Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp17933579rwd;
        Tue, 27 Jun 2023 09:17:16 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ7RXOSJh46+T+a2d8AXx0/qVbhTDvt7seDZxCR+KsQCHRBpYZOXq50aSVPU7qpDglN2QfCl
X-Received: by 2002:aa7:c543:0:b0:51d:9521:8084 with SMTP id s3-20020aa7c543000000b0051d95218084mr4811849edr.2.1687882636370;
        Tue, 27 Jun 2023 09:17:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1687882636; cv=none;
        d=google.com; s=arc-20160816;
        b=mUA6q3RWNiqUVJpIVrxEoG9hYj7oXkk6HV19xklAM9T2ugtAlm4ejAB1kPumXE8JqG
         kEoU1rjjiy/NzB5wvTtq6VWG4AJKtA0R5NMT6oHwG1PaWLGvnh2VeoJVnhUUK4XgZTBm
         YxBPLj0fRvUXgsTPIXoU7miErPjodnoqwi+UVf7VAC9JFYN6udIPiKuz3uJ6dCOB+s+e
         vNSLJRXaAvmj/8Tnr9mxOoUpcXY7Bz5gCp5WlbUJMWCYy+6cC+rQaDIhDXh9bD46PeKs
         LFCayFVUKfyvpmGLo4vbCGWHNoRI9wqjr9AuJruDKaG9rTAgJijsccXuKewQkxhwDH4S
         WR6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:feedback-id
         :dkim-signature:dkim-signature;
        bh=MaWd3XEowwvLUFCc41uoQ1RE2kMoRIlrDDw0f1G5UY8=;
        fh=N9lkeIuqpJkplQgXTXJ1OU5ElGfzQVV+XOuUvAZCzTk=;
        b=SleVctTXbasCd+BhYa+fQveePJTTZURdmo/Z/ilITWOvM/i5KEx/fSIXBvgFkrwWkR
         1m6NIaLsTemHx2KfALAF66rWi3YB1wLSEe4hCQ+PtMbdN6tUrRuoDMMZx8GLiBDaKqTu
         +l74wv1Na/vmmqrA/pj0k78citKJ1fvEZC0aupSc6eRTDIIxrTeXMR31wqgotqgJXO66
         tM/NO4U0f0cYwr/bscaKY+dUi/gfpAz97Vwi6CnNnG86R5+UQPIBnts1Iipfl1CXkHQ8
         U+QdDKWaRVXsIbIslugZYveEHsE31N41eNq0Ziz7+JArXtEthXVubEFJcVLCSv5QskNH
         rBPQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@dxuuu.xyz header.s=fm1 header.b=Fs0XZFqc;
       dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=j9ZSCj7W;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id l25-20020aa7d959000000b0051da01f07e4si1989176eds.331.2023.06.27.09.16.50;
        Tue, 27 Jun 2023 09:17:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@dxuuu.xyz header.s=fm1 header.b=Fs0XZFqc;
       dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=j9ZSCj7W;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230523AbjF0Pfb (ORCPT <rfc822;aiskunkworks@gmail.com>
        + 99 others); Tue, 27 Jun 2023 11:35:31 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49612 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229562AbjF0Pf3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Jun 2023 11:35:29 -0400
Received: from wnew1-smtp.messagingengine.com (wnew1-smtp.messagingengine.com [64.147.123.26])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 679F42978;
        Tue, 27 Jun 2023 08:35:28 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
        by mailnew.west.internal (Postfix) with ESMTP id D527D2B0013F;
        Tue, 27 Jun 2023 11:35:22 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
  by compute5.internal (MEProxy); Tue, 27 Jun 2023 11:35:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc
        :cc:content-type:content-type:date:date:from:from:in-reply-to
        :in-reply-to:message-id:mime-version:references:reply-to:sender
        :subject:subject:to:to; s=fm1; t=1687880122; x=1687887322; bh=Ma
        Wd3XEowwvLUFCc41uoQ1RE2kMoRIlrDDw0f1G5UY8=; b=Fs0XZFqcF1Z6kxWEqj
        VyipIL1Lu2IQBe6WPOIhyccgGX5pW5thA0IpIpbrLMyRZP46FokJJG4n8nge6xrd
        wPZDY+RpHlYiMHbTEKOu2REa5lfjAvtfeRplS3fQrQVkr7vM3+OT9gKOQSTbscub
        B8633BC4A1OB2ZHv2WKhM/Z3jGftxhXO8mrY5sex96hQ9iZOiwUcjNSS6pxkG9rq
        4UwbkU6eUdBRhYz00e3DymWK2h30gFAeXrypMHue27O2Jflbx7+g2lggx4U1fXqU
        KrtZZwzQcFpB7CWvAFM6YSVq2UZtnVqmdBMMOYUFFhlTJP0gmlv/YU5kr4x2JCRe
        lXyg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=cc:cc:content-type:content-type:date:date
        :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
