From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149])
	by mail.toke.dk (Postfix) with ESMTPS id A67C6A3976B
	for <xdp-hints@xdp-project.net>; Thu,  2 Nov 2023 23:59:52 +0100 (CET)
Authentication-Results: mail.toke.dk;
	dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=AnjXQuct
Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-5af16e00fadso22042887b3.0
        for <xdp-hints@xdp-project.net>; Thu, 02 Nov 2023 15:59:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1698965931; x=1699570731; darn=xdp-project.net;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=cchCkg2hcFOX1ZtG27UCGvSuVnk6LdagSTMBDQs0CwQ=;
        b=AnjXQuctP3PtJViiXWbhkDSlyNxKrFNrgTXrH8+A7MX+2s38ZGuiAz6FYElEl3A7mb
         ROc8Fw5w7uRvzuud6wN7b3GESaqpmENWqHVn+BbR67WsHHduqbNiTpFTS3kSPl7aklMc
         5kdQEp/JWOIswNqq43eUwhRx0rYhEp7OkMiikuHtcXu8albx5z3t2cKLeNZ/j8z8JWCL
         4lmDQaER2u+VN9HG7xgSJXzqLYubAz5aonvI6LYAmtjOjoSmMxKOkdBheZ8N/IveVA1Z
         VklmVQ8ECdOaX0exHeYecO8qAnaXdAouag3pLbdG6YyJ1u25UV456tZa2vt7+HgyMtz5
         SIEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698965931; x=1699570731;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=cchCkg2hcFOX1ZtG27UCGvSuVnk6LdagSTMBDQs0CwQ=;
        b=WK6m3UabYIu4BFg2tgwBYw+b/8acmWoB6PkNL2D6yIIwyv94cpBs2jlKV/0/MFWlBA
         aiz5AdymnAG044/hp75C5nGJ3r35+11PUxvwZuQ1YAlEcR21GCCA1FqvuxUDPX0VtUSK
         JkhrEkEajrf5n3FPZiCc8Gam4nfQnTV0yS+qSANINi9oH9mObq892u/my69OVqAa4iEA
         hTQ2w9TaV49wAXrZnlLlod+L5Z3FxhhPFjAp3T67dXHud9FTcEHR160tPmzuQdM3dILn
         x0YbPIEQQJvNbbvJW0a0WAZ0aWQMRHbs01Ay980leq5CoDR8kSIimI/zEAD4YBvovJO6
         9Fug==
X-Gm-Message-State: AOJu0Yz5bENEVEARJWX/ITF9DYjE2d2ZOJjKeiA6pVXl0WSNc/PGkNF3
	3Fomz8SdYdKZ3j4Vb5GhOna961o=
X-Google-Smtp-Source: AGHT+IHj4JA6kBeIWI5vfIKduxpsOKCkJQxZJFhMF509ST6fAhXbSHC2dh+QTfMr/1MT9xvQhw/RoiI=
X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935])
 (user=sdf job=sendgmr) by 2002:a25:9392:0:b0:da0:cbe9:6bac with SMTP id
 a18-20020a259392000000b00da0cbe96bacmr401471ybm.11.1698965931578; Thu, 02 Nov
 2023 15:58:51 -0700 (PDT)
Date: Thu,  2 Nov 2023 15:58:31 -0700
In-Reply-To: <20231102225837.1141915-1-sdf@google.com>
Mime-Version: 1.0
References: <20231102225837.1141915-1-sdf@google.com>
X-Mailer: git-send-email 2.42.0.869.gea05f2083d-goog
Message-ID: <20231102225837.1141915-8-sdf@google.com>
From: Stanislav Fomichev <sdf@google.com>
To: bpf@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: WIE6RHQY56LCIS7G2KWTYDP7WJW3RBF4
X-Message-ID-Hash: WIE6RHQY56LCIS7G2KWTYDP7WJW3RBF4
X-MailFrom: 3qylEZQMKCUAufhiqqing.eqozfr-jkpvuzfr-rtqlgev.pgv@flex--sdf.bounces.google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, kuba@kernel.org, toke@kernel.org, willemb@google.com, dsahern@kernel.org, magnus.karlsson@intel.com, bjorn@kernel.org, maciej.fijalkowski@intel.com, hawk@kernel.org, yoong.siang.song@intel.com, netdev@vger.kernel.org, xdp-hints@xdp-project.net
X-Mailman-Version: 3.3.8
Precedence: list
Subject: [xdp-hints] [PATCH bpf-next v5 07/13] xsk: Validate xsk_tx_metadata flags
List-Id: XDP hardware hints design discussion <xdp-hints.xdp-project.net>
Archived-At: <https://lists.xdp-project.net/xdp-hints/20231102225837.1141915-8-sdf@google.com/>
List-Archive: <https://lists.xdp-project.net/xdp-hints/>
List-Help: <mailto:xdp-hints-request@xdp-project.net?subject=help>
List-Owner: <mailto:xdp-hints-owner@xdp-project.net>
List-Post: <mailto:xdp-hints@xdp-project.net>
List-Subscribe: <mailto:xdp-hints-join@xdp-project.net>
List-Unsubscribe: <mailto:xdp-hints-leave@xdp-project.net>

Accept only the flags that the kernel knows about to make
sure we can extend this field in the future. Note that only
in XDP_COPY mode we propagate the error signal back to the user
(via sendmsg). For zerocopy mode we silently skip the metadata
for the descriptors that have wrong flags (since we process
the descriptors deep in the driver).

Signed-off-by: Stanislav Fomichev <sdf@google.com>
---
 include/net/xdp_sock_drv.h | 23 ++++++++++++++++++++++-
 net/xdp/xsk.c              |  4 ++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/include/net/xdp_sock_drv.h b/include/net/xdp_sock_drv.h
index e2558ac3e195..5885176ea01e 100644
--- a/include/net/xdp_sock_drv.h
+++ b/include/net/xdp_sock_drv.h
@@ -165,12 +165,28 @@ static inline void *xsk_buff_raw_get_data(struct xsk_buff_pool *pool, u64 addr)
 	return xp_raw_get_data(pool, addr);
 }
 
+#define XDP_TXMD_FLAGS_VALID ( \
+		XDP_TXMD_FLAGS_TIMESTAMP | \
+		XDP_TXMD_FLAGS_CHECKSUM | \
+	0)
+
+static inline bool xsk_buff_valid_tx_metadata(struct xsk_tx_metadata *meta)
+{
+	return !(meta->request.flags & ~XDP_TXMD_FLAGS_VALID);
+}
+
 static inline struct xsk_tx_metadata *xsk_buff_get_metadata(struct xsk_buff_pool *pool, u64 addr)
 {
+	struct xsk_tx_metadata *meta;
+
 	if (!pool->tx_metadata_len)
 		return NULL;
 
-	return xp_raw_get_data(pool, addr) - pool->tx_metadata_len;
+	meta = xp_raw_get_data(pool, addr) - pool->tx_metadata_len;
+	if (unlikely(!xsk_buff_valid_tx_metadata(meta)))
+		return NULL; /* no way to signal the error to the user */
+
+	return meta;
 }
 
 static inline void xsk_buff_dma_sync_for_cpu(struct xdp_buff *xdp, struct xsk_buff_pool *pool)
@@ -332,6 +348,11 @@ static inline void *xsk_buff_raw_get_data(struct xsk_buff_pool *pool, u64 addr)
 	return NULL;
 }
 
+static inline bool xsk_buff_valid_tx_metadata(struct xsk_tx_metadata *meta)
+{
+	return false;
+}
+
 static inline struct xsk_tx_metadata *xsk_buff_get_metadata(struct xsk_buff_pool *pool, u64 addr)
 {
 	return NULL;
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 84fd10201f2a..0e81ae6bfff4 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -728,6 +728,10 @@ static struct sk_buff *xsk_build_skb(struct xdp_sock *xs,
 			}
 
 			meta = buffer - xs->pool->tx_metadata_len;
+			if (unlikely(!xsk_buff_valid_tx_metadata(meta))) {
+				err = -EINVAL;
+				goto free_err;
+			}
 
 			if (meta->request.flags & XDP_TXMD_FLAGS_CHECKSUM) {
 				if (unlikely(meta->request.csum_start +
-- 
2.42.0.869.gea05f2083d-goog