, dst->offset + offset, src, len);
case BPF_DYNPTR_TYPE_SKB_META:
- return -EOPNOTSUPP; /* not implemented */
+ return bpf_skb_meta_store_bytes(dst->data, dst->offset + offset, src, len);
default:
WARN_ONCE(true, "bpf_dynptr_write: unknown dynptr type %d\n", type);
return -EFAULT;
diff --git a/net/core/filter.c b/net/core/filter.c
index 93524839a49f..86b1572e8424 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -11990,6 +11990,18 @@ int bpf_skb_meta_load_bytes(const struct sk_buff *skb, u32 offset,
return 0;
}
+int bpf_skb_meta_store_bytes(struct sk_buff *dst, u32 offset,
+ const void *src, u32 len)
+{
+ u32 meta_len = skb_metadata_len(dst);
+
+ if (len > meta_len || offset > meta_len - len)
+ return -E2BIG; /* out of bounds */
+
+ memmove(skb_metadata_end(dst) - meta_len + offset, src, len);
+ return 0;
+}
+
static int dynptr_from_skb_meta(struct __sk_buff *skb_, u64 flags,
struct bpf_dynptr *ptr_, bool rdonly)
{
--
2.43.0
Powered by blists - more mailing lists