From: Jakub Sitnicki <jakub@cloudflare.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: bpf@vger.kernel.org, "Alexei Starovoitov" <ast@kernel.org>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Arthur Fabre" <arthur@arthurfabre.com>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Eduard Zingerman" <eddyz87@gmail.com>,
"Eric Dumazet" <edumazet@google.com>,
"Jesper Dangaard Brouer" <hawk@kernel.org>,
"Jesse Brandeburg" <jbrandeburg@cloudflare.com>,
"Joanne Koong" <joannelkoong@gmail.com>,
"Lorenzo Bianconi" <lorenzo@kernel.org>,
"Martin KaFai Lau" <martin.lau@linux.dev>,
"Toke Høiland-Jørgensen" <thoiland@redhat.com>,
"Yan Zhai" <yan@cloudflare.com>,
kernel-team@cloudflare.com, netdev@vger.kernel.org,
"Stanislav Fomichev" <sdf@fomichev.me>
Subject: Re: [PATCH bpf-next v4 2/8] bpf: Enable read/write access to skb metadata through a dynptr
Date: Thu, 24 Jul 2025 13:53:40 +0200 [thread overview]
Message-ID: <87tt31x0sb.fsf@cloudflare.com> (raw)
In-Reply-To: <20250723173038.45cbaf01@kernel.org> (Jakub Kicinski's message of "Wed, 23 Jul 2025 17:30:38 -0700")
On Wed, Jul 23, 2025 at 05:30 PM -07, Jakub Kicinski wrote:
> On Wed, 23 Jul 2025 19:36:47 +0200 Jakub Sitnicki wrote:
>> Now that we can create a dynptr to skb metadata, make reads to the metadata
>> area possible with bpf_dynptr_read() or through a bpf_dynptr_slice(), and
>> make writes to the metadata area possible with bpf_dynptr_write() or
>> through a bpf_dynptr_slice_rdwr().
>
> What are the expectations around the writes? Presumably we could have
> two programs writing into the same metadata if the SKB is a clone, no?
In this series we maintain the status quo. Access metadata dynptr is
limited to TC BPF hook only, so we provide the same guarntees as the
existing __sk_buff->data_meta.
Current situation, as I understand it, is that while packet taps are not
an issue, you could probably do naughty things with 'tc action mirred'
and end up with concurrent writes.
Taking about the next step, once skb metadata is preserved past the TC
hook - here my impression from Netdev was that the least suprising thing
to do will be to copy-on-clone or copy-on-write (if we can pull it off).
next prev parent reply other threads:[~2025-07-24 11:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-23 17:36 [PATCH bpf-next v4 0/8] Add a dynptr type for skb metadata for TC BPF Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 1/8] bpf: Add dynptr type for skb metadata Jakub Sitnicki
2025-07-24 1:54 ` Martin KaFai Lau
2025-07-24 11:56 ` Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 2/8] bpf: Enable read/write access to skb metadata through a dynptr Jakub Sitnicki
2025-07-23 21:58 ` Eduard Zingerman
2025-07-24 0:02 ` Martin KaFai Lau
2025-07-24 9:44 ` Jakub Sitnicki
2025-07-24 0:30 ` Jakub Kicinski
2025-07-24 11:53 ` Jakub Sitnicki [this message]
2025-07-24 15:52 ` Martin KaFai Lau
2025-07-24 19:43 ` Jakub Sitnicki
2025-07-25 9:43 ` Jakub Sitnicki
2025-07-25 14:34 ` Jakub Kicinski
2025-07-23 17:36 ` [PATCH bpf-next v4 3/8] selftests/bpf: Cover verifier checks for skb_meta dynptr type Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 4/8] selftests/bpf: Pass just bpf_map to xdp_context_test helper Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 5/8] selftests/bpf: Parametrize test_xdp_context_tuntap Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 6/8] selftests/bpf: Cover read access to skb metadata via dynptr Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 7/8] selftests/bpf: Cover write " Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 8/8] selftests/bpf: Cover read/write to skb metadata at an offset Jakub Sitnicki
2025-07-23 22:02 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tt31x0sb.fsf@cloudflare.com \
--to=jakub@cloudflare.com \
--cc=andrii@kernel.org \
--cc=arthur@arthurfabre.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=hawk@kernel.org \
--cc=jbrandeburg@cloudflare.com \
--cc=joannelkoong@gmail.com \
--cc=kernel-team@cloudflare.com \
--cc=kuba@kernel.org \
--cc=lorenzo@kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=sdf@fomichev.me \
--cc=thoiland@redhat.com \
--cc=yan@cloudflare.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.