Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4631976rdh; Wed, 29 Nov 2023 06:47:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IEETP4fbpjEeiA9srgSzeEy/sPVtG3VsBn++57KHtFyQFZY3x6D5AEoc6sJfhpj0xuJknUy X-Received: by 2002:a17:90a:f2d2:b0:27d:348:94a8 with SMTP id gt18-20020a17090af2d200b0027d034894a8mr19145007pjb.6.1701269273216; Wed, 29 Nov 2023 06:47:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701269273; cv=none; d=google.com; s=arc-20160816; b=pnLQR7O1pZe6qBcTrZO/SbO82BUgvjgw7p4HBlM1xd1QeBa8Nc8A/jLKjvqVJac5as Emj3ESKBriEvnvZwQls6THuzMQXFC16Xa5bYVTkY2l/id+7PJ4lN0lJgCi4FbF3fMFFk OYslo3nAweHgv6sytyTloZkO+MxDanl7Y0hsD6JVi0pmH75sb5Eeco/lCrrgg17eaATi Jc/M1YgrQOHfgqaZzjnLgEOGDuBKTOH3AkaWwrTAoijqG5yI7imFkbbk81VVogfUQki2 WZEr1Cla+Jej1XhHEYW2nhAKqHrgJqPjWaEr6Fw4qzVuiqsQ6lyf6Khw15YH9ivKBMEU toRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=gD7ZrhvamfBzoVGybhcaLNNoZshba6DkqDE4ZhBNkj8=; fh=zpP/wVMGd7XpfIrwdjOIGK97XKpcad2zZGEBRiewNp0=; b=kVJI9K1TG/MTUZkClQAwH7F+xacYvGMosc0DHyYKBML1nTX1dyitF4dX0csEShhgUW DsbrXj63nJw2U3bCeXdkyxqf2vtGkehJvwOV9hFeyOrkXglywVx8FdoJX09yvdenc5+2 a7vKgVu8doD0EEN+KAG5XnPKHz6uzznHnilUmevGW894NHiCxPTSXnRhV1KWxroP5lT+ gO49BkuO0bNQazG61ScTcn7GR5X5ahlsFTinjXKJYGuKz8vv5YX8HIHm2VfFbybXeJJ5 x3PJQFmouo1cHelXiMujolGXlpzzYzfJZV9WqeM+0DaJ0UN1ywWgXoGyiW0dGaqD5UFI oSJg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id n8-20020a17090a9f0800b0027d33155aefsi1429667pjp.99.2023.11.29.06.47.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Nov 2023 06:47:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id E6D0B8082DE9; Wed, 29 Nov 2023 06:47:50 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234061AbjK2Org (ORCPT + 99 others); Wed, 29 Nov 2023 09:47:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231133AbjK2Orf (ORCPT ); Wed, 29 Nov 2023 09:47:35 -0500 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:237:300::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A159219A; Wed, 29 Nov 2023 06:47:41 -0800 (PST) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1r8Lqi-0006yM-ON; Wed, 29 Nov 2023 15:47:36 +0100 Date: Wed, 29 Nov 2023 15:47:36 +0100 From: Florian Westphal To: "D. Wythe" Cc: Florian Westphal , pablo@netfilter.org, kadlec@netfilter.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, coreteam@netfilter.org, netfilter-devel@vger.kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ast@kernel.org Subject: Re: [PATCH net] net/netfilter: bpf: avoid leakage of skb Message-ID: <20231129144736.GB24754@breakpoint.cc> References: <1701252962-63418-1-git-send-email-alibuda@linux.alibaba.com> <20231129131846.GC27744@breakpoint.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 29 Nov 2023 06:47:51 -0800 (PST) D. Wythe wrote: > And my origin intention was to allow ebpf progs to return NF_STOLEN, we are > trying to modify some netfilter modules via ebpf, > and some scenarios require the use of NF_STOLEN, but from your description, NF_STOLEN can only be supported via a trusted helper, as least as far as I understand. Otherwise verifier would have to guarantee that any branch that returns NF_STOLEN has released the skb, or passed it to a function that will release the skb in the near future.