        :message-id:mime-version:references:reply-to:sender:subject
        :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
        :x-sasl-enc; s=fm2; t=1687880122; x=1687887322; bh=MaWd3XEowwvLU
        FCc41uoQ1RE2kMoRIlrDDw0f1G5UY8=; b=j9ZSCj7W+XQf8JkJmrPDFf7EOxMTB
        tqpymNDN9SIS7JTjR0gqqySkBRVgGPlNr8FQZCFfRcjlQx7IXrirGJH6D7aBaqPs
        Z9AZoTDeJMQg08S6ImwCc4hNp0yKrSZqWISMHPmKhAPXtKeArXRJ+WKUHOTNo1Be
        ByNZVCUa+1HJJ2lU9IDKk6j0io8jicWURhhuWVlZiiTnAqi9XPbyUUlzUgrZHRd5
        a/bAh8a817zKOYuku1V0Ow+I0cSSq+FfF1fFIXn9NvivMXIXNBn1B/Xe0rp6mvlR
        +5GP662che8RMu08ZyxWWK18q0j2d4Mjj1jYXVnGIO3xGbPVYMkwvwLPg==
X-ME-Sender: <xms:uQGbZBx6DGW6t-IECKNUw9WFzYNO294lwPkVNHxyHlz_3F6G3EF6HQ>
    <xme:uQGbZBRCy13UqbAxIjL1uoQ0lx2HM4dxvIdNQaHQnKTQqE7zuc0k2JaIleHXPT9ye
    jweR9REd79c82u06g>
X-ME-Received: <xmr:uQGbZLVyucbrKlXZfODVGfTwDAq0TkrrQoL2WKfzbiDmdUrmWFEfwApHG7FptRznwUrRTimviu8aa6jxWKWmqfngLEBo8zGbeboD>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrtddtgdegkecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfg
    hrlhcuvffnffculdejtddmnecujfgurhepfffhvfevuffkfhggtggujgesthdtsfdttddt
    vdenucfhrhhomhepffgrnhhivghlucgiuhcuoegugihusegugihuuhhurdighiiiqeenuc
    ggtffrrghtthgvrhhnpedvfeekteduudefieegtdehfeffkeeuudekheduffduffffgfeg
    iedttefgvdfhvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh
    hrohhmpegugihusegugihuuhhurdighiii
X-ME-Proxy: <xmx:ugGbZDjhwzOYxW82dEuuydsSiFPt6dk92wWs2bXOdWBfZEnthxCS5w>
    <xmx:ugGbZDD5onJICIyrRsab8yj9lDnwB5wntHPq9i8M9-jUzu5r67Tf_Q>
    <xmx:ugGbZMLVaxTNm5BPF_9vLR3xOAbGZgGjCcWXjiz5zfYxLoOwfrOVWg>
    <xmx:ugGbZFzStJSByafpx22ow7dsPAOzBtJREFBZQ6xrOy9l9mqE81gHgsDSFqg>
Feedback-ID: i6a694271:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 27 Jun 2023 11:35:20 -0400 (EDT)
Date:   Tue, 27 Jun 2023 09:35:19 -0600
From:   Daniel Xu <dxu@dxuuu.xyz>
To:     Florian Westphal <fw@strlen.de>
Cc:     daniel@iogearbox.net, edumazet@google.com, kuba@kernel.org,
        pabeni@redhat.com, pablo@netfilter.org, andrii@kernel.org,
        davem@davemloft.net, ast@kernel.org, kadlec@netfilter.org,
        martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
        john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
        haoluo@google.com, jolsa@kernel.org, bpf@vger.kernel.org,
        linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org,
        coreteam@netfilter.org, netdev@vger.kernel.org, dsahern@kernel.org
Subject: Re: [PATCH bpf-next 4/7] netfilter: bpf: Support
 BPF_F_NETFILTER_IP_DEFRAG in netfilter link
Message-ID: <5hnelxxsrwyon36k3t7uhxbdaqu4ku246vkec6kxkfkqivkcsm@xusgh57bm2xj>
References: <cover.1687819413.git.dxu@dxuuu.xyz>
 <242c66138bf4ec8aa26b29d736fb48242b4164ce.1687819413.git.dxu@dxuuu.xyz>
 <20230627111248.GH3207@breakpoint.cc>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230627111248.GH3207@breakpoint.cc>
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,
        SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jun 27, 2023 at 01:12:48PM +0200, Florian Westphal wrote:
> Daniel Xu <dxu@dxuuu.xyz> wrote:
> > +static int bpf_nf_enable_defrag(struct bpf_nf_link *link)
> > +{
> > +	int err;
> > +
> > +	switch (link->hook_ops.pf) {
> > +#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
> > +	case NFPROTO_IPV4:
> > +		const struct nf_defrag_v4_hook *v4_hook;
> > +
> > +		err = request_module("nf_defrag_ipv4");
> > +		if (err)
> > +			return err;
> > +
> > +		rcu_read_lock();
> > +		v4_hook = rcu_dereference(nf_defrag_v4_hook);
> > +		err = v4_hook->enable(link->net);
> > +		rcu_read_unlock();
> 
> I'd reverse this, first try rcu_dereference(), then modprobe
> if thats returned NULL.

