On Tue, Feb 23, 2021 at 07:04 PM CET, Cong Wang wrote: > On Tue, Feb 23, 2021 at 9:53 AM Jakub Sitnicki <jakub@xxxxxxxxxxxxxx> wrote: >> Based on what I've seen around, mask for sanitizing tagged pointers is >> usually derived from the flag(s). For instance: >> >> #define SKB_DST_NOREF 1UL >> #define SKB_DST_PTRMASK ~(SKB_DST_NOREF) >> >> #define SK_USER_DATA_NOCOPY 1UL >> #define SK_USER_DATA_BPF 2UL /* Managed by BPF */ >> #define SK_USER_DATA_PTRMASK ~(SK_USER_DATA_NOCOPY | SK_USER_DATA_BPF) >> >> Using ~(BPF_F_INGRESS) expression would be like substituting mask >> definition. > > Yes, that is why I said we need a mask. OK > >> >> Alternatively we could clear _skb_refdest after clone, but before >> enqueuing the skb in ingress_skb. And only for when we're redirecting. >> >> I believe that would be in sk_psock_skb_redirect, right before skb_queue_tail. > > Hmm? We definitely cannot clear skb->_sk_redir there, as it is used after > enqueued in ingress_skb, that is in sk_psock_backlog(). You're right. I focused on the sk pointer and forgot it also carries the ingress flag.
