Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp3172163rwb; Mon, 15 Aug 2022 20:03:45 -0700 (PDT) X-Google-Smtp-Source: AA6agR5Fv2E6zqrg2TDoa5NhPpn4uyFx/PAG7uE0pTn8hEraKcYYbi6mLTic3XxedcskTg3zK5Ga X-Received: by 2002:a17:903:2d1:b0:171:3773:b95 with SMTP id s17-20020a17090302d100b0017137730b95mr19189345plk.173.1660619025298; Mon, 15 Aug 2022 20:03:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660619025; cv=none; d=google.com; s=arc-20160816; b=A7NlhUZY5yGZ9ne+7J5VCMeQWC03l3YuXdr4H9f0PxAS/vuRthxSUh6jmiwqLWwPcP Pk5fzWFJJJX8HSo4i2sTIoI79WJtd/F+0/lYDy/5SqbFTSoGuDvmoA0WzBeyxnL3UYvZ b5hbVVep2t8X0xKT6WlA+gviNfhupXvnwBOVsfm5lRVW02aQNf/aRWL8miVGPn55Mjnv 0kdhHZrXS8Z+GQmoh0mlcdxNOqT7iqzS0GG/A9uEuPezar+g9Pfh1xt6/Zd/xwcftr2X zJ0EZsfGzCeQSdc0Z4wPVyafF68o2oA0FXSaxiBJXzYdlNH7Vox1nJi/fPHCZ6oRVLSl NIMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=9PqDuOywOMmDjaYZKurMwbkgvWbllc3+022Ldgo4u3A=; b=ofZv59gN7wis8v0xa58FyMUx8Jo7O3y/eQh4ErgH2xb4hQ40LU0wn0QWXLfM5Pg5jo sgQaqWg/q/hF7Zj7LR5/3rj4XhbTGKy2QKh2DOULJ9vXruEaQFv45gOrkaIcCzujjwe7 yrIbRTpJDSeW4pawtq1oRYpVOSw+Gj8Cr3n7Nknv6qCUM4jslqufC4jiR0BAJGDa0Tk8 91Ny5YBFEZckHBycfLjW12KLumsdEotskyPs/t2xP67GCFb4Vd8odxQmRzAjoSXZ9L73 ttle6eK44Vr0ik3oWBcueP0To9pcP70UHR5mKqw27e8UBDg4DceLOoy6m5gHGQldAexo MrCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=a4rrToQk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d38-20020a631d26000000b0041aee1c2913si12743619pgd.5.2022.08.15.20.03.33; Mon, 15 Aug 2022 20:03:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=a4rrToQk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233663AbiHPCcO (ORCPT + 99 others); Mon, 15 Aug 2022 22:32:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51076 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233066AbiHPCb6 (ORCPT ); Mon, 15 Aug 2022 22:31:58 -0400 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 10127422D0; Mon, 15 Aug 2022 15:47:59 -0700 (PDT) Received: by mail-ed1-x536.google.com with SMTP id r4so11286597edi.8; Mon, 15 Aug 2022 15:47:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc; bh=9PqDuOywOMmDjaYZKurMwbkgvWbllc3+022Ldgo4u3A=; b=a4rrToQkGyoBigN89W8tVXwF/+LRvqkK1hB7E3VOIdIP+OPJNmhPyYamNf9x2GOdtt BHD6crzswEbRWkW4+HokJf/RMpvnfpZdw3yz6vYt9GjK23ZV4UF3rIX7L2csb5Uhei5V WDrqWDr7AbEFF1cpjyzlnqZVWIMX3XYJzDAlWIWhHhB6/BympUmhOZy/KLhHSpYihqIL 8dpdvi2ZX5ef7XgV/2et07ceYwvOOOeNzG3GKGGk9pXTONOzOCnjXt2hsZwe+JORDigH iznaDa6tTl80WXygFn/HxLAVY7CCPWexfGv/BqUKB4O5g/Ug77AxLRb6RrjFAaCAKkwM c6OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc; bh=9PqDuOywOMmDjaYZKurMwbkgvWbllc3+022Ldgo4u3A=; b=gopFzNcuvzx/Xvq3K5x/tPhrAxxzx1uLFy50JsaT/hkBoXiSCywZ6v4aXrmHHOTfCC bSoJfWxws5V3grLsl301y7pDBhik43OrRpgLgHmikVstD5qorzPkYO5yV6P3rHxwHVoI slyQHmUAU0w5buZdZj0S6VqM1Xf9DwSWqoLF8XINKPYMz++hZ68ZAncfW1KkzvlYjfHC YJp34jpq2OlC+BlIO6Ojw24WKi79wQTXo6OIoI2sjPI6Pdt4UeObFNQ4Rh7AJ3hDRMOk JSDrleGLz7Eji1W+63InT0IU+1Ks6bEiAus3lP3U9XvVoDTWMCqs5KVlrMoeSe4rUa0E qBxA== X-Gm-Message-State: ACgBeo11tEHK+vkEIqcwb1wR+PsRp/ORPn4xYI7zdkbfCz24GYmCzMEb ausC1S3vqaCPtJnMKUwmtJ0qG05P6te1QRQvnkc= X-Received: by 2002:a05:6402:27ca:b0:43e:ce64:ca07 with SMTP id c10-20020a05640227ca00b0043ece64ca07mr16896124ede.66.1660603677431; Mon, 15 Aug 2022 15:47:57 -0700 (PDT) MIME-Version: 1.0 References: <871qth87r1.fsf@toke.dk> <20220815224011.GA9821@breakpoint.cc> In-Reply-To: <20220815224011.GA9821@breakpoint.cc> From: Alexei Starovoitov Date: Mon, 15 Aug 2022 15:47:46 -0700 Message-ID: Subject: Re: [PATCH bpf-next 2/3] bpf: Add support for writing to nf_conn:mark To: Florian Westphal Cc: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= , Daniel Xu , bpf , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Kumar Kartikeya Dwivedi , Pablo Neira Ayuso , netfilter-devel , Network Development , LKML Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 15, 2022 at 3:40 PM Florian Westphal wrote: > > Toke H=C3=B8iland-J=C3=B8rgensen wrote: > > > Support direct writes to nf_conn:mark from TC and XDP prog types. Thi= s > > > is useful when applications want to store per-connection metadata. Th= is > > > is also particularly useful for applications that run both bpf and > > > iptables/nftables because the latter can trivially access this metada= ta. > > > > > > One example use case would be if a bpf prog is responsible for advanc= ed > > > packet classification and iptables/nftables is later used for routing > > > due to pre-existing/legacy code. > > > > > > Signed-off-by: Daniel Xu > > > > Didn't we agree the last time around that all field access should be > > using helper kfuncs instead of allowing direct writes to struct nf_conn= ? > > I don't see why ct->mark needs special handling. > > It might be possible we need to change accesses on nf/tc side to use > READ/WRITE_ONCE though. +1 I don't think we need to have a hard rule. If fields is safe to access directly than it's faster to let bpf prog read/write it. There are no backward compat concerns. If conntrack side decides to make that field special we can disallow direct writes in the same kernel version. These accesses, just like kfuncs, are unstable.