From: "Niklas Söderlund" <niklas.soderlund@corigine.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Simon Horman <simon.horman@corigine.com>,
David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, oss-drivers@corigine.com,
Yu Xiao <yu.xiao@corigine.com>,
Yinjun Zhang <yinjun.zhang@corigine.com>,
Louis Peens <louis.peens@corigine.com>
Subject: Re: [PATCH net] nfp: bpf: Add an MTU check before offloading BPF
Date: Thu, 30 Sep 2021 17:15:28 +0200 [thread overview]
Message-ID: <YVXUkPIWkOFMUDDu@bismarck.dyn.berto.se> (raw)
In-Reply-To: <20210930075959.587f9905@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
On 2021-09-30 07:59:59 -0700, Jakub Kicinski wrote:
> On Thu, 30 Sep 2021 16:46:34 +0200 Niklas Söderlund wrote:
> > When the MTU is changed after the program is offloaded the check in
> > nfp_bpf_check_mtu() is consulted and as it checks the MTU differently
> > and fails the change. Maybe we should align this the other way around
> > and update the check in nfp_bpf_check_mtu() to match the one in
> > nfp_net_bpf_load()?
>
> That sounds reasonable. Although I don't remember how reliable the
> max_pkt_offset logic is in practice (whether it's actually capable
> of finding the max offset for realistic programs or it's mostly going
> to be set to MAX).
>
> > On a side note the check in nfp_net_bpf_load() allows for BPF programs
> > to be offloaded that do access data beyond the CMT size limit provided
> > the MTU is set below the CMT threshold value.
>
> Right, because of variable length offsets verifier will not be able to
> estimate max_pkt_offset.
Thanks, this made the design click for me.
>
> > There should be no real harm in this as the verifier forces bounds
> > check so with a MTU small enough it should never happen. But maybe we
> > should add a check for this too to prevent such a program to be
> > loaded in the first place.
--
Regards,
Niklas Söderlund
prev parent reply other threads:[~2021-09-30 15:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-29 15:24 [PATCH net] nfp: bpf: Add an MTU check before offloading BPF Simon Horman
2021-09-29 18:47 ` Jakub Kicinski
2021-09-30 14:46 ` Niklas Söderlund
2021-09-30 14:59 ` Jakub Kicinski
2021-09-30 15:15 ` Niklas Söderlund [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YVXUkPIWkOFMUDDu@bismarck.dyn.berto.se \
--to=niklas.soderlund@corigine.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=louis.peens@corigine.com \
--cc=netdev@vger.kernel.org \
--cc=oss-drivers@corigine.com \
--cc=simon.horman@corigine.com \
--cc=yinjun.zhang@corigine.com \
--cc=yu.xiao@corigine.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).