Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp2383917rwb; Mon, 19 Sep 2022 04:29:35 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7wu2EYEyYnSqZ7ACDGtc+WCB5HubHbTZL6j6XEee2VxerR59SoWJuhBgITsHxHwFiiw2rr X-Received: by 2002:a17:906:8a57:b0:781:9705:df89 with SMTP id gx23-20020a1709068a5700b007819705df89mr12837ejc.266.1663586975650; Mon, 19 Sep 2022 04:29:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663586975; cv=none; d=google.com; s=arc-20160816; b=sOvJgoYS1y+S13aRS2pBCV8FVXarNbTWdXze5SBTHQKoi733/4czLI32H+WsOWS87/ SVDftvxqBpKMNkQHUnhEE/OH3hdZkxfbGhPefSzduoVHov55pIETtubJEAR+8LB+zg3Z df5Vjd0YLw0fsCy2Y23+qsrOKDksFIkczNe9HPhX1YH1lu3VLUK3Ku5lhm4TowcfhJOd u3k2prIxJan2ztIXu4Sed0J+fQKcRfUE3sJRiQmVy2i4jvOt4NEx0y8RLEqTeZVHDCbr wpLq9X8DDklq9Vo9DJRtIz5AwVjcHYJDtjURR5TdThaOHyfD0TJ1IVmZwz7gdJTtVEOd Ipqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=lXCMoLxJ3FHyRWM88Y5qgFm8K1zkUtrU9CLeOp9MNdU=; b=FpQGAK0/xjCMOWWo+aLn/n15bpYkE9rZPeqX72NxLFIBu6tSu3JcRZq6uTt2mT8PfH Hvc1SbdmqlLrj+LmdWUN52GB7IPG2mTAu96bYVpNZls7z2BvS0gPWTkH4h9szwRecg3R qbg2dqFPAxDKquhG0JHVg0QyFwhH2SYc5ud8kSQrxQnkU8QFJc+pipOCoTJx9LCM/HoT DMlyR6/iyx1kIsnN1WwHn5LVNTHtU7Vl0KtjHhnytDkuCOWE+ljRJ00KI4yK+BJDqAtZ X+Kgqbv80h75o5W+8bOLdJ4IduPkOJaqKYAIqgj/WAbgLehlBPOky0oIL61hsOP7JPu9 3IfQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hg5-20020a1709072cc500b007794442b646si8943814ejc.342.2022.09.19.04.29.10; Mon, 19 Sep 2022 04:29:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230002AbiISK65 (ORCPT + 99 others); Mon, 19 Sep 2022 06:58:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56730 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229998AbiISK62 (ORCPT ); Mon, 19 Sep 2022 06:58:28 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF1DD2A24B; Mon, 19 Sep 2022 03:55:37 -0700 (PDT) Received: from dggpeml500026.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4MWM1W3QdczmVVN; Mon, 19 Sep 2022 18:51:43 +0800 (CST) Received: from [10.174.178.66] (10.174.178.66) by dggpeml500026.china.huawei.com (7.185.36.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 19 Sep 2022 18:55:35 +0800 Message-ID: <5a3c5ea9-d557-6070-d778-1092f3c51257@huawei.com> Date: Mon, 19 Sep 2022 18:55:35 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.0.2 Subject: Re: [PATCH v4,bpf-next] bpf: Don't redirect packets with invalid pkt_len To: Stanislav Fomichev , Lorenz Bauer CC: , , , , References: <20220715115559.139691-1-shaozhengchao@huawei.com> <20220914111936.19881-1-oss@lmb.io> From: shaozhengchao In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.178.66] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To dggpeml500026.china.huawei.com (7.185.36.106) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-5.2 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022/9/17 23:46, Stanislav Fomichev wrote: > On Wed, Sep 14, 2022 at 4:20 AM Lorenz Bauer wrote: >> >> Hi, >> >> I think this patch is causing user-space breakage, see [0]. >> >> The gist is that we do BPF_PROG_RUN of a socket filter with 14 byte input to determine whether >> BPF_PROG_RUN is available or not. I'll fix this in cilium/ebpf, but I think this patch >> needs more work since users may be doing the same thing in their code. > > Ooops, sorry about that. > > Instead of rejecting len=0 data, we might accept the packet but add > some safe header? I think that should be more backwards compatible? > Zhengchao, something you can look into? > > Sorry for the delay. I'm busy testing the TC module recently. I'm very sorry for the user-space breakage. The root cause of this problem is that eth_type_trans() is called when the protocol type of the SKB is parsed. The len value of the SKB is reduced to 0. If the user mode requires that the forwarding succeed, or if the MAC header is added again after the MAC header is subtracted, is this appropriate? Zhengchao Shao >> Thanks, >> Lorenz >> >> 0: https://github.com/cilium/ebpf/pull/788