| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250721-skb-metadata-thru-dynptr-v3-2-e92be5534174@cloudflare.com>
Date: Mon, 21 Jul 2025 12:52:40 +0200
From: Jakub Sitnicki <jakub@...udflare.com>
To: bpf@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>,
Andrii Nakryiko <andrii@...nel.org>, Arthur Fabre <arthur@...hurfabre.com>,
Daniel Borkmann <daniel@...earbox.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Jesper Dangaard Brouer <hawk@...nel.org>,
Jesse Brandeburg <jbrandeburg@...udflare.com>,
Joanne Koong <joannelkoong@...il.com>,
Lorenzo Bianconi <lorenzo@...nel.org>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Toke Høiland-Jørgensen <thoiland@...hat.com>,
Yan Zhai <yan@...udflare.com>, kernel-team@...udflare.com,
netdev@...r.kernel.org, Jakub Sitnicki <jakub@...udflare.com>,
Stanislav Fomichev <sdf@...ichev.me>
Subject: [PATCH bpf-next v3 02/10] bpf: Enable read access to skb metadata
with bpf_dynptr_read
Make it possible to read from skb metadata area using the
bpf_dynptr_read() BPF helper.
This prepares ground for access to skb metadata from all BPF hooks
which operate on __sk_buff context.
Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
---
include/linux/filter.h | 8 ++++++++
kernel/bpf/helpers.c | 2 +-
net/core/filter.c | 12 ++++++++++++
3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index eca229752cbe..de0d1ce34f0d 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -1772,6 +1772,8 @@ int __bpf_xdp_store_bytes(struct xdp_buff *xdp, u32 offset, void *buf, u32 len);
void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len);
void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off,
void *buf, unsigned long len, bool flush);
+int bpf_skb_meta_load_bytes(const struct sk_buff *src, u32 offset,
+ void *dst, u32 len);
#else /* CONFIG_NET */
static inline int __bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset,
void *to, u32 len)
@@ -1806,6 +1808,12 @@ static inline void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off, voi
unsigned long len, bool flush)
{
}
+
+static inline int bpf_skb_meta_load_bytes(const struct sk_buff *src, u32 offset,
+ void *dst, u32 len)
+{
+ return -EOPNOTSUPP;
+}
#endif /* CONFIG_NET */
#endif /* __LINUX_FILTER_H__ */
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 9552b32208c5..34027a799679 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -1781,7 +1781,7 @@ static int __bpf_dynptr_read(void *dst, u32 len, const struct bpf_dynptr_kern *s
case BPF_DYNPTR_TYPE_XDP:
return __bpf_xdp_load_bytes(src->data, src->offset + offset, dst, len);
case BPF_DYNPTR_TYPE_SKB_META:
- return -EOPNOTSUPP; /* not implemented */
+ return bpf_skb_meta_load_bytes(src->data, src->offset + offset, dst, len);
default:
WARN_ONCE(true, "bpf_dynptr_read: unknown dynptr type %d\n", type);
return -EFAULT;
diff --git a/net/core/filter.c b/net/core/filter.c
index c17b628c08f5..4b787c56b220 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -11978,6 +11978,18 @@ bpf_sk_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return func;
}
+int bpf_skb_meta_load_bytes(const struct sk_buff *skb, u32 offset,
+ void *dst, u32 len)
+{
+ u32 meta_len = skb_metadata_len(skb);
+
+ if (len > meta_len || offset > meta_len - len)
+ return -E2BIG; /* out of bounds */
+
+ memmove(dst, skb_metadata_end(skb) - meta_len + offset, len);
+ return 0;
+}
+
static int dynptr_from_skb_meta(struct __sk_buff *skb_, u64 flags,
struct bpf_dynptr *ptr_, bool rdonly)
{
--
2.43.0
Powered by blists - more mailing lists