From: Kees Cook <kees@kernel.org>
To: Simon Horman <horms@kernel.org>
Cc: Alexander Lobakin <aleksander.lobakin@intel.com>,
intel-wired-lan@lists.osuosl.org,
Michal Kubiak <michal.kubiak@intel.com>,
Maciej Fijalkowski <maciej.fijalkowski@intel.com>,
Tony Nguyen <anthony.l.nguyen@intel.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
nxne.cnse.osdt.itp.upstreaming@intel.com, bpf@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH iwl-next v3 16/18] idpf: add support for XDP on Rx
Date: Thu, 31 Jul 2025 10:05:47 -0700 [thread overview]
Message-ID: <202507310955.03E47CFA4@keescook> (raw)
In-Reply-To: <20250731123734.GA8494@horms.kernel.org>
On Thu, Jul 31, 2025 at 01:37:34PM +0100, Simon Horman wrote:
> While I appreciate the desire for improved performance and nicer code
> generation. I think the idea of writing 64 bits of data to the
> address of a 32 bit member of a structure goes against the direction
> of hardening work by Kees and others.
Agreed: it's better to avoid obscuring these details from the compiler
so it can have an "actual" view of the object sizes involved.
> Indeed, it seems to me this is the kind of thing that struct_group()
> aims to avoid.
>
> In this case struct group() doesn't seem like the best option,
> because it would provide a 64-bit buffer that we can memcpy into.
> But it seems altogether better to simply assign u64 value to a u64 member.
Agreed: with struct_group you get a sized pointer, and while you can
provide a struct tag to make it an assignable object, it doesn't make
too much sense here.
> So I'm wondering if an approach along the following lines is appropriate
> (Very lightly compile tested only!).
>
> And yes, there is room for improvement of the wording of the comment
> I included below.
>
> diff --git a/include/net/libeth/xdp.h b/include/net/libeth/xdp.h
> index f4880b50e804..a7d3d8e44aa6 100644
> --- a/include/net/libeth/xdp.h
> +++ b/include/net/libeth/xdp.h
> @@ -1283,11 +1283,7 @@ static inline void libeth_xdp_prepare_buff(struct libeth_xdp_buff *xdp,
> const struct page *page = __netmem_to_page(fqe->netmem);
>
> #ifdef __LIBETH_WORD_ACCESS
> - static_assert(offsetofend(typeof(xdp->base), flags) -
> - offsetof(typeof(xdp->base), frame_sz) ==
> - sizeof(u64));
> -
> - *(u64 *)&xdp->base.frame_sz = fqe->truesize;
> + xdp->base.frame_sz_le_qword = fqe->truesize;
> #else
> xdp_init_buff(&xdp->base, fqe->truesize, xdp->base.rxq);
> #endif
> diff --git a/include/net/xdp.h b/include/net/xdp.h
> index b40f1f96cb11..b5eedeb82c9b 100644
> --- a/include/net/xdp.h
> +++ b/include/net/xdp.h
> @@ -85,8 +85,19 @@ struct xdp_buff {
> void *data_hard_start;
> struct xdp_rxq_info *rxq;
> struct xdp_txq_info *txq;
> - u32 frame_sz; /* frame size to deduce data_hard_end/reserved tailroom*/
> - u32 flags; /* supported values defined in xdp_buff_flags */
> + union {
> + /* Allow setting frame_sz and flags as a single u64 on
> + * little endian systems. This may may give optimal
> + * performance. */
> + u64 frame_sz_le_qword;
> + struct {
> + /* Frame size to deduce data_hard_end/reserved
> + * tailroom. */
> + u32 frame_sz;
> + /* Supported values defined in xdp_buff_flags. */
> + u32 flags;
> + };
> + };
> };
Yeah, this looks like a nice way to express this, and is way more
descriptive than "(u64 *)&xdp->base.frame_sz" :)
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <kees@kernel.org>
To: Simon Horman <horms@kernel.org>
Cc: Alexander Lobakin <aleksander.lobakin@intel.com>,
intel-wired-lan@lists.osuosl.org,
Michal Kubiak <michal.kubiak@intel.com>,
Maciej Fijalkowski <maciej.fijalkowski@intel.com>,
Tony Nguyen <anthony.l.nguyen@intel.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
nxne.cnse.osdt.itp.upstreaming@intel.com, bpf@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: Re: [Intel-wired-lan] [PATCH iwl-next v3 16/18] idpf: add support for XDP on Rx
Date: Thu, 31 Jul 2025 10:05:47 -0700 [thread overview]
Message-ID: <202507310955.03E47CFA4@keescook> (raw)
In-Reply-To: <20250731123734.GA8494@horms.kernel.org>
On Thu, Jul 31, 2025 at 01:37:34PM +0100, Simon Horman wrote:
> While I appreciate the desire for improved performance and nicer code
> generation. I think the idea of writing 64 bits of data to the
> address of a 32 bit member of a structure goes against the direction
> of hardening work by Kees and others.
