Re: [PATCH v2 bpf-next 1/2] bpf: add cg_skb_is_valid_access for BPF_PROG_TYPE_CGROUP_SKB

Alexei Starovoitov Wed, 17 Oct 2018 21:44:37 -0700

On Wed, Oct 17, 2018 at 04:36:15PM -0700, Song Liu wrote:
> BPF programs of BPF_PROG_TYPE_CGROUP_SKB need to access headers in the
> skb. This patch enables direct access of skb for these programs.
> 
> In __cgroup_bpf_run_filter_skb(), bpf_compute_data_pointers() is called
> to compute proper data_end for the BPF program.
> 
> Signed-off-by: Song Liu <songliubrav...@fb.com>
> ---
>  kernel/bpf/cgroup.c |  4 ++++
>  net/core/filter.c   | 36 +++++++++++++++++++++++++++++++++++-
>  2 files changed, 39 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
> index 00f6ed2e4f9a..340d496f35bd 100644
> --- a/kernel/bpf/cgroup.c
> +++ b/kernel/bpf/cgroup.c
> @@ -566,6 +566,10 @@ int __cgroup_bpf_run_filter_skb(struct sock *sk,
>       save_sk = skb->sk;
>       skb->sk = sk;
>       __skb_push(skb, offset);
> +
> +     /* compute pointers for the bpf prog */
> +     bpf_compute_data_pointers(skb);


cg_skb_is_valid_access() below looks good to me now,
but I just realized that above change is not safe for all sockets.
After sk_filter_trim_cap() is called in udp_queue_rcv_skb()
it needs to see valid UDP_SKB_CB.
But sizeof(struct udp_skb_cb)==28, so bpf_compute_data_pointers()
would mangle the end of it.
So we have to save/restore data_end/data_meta pointers as well.

I'm thinking that new helper like:
  bpf_compute_and_save_data_pointers(skb, &buffer_of_16_bytes);
  BPF_PROG_RUN_ARRAY();
  bpf_restore_data_pointers(skb, &buffer_of_16_bytes);
would be decent interface.

Re: [PATCH v2 bpf-next 1/2] bpf: add cg_skb_is_valid_access for BPF_PROG_TYPE_CGROUP_SKB

Reply via email to