Extend skb dynptr for metadata access from TC #9226
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![kernel-patches-daemon-bpf[bot]](https://avatars.githubusercontent.com/u/70728002?s=60&v=4){kind=small}
|
Upstream branch: c4b1be9 |
|
Upstream branch: c4b1be9 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/977370=>bpf-next
branch
from
548eabd to
6a59ce6
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
4b7c0fe to
29dabce
Compare
Prepare to use (struct bpf_dynptr)->offset to distinguish between an skb dynptr for the payload vs the metadata area. ptr->offset is always set to zero by bpf_dynptr_from_skb(). We don't need to account for it on access. Signed-off-by: Jakub Sitnicki <[email protected]>
Prepare to handle skb dynptrs for accessing the metadata area. Code move. No observable changes. Signed-off-by: Jakub Sitnicki <[email protected]>
Add a new flag for the bpf_dynptr_from_skb helper to let users to create dynptrs to skb metadata area. Access paths are stubbed out. Implemented by the following changes. Signed-off-by: Jakub Sitnicki <[email protected]>
Make it possible to read from skb metadata area using the bpf_dynptr_read() BPF helper. This prepares ground for access to skb metadata from all BPF hooks which operate on __sk_buff context. Signed-off-by: Jakub Sitnicki <[email protected]>
Make it possible to write to skb metadata area using the bpf_dynptr_write() BPF helper. This prepares ground for access to skb metadata from all BPF hooks which operate on __sk_buff context. Signed-off-by: Jakub Sitnicki <[email protected]>
Make it possible to read from or write to skb metadata area using the dynptr slices creates with bpf_dynptr_slice() or bpf_dynptr_slice_rdwr(). This prepares ground for access to skb metadata from all BPF hooks which operate on __sk_buff context. Signed-off-by: Jakub Sitnicki <[email protected]>
With the extension of bpf_dynptr_from_skb(BPF_DYNPTR_F_SKB_METADATA), all BPF programs authorized to call this kfunc now have access to the skb metadata area. These programs can read up to skb_shinfo(skb)->meta_len bytes located just before skb_mac_header(skb), regardless of what data is currently there. However, as the network stack processes the skb, headers may be added or removed. Hence, we cannot assume that skb_mac_header() always marks the end of the metadata area. To avoid potential pitfalls, reset the skb metadata length to zero before passing the skb to the protocol layers. This is a temporary measure until we can make metadata persist through protocol processing. Signed-off-by: Jakub Sitnicki <[email protected]>
Prepare for parametrizing the xdp_context tests. The assert_test_result helper doesn't need the whole skeleton. Pass just what it needs. Signed-off-by: Jakub Sitnicki <[email protected]>
We want to add more test cases to cover different ways to access the metadata area. Prepare for it. Pull up the skeleton management. Signed-off-by: Jakub Sitnicki <[email protected]>
|
Upstream branch: c4b1be9 |
Exercise reading from SKB metadata area in two new ways: 1. indirectly, with bpf_dynptr_read(), and 2. directly, with bpf_dynptr_slice(). Signed-off-by: Jakub Sitnicki <[email protected]>
Add tests what exercise writes to skb metadata in two ways: 1. indirectly, using bpf_dynptr_write helper, 2. directly, using a read-write dynptr slice. Signed-off-by: Jakub Sitnicki <[email protected]>
Currently we don't expect skb metadata to persist beyond the device hooks. Extend the test run BPF program from the Netfilter pre-routing hook to verify this behavior. Note, that the added test has no observable side-effect yet. This will be addressed by the next change. Signed-off-by: Jakub Sitnicki <[email protected]>
The skb metadata tests for BPF programs which don't have metadata access yet have no observable side-effects. Hence, we can't detect breakage. Count each successful BPF program pass, when taking the expected path, as a side-effect to test for. Signed-off-by: Jakub Sitnicki <[email protected]>
kernel-patches-daemon-bpf
bot
force-pushed
the
series/977370=>bpf-next
branch
from
6a59ce6 to
1776400
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=977370 expired. Closing PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: Extend skb dynptr for metadata access from TC
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=977370