Agreed: it's better to avoid obscuring these details from the compiler
so it can have an "actual" view of the object sizes involved.
> Indeed, it seems to me this is the kind of thing that struct_group()
> aims to avoid.
>
> In this case struct group() doesn't seem like the best option,
> because it would provide a 64-bit buffer that we can memcpy into.
> But it seems altogether better to simply assign u64 value to a u64 member.
Agreed: with struct_group you get a sized pointer, and while you can
provide a struct tag to make it an assignable object, it doesn't make
too much sense here.
> So I'm wondering if an approach along the following lines is appropriate
> (Very lightly compile tested only!).
>
> And yes, there is room for improvement of the wording of the comment
> I included below.
>
> diff --git a/include/net/libeth/xdp.h b/include/net/libeth/xdp.h
> index f4880b50e804..a7d3d8e44aa6 100644
> --- a/include/net/libeth/xdp.h
> +++ b/include/net/libeth/xdp.h
> @@ -1283,11 +1283,7 @@ static inline void libeth_xdp_prepare_buff(struct libeth_xdp_buff *xdp,
> const struct page *page = __netmem_to_page(fqe->netmem);
>
> #ifdef __LIBETH_WORD_ACCESS
> - static_assert(offsetofend(typeof(xdp->base), flags) -
> - offsetof(typeof(xdp->base), frame_sz) ==
> - sizeof(u64));
> -
> - *(u64 *)&xdp->base.frame_sz = fqe->truesize;
> + xdp->base.frame_sz_le_qword = fqe->truesize;
> #else
> xdp_init_buff(&xdp->base, fqe->truesize, xdp->base.rxq);
> #endif
> diff --git a/include/net/xdp.h b/include/net/xdp.h
> index b40f1f96cb11..b5eedeb82c9b 100644
> --- a/include/net/xdp.h
> +++ b/include/net/xdp.h
> @@ -85,8 +85,19 @@ struct xdp_buff {
> void *data_hard_start;
> struct xdp_rxq_info *rxq;
> struct xdp_txq_info *txq;
> - u32 frame_sz; /* frame size to deduce data_hard_end/reserved tailroom*/
> - u32 flags; /* supported values defined in xdp_buff_flags */
> + union {
> + /* Allow setting frame_sz and flags as a single u64 on
> + * little endian systems. This may may give optimal
> + * performance. */
> + u64 frame_sz_le_qword;
> + struct {
> + /* Frame size to deduce data_hard_end/reserved
> + * tailroom. */
> + u32 frame_sz;
> + /* Supported values defined in xdp_buff_flags. */
> + u32 flags;
> + };
> + };
> };
Yeah, this looks like a nice way to express this, and is way more
descriptive than "(u64 *)&xdp->base.frame_sz" :)
--
Kees Cook
next prev parent reply other threads:[~2025-07-31 17:05 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-30 16:06 [PATCH iwl-next v3 00/18] idpf: add XDP support Alexander Lobakin
2025-07-30 16:06 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 01/18] idpf: add support for Tx refillqs in flow scheduling mode Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 02/18] idpf: improve when to set RE bit logic Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 03/18] idpf: simplify and fix splitq Tx packet rollback error path Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 04/18] idpf: replace flow scheduling buffer ring with buffer pool Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 05/18] idpf: stop Tx if there are insufficient buffer resources Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 