| Message ID | 20220509005105.271089-1-shaozhengchao@huawei.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf-next] samples/bpf: check detach prog exist or not in xdp_fwd | expand |
Zhengchao Shao <shaozhengchao@huawei.com> writes:
> Before detach the prog, we should check detach prog exist or not.
If we're adding such a check we should also check that it's the *right*
program. I.e., query the ID for the program name and check that it
matches what the program attached, then obtain an fd and pass that as
XDP_EXPECTED_FD on detach to make sure it wasn't swapped out in the
meantime...
-Toke
-----邮件原件-----
发件人: Toke Høiland-Jørgensen [mailto:toke@kernel.org]
发送时间: 2022年5月9日 17:46
收件人: shaozhengchao <shaozhengchao@huawei.com>; bpf@vger.kernel.org; netdev@vger.kernel.org; linux-kernel@vger.kernel.org; ast@kernel.org; daniel@iogearbox.net; davem@davemloft.net; kuba@kernel.org; hawk@kernel.org; john.fastabend@gmail.com; andrii@kernel.org; kafai@fb.com; songliubraving@fb.com; yhs@fb.com; kpsingh@kernel.org
抄送: weiyongjun (A) <weiyongjun1@huawei.com>; shaozhengchao <shaozhengchao@huawei.com>; yuehaibing <yuehaibing@huawei.com>
主题: Re: [PATCH bpf-next] samples/bpf: check detach prog exist or not in xdp_fwd
Zhengchao Shao <shaozhengchao@huawei.com> writes:
> Before detach the prog, we should check detach prog exist or not.
If we're adding such a check we should also check that it's the *right* program. I.e., query the ID for the program name and check that it matches what the program attached, then obtain an fd and pass that as XDP_EXPECTED_FD on detach to make sure it wasn't swapped out in the meantime...
-Toke
Thank you for your reply. When finish running xdp_fwd to attatch prog, the program will exit and can't store fd as XDP_EXPECTED_FD.
I think the sample xdp_fwd -d is just detach prog and don't care if the fd is expected.
-zhengchao shao
shaozhengchao <shaozhengchao@huawei.com> writes: > -----邮件原件----- > 发件人: Toke Høiland-Jørgensen [mailto:toke@kernel.org] > 发送时间: 2022年5月9日 17:46 > 收件人: shaozhengchao <shaozhengchao@huawei.com>; bpf@vger.kernel.org; netdev@vger.kernel.org; linux-kernel@vger.kernel.org; ast@kernel.org; daniel@iogearbox.net; davem@davemloft.net; kuba@kernel.org; hawk@kernel.org; john.fastabend@gmail.com; andrii@kernel.org; kafai@fb.com; songliubraving@fb.com; yhs@fb.com; kpsingh@kernel.org > 抄送: weiyongjun (A) <weiyongjun1@huawei.com>; shaozhengchao <shaozhengchao@huawei.com>; yuehaibing <yuehaibing@huawei.com> > 主题: Re: [PATCH bpf-next] samples/bpf: check detach prog exist or not in xdp_fwd > > Zhengchao Shao <shaozhengchao@huawei.com> writes: > >> Before detach the prog, we should check detach prog exist or not. > > If we're adding such a check we should also check that it's the *right* program. I.e., query the ID for the program name and check that it matches what the program attached, then obtain an fd and pass that as XDP_EXPECTED_FD on detach to make sure it wasn't swapped out in the meantime... > > -Toke > > Thank you for your reply. When finish running xdp_fwd to attatch prog, > the program will exit and can't store fd as XDP_EXPECTED_FD. > > I think the sample xdp_fwd -d is just detach prog and don't care if > the fd is expected. So why are you adding the check? Either keep it the way it is, or add a proper check that examines the program type; you're right that it doesn't store the prog FD, but you can still check the program name and see if it matches to get some idea that it's not a totally separate program that's loaded. I think doing so would be an improvement to the sample, but just adding a check if a program is loaded is not, really... -Toke