Ack.

> 
> > +static void bpf_nf_disable_defrag(struct bpf_nf_link *link)
> > +{
> > +	switch (link->hook_ops.pf) {
> > +#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
> > +	case NFPROTO_IPV4:
> > +		const struct nf_defrag_v4_hook *v4_hook;
> > +
> > +		rcu_read_lock();
> > +		v4_hook = rcu_dereference(nf_defrag_v4_hook);
> > +		v4_hook->disable(link->net);
> > +		rcu_read_unlock();
> 
> if (v4_hook)
> 	v4_hook->disable()
> 
> Else we get trouble on manual 'rmmod'.

Ah good catch, thanks.

> 
> > +	/* make sure conntrack confirm is always last */
> > +	prio = attr->link_create.netfilter.priority;
> > +	if (prio == NF_IP_PRI_FIRST)
> > +		return -ERANGE;  /* sabotage_in and other warts */
> > +	else if (prio == NF_IP_PRI_LAST)
> > +		return -ERANGE;  /* e.g. conntrack confirm */
> > +	else if ((attr->link_create.netfilter.flags & BPF_F_NETFILTER_IP_DEFRAG) &&
> > +		 (prio > NF_IP_PRI_FIRST && prio <= NF_IP_PRI_CONNTRACK_DEFRAG))
> > +		return -ERANGE;  /* cannot use defrag if prog runs before nf_defrag */
> 
> You could elide the (prio > NF_IP_PRI_FIRST, its already handled by
> first conditional.  Otherwise this looks good to me.
> 

Ah, right. It's INT_MIN.


Thanks,
Daniel