Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp197150imj; Thu, 14 Feb 2019 18:28:36 -0800 (PST) X-Google-Smtp-Source: AHgI3IYBfAlxC0vuQAG71i9r80ogLK/Zlij2TEoxmvi6c9r71tSNjYBHfKmn/p36G0jxdss2CFAm X-Received: by 2002:a63:fc59:: with SMTP id r25mr3118680pgk.302.1550197716423; Thu, 14 Feb 2019 18:28:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550197716; cv=none; d=google.com; s=arc-20160816; b=SpmOI0LcFGZu2NtyaXMwtwhiJhIr4eF46I7JOicEvujJ0YKDYLfmTkHW3rrKsRCibZ PbvBhzrROI+d9hjLuhumVZOPgM1o+jNNMetTjfGtz3VjGc1dWVi9/az8deE+Oi1htpxe 5DSUlblNq6ys1m0T8sGDSGwjrvDiLlTCu7KAgTGFYRnw2KcyjoTGgmCZrGdvkZBCa0Vm 2i35pG5zgmApOZlk4pCESdYFNcxhEF9nm/Js14Gn8cm/Er9Cp6JKLhlaYZsopUrfE77E imbZQvLeKxsK5BZk1Mmq4J1MJ7XTftDIv455/cV8hyyEr1No+DnEFRwbYnGgOVuGQpHA ZJ/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=+gQLiPP90Q0zxGS3kV1oqrhWpeTtLyiG7e4BTvThi1g=; b=sII+/zAegaYwLEg8XhTrOQsOBWe/XDy3ieo8G9lMXwJF9EDPEtHXtXmz5xMnvKs2Ui 2M4Gex5lt6MQPu7Z0uQilUvqtTK2YOeHchtzHG2C21vBtdU2p9I++my2O63z+zjKKdir XKVWTAdqZhw6zJws8Km/tKr40UxKS6283bcLfRnCJwafMVAgmqslXOAHWWkV+VsXxtIM tp8Vq5FcRGkXw+L7/iIvpPlvULY26U7sjWBl+SdhvsReah++0uoVe/PufVumyFooqpov 3maxsZlMh0u9D14l6zMwvUrB4lGzzviAWS1PuPPYbiuIUdq54zpaEC+wF1pUzOERDCO8 jjQA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z8si3788102pgv.204.2019.02.14.18.28.20; Thu, 14 Feb 2019 18:28:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731182AbfBOB5X (ORCPT + 99 others); Thu, 14 Feb 2019 20:57:23 -0500 Received: from nautica.notk.org ([91.121.71.147]:60003 "EHLO nautica.notk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726443AbfBOB5W (ORCPT ); Thu, 14 Feb 2019 20:57:22 -0500 Received: by nautica.notk.org (Postfix, from userid 1001) id 0F4F3C009; Fri, 15 Feb 2019 02:57:20 +0100 (CET) Date: Fri, 15 Feb 2019 02:57:05 +0100 From: Dominique Martinet To: Tom Herbert Cc: David Miller , doronrk@fb.com, Tom Herbert , Dave Watson , Linux Kernel Network Developers , LKML Subject: Re: [PATCH v2] kcm: remove any offset before parsing messages Message-ID: <20190215015705.GA17974@nautica> References: <1536657703-27577-1-git-send-email-asmadeus@codewreck.org> <20180912053642.GA2912@nautica> <20180917.184502.447385458615284933.davem@davemloft.net> <20180918015723.GA26300@nautica> <20181031025657.GA17861@nautica> <20190215010029.GA10899@nautica> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tom Herbert wrote on Thu, Feb 14, 2019: > > The best alternative I see is adding a proper helper to get > > "kcm_rx_msg(skb)->offset" from bpf and document it so users aren't as > > lost as I have been; I'm not quite sure how/where to add such a helper > > though as I've barely looked at the bpf code until now, but should we go > > for that? > > I'd rather not complicate the bpf code for this. Can we just always do > an pskb_pull after skb_clone? Which skb_clone are you thinking of? If you're referring to the one in strparser, that was my very first approach here[1], but Dordon shot it down saying that this is not an strparser bug but a kcm bug since there are ways for users to properly get the offset and use it -- and the ktls code does it right. Frankly, my opinion still is that it'd be better in strparser because there also is some bad use in bpf sockmap (they never look at the offset either, while kcm uses it for rcv but not for parse), but looking at it from an optimal performance point of view I agree the user can make better decision than strparser so I understand where he comes from. This second patch[2] (the current thread) now does an extra clone if there is an offset, but the problem really isn't in the clone but the pull itself that can fail and return NULL when there is memory pressure. For some reason I hadn't been able to reproduce that behaviour with strparser doing the pull, but I assume it would also be possible to hit in extreme situations, I'm not sure... So anyway, we basically have three choices that I can see: - push harder on strparser and go back to my first patch ; it's simple and makes using strparser easier/safer but has a small overhead for ktls, which uses the current strparser implementation correctly. I hadn't been able to get this to fail with KASAN last time I tried but I assume it should still be possible somehow. - the current patch, that I could only get to fail with KASAN, but does complexify kcm a bit; this also does not fix bpf sockmap at all. Would still require to fix the hang, so make strparser retry a few times if strp->cb.parse_msg failed maybe? Or at least get the error back to userspace somehow. - my last suggestion to document the kcm behaviour, and if possible add a bpf helper to make proper usage easier ; this will make kcm harder to use on end users but it's better than not being documented and seeing random unappropriate lengths being parsed. [1] first strparser patch http://lkml.kernel.org/r/1534855906-22870-1-git-send-email-asmadeus@codewreck.org [2] current thread's patch http://lkml.kernel.org/r/1536657703-27577-1-git-send-email-asmadeus@codewreck.org Thanks, -- Dominique