[PATCH bpf-next v3 04/10] bpf: Enable read-write access to skb metadata with dynptr slice

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jakub Sitnicki <jakub@cloudflare.com>
To: bpf@vger.kernel.org
Cc: "Alexei Starovoitov" <ast@kernel.org>,
	"Andrii Nakryiko" <andrii@kernel.org>,
	"Arthur Fabre" <arthur@arthurfabre.com>,
	"Daniel Borkmann" <daniel@iogearbox.net>,
	"Eric Dumazet" <edumazet@google.com>,
	"Jakub Kicinski" <kuba@kernel.org>,
	"Jesper Dangaard Brouer" <hawk@kernel.org>,
	"Jesse Brandeburg" <jbrandeburg@cloudflare.com>,
	"Joanne Koong" <joannelkoong@gmail.com>,
	"Lorenzo Bianconi" <lorenzo@kernel.org>,
	"Martin KaFai Lau" <martin.lau@linux.dev>,
	"Toke Høiland-Jørgensen" <thoiland@redhat.com>,
	"Yan Zhai" <yan@cloudflare.com>,
	kernel-team@cloudflare.com, netdev@vger.kernel.org,
	"Jakub Sitnicki" <jakub@cloudflare.com>,
	"Stanislav Fomichev" <sdf@fomichev.me>
Subject: [PATCH bpf-next v3 04/10] bpf: Enable read-write access to skb metadata with dynptr slice
Date: Mon, 21 Jul 2025 12:52:42 +0200	[thread overview]
Message-ID: <20250721-skb-metadata-thru-dynptr-v3-4-e92be5534174@cloudflare.com> (raw)
In-Reply-To: <20250721-skb-metadata-thru-dynptr-v3-0-e92be5534174@cloudflare.com>

Make it possible to read from or write to skb metadata area using the
dynptr slices creates with bpf_dynptr_slice() or bpf_dynptr_slice_rdwr().

This prepares ground for access to skb metadata from all BPF hooks
which operate on __sk_buff context.

Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
---
 include/linux/filter.h |  6 ++++++
 kernel/bpf/helpers.c   |  2 +-
 net/core/filter.c      | 10 ++++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/linux/filter.h b/include/linux/filter.h
index 7709e30ce2bb..a28c3a1593c9 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -1776,6 +1776,7 @@ int bpf_skb_meta_load_bytes(const struct sk_buff *src, u32 offset,
 			    void *dst, u32 len);
 int bpf_skb_meta_store_bytes(struct sk_buff *dst, u32 offset,
 			     const void *src, u32 len);
+void *bpf_skb_meta_pointer(struct sk_buff *skb, u32 offset, u32 len);
 #else /* CONFIG_NET */
 static inline int __bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset,
 				       void *to, u32 len)
@@ -1822,6 +1823,11 @@ static inline int bpf_skb_meta_store_bytes(struct sk_buff *dst, u32 offset,
 {
 	return -EOPNOTSUPP;
 }
+
+static inline void *bpf_skb_meta_pointer(struct sk_buff *skb, u32 offset, u32 len)
+{
+	return NULL;
+}
 #endif /* CONFIG_NET */
 
 #endif /* __LINUX_FILTER_H__ */
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index ee057051db94..237fb5f9d625 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -2716,7 +2716,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr *p, u32 offset,
 		return buffer__opt;
 	}
 	case BPF_DYNPTR_TYPE_SKB_META:
-		return NULL; /* not implemented */
+		return bpf_skb_meta_pointer(ptr->data, ptr->offset + offset, len);
 	default:
 		WARN_ONCE(true, "unknown dynptr type %d\n", type);
 		return NULL;
diff --git a/net/core/filter.c b/net/core/filter.c
index 3cbadee77492..6d9a462a0042 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -12002,6 +12002,16 @@ int bpf_skb_meta_store_bytes(struct sk_buff *dst, u32 offset,
 	return 0;
 }
 
