Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp7092797rwp; Tue, 18 Jul 2023 09:56:02 -0700 (PDT) X-Google-Smtp-Source: APBJJlFCruOInOAD9P6sRYLctBWtStYJ1pEpegyEARRv3JH6+fAzeC5FDdT8xb97YS2XqLozg9gC X-Received: by 2002:a05:6a00:1404:b0:67f:ff0a:1bbb with SMTP id l4-20020a056a00140400b0067fff0a1bbbmr237800pfu.1.1689699362387; Tue, 18 Jul 2023 09:56:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689699362; cv=none; d=google.com; s=arc-20160816; b=hgnVu3on6AnIPpPb1+CcIc8bI/pyCk1XbnDNBc4a6WXk9ygyNIo6dKY6ll9EtfWZGj v7W59mLBqPcDCjwhIpCkhJhVaJ6vDpT2UBn9h229nQLTOMRI3bMSNIfxNiMoX3csT9ro H/qnaSVtjfFx5XqfANkZul0o+KSnIPq07XZFzZvOQBwEeuEe1ye4JSCEnnhI7oUrXqpa GuU/01/8CK23jSiAT4TtgY/JSg6Q436zFrLsHEzw6kO94FBrnFS9RKdHPohwqDPHBhED 0hy6T5JU1CKoSHgLjiyDi5yHynzkzp61tRyx1r7yGhsv6h7QoUR9sMey1l9eo/csUDSD q/kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=iemggp/0h14cLCAAyDHhcCwLJhah9OyvESFo1Hs7/uQ=; fh=5qA7X02o2skGitbAtY8yZLK4fmfA4uYoZfE1Tm/5VXw=; b=vDH+Gh8sRgUFr8fYhGo+/Zx6KBdsMlAOjqDPEVfzyX9CPMWe0hBYpDdB/HSTbQLu83 uvdRYkBKREe6wTTrsNoQcUOf3Z502yqbZnf/uZXzBSNgQmfln7xIOnnbEOc7fIOVt19V ywQD/DUSKkeqkatYaa8vxHqqkofNDZMoFCfX/Wfb4dMXVR7qbpN/irtwUOCNv9FjpuQ5 XQlOTHvbhurENIGMq/Wd6K9igyFHUeD4Y+mwBuaNax0PKbzLH5u97nSgScRniLHBctli hgXTGCyk0BY3mwwWR/uu+7F5ls99GGm3+oLmel4+n+c43zC00t7HBhtjejoPpHs3BLUA zThg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=qyylx3cI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q18-20020a056a00085200b00676cd4f7c1esi1820866pfk.390.2023.07.18.09.55.48; Tue, 18 Jul 2023 09:56:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=qyylx3cI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231400AbjGRQwq (ORCPT + 99 others); Tue, 18 Jul 2023 12:52:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231352AbjGRQwj (ORCPT ); Tue, 18 Jul 2023 12:52:39 -0400 Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3CC88199; Tue, 18 Jul 2023 09:52:38 -0700 (PDT) Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2b6f0508f54so89948591fa.3; Tue, 18 Jul 2023 09:52:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689699156; x=1692291156; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=iemggp/0h14cLCAAyDHhcCwLJhah9OyvESFo1Hs7/uQ=; b=qyylx3cIYmzIoE2RyMD9SETNHrJE31G33ejnX8oLxbM2rt3B07VYRuOv9KZqIwDU1z 5ufm52bqxsWSUYkOJJFcf+njn9TrbFDP/ehFquKoMP3eLdJfd4u8YxMhQup/AsXMz8rA 3A50PGhJDKIWDWHUA8kwuYlri3feKEgHSgzozIVG+5DtPyHn3+lBTPTfl3GrPhzbpzyd a+ftHoP0S0lX/ldtvRuHojqpnJjmpV7UdraTZxPkX3CGY/r44prbquB0+Orp3tR4xnmH xlt7x/07FJH5a/GlMVWIy84tt+ZmysSzPfXHvFjH6Vuc2X9wLGMB0NpNlJh1wcGEfnUR egGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689699156; x=1692291156; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iemggp/0h14cLCAAyDHhcCwLJhah9OyvESFo1Hs7/uQ=; b=IuMPoLgcN/ENKZg+r/LgEJ3e7BZK/JdVVgV7qe5qPwY3lbhuipAoIVp6RU3CVwJNfH o6XukKr/0T3yr4Y+Hag2cOBz+ARGLiDKWAt6H+hP9dqOxtYvZzbosLA45oj1SjLNHcHg P4gqTIPsh/0b01ZCukKNcRixZeY/8RY4uRS7YOa1yD9ddx6cHV/xoDnzXsK1URkIj4FN se4cusiUz2xOqSpWvO00rcXP3M51B0+sy8YD5iQ7jOJsi3TNKXftX1U2hc387aujUaZ7 +0egXSvcYrYSrKlehgFPeHCblsWbru9Zf4ymqVt2wjMaYEkljtguxvGRWHyUGPtp/Csm L2/Q== X-Gm-Message-State: ABy/qLZgCHQskNXIMhJUR9IDCXJrqScmyl+ndk3dtp11pQcAFGot6qxR YWWF0wblIDyUcZV9iJXPhqp0YNvMpgJN7dK0hB0= X-Received: by 2002:a2e:84d7:0:b0:2b6:cca1:975f with SMTP id q23-20020a2e84d7000000b002b6cca1975fmr11532284ljh.13.1689699156163; Tue, 18 Jul 2023 09:52:36 -0700 (PDT) MIME-Version: 1.0 References: <20230502005218.3627530-1-drosen@google.com> <20230718082615.08448806@kernel.org> <20230718090632.4590bae3@kernel.org> In-Reply-To: <20230718090632.4590bae3@kernel.org> From: Alexei Starovoitov Date: Tue, 18 Jul 2023 09:52:24 -0700 Message-ID: Subject: Re: [PATCH v2 1/3] bpf: Allow NULL buffers in bpf_dynptr_slice(_rw) To: Jakub Kicinski Cc: Daniel Rosenberg , bpf , Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan , Jonathan Corbet , Joanne Koong , Mykola Lysenko , LKML , "open list:KERNEL SELFTEST FRAMEWORK" , Android Kernel Team Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 18, 2023 at 9:06=E2=80=AFAM Jakub Kicinski wr= ote: > > On Tue, 18 Jul 2023 08:52:55 -0700 Alexei Starovoitov wrote: > > On Tue, Jul 18, 2023 at 8:26=E2=80=AFAM Jakub Kicinski wrote: > > > On Mon, 1 May 2023 17:52:16 -0700 Daniel Rosenberg wrote: > > > > --- a/include/linux/skbuff.h > > > > +++ b/include/linux/skbuff.h > > > > @@ -4033,7 +4033,7 @@ __skb_header_pointer(const struct sk_buff *sk= b, int offset, int len, > > > > if (likely(hlen - offset >=3D len)) > > > > return (void *)data + offset; > > > > > > > > - if (!skb || unlikely(skb_copy_bits(skb, offset, buffer, len) = < 0)) > > > > + if (!skb || !buffer || unlikely(skb_copy_bits(skb, offset, bu= ffer, len) < 0)) > > > > return NULL; > > > > > > First off - please make sure you CC netdev on changes to networking! > > > > > > Please do not add stupid error checks to core code for BPF safety. > > > Wrap the call if you can't guarantee that value is sane, this is > > > a very bad precedent. > > > > This is NOT for safety. You misread the code. > > Doesn't matter, safety or optionality. skb_header_pointer() is used > on the fast paths of the networking stack, adding heavy handed input > validation to it is not okay. No sane code should be passing NULL > buffer to skb_header_pointer(). Please move the NULL check to the BPF > code so the rest of the networking stack does not have to pay the cost. > > This should be common sense. If one caller is doing something.. > "special" the extra code should live in the caller, not the callee. > That's basic code hygiene. you're still missing the point. Pls read the whole patch series. It is _not_ input validation. skb_copy_bits is a slow path. One extra check doesn't affect performance at all. So 'fast paths' isn't a valid argument here. The code is reusing if (likely(hlen - offset >=3D len)) return (void *)data + offset; which _is_ the fast path. What you're requesting is to copy paste the whole __skb_header_pointer into __skb_header_pointer2. Makes no sense.