public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: "D. Wythe" <alibuda@linux.alibaba.com>
To: Simon Horman <horms@kernel.org>
Cc: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de,
	bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org, coreteam@netfilter.org,
	netfilter-devel@vger.kernel.org, davem@davemloft.net,
	edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
	ast@kernel.org
Subject: Re: [RFC nf-next v2 1/2] netfilter: bpf: support prog update
Date: Tue, 19 Dec 2023 20:50:06 +0800	[thread overview]
Message-ID: <2fd4fb88-8aaa-b22d-d048-776a6c19d9a6@linux.alibaba.com> (raw)
In-Reply-To: <20231218190640.GJ6288@kernel.org>



On 12/19/23 3:06 AM, Simon Horman wrote:
> On Mon, Dec 18, 2023 at 12:18:20PM +0800, D. Wythe wrote:
>> From: "D. Wythe" <alibuda@linux.alibaba.com>
>>
>> To support the prog update, we need to ensure that the prog seen
>> within the hook is always valid. Considering that hooks are always
>> protected by rcu_read_lock(), which provide us the ability to
>> access the prog under rcu.
>>
>> Signed-off-by: D. Wythe <alibuda@linux.alibaba.com>
> ...
>
>> @@ -26,8 +17,20 @@ struct bpf_nf_link {
>>   	struct net *net;
>>   	u32 dead;
>>   	const struct nf_defrag_hook *defrag_hook;
>> +	struct rcu_head head;
>>   };
>>   
>> +static unsigned int nf_hook_run_bpf(void *bpf_link, struct sk_buff *skb,
>> +				    const struct nf_hook_state *s)
>> +{
>> +	const struct bpf_nf_link *nf_link = bpf_link;
>> +	struct bpf_nf_ctx ctx = {
>> +		.state = s,
>> +		.skb = skb,
>> +	};
>> +	return bpf_prog_run(rcu_dereference(nf_link->link.prog), &ctx);
> Hi,
>
> AFAICT nf_link->link.prog isn't annotated as __rcu,
> so perhaps rcu_dereference() is not correct here?
>
> In any case, sparse seems a bit unhappy:
>
>    .../nf_bpf_link.c:31:29: error: incompatible types in comparison expression (different address spaces):
>    .../nf_bpf_link.c:31:29:    struct bpf_prog [noderef] __rcu *
>    .../nf_bpf_link.c:31:29:    struct bpf_prog *

Hi Simon,

thanks for the reporting.

Yes, I had anticipated that sparse would report an error. I tried to 
cast the type,
but it would compile an error likes that:


net/netfilter/nf_bpf_link.c: In function ‘nf_hook_run_bpf’:
./include/asm-generic/rwonce.h:44:70: error: lvalue required as unary 
‘&’ operand
    44 | #define __READ_ONCE(x) (*(const volatile 
__unqual_scalar_typeof(x) *)&(x))
| ^
./include/asm-generic/rwonce.h:50:2: note: in expansion of macro 
‘__READ_ONCE’
    50 |  __READ_ONCE(x);       \
       |  ^~~~~~~~~~~
./include/linux/rcupdate.h:436:43: note: in expansion of macro ‘READ_ONCE’
   436 |  typeof(*p) *local = (typeof(*p) *__force)READ_ONCE(p); \
       |                                           ^~~~~~~~~
./include/linux/rcupdate.h:584:2: note: in expansion of macro 
‘__rcu_dereference_check’
   584 |  __rcu_dereference_check((p), __UNIQUE_ID(rcu), \
       |  ^~~~~~~~~~~~~~~~~~~~~~~
./include/linux/rcupdate.h:656:28: note: in expansion of macro 
‘rcu_dereference_check’
   656 | #define rcu_dereference(p) rcu_dereference_check(p, 0)
       |                            ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nf_bpf_link.c:31:22: note: in expansion of macro 
‘rcu_dereference’
    31 |  return bpf_prog_run(rcu_dereference((const struct bpf_prog 
__rcu *)nf_link->link.prog), &ctx);
       |                      ^~~~~~~~~~~~~~~

So, I think we might need to go back to version 1.

@ Florian , what do you think ?

D. Wythe

>> +}
>> +
>>   #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) || IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
>>   static const struct nf_defrag_hook *
>>   get_proto_defrag_hook(struct bpf_nf_link *link,
> ...


  reply	other threads:[~2023-12-19 12:50 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-18  4:18 [RFC nf-next v2 0/2] netfilter: bpf: support prog update D. Wythe
2023-12-18  4:18 ` [RFC nf-next v2 1/2] " D. Wythe
2023-12-18 19:06   ` Simon Horman
2023-12-19 12:50     ` D. Wythe [this message]
2023-12-19 14:58       ` Florian Westphal
2023-12-20 12:40         ` D. Wythe
2023-12-18  4:18 ` [RFC nf-next v2 2/2] selftests/bpf: Add netfilter link prog update test D. Wythe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2fd4fb88-8aaa-b22d-d048-776a6c19d9a6@linux.alibaba.com \
    --to=alibuda@linux.alibaba.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=coreteam@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=fw@strlen.de \
    --cc=horms@kernel.org \
    --cc=kadlec@netfilter.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox