Re: [PATCH bpf-next v4 2/8] bpf: Enable read/write access to skb metadata through a dynptr

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Martin KaFai Lau <martin.lau@linux.dev>
To: Jakub Sitnicki <jakub@cloudflare.com>
Cc: "Alexei Starovoitov" <ast@kernel.org>,
	"Andrii Nakryiko" <andrii@kernel.org>,
	"Arthur Fabre" <arthur@arthurfabre.com>,
	"Daniel Borkmann" <daniel@iogearbox.net>,
	"Eduard Zingerman" <eddyz87@gmail.com>,
	"Eric Dumazet" <edumazet@google.com>,
	"Jakub Kicinski" <kuba@kernel.org>,
	"Jesper Dangaard Brouer" <hawk@kernel.org>,
	"Jesse Brandeburg" <jbrandeburg@cloudflare.com>,
	"Joanne Koong" <joannelkoong@gmail.com>,
	"Lorenzo Bianconi" <lorenzo@kernel.org>,
	"Toke Høiland-Jørgensen" <thoiland@redhat.com>,
	"Yan Zhai" <yan@cloudflare.com>,
	kernel-team@cloudflare.com, netdev@vger.kernel.org,
	bpf@vger.kernel.org, "Stanislav Fomichev" <sdf@fomichev.me>
Subject: Re: [PATCH bpf-next v4 2/8] bpf: Enable read/write access to skb metadata through a dynptr
Date: Wed, 23 Jul 2025 17:02:11 -0700	[thread overview]
Message-ID: <ae17edd2-22af-4f0f-b130-bf2790bfd774@linux.dev> (raw)
In-Reply-To: <20250723-skb-metadata-thru-dynptr-v4-2-a0fed48bcd37@cloudflare.com>

On 7/23/25 10:36 AM, Jakub Sitnicki wrote:
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index 9552b32208c5..237fb5f9d625 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -1781,7 +1781,7 @@ static int __bpf_dynptr_read(void *dst, u32 len, const struct bpf_dynptr_kern *s
>   	case BPF_DYNPTR_TYPE_XDP:
>   		return __bpf_xdp_load_bytes(src->data, src->offset + offset, dst, len);
>   	case BPF_DYNPTR_TYPE_SKB_META:
> -		return -EOPNOTSUPP; /* not implemented */
> +		return bpf_skb_meta_load_bytes(src->data, src->offset + offset, dst, len);
>   	default:
>   		WARN_ONCE(true, "bpf_dynptr_read: unknown dynptr type %d\n", type);
>   		return -EFAULT;
> @@ -1839,7 +1839,7 @@ int __bpf_dynptr_write(const struct bpf_dynptr_kern *dst, u32 offset, void *src,
>   			return -EINVAL;
>   		return __bpf_xdp_store_bytes(dst->data, dst->offset + offset, src, len);
>   	case BPF_DYNPTR_TYPE_SKB_META:
> -		return -EOPNOTSUPP; /* not implemented */

It needs to check the flags here such that the flags can be used in the future:

		if (flags)
			return -EINVAL;

pw-bot: cr

> +		return bpf_skb_meta_store_bytes(dst->data, dst->offset + offset, src, len);
>   	default:
>   		WARN_ONCE(true, "bpf_dynptr_write: unknown dynptr type %d\n", type);
>   		return -EFAULT;
> @@ -2716,7 +2716,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr *p, u32 offset,
>   		return buffer__opt;
>   	}
>   	case BPF_DYNPTR_TYPE_SKB_META:
> -		return NULL; /* not implemented */
> +		return bpf_skb_meta_pointer(ptr->data, ptr->offset + offset, len);
>   	default:
>   		WARN_ONCE(true, "unknown dynptr type %d\n", type);
>   		return NULL;
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 0755dfc0fc2f..cf095897d4c1 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -11978,6 +11978,45 @@ bpf_sk_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
>   	return func;
>   }
>   
> +static void *skb_metadata_pointer(const struct sk_buff *skb, u32 off, u32 len)
> +{
> +	u32 meta_len = skb_metadata_len(skb);
> +
> +	if (len > meta_len || off > meta_len - len)

A nit.

