lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <875x9bhxgk.fsf@cloudflare.com>
Date: Fri, 09 Jan 2026 11:50:03 +0100
From: Jakub Sitnicki <jakub@...udflare.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: bpf@...r.kernel.org,  netdev@...r.kernel.org,  "David S. Miller"
 <davem@...emloft.net>,  Eric Dumazet <edumazet@...gle.com>,  Paolo Abeni
 <pabeni@...hat.com>,  Alexei Starovoitov <ast@...nel.org>,  Daniel
 Borkmann <daniel@...earbox.net>,  Jesper Dangaard Brouer
 <hawk@...nel.org>,  John Fastabend <john.fastabend@...il.com>,  Stanislav
 Fomichev <sdf@...ichev.me>,  Simon Horman <horms@...nel.org>,  Andrii
 Nakryiko <andrii@...nel.org>,  Martin KaFai Lau <martin.lau@...ux.dev>,
  Eduard Zingerman <eddyz87@...il.com>,  Song Liu <song@...nel.org>,
  Yonghong Song <yonghong.song@...ux.dev>,  KP Singh <kpsingh@...nel.org>,
  Hao Luo <haoluo@...gle.com>,  Jiri Olsa <jolsa@...nel.org>,
  kernel-team@...udflare.com
Subject: Re: [PATCH bpf-next v3 00/17] Decouple skb metadata tracking from
 MAC header offset

On Thu, Jan 08, 2026 at 05:49 PM -08, Jakub Kicinski wrote:
> To reduce the one-off feeling of the mechanism it'd be great to shove
> this state into an skb extension for example. Then if we optimize it
> and possibly make it live inline in the frame all the other skb
> extensions will benefit too.

Back to the drawing board then.

Here's how I think we can marry it with skb extension:

1. Move metadata from headroom to skb_ext chunk on skb_metadata_set().

2. If TC BPF prog uses data_meta pseudo-pointer, copy metadata contents
   in and out of headroom in BPF prologue and epilogue.

3. If TC BPF prog uses bpf_dynptr_from_skb_meta(), access the skb_ext
   chunk directly.

If that sounds sane, then I'll get cracking on an RFC.

We will need the driver tweaks from this series for (1) to work, so I'm
thinking to split that out and resubmit.

I would also split out the BPF verifier prologue/epilogue processing
tweaks for (2) to work without kfuncs.

Let me know what you think.

Thanks,
-jkbs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