From: Vadim Fedorenko <vadim.fedorenko@linux.dev>
To: Jakub Kicinski <kuba@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>
Cc: Vadim Fedorenko <vadfed@meta.com>,
Mykola Lysenko <mykolal@fb.com>,
bpf@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH bpf-next 1/2] bpf: add skcipher API support to TC/XDP programs
Date: Fri, 27 Oct 2023 13:07:33 +0100 [thread overview]
Message-ID: <fc71a5f2-20e2-49f8-a954-581c877a0f09@linux.dev> (raw)
In-Reply-To: <20231026183509.471af050@kernel.org>
On 27/10/2023 02:35, Jakub Kicinski wrote:
> On Fri, 27 Oct 2023 00:29:29 +0100 Vadim Fedorenko wrote:
>>> Does anything prevent them from being used simultaneously
>>> by difference CPUs?
>>
>> The algorithm configuration and the key can be used by different CPUs
>> simultaneously
>
> Makes sense, got confused ctx vs req. You allocate req on the fly.
>
>>>> + case BPF_DYNPTR_TYPE_SKB:
>>>> + return skb_pointer_if_linear(ptr->data, ptr->offset, __bpf_dynptr_size(ptr));
>>>
>>> dynptr takes care of checking if skb can be written to?
>>
>> dynptr is used to take care of size checking, but this particular part is used
>> to provide plain buffer from skb. I'm really sure if we can (or should) encrypt
>> or decrypt in-place, so API now assumes that src and dst are different buffers.
>
> Not sure this answers my question. What I'm asking is basically whether
> for destination we need to call __bpf_dynptr_is_rdonly() or something
> already checks that.
ah, good point. I'm not sure how to make it better. the
__bpf_dynptr_data_ptr() code is based on bpf_dynptr_slice() which has
bpf_dynptr_slice_rdwr() variant. I don't think it's good idea to add
local rdwr variant. I can either add 2 parameter to force checking if
dynptr isn't read-only, or I can convert bpf_dynptr_slice* functions to
be wrappers over __bpf_dynptr_slice and reuse it in this code.
next prev parent reply other threads:[~2023-10-27 12:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-26 1:59 [PATCH bpf-next 1/2] bpf: add skcipher API support to TC/XDP programs Vadim Fedorenko
2023-10-26 1:59 ` [PATCH bpf-next 2/2] selftests: bpf: crypto skcipher algo selftests Vadim Fedorenko
2023-10-26 14:02 ` Daniel Borkmann
2023-10-26 18:20 ` Vadim Fedorenko
2023-10-26 21:47 ` [PATCH bpf-next 1/2] bpf: add skcipher API support to TC/XDP programs Jakub Kicinski
2023-10-26 23:29 ` Vadim Fedorenko
2023-10-27 1:35 ` Jakub Kicinski
2023-10-27 12:07 ` Vadim Fedorenko [this message]
2023-10-27 17:02 ` Vadim Fedorenko
2023-10-26 22:53 ` Alexei Starovoitov
2023-10-26 23:38 ` Vadim Fedorenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fc71a5f2-20e2-49f8-a954-581c877a0f09@linux.dev \
--to=vadim.fedorenko@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=kuba@kernel.org \
--cc=martin.lau@linux.dev \
--cc=mykolal@fb.com \
--cc=netdev@vger.kernel.org \
--cc=vadfed@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.