From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E37DB289E06 for ; Wed, 5 Nov 2025 20:19:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.42 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762373994; cv=none; b=AYhczGG8lpCtZxon8FPXFUe1e7KpFz5agsgkwf1GwiW8VMwjNq3nUTl8Vufep79ohxytOVpq3iDnqPMcDL9za/VfDd5bwaIw2l01vYJ5PJDybpDA4B73UKJzuL0b2WdJZD1zurg5KMQLq4EJxzXdyc1agU/0WkJ6eb5/jJ/iLv0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762373994; c=relaxed/simple; bh=oqLL1DtugD8nAtrKqXz62QpNO9cX3g0hubMgfsXD0SU=; h=From:Subject:Date:Message-Id:MIME-Version:Content-Type:To:Cc; b=guLLOM1w8pkKPJmw8oUWB+rwT4p7z5PwMboDpYbqGgtOrdtYVCkWDkEKH4EE+gsc8i61LGMO1agcIKzjRnsblQ5xma2Y9Q+ZOUZXda/TMEpMD7GKher1uybbY8y51Y0NGSjWI+Wua0NJtWAWhxzEeMlpppfwjrVZSMJVDXXmGJo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com; spf=pass smtp.mailfrom=cloudflare.com; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b=HK/uDy85; arc=none smtp.client-ip=209.85.218.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cloudflare.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="HK/uDy85" Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-afcb7ae6ed0so40781866b.3 for ; Wed, 05 Nov 2025 12:19:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1762373990; x=1762978790; darn=vger.kernel.org; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:from:to:cc:subject:date:message-id:reply-to; bh=uFgaH8SLJr+B2SQBY1Ucx/AZqiD6CEjxSo2nJurHPNE=; b=HK/uDy85B+APlWzGy4UdYzEZ04KhPbmr+7IcS1pvx4pINPavzo/w2BKk4YXFxa0+kd e0aoPCyNvip72DPs6p9HM3k3khFf6WzVRJCzCtkatplhMgLDptu6dYE/hQQssS+5NEB4 jYWNlsPV7LaxumwDVlSDwDqk8TO8KaOfjbq2IqaWNPSSiDXFQpo3PkR7JBYhatW1KO/J ZBzETLSAyDDQNDmpCGwFQqlkkzRoB3oq1vA2y2b6MovTKIaatd8ZDAfJXxs7TQ4unBG2 dja+W7oM3BqGcYOB6ydQanOlOYzw2k+wt8BArKEiVjKs6lIESTkoSeptIS2EiN3tiNO9 gl3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762373990; x=1762978790; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uFgaH8SLJr+B2SQBY1Ucx/AZqiD6CEjxSo2nJurHPNE=; b=raMtm+oDJ/N1RtS9grb84vw6bfAhu+2Aa7/DiULSD5PhlxdugioONa/nocEnSLwU2j b+eB7SDEAj2lBXhN8m49JPcGA+GhDeX2mNkKrNUyl0EVWbRY+/h51NOjzNp4hy++P/Ap uvgV1fwXA8eNNN19D6iz0v/0/a8ew565ahBvDiuXqy8gfUvno/aIvcXfFdCh5flOMDN8 UbrRnGCFm7+xDJc6Xtcj3uNdr7AZ/W8fBpLtL2wX7a3Smgc/LLyMdk+lMSrIjof1oi8D WPHp1QcjDtwKeKuB3wc4KGmk+j0WiAZSfh6LxTmr2XHDnNNajnlznzul185OVxOZj0GA MCoA== X-Forwarded-Encrypted: i=1; AJvYcCVs1F3lSjtsv/gH2DEbHQACObjPxE5qJAPgeamvBE+DShSOpq7AnREyH26a+fDGQhPfJJEbVtc=@vger.kernel.org X-Gm-Message-State: AOJu0Yzh7qCiYUUp/vf2j2HjenGxC5CcQ6uD6uz4BDlskoKcFeQ1oOmo 6PdsoArHTB67aJu/DuZNAUn30o9WYX1SGrBNwgIHQn/Krt+g4OSYzUN9EZ9/YFRvatk= X-Gm-Gg: ASbGncvePmjyulGvf03vNIVh6VliZ4Anewfi66eiQP7szllMmQvZ/pm5TF1YpBIXBaF qSwa9k4ggfoW4+ZlMVKrBCbOrWSMFNBLPSoSAl0i863iluTklH29PWN3/Rs2MbTVPQC2GIYT9jo 2e/5U+4xKyKF6uggGjmKf/j2wTA74jcpR4Ahgdp4yGUDm1WEP8SqUtNWPPgzm7a1y+xOYYkGAar uH/6iOK1n3WqbHv4nN5kAHDlNcCZf7eeSpun/0kTMoUPCm8Ve/cjcXybOFzFFbW3VqUDIcd2cnB n7yXZYNjtuv+rutATp1ed462bjUnAZBbDZLYJTd3u9a0Hzh39yq9BoGEiIdnHzjYMDDiCcrNNo/ e9Guj7PneSP1ikLVpjFEDOus0p4bWDRRUyzBEFhvWxPUWBjImNqQ177CXMYnbE2pQmN3lV5z9my lSn7qtbxR8Uw+AYh8qLTaWdBrMkrmXNsW2ob8XrwunAwxDeZ1dYjYOZRxN X-Google-Smtp-Source: AGHT+IGgKmw/nwJvQk629sp1HZOWYMtdWrcQL22UwZFNStAjV9bJUZ6ouvI3RYH2/GTnd5dORzWjnw== X-Received: by 2002:a17:907:7f2a:b0:b3f:f6d:1d90 with SMTP id a640c23a62f3a-b7265156577mr380008366b.11.1762373990096; Wed, 05 Nov 2025 12:19:50 -0800 (PST) Received: from cloudflare.com (79.184.211.13.ipv4.supernova.orange.pl. [79.184.211.13]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b7289334288sm46065466b.15.2025.11.05.12.19.