Commit f38499ff authored by Jakub Sitnicki's avatar Jakub Sitnicki Committed by Martin KaFai Lau
Browse files

bpf: Unclone skb head on bpf_dynptr_write to skb metadata 



Currently bpf_dynptr_from_skb_meta() marks the dynptr as read-only when
the skb is cloned, preventing writes to metadata.

Remove this restriction and unclone the skb head on bpf_dynptr_write() to
metadata, now that the metadata is preserved during uncloning. This makes
metadata dynptr consistent with skb dynptr, allowing writes regardless of
whether the skb is cloned.

Signed-off-by: default avatarJakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
Link: https://patch.msgid.link/20251105-skb-meta-rx-path-v4-3-5ceb08a9b37b@cloudflare.com
parent 290fc0be

include/linux/filter.h

+9 −0
Original line number Diff line number Diff line
@@ -1781,6 +1781,8 @@ int __bpf_xdp_store_bytes(struct xdp_buff *xdp, u32 offset, void *buf, u32 len); 
void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len);

void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off,

		      void *buf, unsigned long len, bool flush);

int __bpf_skb_meta_store_bytes(struct sk_buff *skb, u32 offset,

			       const void *from, u32 len, u64 flags);

void *bpf_skb_meta_pointer(struct sk_buff *skb, u32 offset);

#else /* CONFIG_NET */

static inline int __bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset,
@@ -1817,6 +1819,13 @@ static inline void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off, voi 
{

}



static inline int __bpf_skb_meta_store_bytes(struct sk_buff *skb, u32 offset,

					     const void *from, u32 len,

					     u64 flags)

{

	return -EOPNOTSUPP;

}



static inline void *bpf_skb_meta_pointer(struct sk_buff *skb, u32 offset)

{

	return ERR_PTR(-EOPNOTSUPP);

kernel/bpf/helpers.c

+2 −4
Original line number Diff line number Diff line
@@ -1842,10 +1842,8 @@ int __bpf_dynptr_write(const struct bpf_dynptr_kern *dst, u32 offset, void *src, 
			return -EINVAL;

		return __bpf_xdp_store_bytes(dst->data, dst->offset + offset, src, len);

	case BPF_DYNPTR_TYPE_SKB_META:

		if (flags)

			return -EINVAL;

		memmove(bpf_skb_meta_pointer(dst->data, dst->offset + offset), src, len);

		return 0;

		return __bpf_skb_meta_store_bytes(dst->data, dst->offset + offset, src,

						  len, flags);

	default:

		WARN_ONCE(true, "bpf_dynptr_write: unknown dynptr type %d\n", type);

		return -EFAULT;

net/core/filter.c

+12 −6
Original line number Diff line number Diff line
@@ -12102,6 +12102,18 @@ void *bpf_skb_meta_pointer(struct sk_buff *skb, u32 offset) 
	return skb_metadata_end(skb) - skb_metadata_len(skb) + offset;

}



int __bpf_skb_meta_store_bytes(struct sk_buff *skb, u32 offset,

			       const void *from, u32 len, u64 flags)

{

	if (unlikely(flags))

		return -EINVAL;

	if (unlikely(bpf_try_make_writable(skb, 0)))

		return -EFAULT;



	memmove(bpf_skb_meta_pointer(skb, offset), from, len);

	return 0;

}



__bpf_kfunc_start_defs();

__bpf_kfunc int bpf_dynptr_from_skb(struct __sk_buff *s, u64 flags,

				    struct bpf_dynptr *ptr__uninit)
@@ -12129,9 +12141,6 @@ __bpf_kfunc int bpf_dynptr_from_skb(struct __sk_buff *s, u64 flags, 
 * XDP context with bpf_xdp_adjust_meta(). Serves as an alternative to

 * &__sk_buff->data_meta.

 *

 * If passed @skb_ is a clone which shares the data with the original, the

 * dynptr will be read-only. This limitation may be lifted in the future.

 *

 * Return:

 * * %0         - dynptr ready to use

 * * %-EINVAL   - invalid flags, dynptr set to null
@@ -12149,9 +12158,6 @@ __bpf_kfunc int bpf_dynptr_from_skb_meta(struct __sk_buff *skb_, u64 flags, 


	bpf_dynptr_init(ptr, skb, BPF_DYNPTR_TYPE_SKB_META, 0, skb_metadata_len(skb));



	if (skb_cloned(skb))

		bpf_dynptr_set_rdonly(ptr);



	return 0;

}