From: Johannes Berg <johannes@sipsolutions.net>
To: David Miller <davem@davemloft.net>, alexei.starovoitov@gmail.com
Cc: netdev@vger.kernel.org, xdp-newbies@vger.kernel.org
Subject: Re: [PATCH v3 net-next RFC] Generic XDP
Date: Thu, 13 Apr 2017 21:22:21 +0200 [thread overview]
Message-ID: <1492111341.29526.5.camel@sipsolutions.net> (raw)
In-Reply-To: <20170413.113722.2174945057832588335.davem@davemloft.net> (sfid-20170413_173731_037765_D7037ED0)
On Thu, 2017-04-13 at 11:37 -0400, David Miller wrote:
> If the capability is variable, it must be communicated to the user
> somehow at program load time.
>
> We are consistently finding that there is this real need to
> communicate XDP capabilities, or somehow verify that the needs
> of an XDP program can be satisfied by a given implementation.
Technically, once you know the capability of the *driver*, the verifier
should be able to check if the *program* is compatible. So if the
driver can guarantee "you always get 2k accessible", the verifier can
check that you don't access more than xdb->data + 2047, similar to how
it verifies that you don't access beyond xdb->data_end.
> And eth_get_headlen() only pulls protocol headers, which precludes
> XDP inspecting anything below TCP/UDP/etc. This is also not
> reasonable.
>
> Right now, as it stands, we have to assume the program can
> potentially be interested in the entire packet.
I agree with this though, it's not reasonable to have wildly varying
implementations here that may or may not be able to access almost
anything. The totally degenerate case would be having no skb header at
all, which is also still entirely valid from the network stack's POV.
> We can only optimize this and elide things when we have a facility in
> the future for the program to express it's needs precisely. I think
> we will have to add some control structure to XDP programs that can
> be filled in for this purpose.
Like I said above, I think this is something that you can possibly
determine in the verifier.
So if, for example, the verifier notices that the program never
accesses anything but the first few bytes, then it would seem valid to
run with only that much pulled into the skb header.
OTOH, it might depend on the frame data itself, if the program does
something like
xdp->data[xdp->data[0] & 0xf]
(read or write, doesn't really matter) so then the verifier would have
to take the maximum possible value there into account.
johannes
next prev parent reply other threads:[~2017-04-13 19:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-12 18:54 [PATCH v3 net-next RFC] Generic XDP David Miller
2017-04-12 19:54 ` David Ahern
2017-04-13 2:08 ` David Miller
2017-04-13 2:16 ` David Ahern
2017-04-12 21:30 ` Stephen Hemminger
2017-04-12 21:49 ` Eric Dumazet
2017-04-13 1:55 ` David Miller
2017-04-13 1:54 ` David Miller
2017-04-13 4:20 ` Alexei Starovoitov
2017-04-13 6:10 ` Johannes Berg
2017-04-13 15:38 ` David Miller
2017-04-14 19:41 ` Alexei Starovoitov
2017-04-18 9:47 ` Johannes Berg
2017-04-18 23:09 ` Alexei Starovoitov
2017-04-13 15:37 ` David Miller
2017-04-13 19:22 ` Johannes Berg [this message]
2017-04-13 20:01 ` David Miller
2017-04-14 8:07 ` Johannes Berg
2017-04-14 19:09 ` Alexei Starovoitov
2017-04-14 9:05 ` Jesper Dangaard Brouer
2017-04-14 19:28 ` Alexei Starovoitov
2017-04-14 22:18 ` Daniel Borkmann
2017-04-14 22:30 ` Jakub Kicinski
2017-04-15 0:46 ` Alexei Starovoitov
2017-04-15 1:47 ` Jakub Kicinski
2017-04-16 20:26 ` Jesper Dangaard Brouer
2017-04-17 19:49 ` David Miller
2017-04-17 23:04 ` Alexei Starovoitov
2017-04-17 23:33 ` Daniel Borkmann
2017-04-18 18:46 ` David Miller
2017-04-18 23:05 ` Alexei Starovoitov
2017-04-13 6:48 ` Michael Chan
2017-04-13 15:38 ` David Miller
2017-04-13 15:57 ` Daniel Borkmann
2017-04-13 16:04 ` David Miller
2017-04-13 17:13 ` aa5c2fd79f: net/core/dev.c:#suspicious_rcu_dereference_check()usage kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1492111341.29526.5.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=alexei.starovoitov@gmail.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=xdp-newbies@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).