-----邮件原件----- 发件人: Toke Høiland-Jørgensen [mailto:toke@kernel.org] 发送时间: 2022年5月9日 18:55 收件人: shaozhengchao <shaozhengchao@huawei.com>; bpf@vger.kernel.org; netdev@vger.kernel.org; linux-kernel@vger.kernel.org; ast@kernel.org; daniel@iogearbox.net; davem@davemloft.net; kuba@kernel.org; hawk@kernel.org; john.fastabend@gmail.com; andrii@kernel.org; kafai@fb.com; songliubraving@fb.com; yhs@fb.com; kpsingh@kernel.org 抄送: weiyongjun (A) <weiyongjun1@huawei.com>; yuehaibing <yuehaibing@huawei.com> 主题: Re: 答复: [PATCH bpf-next] samples/bpf: check detach prog exist or not in xdp_fwd shaozhengchao <shaozhengchao@huawei.com> writes: > -----邮件原件----- > 发件人: Toke Høiland-Jørgensen [mailto:toke@kernel.org] > 发送时间: 2022年5月9日 17:46 > 收件人: shaozhengchao <shaozhengchao@huawei.com>; bpf@vger.kernel.org; > netdev@vger.kernel.org; linux-kernel@vger.kernel.org; ast@kernel.org; > daniel@iogearbox.net; davem@davemloft.net; kuba@kernel.org; > hawk@kernel.org; john.fastabend@gmail.com; andrii@kernel.org; > kafai@fb.com; songliubraving@fb.com; yhs@fb.com; kpsingh@kernel.org > 抄送: weiyongjun (A) <weiyongjun1@huawei.com>; shaozhengchao > <shaozhengchao@huawei.com>; yuehaibing <yuehaibing@huawei.com> > 主题: Re: [PATCH bpf-next] samples/bpf: check detach prog exist or not > in xdp_fwd > > Zhengchao Shao <shaozhengchao@huawei.com> writes: > >> Before detach the prog, we should check detach prog exist or not. > > If we're adding such a check we should also check that it's the *right* program. I.e., query the ID for the program name and check that it matches what the program attached, then obtain an fd and pass that as XDP_EXPECTED_FD on detach to make sure it wasn't swapped out in the meantime... > > -Toke > > Thank you for your reply. When finish running xdp_fwd to attatch prog, > the program will exit and can't store fd as XDP_EXPECTED_FD. > > I think the sample xdp_fwd -d is just detach prog and don't care if > the fd is expected. So why are you adding the check? Either keep it the way it is, or add a proper check that examines the program type; you're right that it doesn't store the prog FD, but you can still check the program name and see if it matches to get some idea that it's not a totally separate program that's loaded. I think doing so would be an improvement to the sample, but just adding a check if a program is loaded is not, really... -Toke Could I add helper function to implement this function which can check the program name and see if it attach to the device. -Zhengchao Shao
> Could I add helper function to implement this function which can check > the program name and see if it attach to the device. You just need to call bpf_prog_get_fd_by_id() followed by bpf_obj_get_info_by_fd(), and the program name will be in info.name. Here's an example in libxdp where we pull out the prog name: https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/libxdp.c#L1165 -Toke
diff --git a/samples/bpf/xdp_fwd_user.c b/samples/bpf/xdp_fwd_user.c index 1828487bae9a..a273ede3fd73 100644 --- a/samples/bpf/xdp_fwd_user.c +++ b/samples/bpf/xdp_fwd_user.c @@ -49,7 +49,18 @@ static int do_attach(int idx, int prog_fd, int map_fd, const char *name) static int do_detach(int idx, const char *name) { - int err; + int err = 1; + __u32 curr_prog_id; + + if (bpf_xdp_query_id(idx, xdp_flags, &curr_prog_id)) { + printf("ERROR: bpf_xdp_query_id failed\n"); + return err; + } + + if (!curr_prog_id) { + printf("ERROR: flags(0x%x) xdp prog is not attached to %s\n", xdp_flags, name); + return err; + } err = bpf_xdp_detach(idx, xdp_flags, NULL); if (err < 0)
Before detach the prog, we should check detach prog exist or not. Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com> --- samples/bpf/xdp_fwd_user.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-)