Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp2043488pxf; Sat, 3 Apr 2021 09:00:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxGvtfrv/j98zmRSvA1U1gBmjVPCQO4whFkXNoebMAOpuKSAAylqiZdWFupgmUV0GleRMjW X-Received: by 2002:a92:c942:: with SMTP id i2mr15447327ilq.241.1617465624019; Sat, 03 Apr 2021 09:00:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617465624; cv=none; d=google.com; s=arc-20160816; b=PeA9IX6xgmxSa5+ucSDyxZGwX5tNTFnqMc/10k2XqV6u7rF6FkvAMW64AM+5aMPH7Z noLmIbmXCoEtJVC2pYMeA/+aiwrBujtG0SxjzU/QLE6+BrMlgTHdSHASh4fdnDkOBkix YzHwp73b37LgGfCtGJ3B7Hpaj9+Dcn4otb4cnX0xRgXSEq7ICe+HfCugL9zPmN/4RYPG aK1cchyf8JBD8fmiLnwd7lUbmsMLhwzPLEuW4668cBzJwOdrNil862mpVgGBeXEBy7AU oQs63GF42OCcyvTkir5MFezibg+DD5I8ngl1Nb1n5N0mn+iNDN+qVk+A/GzEnueCwdpo KOmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=0QORQQ85/zORLcruKl4W25E8R6bS7s+xRhix7pPuuzE=; b=Yc0NhUE/f6SchAehSPzYUc4vfpYa/VJqKWH4mIaaEc15+uj2uVHhy/2JtyOieO2afY 2VyFo+JO6MXT+zc2++MUC5yy/+2tU3KIZsQmyCid90MK/lcpmKUR3dZcck4axGcZl2RX +GPVLyqQQ1AJmM/pbNNIC2ADoJqAQJ2wTappX1vhPAf4vNsvCvKdDrcp8Gc++QJ16mh0 fwhTSyjerGz+Ac/XHR7iW4HgAOCLF2/elDs7gw3F8kF36BciVbOjyA+3kTBxMzrNK899 9hU+APeMbFqf03morckE4DQxwz5aASBw/bQ+DgD88BEv265VZ5uTokTbBPpBgsJY86ur n59A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Aatz7RP1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z23si10819968iod.32.2021.04.03.09.00.09; Sat, 03 Apr 2021 09:00:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Aatz7RP1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230516AbhDCPxb (ORCPT + 99 others); Sat, 3 Apr 2021 11:53:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230266AbhDCPxb (ORCPT ); Sat, 3 Apr 2021 11:53:31 -0400 Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD56CC0613E6; Sat, 3 Apr 2021 08:53:26 -0700 (PDT) Received: by mail-yb1-xb2c.google.com with SMTP id l15so8081492ybm.0; Sat, 03 Apr 2021 08:53:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=0QORQQ85/zORLcruKl4W25E8R6bS7s+xRhix7pPuuzE=; b=Aatz7RP1zMiYQdAsTrrO+XmPiEsJKNmfW6ROxNtEUoyNeB6gy247WSH1OAXpsi5w5z 2On51glSZcnhBLq85rbDmOY4dEcj1+dFb/Y7NrWhv/O1DiqUJxyOZe7tT6MLGTGdTLeU 5xlyNEvQc6/if4Z5PEDzQNTi9O6Iupf33/JeZvRuG3HtDreFtrIjZ01sg7P98K8+1FD7 Zy424Bjt090Z+uYB7fGTlJpcCsXPiIchs3rMjVqh7/vOC/Qr1svR4C7j7Lat8c91Oor8 ooaRRa6vqm7XTFnzBUPvzzH/SchWIWWP+JSo5oo5gmp0sWMBj4wRfBkng85slXq7yHDD Zk3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=0QORQQ85/zORLcruKl4W25E8R6bS7s+xRhix7pPuuzE=; b=jnmihlYU3EH3OjUAx+tPyX6ScA3KgdTpYg9s8N41yc65jpGE9I0FDtgIvwYPgFpoBe 1/nYAC89clUbqM3oVapdDAeC2HkUSCk5rn2xQ7aN3gbNiAb4tRauqvOvbTdK8o+5+Vgk 2cPoTjzuwgnDpznbE4wiKq1eUXSUUZI/W+17gjErjV+WMMpqhYwh59GYOdKGcqpLL4XP d7KbRJNY/YA4/9oGbuc3gbMviJgV2zV52hfqWw1LhnCmiV/2U1crBsgk3php8g6UOQ2q AJjlXORIANldnvaanSXjbalXkHvIpmHMxWccxy+IFvtol9hhc9OA+OVXh9ACG9Dj1FOT y5sA== X-Gm-Message-State: AOAM533zDe6s6rRwKTyQ55ushjO63S1c6NzET9qYZ7VjGJQMnpxc5ddk 072lTI2IwPmCrodWb2o+NcFDRK+SZEbumPFXcmI= X-Received: by 2002:a25:9942:: with SMTP id n2mr25148921ybo.230.1617465206168; Sat, 03 Apr 2021 08:53:26 -0700 (PDT) MIME-Version: 1.0 References: <20210330223748.399563-1-pctammela@mojatatu.com> In-Reply-To: From: Andrii Nakryiko Date: Sat, 3 Apr 2021 08:53:15 -0700 Message-ID: Subject: Re: [PATCH bpf-next v2] bpf: check flags in 'bpf_ringbuf_discard()' and 'bpf_ringbuf_submit()' To: Pedro Tammela Cc: Alexei Starovoitov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Joe Stringer , Quentin Monnet , "open list:BPF (Safe dynamic programs and tools)" , "open list:BPF (Safe dynamic programs and tools)" , open list , Pedro Tammela Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 3, 2021 at 6:29 AM Pedro Tammela wrote: > > Em qua., 31 de mar. de 2021 =C3=A0s 04:02, Andrii Nakryiko > escreveu: > > > > On Tue, Mar 30, 2021 at 4:16 PM Alexei Starovoitov > > wrote: > > > > > > On Tue, Mar 30, 2021 at 3:54 PM Pedro Tammela w= rote: > > > > > > > > BPF_CALL_2(bpf_ringbuf_submit, void *, sample, u64, flags) > > > > { > > > > + if (unlikely(flags & ~(BPF_RB_NO_WAKEUP | BPF_RB_FORCE_WAKE= UP))) > > > > + return -EINVAL; > > > > + > > > > bpf_ringbuf_commit(sample, flags, false /* discard */); > > > > + > > > > return 0; > > > > > > I think ringbuf design was meant for bpf_ringbuf_submit to never fail= . > > > If we do flag validation it probably should be done at the verifier t= ime. > > > > Oops, replied on another version already. But yes, BPF verifier relies > > on it succeeding. I don't think we can do flags validation at BPF > > verification time, though, because it is defined as non-const integer > > and we do have valid cases where we dynamically determine whether to > > FORCE_WAKEUP or NO_WAKEUP, based on application-driven criteria (e.g., > > amount of enqueued data). > > Then shouldn't we remove the flags check in 'bpf_ringbuf_output()'? bpf_ringbuf_output() combines reserve + commit operations, so if it performs checks before anything is reserved in ringbuf, it's ok for it to fail and return error. So I don't see any problem there. But once it internally reserves, it always proceeds to complete the commit.