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Nov 2025 12:19:49 -0800 (PST) From: Jakub Sitnicki Subject: [PATCH bpf-next v4 00/16] Make TC BPF helpers preserve skb metadata Date: Wed, 05 Nov 2025 21:19:37 +0100 Message-Id: <20251105-skb-meta-rx-path-v4-0-5ceb08a9b37b@cloudflare.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAFqxC2kC/23NzWrDMBAE4FcJOneLfmK7yinvEXLYlVa1aGIby TEOxu8e4UIpxMdhmG8WkTlFzuJ0WETiKebYdyUcPw7Ctdh9M0RfstBSV9JKA/mH4M4jQpphwLE F4kqSQdVgsKLMhsQhzht5ETQE6HgexbU0bcxjn57b16S2/pfV9p2dFEjw3EiJDZJydHa3/uHDD RN/uv6+iZP+U5RUe4ouSrBYfQXDVPt6VzH/FF3vKKYopnGOmchW3rwp67q+AMYjB81LAQAA X-Change-ID: 20250903-skb-meta-rx-path-be50b3a17af9 To: bpf@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Martin KaFai Lau , Daniel Borkmann , John Fastabend , Stanislav Fomichev , Alexei Starovoitov , Andrii Nakryiko , Eduard Zingerman , Song Liu , Yonghong Song , KP Singh , Hao Luo , Jiri Olsa , Arthur Fabre , Jesper Dangaard Brouer , netdev@vger.kernel.org, kernel-team@cloudflare.com X-Mailer: b4 0.15-dev-07fe9 Changes in v4: - Fix copy-paste bug in check_metadata() test helper (AI review) - Add "out of scope" section (at the bottom) - Link to v3: https://lore.kernel.org/r/20251026-skb-meta-rx-path-v3-0-37cceebb95d3@cloudflare.com Changes in v3: - Use the already existing BPF_STREAM_STDERR const in tests (Martin) - Unclone skb head on bpf_dynptr_write to skb metadata (patch 3) (Martin) - Swap order of patches 1 & 2 to refer to skb_postpush_data_move() in docs - Mention in skb_data_move() docs how to move just the metadata - Note in pskb_expand_head() docs to move metadata after skb_push() (Jakub) - Link to v2: https://lore.kernel.org/r/20251019-skb-meta-rx-path-v2-0-f9a58f3eb6d6@cloudflare.com Changes in v2: - Tweak WARN_ON_ONCE check in skb_data_move() (patch 2) - Convert all tests to verify skb metadata in BPF (patches 9-10) - Add test coverage for modified BPF helpers (patches 12-15) - Link to RFCv1: https://lore.kernel.org/r/20250929-skb-meta-rx-path-v1-0-de700a7ab1cb@cloudflare.com This patch set continues our work [1] to allow BPF programs and user-space applications to attach multiple bytes of metadata to packets via the XDP/skb metadata area. The focus of this patch set it to ensure that skb metadata remains intact when packets pass through a chain of TC BPF programs that call helpers which operate on skb head. Currently, several helpers that either adjust the skb->data pointer or reallocate skb->head do not preserve metadata at its expected location, that is immediately in front of the MAC header. These are: - bpf_skb_adjust_room - bpf_skb_change_head - bpf_skb_change_proto - bpf_skb_change_tail - bpf_skb_vlan_pop - bpf_skb_vlan_push In TC BPF context, metadata must be moved whenever skb->data changes to keep the skb->data_meta pointer valid. I don't see any way around it. Creative ideas how