After reading it again, I think this is a duplicated check. The 
bpf_dynptr_check_off_len() called in the kfunc should have already checked the 
same condition.

> +		return ERR_PTR(-E2BIG); /* out of bounds */
> +
> +	return skb_metadata_end(skb) - meta_len + off;
> +}
> +
> +int bpf_skb_meta_load_bytes(const struct sk_buff *src, u32 off, void *dst, u32 len)

Since it needs a respin, I have a few nit comments that will be useful for 
reading filter.c.

Change the "const struct sk_buff *src" to "const struct sk_buff *skb". It is how 
other places are naming the arg in filter.c.

> +{
> +	const void *p = skb_metadata_pointer(src, off, len);

Not sure if this variable is still needed if skb_metadata_pointer does not 
return err ptr.

If it is still needed, use "const void *ptr" instead of "const void *p". The 
bpf_xdp_pointer and skb_header_pointer callers in filter.c also use that naming.

> +
> +	if (IS_ERR(p))
> +		return PTR_ERR(p);
> +
> +	memmove(dst, p, len);
> +	return 0;
> +}
> +
> +int bpf_skb_meta_store_bytes(struct sk_buff *dst, u32 off, const void *src, u32 len)
> +{
> +	void *p = skb_metadata_pointer(dst, off, len);

Same for the "struct sk_buff *dst" and "void *p" in this function.

> +
> +	if (IS_ERR(p))
> +		return PTR_ERR(p);
> +
> +	memmove(p, src, len);
> +	return 0;
> +}

next prev parent reply	other threads:[~2025-07-24  0:02 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-23 17:36 [PATCH bpf-next v4 0/8] Add a dynptr type for skb metadata for TC BPF Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 1/8] bpf: Add dynptr type for skb metadata Jakub Sitnicki
2025-07-24  1:54   ` Martin KaFai Lau
2025-07-24 11:56     ` Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 2/8] bpf: Enable read/write access to skb metadata through a dynptr Jakub Sitnicki
2025-07-23 21:58   ` Eduard Zingerman
2025-07-24  0:02   ` Martin KaFai Lau [this message]
2025-07-24  9:44     ` Jakub Sitnicki
2025-07-24  0:30   ` Jakub Kicinski
2025-07-24 11:53     ` Jakub Sitnicki
2025-07-24 15:52       ` Martin KaFai Lau
2025-07-24 19:43         ` Jakub Sitnicki
2025-07-25  9:43       ` Jakub Sitnicki
2025-07-25 14:34         ` Jakub Kicinski
2025-07-23 17:36 ` [PATCH bpf-next v4 3/8] selftests/bpf: Cover verifier checks for skb_meta dynptr type Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 4/8] selftests/bpf: Pass just bpf_map to xdp_context_test helper Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 5/8] selftests/bpf: Parametrize test_xdp_context_tuntap Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 6/8] selftests/bpf: Cover read access to skb metadata via dynptr Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 7/8] selftests/bpf: Cover write " Jakub Sitnicki
2025-07-23 17:36 ` [PATCH bpf-next v4 8/8] selftests/bpf: Cover read/write to skb metadata at an offset Jakub Sitnicki
2025-07-23 22:02   ` Eduard Zingerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ae17edd2-22af-4f0f-b130-bf2790bfd774@linux.dev \
    --to=martin.lau@linux.dev \
    --cc=andrii@kernel.org \
    --cc=arthur@arthurfabre.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=edumazet@google.com \
    --cc=hawk@kernel.org \
    --cc=jakub@cloudflare.com \
    --cc=jbrandeburg@cloudflare.com \
    --cc=joannelkoong@gmail.com \
    --cc=kernel-team@cloudflare.com \
    --cc=kuba@kernel.org \
    --cc=lorenzo@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=sdf@fomichev.me \
    --cc=thoiland@redhat.com \
    --cc=yan@cloudflare.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.