From: Martin KaFai Lau <martin.lau@linux.dev>
To: Jason Xing <kerneljasonxing@gmail.com>
Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, dsahern@kernel.org,
willemdebruijn.kernel@gmail.com, willemb@google.com,
ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
eddyz87@gmail.com, song@kernel.org, yonghong.song@linux.dev,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me,
haoluo@google.com, jolsa@kernel.org, horms@kernel.org,
bpf@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [RFC PATCH net-next v6 04/13] bpf: stop UDP sock accessing TCP fields in sock_op BPF CALLs
Date: Fri, 24 Jan 2025 19:12:46 -0800 [thread overview]
Message-ID: <5d523822-4282-442a-b816-e674ba0814ff@linux.dev> (raw)
In-Reply-To: <331cec22-3931-4723-aa5a-03d8a9dc6040@linux.dev>
On 1/24/25 6:25 PM, Martin KaFai Lau wrote:
>>
>> Sorry, I don't think it can work for all the cases because:
>> 1) please see BPF_SOCK_OPS_WRITE_HDR_OPT_CB/BPF_SOCK_OPS_HDR_OPT_LEN_CB,
>> if req exists, there is no allow_tcp_access initialization. Then
>> calling some function like bpf_sock_ops_setsockopt will be rejected
>> because allow_tcp_access is zero.
>> 2) tcp_call_bpf() only set allow_tcp_access only when the socket is
>> fullsock. As far as I know, all the callers have the full stock for
>> now, but in the future it might not.
>
> Note that the existing helper bpf_sock_ops_cb_flags_set and
> bpf_sock_ops_{set,get}sockopt itself have done the sk_fullsock() test and then
> return -EINVAL. bpf_sock->sk is fullsock or not does not matter to these helpers.
>
> You are right on the BPF_SOCK_OPS_WRITE_HDR_OPT_CB/BPF_SOCK_OPS_HDR_OPT_LEN_CB
> but the only helper left that testing allow_tcp_access is not enough is
> bpf_sock_ops_load_hdr_opt(). Potentially, it can test "if (!bpf_sock-
> >allow_tcp_access && !bpf_sock->syn_skb) { return -EOPNOTSUPP; }".
>
> Agree to stay with the current "bpf_sock->op <= BPF_SOCK_OPS_WRITE_HDR_OPT_CB"
> as in this patch. It is cleaner.
Also ignore my earlier comment on merging patch 3 and 4. Better keep patch 4 on
its own since it is not reusing the allow_tcp_access test. Instead, stay with
the "bpf_sock->op <= BPF_SOCK_OPS_WRITE_HDR_OPT_CB" test.
next prev parent reply other threads:[~2025-01-25 3:13 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-21 1:28 [RFC PATCH net-next v6 00/13] net-timestamp: bpf extension to equip applications transparently Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 01/13] net-timestamp: add support for bpf_setsockopt() Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 02/13] net-timestamp: prepare for timestamping callbacks use Jason Xing
2025-01-21 4:25 ` kernel test robot
2025-01-21 4:36 ` kernel test robot
2025-01-21 5:07 ` Jason Xing
2025-01-21 5:08 ` Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 03/13] bpf: stop UDP sock accessing TCP fields in bpf callbacks Jason Xing
2025-01-24 23:40 ` Martin KaFai Lau
2025-01-25 0:28 ` Jason Xing
2025-01-28 1:34 ` Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 04/13] bpf: stop UDP sock accessing TCP fields in sock_op BPF CALLs Jason Xing
2025-01-25 0:28 ` Martin KaFai Lau
2025-01-25 1:15 ` Jason Xing
2025-01-25 1:32 ` Jason Xing
2025-01-25 2:25 ` Martin KaFai Lau
2025-01-25 2:58 ` Jason Xing
2025-01-25 3:12 ` Martin KaFai Lau [this message]
2025-01-25 3:43 ` Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 05/13] net-timestamp: prepare for isolating two modes of SO_TIMESTAMPING Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 06/13] net-timestamp: support SCM_TSTAMP_SCHED for bpf extension Jason Xing
2025-01-25 0:38 ` Martin KaFai Lau
2025-01-25 1:16 ` Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 07/13] net-timestamp: support sw SCM_TSTAMP_SND " Jason Xing
2025-01-25 0:40 ` Martin KaFai Lau
2025-01-25 1:17 ` Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 08/13] net-timestamp: support hw " Jason Xing
2025-01-25 0:46 ` Martin KaFai Lau
2025-01-25 1:18 ` Jason Xing
2025-01-25 1:29 ` Martin KaFai Lau
2025-01-25 1:35 ` Jason Xing
2025-01-25 2:36 ` Martin KaFai Lau
2025-01-25 2:59 ` Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 09/13] net-timestamp: support SCM_TSTAMP_ACK " Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 10/13] net-timestamp: make TCP tx timestamp bpf extension work Jason Xing
2025-01-21 1:28 ` [RFC PATCH net-next v6 11/13] net-timestamp: add a new callback in tcp_tx_timestamp() Jason Xing
2025-01-25 0:50 ` Martin KaFai Lau
2025-01-25 1:21 ` Jason Xing
2025-01-21 1:29 ` [RFC PATCH net-next v6 12/13] net-timestamp: introduce cgroup lock to avoid affecting non-bpf cases Jason Xing
2025-01-25 1:09 ` Martin KaFai Lau
2025-01-25 1:25 ` Jason Xing
2025-01-21 1:29 ` [RFC PATCH net-next v6 13/13] bpf: add simple bpf tests in the tx path for so_timestamping feature Jason Xing
2025-01-25 3:07 ` Martin KaFai Lau
2025-01-25 3:42 ` Jason Xing
2025-01-27 23:49 ` Martin KaFai Lau
2025-01-28 0:19 ` Jason Xing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d523822-4282-442a-b816-e674ba0814ff@linux.dev \
--to=martin.lau@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kerneljasonxing@gmail.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=willemb@google.com \
--cc=willemdebruijn.kernel@gmail.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.