Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4642121rdh; Wed, 29 Nov 2023 07:02:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IG6gJiIUpwGfjx8JEbGotbNuypqchPDsMKCd3B9Tvoy5SCOvI69J5ufTAH31Aq/1hSPpQXT X-Received: by 2002:a05:6820:160a:b0:58d:8325:fec2 with SMTP id bb10-20020a056820160a00b0058d8325fec2mr4800930oob.2.1701270145364; Wed, 29 Nov 2023 07:02:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701270145; cv=none; d=google.com; s=arc-20160816; b=IDkhXxKX0X6AdxAuWIZoSZDLh0bseDgOoljpknQUpQrqiGRs3st8Zvi9QPMTMkl9LF qlw7XGegLtCMvI39nnlkuvBOGazalG9cEz1hgkZKGO3Aij4NHc9Lhj+7bjgIgG3IaoQB GM3mograJT93MhSaCZf3MvEI059OCNEGl+Ar9BMPvUYWNQEjbjNMQ24ltwz6weJl/1Gn ba2O36tZXqPIUSNSboWRmkOs1EzOW5UCz0DZRIcfWERGN2SxPUkAhN6V6OC0ajiTzEwz +efTK7QpuwMNyrWE5DfS1Aa2J+ap+h3zQMHEWbBZUHONS+wejX2F6mdVOCKrIblBM5ll gYqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=id6WfWWZEt/ZVlM8OrDDsNducnVt8pA+Lm6Dg66/ym4=; fh=K+YJW+n5sEW7522VOsPmu39bzfZFRXf7euV66+tgX58=; b=Gw0T8q9D8W4U23tpS10D3eh/RVxYpKs1Tf8bh2A8rc9rfs7ZJrVYtmk6fME6URZV+n 5bkuEga7ls5SL+/U2TI+UmzESCfRMhiea2O9JMffm/kH8g5VM0rjo/Ysxs9XdrM/7gfC J3JQj2atUf2RyX2XEgNc9uvXi9TEyQykiyu8hbX/f9Qtiqc++TPvahNsAkHXJIDM4UL9 1y6rsfc7tb9Udrpok/qvB+6nh/y4F1Eup+/UBnZembgLNRkGHUeua3aVLqn34grctHp6 Q4hyw+gU8atbg6n4294jaAJ7CjMuOAkvHyqtzwtK3kddq1e/VK/mbBJvVRGe+WPfxmPk miew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id a1-20020a4a8741000000b0057ba8e24fd5si5155738ooi.92.2023.11.29.07.02.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Nov 2023 07:02:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id BA737807E441; Wed, 29 Nov 2023 07:02:17 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234219AbjK2PCA (ORCPT + 99 others); Wed, 29 Nov 2023 10:02:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232925AbjK2PB7 (ORCPT ); Wed, 29 Nov 2023 10:01:59 -0500 Received: from out30-110.freemail.mail.aliyun.com (out30-110.freemail.mail.aliyun.com [115.124.30.110]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B836A3; Wed, 29 Nov 2023 07:02:04 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R451e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046050;MF=alibuda@linux.alibaba.com;NM=1;PH=DS;RN=13;SR=0;TI=SMTPD_---0VxOW.jE_1701270121; Received: from 30.39.190.97(mailfrom:alibuda@linux.alibaba.com fp:SMTPD_---0VxOW.jE_1701270121) by smtp.aliyun-inc.com; Wed, 29 Nov 2023 23:02:02 +0800 Message-ID: Date: Wed, 29 Nov 2023 23:02:01 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [PATCH net] net/netfilter: bpf: avoid leakage of skb Content-Language: en-US To: Florian Westphal Cc: pablo@netfilter.org, kadlec@netfilter.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, coreteam@netfilter.org, netfilter-devel@vger.kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ast@kernel.org References: <1701252962-63418-1-git-send-email-alibuda@linux.alibaba.com> <20231129131846.GC27744@breakpoint.cc> <20231129144736.GB24754@breakpoint.cc> From: "D. Wythe" In-Reply-To: <20231129144736.GB24754@breakpoint.cc> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.9 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 29 Nov 2023 07:02:18 -0800 (PST) On 11/29/23 10:47 PM, Florian Westphal wrote: > D. Wythe wrote: >> And my origin intention was to allow ebpf progs to return NF_STOLEN, we are >> trying to modify some netfilter modules via ebpf, >> and some scenarios require the use of NF_STOLEN, but from your description, > NF_STOLEN can only be supported via a trusted helper, as least as far as > I understand. > > Otherwise verifier would have to guarantee that any branch that returns > NF_STOLEN has released the skb, or passed it to a function that will > release the skb in the near future. Thank you very much for your help. I now understand the difficulty here. The verifier cannot determine whether the consume_skb() was executed or not, when the return value  goes to NF_STOLEN. We may use NF_DROP at first, it won't be make much difference for us now. Also, do you have any plans to support this helper? Best wishes, D. Wythe