On 26 Jun 2024, at 22:06, Adrián Moreno wrote:
> On Wed, Jun 26, 2024 at 04:28:01PM GMT, Eelco Chaudron wrote: >> >> >> On 25 Jun 2024, at 22:51, Adrian Moreno wrote: >> >>> If the action has a user_cookie, pass it along to the sample so it can >>> be easily identified. >>> >>> Signed-off-by: Adrian Moreno <[email protected]> >>> --- >>> net/sched/act_sample.c | 12 ++++++++++++ >>> 1 file changed, 12 insertions(+) >>> >>> diff --git a/net/sched/act_sample.c b/net/sched/act_sample.c >>> index a69b53d54039..2ceb4d141b71 100644 >>> --- a/net/sched/act_sample.c >>> +++ b/net/sched/act_sample.c >>> @@ -167,7 +167,9 @@ TC_INDIRECT_SCOPE int tcf_sample_act(struct sk_buff >>> *skb, >>> { >>> struct tcf_sample *s = to_sample(a); >>> struct psample_group *psample_group; >>> + u8 cookie_data[TC_COOKIE_MAX_SIZE]; >>> struct psample_metadata md = {}; >>> + struct tc_cookie *user_cookie; >>> int retval; >>> >>> tcf_lastuse_update(&s->tcf_tm); >>> @@ -189,6 +191,16 @@ TC_INDIRECT_SCOPE int tcf_sample_act(struct sk_buff >>> *skb, >>> if (skb_at_tc_ingress(skb) && tcf_sample_dev_ok_push(skb->dev)) >>> skb_push(skb, skb->mac_len); >>> >>> + rcu_read_lock(); >>> + user_cookie = rcu_dereference(a->user_cookie); >>> + if (user_cookie) { >>> + memcpy(cookie_data, user_cookie->data, >>> + user_cookie->len); >> >> Maybe I’m over paranoid, but can we assume user_cookie->len, will not be >> larger than TC_COOKIE_MAX_SIZE? >> Or should we do something like min(user_cookie->len, sizeof(cookie_data)) >> > > I think it's good to be paranoid with this kind of things. I do, > however, think it should be safe to use. The cookie is extracted from > the netlink attribute directly and its length is verified with the > nla_policy [1]. So nothing that comes into the kernel should be larger > than TC_COOKIE_MAX_SIZE. ACK, confirmed that [1] seems to be the only way to set the cookie. So this patch seems fine to me too. Acked-by: Eelco Chaudron <[email protected]> > I guess if there is some previous bug that allows for the size to get > corrupted, then this might happen but doing those kind of checks in the > fast path seems a bit excessive. For example, Ilya argued in v2 [2] that > we should avoid zeroing "u8 cookie_data[TC_COOKIE_MAX_SIZE]" to safe the > unneeded cycles. > > [1] > https://github.com/torvalds/linux/blob/55027e689933ba2e64f3d245fb1ff185b3e7fc81/net/sched/act_api.c#L1299 > [2] > https://patchwork.kernel.org/project/netdevbpf/patch/[email protected]/ > > Thanks. > Adrián > >>> + md.user_cookie = cookie_data; >>> + md.user_cookie_len = user_cookie->len; >>> + } >>> + rcu_read_unlock(); >>> + >>> md.trunc_size = s->truncate ? s->trunc_size : skb->len; >>> psample_sample_packet(psample_group, skb, s->rate, &md); >>> >>> -- >>> 2.45.1 >> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