+void *bpf_skb_meta_pointer(struct sk_buff *skb, u32 offset, u32 len)
+{
+	u32 meta_len = skb_metadata_len(skb);
+
+	if (len > meta_len || offset > meta_len - len)
+		return NULL; /* out of bounds */
+
+	return skb_metadata_end(skb) - meta_len + offset;
+}
+
 static int dynptr_from_skb_meta(struct __sk_buff *skb_, u64 flags,
 				struct bpf_dynptr *ptr_, bool rdonly)
 {

-- 
2.43.0

next prev parent reply	other threads:[~2025-07-21 10:53 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-21 10:52 [PATCH bpf-next v3 00/10] Add a dynptr type for skb metadata for TC BPF Jakub Sitnicki
2025-07-21 10:52 ` [PATCH bpf-next v3 01/10] bpf: Add dynptr type for skb metadata Jakub Sitnicki
2025-07-22 18:46   ` Eduard Zingerman
2025-07-22 19:10     ` Eduard Zingerman
2025-07-23  0:37   ` Martin KaFai Lau
2025-07-23  9:02     ` Jakub Sitnicki
2025-07-21 10:52 ` [PATCH bpf-next v3 02/10] bpf: Enable read access to skb metadata with bpf_dynptr_read Jakub Sitnicki
2025-07-22 18:49   ` Eduard Zingerman
2025-07-23 16:50     ` Jakub Sitnicki
2025-07-21 10:52 ` [PATCH bpf-next v3 03/10] bpf: Enable write access to skb metadata with bpf_dynptr_write Jakub Sitnicki
2025-07-21 10:52 ` Jakub Sitnicki [this message]
2025-07-21 10:52 ` [PATCH bpf-next v3 05/10] selftests/bpf: Cover verifier checks for skb_meta dynptr type Jakub Sitnicki
2025-07-22 19:22   ` Eduard Zingerman
2025-07-21 10:52 ` [PATCH bpf-next v3 06/10] selftests/bpf: Pass just bpf_map to xdp_context_test helper Jakub Sitnicki
2025-07-22 20:24   ` Eduard Zingerman
2025-07-21 10:52 ` [PATCH bpf-next v3 07/10] selftests/bpf: Parametrize test_xdp_context_tuntap Jakub Sitnicki
2025-07-22 20:24   ` Eduard Zingerman
2025-07-21 10:52 ` [PATCH bpf-next v3 08/10] selftests/bpf: Cover read access to skb metadata via dynptr Jakub Sitnicki
2025-07-22 20:24   ` Eduard Zingerman
2025-07-21 10:52 ` [PATCH bpf-next v3 09/10] selftests/bpf: Cover write " Jakub Sitnicki
2025-07-22 20:25   ` Eduard Zingerman
2025-07-21 10:52 ` [PATCH bpf-next v3 10/10] selftests/bpf: Cover read/write to skb metadata at an offset Jakub Sitnicki
2025-07-22 20:26   ` Eduard Zingerman
2025-07-22 20:30   ` Eduard Zingerman
2025-07-23  9:09     ` Jakub Sitnicki

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7709e30ce2b dfblob:a28c3a1593c dfblob:ee057051db9
dfblob:237fb5f9d62 dfblob:3cbadee7749 dfblob:6d9a462a004 )
 OR (
bs:"[PATCH bpf-next v3 04/10] bpf: Enable read-write access to skb metadata with dynptr slice" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250721-skb-metadata-thru-dynptr-v3-4-e92be5534174@cloudflare.com \
    --to=jakub@cloudflare.com \
    --cc=andrii@kernel.org \
    --cc=arthur@arthurfabre.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=edumazet@google.com \
    --cc=hawk@kernel.org \
    --cc=jbrandeburg@cloudflare.com \
    --cc=joannelkoong@gmail.com \
    --cc=kernel-team@cloudflare.com \
    --cc=kuba@kernel.org \
    --cc=lorenzo@kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=netdev@vger.kernel.org \
    --cc=sdf@fomichev.me \
    --cc=thoiland@redhat.com \
    --cc=yan@cloudflare.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).