06/18] idpf: remove obsolete stashing code Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 07/18] idpf: fix Rx descriptor ready check barrier in splitq Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 08/18] idpf: use a saner limit for default number of queues to allocate Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 09/18] idpf: link NAPIs to queues Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 10/18] idpf: add 4-byte completion descriptor definition Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 11/18] idpf: remove SW marker handling from NAPI Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 12/18] idpf: add support for nointerrupt queues Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 13/18] idpf: prepare structures to support XDP Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-08-01 22:30 ` Jakub Kicinski
2025-08-01 22:30 ` [Intel-wired-lan] " Jakub Kicinski
2025-08-05 16:06 ` Alexander Lobakin
2025-08-05 16:06 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 14/18] idpf: implement XDP_SETUP_PROG in ndo_bpf for splitq Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 15/18] idpf: use generic functions to build xdp_buff and skb Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 16/18] idpf: add support for XDP on Rx Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-31 12:37 ` Simon Horman
2025-07-31 12:37 ` [Intel-wired-lan] " Simon Horman
2025-07-31 17:05 ` Kees Cook [this message]
2025-07-31 17:05 ` Kees Cook
2025-08-01 13:12 ` Alexander Lobakin
2025-08-01 13:12 ` [Intel-wired-lan] " Alexander Lobakin
2025-08-01 13:17 ` Alexander Lobakin
2025-08-01 13:17 ` [Intel-wired-lan] " Alexander Lobakin
2025-08-02 18:52 ` Kees Cook
2025-08-02 18:52 ` [Intel-wired-lan] " Kees Cook
2025-08-05 9:40 ` Simon Horman
2025-08-05 9:40 ` [Intel-wired-lan] " Simon Horman
2025-07-31 13:35 ` Simon Horman
2025-07-31 13:35 ` [Intel-wired-lan] " Simon Horman
2025-08-01 13:11 ` Alexander Lobakin
2025-08-01 13:11 ` [Intel-wired-lan] " Alexander Lobakin
2025-08-01 22:33 ` Jakub Kicinski
2025-08-01 22:33 ` [Intel-wired-lan] " Jakub Kicinski
2025-08-05 16:09 ` Alexander Lobakin
2025-08-05 16:09 ` [Intel-wired-lan] " Alexander Lobakin
2025-08-05 22:46 ` Jakub Kicinski
2025-08-05 22:46 ` [Intel-wired-lan] " Jakub Kicinski
2025-07-30 16:07 ` [PATCH iwl-next v3 17/18] idpf: add support for .ndo_xdp_xmit() Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
2025-07-30 16:07 ` [PATCH iwl-next v3 18/18] idpf: add XDP RSS hash hint Alexander Lobakin
2025-07-30 16:07 ` [Intel-wired-lan] " Alexander Lobakin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202507310955.03E47CFA4@keescook \
--to=kees@kernel.org \
--cc=aleksander.lobakin@intel.com \
--cc=andrew+netdev@lunn.ch \
--cc=anthony.l.nguyen@intel.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=kuba@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maciej.fijalkowski@intel.com \
--cc=michal.kubiak@intel.com \
--cc=netdev@vger.kernel.org \
--cc=nxne.cnse.osdt.itp.upstreaming@intel.com \
--cc=pabeni@redhat.com \
--cc=przemyslaw.kitszel@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.