| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250929-skb-meta-rx-path-v1-0-de700a7ab1cb@cloudflare.com>
Date: Mon, 29 Sep 2025 16:09:05 +0200
From: Jakub Sitnicki <jakub@...udflare.com>
To: bpf@...r.kernel.org
Cc: netdev@...r.kernel.org, kernel-team@...udflare.com
Subject: [PATCH RFC bpf-next 0/9] Make TC BPF helpers preserve skb metadata
This patch set continues our work [1] to allow BPF programs and user-space
applications to attach multiple bytes of metadata to packets via the
XDP/skb metadata area.
The focus of this patch set it to ensure that skb metadata remains intact
when packets pass through a chain of TC BPF programs that call helpers
operating on skb->data.
Currently, several helpers that adjust the skb->data pointer or reallocate
skb->head do not preserve metadata at its expected location (before the MAC
header) after the operation. Affected helpers include:
- bpf_skb_adjust_room
- bpf_skb_change_head
- bpf_skb_change_proto
- bpf_skb_change_tail
- bpf_skb_vlan_push
- bpf_skb_vlan_pop
- (did I miss any?)
Sadly, in TC BPF context, metadata must be moved whenever headroom changes
to keep the skb->data_meta pointer valid (unless someone can come up with a
workaround for that...).
We can patch the helpers in at least two different ways:
1. Integrate metadata move into header move
Replace the existing memmove, which follows skb_push/pull, with a helper
that moves both headers and metadata in a single call. This avoids an
extra memmove but reduces transparency.
skb_pull(skb, len);
- memmove(skb->data, skb->data - len, n);
+ skb_postpull_data_move(skb, len, n);
skb->mac_header += len;
skb_push(skb, len)
- memmove(skb->data, skb->data + len, n);
+ skb_postpush_data_move(skb, len, n);
skb->mac_header -= len;
2. Move metadata separately
Add a dedicated metadata move after the header move. This is more
explicit but costs an additional memmove.
skb_pull(skb, len);
memmove(skb->data, skb->data - len, n);
+ skb_metadata_postpull_move(skb, len);
skb->mac_header += len;
skb_push(skb, len)
+ skb_metadata_postpush_move(skb, len);
memmove(skb->data, skb->data + len, n);
skb->mac_header -= len;
This RFC implements option (1), expecting that "you can have just one
memmove" will be the most obvious feedback, while readability is a somewhat
more subjective matter of taste (which I don't claim to have ;-).
TODO:
- Extend skb metadata tests inselftests/bpf. So far, I've only adapted
tests for cloned skbs. However, the changes have been tested using a shell
script–based test suite [2], which allowed for faster iteration in this
early phase.
PTAL. Early comments and feedback much appreciated.
Thanks,
-jkbs
[1] https://lore.kernel.org/all/20250814-skb-metadata-thru-dynptr-v7-0-8a39e636e0fb@cloudflare.com/
[2] https://github.com/jsitnicki/skb-metadata-tests
---
Jakub Sitnicki (9):
net: Preserve metadata on pskb_expand_head
net: Helper to move packet data and metadata after skb_push/pull
vlan: Make vlan_remove_tag return nothing
bpf: Make bpf_skb_vlan_pop helper metadata-safe
bpf: Make bpf_skb_vlan_push helper metadata-safe
bpf: Make bpf_skb_adjust_room metadata-safe
bpf: Make bpf_skb_change_proto helper metadata-safe
bpf: Make bpf_skb_change_head helper metadata-safe
selftests/bpf: Expect unclone to preserve metadata
include/linux/if_vlan.h | 13 ++-
include/linux/skbuff.h | 74 +++++++++++++++++
net/core/filter.c | 16 ++--
net/core/skbuff.c | 2 -
.../bpf/prog_tests/xdp_context_test_run.c | 20 ++---
tools/testing/selftests/bpf/progs/test_xdp_meta.c | 94 +++++++++++++---------
6 files changed, 156 insertions(+), 63 deletions(-)
Powered by blists - more mailing lists