Re: [PATCH bpf-next v3 00/17] Decouple skb metadata tracking from MAC header offset

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

From: Jakub Kicinski <kuba@kernel.org>
To: Jakub Sitnicki <jakub@cloudflare.com>
Cc: bpf@vger.kernel.org, netdev@vger.kernel.org,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Paolo Abeni <pabeni@redhat.com>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Jesper Dangaard Brouer <hawk@kernel.org>,
	John Fastabend <john.fastabend@gmail.com>,
	Stanislav Fomichev <sdf@fomichev.me>,
	Simon Horman <horms@kernel.org>,
	Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
	Yonghong Song <yonghong.song@linux.dev>,
	KP Singh <kpsingh@kernel.org>, Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>,
	kernel-team@cloudflare.com
Subject: Re: [PATCH bpf-next v3 00/17] Decouple skb metadata tracking from MAC header offset
Date: Thu, 8 Jan 2026 07:47:41 -0800	[thread overview]
Message-ID: <20260108074741.00bd532f@kernel.org> (raw)
In-Reply-To: <20260107-skb-meta-safeproof-netdevs-rx-only-v3-0-0d461c5e4764@cloudflare.com>

On Wed, 07 Jan 2026 15:28:00 +0100 Jakub Sitnicki wrote:
> This series continues the effort to provide reliable access to xdp/skb
> metadata from BPF context on the receive path. We have recently talked
> about it at Plumbers [1].
> 
> Currently skb metadata location is tied to the MAC header offset:
> 
>   [headroom][metadata][MAC hdr][L3 pkt]
>                       ^
>                       skb_metadata_end = head + mac_header
> 
> This design breaks on L2 decapsulation (VLAN, GRE, etc.) when the MAC
> offset is reset. The naive fix is to memmove metadata on every decap path,
> but we can avoid this cost by tracking metadata position independently.
> 
> Introduce a dedicated meta_end field in skb_shared_info that records where
> metadata ends relative to skb->head:
> 
>   [headroom][metadata][gap][MAC hdr][L3 pkt]
>                      ^
>                      skb_metadata_end = head + meta_end
>                      
> This allows BPF dynptr access (bpf_dynptr_from_skb_meta()) to work without
> memmove. For skb->data_meta pointer access, which expects metadata
> immediately before skb->data, make the verifier inject realignment code in
> TC BPF prologue.

I don't understand what semantics for the buffer layout you're trying
to establish, we now have "headroom" and "gap"?

	[headroom][metadata][gap][packet]

You're not solving the encap side either, skb_push() will still happily
encroach on the metadata. Feel like duct tape, we can't fundamentally
update the layout of the skb without updating all the helpers.
metadata works perfectly fine for its intended use case - passing info
about the frame from XDP offload to XDP and then to TC.

next prev parent reply	other threads:[~2026-01-08 15:47 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-07 14:28 [PATCH bpf-next v3 00/17] Decouple skb metadata tracking from MAC header offset Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 01/17] bnxt_en: Call skb_metadata_set when skb->data points at metadata end Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 02/17] i40e: " Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 03/17] igb: " Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 04/17] igc: " Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 05/17] ixgbe: " Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 06/17] net/mlx5e: " Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 07/17] veth: " Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 08/17] xsk: " Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 09/17] xdp: " Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 10/17] net: Track skb metadata end separately from MAC offset Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 11/17] bpf, verifier: Remove side effects from may_access_direct_pkt_data Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 12/17] bpf, verifier: Turn seen_direct_write flag into a bitmap Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 13/17] bpf, verifier: Propagate packet access flags to gen_prologue Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 14/17] bpf, verifier: Track when data_meta pointer is loaded Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 15/17] bpf, verifier: Support direct kernel calls in gen_prologue Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 16/17] bpf: Realign skb metadata for TC progs using data_meta Jakub Sitnicki
2026-01-07 22:01   ` Alexei Starovoitov
2026-01-08 19:54     ` Jakub Sitnicki
2026-01-07 14:28 ` [PATCH bpf-next v3 17/17] selftests/bpf: Test skb metadata access after L2 decapsulation Jakub Sitnicki
2026-01-08 15:47 ` Jakub Kicinski [this message]
2026-01-08 19:25   ` [PATCH bpf-next v3 00/17] Decouple skb metadata tracking from MAC header offset Jakub Sitnicki
2026-01-09  1:49     ` Jakub Kicinski
2026-01-09 10:50       ` Jakub Sitnicki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260108074741.00bd532f@kernel.org \
    --to=kuba@kernel.org \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=eddyz87@gmail.com \
    --cc=edumazet@google.com \
    --cc=haoluo@google.com \
    --cc=hawk@kernel.org \
    --cc=horms@kernel.org \
    --cc=jakub@cloudflare.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kernel-team@cloudflare.com \
    --cc=kpsingh@kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=sdf@fomichev.me \
    --cc=song@kernel.org \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox