From: Eduard Zingerman <eddyz87@gmail.com>
To: "Teichmann, Martin" <martin.teichmann@xfel.eu>
Cc: bpf@vger.kernel.org, ast@kernel.org, andrii@kernel.org
Subject: Re: [PATCH bpf] bpf: tail calls do not modify packet data
Date: Mon, 03 Nov 2025 09:34:29 -0800 [thread overview]
Message-ID: <c6fdb21818f04bad1235aa1987db0b53aed070ee.camel@gmail.com> (raw)
In-Reply-To: <1564653446.19948617.1762160169008.JavaMail.zimbra@xfel.eu>
On Mon, 2025-11-03 at 09:56 +0100, Teichmann, Martin wrote:
> Dear Eduard,
>
> thanks for the review!
>
> > I don't think this is safe to do, consider the following example:
> >
> > main:
> > p = pkt
> > foo()
> > use p
> >
> > foo: // assume that 'foo' is a static function (local subprogram)
> > if (something) do tail call
> > don't modify packet data
>
> You are absolutely right, this would not work. This should actually
> be covered by tests... I'll write a test. I also already have an
> idea how to fix also this problem, and will come back to you once
> I'm done.
>
> > Alexei vaguely remembers discussion about using decl_tag's to mark
> > maps containing programs that don't modify packet pointers.
>
> I am actually against that, I think this would be the wrong way to
> go. In my use case, I have written a dispatcher for packets that
> tail call other programs depending on the content of the packet
> processed. These programs do change during runtime.
>
> Until now I had no restrictions on those programs, they could modify
> the packet or not, as they wished, as the code does not return at
> all anyways. Tagging the programs would only limit their usefulness,
> without giving any benefits.
The idea behind annotation was that map without annotation would only
allow programs that do not modify packet data as values, while map
with annotation would allow programs that do modify and those that
don't. So, for your use-case it would be sufficient to add annotations
to the map.
But really, I don't see that many options on the table:
a. Be conservative and assume that every tail call modifies packed data.
b. Use map annotations as described above.
c. Assume that the map is pre-filled before main program verification
and infer the "allows packet modifying programs" property from
programs already there, after which seal the property.
What do you suggest?
next prev parent reply other threads:[~2025-11-03 17:34 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-29 10:58 [PATCH bpf] bpf: tail calls do not modify packet data Martin Teichmann
2025-10-31 19:24 ` Eduard Zingerman
2025-11-03 8:56 ` Teichmann, Martin
2025-11-03 17:34 ` Eduard Zingerman [this message]
2025-11-04 12:54 ` Teichmann, Martin
2025-11-04 13:30 ` [PATCH v2 bpf] bpf: properly verify tail call behavior Martin Teichmann
2025-11-04 13:58 ` bot+bpf-ci
2025-11-04 18:05 ` Alexei Starovoitov
2025-11-04 22:30 ` Eduard Zingerman
2025-11-05 17:40 ` [PATCH v3 bpf-next 0/2] " Martin Teichmann
2025-11-05 19:08 ` Eduard Zingerman
2025-11-06 10:52 ` [PATCH v4 " Martin Teichmann
2025-11-06 10:52 ` [PATCH v4 bpf-next 1/2] " Martin Teichmann
2025-11-06 10:52 ` [PATCH v4 bpf-next 2/2] bpf: test the proper verification of tail calls Martin Teichmann
2025-11-06 19:50 ` Eduard Zingerman
2025-11-10 15:18 ` [PATCH v4 bpf-next 0/2] bpf: properly verify tail call behavior Martin Teichmann
2025-11-10 15:18 ` [PATCH v4 bpf-next 1/2] " Martin Teichmann
2025-11-10 20:28 ` Eduard Zingerman
2025-11-10 23:39 ` Eduard Zingerman
2025-11-13 11:46 ` Teichmann, Martin
2025-11-13 16:09 ` Alexei Starovoitov
2025-11-18 13:39 ` [PATCH v5 bpf-next 0/4] " Martin Teichmann
2025-11-18 13:39 ` [PATCH v5 bpf-next 1/4] " Martin Teichmann
2025-11-18 19:34 ` Eduard Zingerman
2025-11-19 16:03 ` [PATCH v6 bpf-next 0/4] " Martin Teichmann
2025-11-19 16:03 ` [PATCH v6 bpf-next 1/4] " Martin Teichmann
2025-11-22 2:00 ` patchwork-bot+netdevbpf
2025-11-19 16:03 ` [PATCH v6 bpf-next 2/4] bpf: test the proper verification of tail calls Martin Teichmann
2025-11-19 16:03 ` [PATCH v6 bpf-next 3/4] bpf: correct stack liveness for " Martin Teichmann
2025-11-19 16:33 ` bot+bpf-ci
2025-12-12 2:06 ` Chris Mason
2025-11-19 16:03 ` [PATCH v6 bpf-next 4/4] bpf: test the correct stack liveness of " Martin Teichmann
2025-11-18 13:39 ` [PATCH v5 bpf-next 2/4] bpf: test the proper verification " Martin Teichmann
2025-11-18 22:47 ` Eduard Zingerman
2025-11-18 13:39 ` [PATCH v5 bpf-next 3/4] bpf: correct stack liveness for " Martin Teichmann
2025-11-18 22:54 ` Eduard Zingerman
2025-11-18 13:39 ` [PATCH v5 bpf-next 4/4] bpf: test the correct stack liveness of " Martin Teichmann
2025-11-18 22:55 ` Eduard Zingerman
2025-11-19 0:13 ` Alexei Starovoitov
2025-11-10 15:18 ` [PATCH v4 bpf-next 2/2] bpf: test the proper verification " Martin Teichmann
2025-11-10 20:32 ` Eduard Zingerman
2025-11-05 17:40 ` [PATCH v3 bpf-next 1/2] bpf: properly verify tail call behavior Martin Teichmann
2025-11-05 17:40 ` [PATCH v3 bpf-next 2/2] bpf: test the proper verification of tail calls Martin Teichmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c6fdb21818f04bad1235aa1987db0b53aed070ee.camel@gmail.com \
--to=eddyz87@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=martin.teichmann@xfel.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox