From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by mail.toke.dk (Postfix) with ESMTPS id 958B9A4061D for ; Mon, 27 Nov 2023 20:03:36 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=0Xdb6hq5 Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-285b77f7e1fso2110534a91.0 for ; Mon, 27 Nov 2023 11:03:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1701111814; x=1701716614; darn=xdp-project.net; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=99qVGEnNEQZ0Ub6NY42NFhmi4pNAJrO1wmYriAMOllE=; b=0Xdb6hq5UP0mO8O86Vyn5Wtl3ETBx5XsKlnxIUzJPsz5r4MC4PS69ACnzg+QjwPDyl LWDx72quTApQQLPrZPUTAfghJfNm0mQcrw4ibAP9Edrfcjb5TkaoUOdDBB+QNqg4+JLT 2c5CKo8vk4ZJMy98DL/JvIW9VW8QtmKjHlIvZ5lUyDwyigDRqO4OPZpusA1QdVP3YAcz c0g2Pt2uOgV+6/LqEmZ7F83qtJpgY/mJ5vcQeIHhYDk2pYlFPLrOmQeJL0U7b5L2v048 qEMFADLFu86W70HcVtgcSw66E/K3yRoQ5guVqWB28I3/9XFf/IpzYxU4ru7leO9h21Vp BpVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701111814; x=1701716614; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=99qVGEnNEQZ0Ub6NY42NFhmi4pNAJrO1wmYriAMOllE=; b=RBodhaZNzWOBUJOMmRLfGwmDmqe6tTQX3vK4DzkbScp64pnYnToTwcB7BgsTUz5g6H kzRrZXrp1yR4OwtcwbiP/XcqQo07gjoO+YapdWkfAkQI6xpOThFYCkli88QvldmIyek+ AlyDGIRHTb4U6GacFv/bZerzXOSd7S8yeF+Dxx5zlY4G5S4Hd8XvvAJG4xklDdf9ePM4 r4SdfmWP8rAU0b//wSO5aB5WFinrlkMVHnnZth5vw3Xu+jCinsmhEmO52Ncgrjq/xx0w Eb4B7/t8y+9jfFql2sg06iIWs26Ewja4kqjGA3whfUl/p07Vjdq0Wd5nB5m6qtAYuoSn G/cg== X-Gm-Message-State: AOJu0YxjrpvVAUyl45tPutHzvp07T9rsi1ZPE82CV9OLqsjvAytbVUyn aD5LZXtmULxs/q9f7ldklbppTWU= X-Google-Smtp-Source: AGHT+IF4LeF4F6ujUaxMms+ifKigtIl1GqgRBxF8gPMPkhkgaMo0syeBjyEJ09ROh5SanlMUaHBbGMU= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a17:90a:ee8d:b0:27d:2cf5:7eb1 with SMTP id i13-20020a17090aee8d00b0027d2cf57eb1mr2904712pjz.4.1701111814269; Mon, 27 Nov 2023 11:03:34 -0800 (PST) Date: Mon, 27 Nov 2023 11:03:13 -0800 In-Reply-To: <20231127190319.1190813-1-sdf@google.com> Mime-Version: 1.0 References: <20231127190319.1190813-1-sdf@google.com> X-Mailer: git-send-email 2.43.0.rc1.413.gea7ed67945-goog Message-ID: <20231127190319.1190813-8-sdf@google.com> From: Stanislav Fomichev To: bpf@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Message-ID-Hash: ZOHMXTPDOHD3PONZLQWDUAGHSI5WURQM X-Message-ID-Hash: ZOHMXTPDOHD3PONZLQWDUAGHSI5WURQM X-MailFrom: 3BuhkZQMKCZsN8ABJJBG9.7JHS8K-CDIONS8K-KMJE97O.I9O@flex--sdf.bounces.google.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, kuba@kernel.org, toke@kernel.org, willemb@google.com, dsahern@kernel.org, magnus.karlsson@intel.com, bjorn@kernel.org, maciej.fijalkowski@intel.com, hawk@kernel.org, yoong.siang.song@intel.com, netdev@vger.kernel.org, xdp-hints@xdp-project.net X-Mailman-Version: 3.3.8 Precedence: list Subject: [xdp-hints] [PATCH bpf-next v6 07/13] xsk: Validate xsk_tx_metadata flags List-Id: XDP hardware hints design discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Accept only the flags that the kernel knows about to make sure we can extend this field in the future. Note that only in XDP_COPY mode we propagate the error signal back to the user (via sendmsg). For zerocopy mode we silently skip the metadata for the descriptors that have wrong flags (since we process the descriptors deep in the driver). Signed-off-by: Stanislav Fomichev --- include/net/xdp_sock_drv.h | 23 ++++++++++++++++++++++- net/xdp/xsk.c | 4 ++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/include/net/xdp_sock_drv.h b/include/net/xdp_sock_drv.h index e2558ac3e195..81e02de3f453 100644 --- a/include/net/xdp_sock_drv.h +++ b/include/net/xdp_sock_drv.h @@ -165,12 +165,28 @@ static inline void *xsk_buff_raw_get_data(struct xsk_buff_pool *pool, u64 addr) return xp_raw_get_data(pool, addr); } +#define XDP_TXMD_FLAGS_VALID ( \ + XDP_TXMD_FLAGS_TIMESTAMP | \ + XDP_TXMD_FLAGS_CHECKSUM | \ + 0) + +static inline bool xsk_buff_valid_tx_metadata(struct xsk_tx_metadata *meta) +{ + return !(meta->flags & ~XDP_TXMD_FLAGS_VALID); +} + static inline struct xsk_tx_metadata *xsk_buff_get_metadata(struct xsk_buff_pool *pool, u64 addr) { + struct xsk_tx_metadata *meta; + if (!pool->tx_metadata_len) return NULL; - return xp_raw_get_data(pool, addr) - pool->tx_metadata_len; + meta = xp_raw_get_data(pool, addr) - pool->tx_metadata_len; + if (unlikely(!xsk_buff_valid_tx_metadata(meta))) + return NULL; /* no way to signal the error to the user */ + + return meta; } static inline void xsk_buff_dma_sync_for_cpu(struct xdp_buff *xdp, struct xsk_buff_pool *pool) @@ -332,6 +348,11 @@ static inline void *xsk_buff_raw_get_data(struct xsk_buff_pool *pool, u64 addr) return NULL; } +static inline bool xsk_buff_valid_tx_metadata(struct xsk_tx_metadata *meta) +{ + return false; +} + static inline struct xsk_tx_metadata *xsk_buff_get_metadata(struct xsk_buff_pool *pool, u64 addr) { return NULL; diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index e83ade32f1fd..d66ba9d6154f 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -728,6 +728,10 @@ static struct sk_buff *xsk_build_skb(struct xdp_sock *xs, } meta = buffer - xs->pool->tx_metadata_len; + if (unlikely(!xsk_buff_valid_tx_metadata(meta))) { + err = -EINVAL; + goto free_err; + } if (meta->flags & XDP_TXMD_FLAGS_CHECKSUM) { if (unlikely(meta->request.csum_start + -- 2.43.0.rc1.413.gea7ed67945-goog