On Thu, 4 Aug 2022 at 01:28, Jakub Kicinski <kuba@xxxxxxxxxx> wrote: > > On Wed, 3 Aug 2022 13:29:37 -0700 Joanne Koong wrote: > > Thinking about this some more, I think BPF_FUNC_dynptr_from_skb needs > > to be patched regardless in order to set the rd-only flag in the > > metadata for the dynptr. There will be other helper functions that > > write into dynptrs (eg memcpy with dynptrs, strncpy with dynptrs, > > probe read user with dynptrs, ...) so I think it's more scalable if we > > reject these writes at runtime through the rd-only flag in the > > metadata, than for the verifier to custom-case that any helper funcs > > that write into dynptrs will need to get dynptr type + do > > may_access_direct_pkt_data() if it's type skb or xdp. The > > inconsistency between not rd-only in metadata vs. rd-only in verifier > > might be a little confusing as well. > > > > For these reasons, I'm leaning more towards having bpf_dynptr_write() > > and other dynptr write helper funcs be rejected at runtime instead of > > prog load time, but I'm eager to hear what you prefer. > > > > What are your thoughts? > > Oh. I thought dynptrs are an extension of the discussion we had about > creating a skb_header_pointer()-like abstraction but it sounds like > we veered quite far off that track at some point :( > > The point of skb_header_pointer() is to expose the chunk of the packet > pointed to by [skb, offset, len] as a linear buffer. Potentially coping > it out to a stack buffer *IIF* the header is not contiguous inside the > skb head, which should very rarely happen. > > Here it seems we return an error so that user must pull if the data is > not linear, which is defeating the purpose. The user of > skb_header_pointer() wants to avoid the copy while _reliably_ getting > a contiguous pointer. Plus pulling in the header may be far more > expensive than a small copy to the stack. > > The pointer returned by skb_header_pointer is writable, but it's not > guaranteed that the writes go to the packet, they may go to the > on-stack buffer, so the caller must do some sort of: > > if (data_ptr == stack_buf) > skb_store_bits(...); > > Which we were thinking of wrapping in some sort of flush operation. > > If I'm reading this right dynptr as implemented here do not provide > such semantics, am I confused in thinking that this is a continuation > of the XDP multi-buff discussion? Is it a completely separate thing > and we'll still need a header_pointer like helper? When I worked on [0], I actually did it a bit like you described in the original discussion under the xdp multi-buff thread, but I left the other case (where data to be read resides across frag boundaries) up to the user to handle, instead of automatically passing in pointer to stack and doing the copy for them, so in my case xdp_load_bytes/xdp_store_bytes is the fallback if you can't get a bpf_packet_pointer for a ctx, offset, len which you can directly access. But this was only for XDP, not for skb. The advantage with a dynptr is that len for the slice from bpf_packet_pointer style helper doesn't have to be a constant, it can be a runtime value and since it is checked at runtime anyway, the helper's code is the same but access can be done for slices whose length is unknown to the verifier in a safe manner. The dynptr is very useful as the return value of such a helper. The suggested usage was like this: int err = 0; char buf[N]; off &= 0xffff; ptr = bpf_packet_pointer(ctx, off, sizeof(buf), &err); if (unlikely(!ptr)) { if (err < 0) return XDP_ABORTED; err = bpf_xdp_load_bytes(ctx, off, buf, sizeof(buf)); if (err < 0) return XDP_ABORTED; ptr = buf; } ... // Do some stores and loads in [ptr, ptr + N) region ... if (unlikely(ptr == buf)) { err = bpf_xdp_store_bytes(ctx, off, buf, sizeof(buf)); if (err < 0) return XDP_ABORTED; } So the idea was the same, there is still a "flush" (in that unlikely branch), but it is done explicitly by the user (which I found less confusing than it being done automagically or a by a new flush helper which will do the same thing we do here, but YMMV). [0]: https://lore.kernel.org/bpf/20220306234311.452206-1-memxor@xxxxxxxxx