to avoid that would be very welcome. With that in mind, we can patch the helpers in at least two different ways: 1. Integrate metadata move into header move Replace the existing memmove, which follows skb_push/pull, with a helper that moves both headers and metadata in a single call. This avoids an extra memmove but reduces transparency. skb_pull(skb, len); - memmove(skb->data, skb->data - len, n); + skb_postpull_data_move(skb, len, n); skb->mac_header += len; skb_push(skb, len) - memmove(skb->data, skb->data + len, n); + skb_postpush_data_move(skb, len, n); skb->mac_header -= len; 2. Move metadata separately Add a dedicated metadata move after the header move. This is more explicit but costs an additional memmove. skb_pull(skb, len); memmove(skb->data, skb->data - len, n); + skb_metadata_postpull_move(skb, len); skb->mac_header += len; skb_push(skb, len) + skb_metadata_postpush_move(skb, len); memmove(skb->data, skb->data + len, n); skb->mac_header -= len; This patch set implements option (1), expecting that "you can have just one memmove" will be the most obvious feedback, while readability is a, somewhat subjective, matter of taste, which I don't claim to have ;-) The structure of the patch set is as follows: - patches 1-4 prepare ground for safe-proofing the BPF helpers - patches 5-9 modify the BPF helpers to preserve skb metadata - patches 10-11 prepare ground for metadata tests with BPF helper calls - patches 12-16 adapt and expand tests to cover the made changes Out of scope for this series: - safe-proofing tunnel & tagging devices - VLAN, GRE, ... (next in line, in development preview at [2]) - metadata access after packet foward (to do after Rx path - once metadata reliably reaches sk_filter) Thanks, -jkbs [1] https://lore.kernel.org/all/20250814-skb-metadata-thru-dynptr-v7-0-8a39e636e0fb@cloudflare.com/ [2] https://github.com/jsitnicki/linux/commits/skb-meta/safeproof-netdevs/ --- Jakub Sitnicki (16): net: Helper to move packet data and metadata after skb_push/pull net: Preserve metadata on pskb_expand_head bpf: Unclone skb head on bpf_dynptr_write to skb metadata vlan: Make vlan_remove_tag return nothing bpf: Make bpf_skb_vlan_pop helper metadata-safe bpf: Make bpf_skb_vlan_push helper metadata-safe bpf: Make bpf_skb_adjust_room metadata-safe bpf: Make bpf_skb_change_proto helper metadata-safe bpf: Make bpf_skb_change_head helper metadata-safe selftests/bpf: Verify skb metadata in BPF instead of userspace selftests/bpf: Dump skb metadata on verification failure selftests/bpf: Expect unclone to preserve skb metadata selftests/bpf: Cover skb metadata access after vlan push/pop helper selftests/bpf: Cover skb metadata access after bpf_skb_adjust_room selftests/bpf: Cover skb metadata access after change_head/tail helper selftests/bpf: Cover skb metadata access after bpf_skb_change_proto include/linux/filter.h | 9 + include/linux/if_vlan.h | 13 +- include/linux/skbuff.h | 75 ++++ kernel/bpf/helpers.c | 6 +- net/core/filter.c | 34 +- net/core/skbuff.c | 6 +- .../bpf/prog_tests/xdp_context_test_run.c | 129 ++++--- tools/testing/selftests/bpf/progs/test_xdp_meta.c | 386 +++++++++++++++------ 8 files changed, 475 insertions(+), 183 deletions(-)