On 10/18/18 6:33 PM, Alexei Starovoitov wrote: > On 10/18/18 5:14 PM, Daniel Borkmann wrote: >>> + case bpf_ctx_range(struct __sk_buff, data_meta): >>> + case bpf_ctx_range(struct __sk_buff, flow_keys): >>> + return false; >> ... if it's disallowed anyway (disallowing it is the right thing to do, >> but no need to save/restore then..)? >> > > that's a good point. > why shouldn't we allow cg_skb to access data_meta? > xdp can set it and cgroup_skb_ingress will consume it here.
I'll take it back. When xdp doesn't set meta_data it will be zero and bpf_compute_data_pointers() will point data_meta to skb->data. On ingress that's eth header, but for tx it will point to reserved space for future eth header. So we cannot do that. Let's keep it disabled and adjust bpf_compute_and_save_data_pointers() to save only 'data' pointer.
