From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pascal.mazon@6wind.com>
Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67])
 by dpdk.org (Postfix) with ESMTP id E4E7C1B382
 for <dev@dpdk.org>; Mon,  5 Feb 2018 15:51:10 +0100 (CET)
Received: by mail-wm0-f67.google.com with SMTP id i186so26594650wmi.4
 for <dev@dpdk.org>; Mon, 05 Feb 2018 06:51:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=6wind-com.20150623.gappssmtp.com; s=20150623;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-transfer-encoding:content-language;
 bh=8hrxPcrvP32atUBez9RaSIEUfBVlbP3v+x/WhmE/eUI=;
 b=KYCqcWHil2MymLkfwNZiuD0Oijw6N0yK6mtuJ9YynJOS8h9Gg/7Ffr7X1+XIF4LavO
 JVvp6nl6ciJ769YS2lrxuSSp1Iu+ZCrTTRFEtBBvVRICSzI2VqW0zsXVdyvIPe+jGkto
 w1JuXlMbWjoPPahIZzPvmRVSLht7ZKwg/YB1hnVWrw14Nti1moL2DmXgOW0jrdmOz3a5
 OL/AFx245SKljs6EAs7+nAznLON5KZkKZ7Ihgj4kPOnC0LYXovBxiXu0wB1C2nY9N5Qk
 Mk+iyV+jK3w5TRle0//O7Bu6B3Vb9ikA9m0g3bxWKxKHg6z/jZ0yC4hSBC9fCj1q5Hs/
 GPlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-transfer-encoding
 :content-language;
 bh=8hrxPcrvP32atUBez9RaSIEUfBVlbP3v+x/WhmE/eUI=;
 b=AsyHXW95OIouoF6ydIweDtMU6Co4zNXuIJM64GjVNjp7IcH7FLovvc38OLfZkUl33H
 Yd7O77v0Ek2Nw74JocWBvowf4tOk8ht/TNm2H9b1OiL8/7qtCBXNetCg8r+EJrvabFgi
 gV4j4ZzgHFPeejhXUUqTUxnB3HZFs/fquWtkVrDBOr5coFVvg7kJ1Zh1HSMD+omqn5AC
 +DgndXn5qEFZlOZZNEhqW5/UjbvpKHY0PhMzKbaQ29F5Mtp2rUe4CbNYkp+dqf5VpICP
 gb+kDVJcJLF5Qc6Iq1vlPUNvJKIY8JHJXbwnZq32gHbaSwNZlEazU24Z6v1tyXLrkYVp
 NpBA==
X-Gm-Message-State: AKwxytdTp689/4P+zHlAA3GDRLPLOONdFuhuCZeF/Yf4N1367BVA/S1s
 TznJwp534SKXcaPHrJb+NFk6Cg==
X-Google-Smtp-Source: AH8x224K/hDs4Ih63YOsAA9UYR2gAbmEsZb0fIvqJIYktfvcJQrNNYl3Mb26ACTnDmjDUSau684xpg==
X-Received: by 10.28.125.19 with SMTP id y19mr33880443wmc.101.1517842270539;
 Mon, 05 Feb 2018 06:51:10 -0800 (PST)
Received: from [192.168.1.58] (82.107.69.91.rev.sfr.net. [91.69.107.82])
 by smtp.gmail.com with ESMTPSA id m11sm19489358wrf.75.2018.02.05.06.51.09
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 05 Feb 2018 06:51:09 -0800 (PST)
To: Ophir Munk <ophirmu@mellanox.com>, dev@dpdk.org
Cc: Thomas Monjalon <thomas@monjalon.net>, Olga Shern <olgas@mellanox.com>
References: <1517700853-6467-1-git-send-email-ophirmu@mellanox.com>
 <1517841642-10429-1-git-send-email-ophirmu@mellanox.com>
 <1517841642-10429-2-git-send-email-ophirmu@mellanox.com>
From: Pascal Mazon <pascal.mazon@6wind.com>
Message-ID: <82465840-531b-8ce5-eb0d-a9fe4c962542@6wind.com>
Date: Mon, 5 Feb 2018 15:51:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <1517841642-10429-2-git-send-email-ophirmu@mellanox.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Subject: Re: [dpdk-dev] [PATCH v2] net/tap: fix eBPF handling of non-RSS
	flows
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2018 14:51:11 -0000

The mitigation is good enough, random packets are more likely to have
cb[1] == 0 than something above 7cafe800.

Acked-by: Pascal Mazon <pascal.mazon@6wind.com>

On 05/02/2018 15:40, Ophir Munk wrote:
> The eBPF classifier (section "cls_q" in tap_bpf_program.c) is tracing
> marked packets in which skb->cb[1] contains an RSS queue number, and
> redirects those packets to the matched queue.
> It is expected that skb->cb[1] has been previously set with a valid RSS
> queue number during an eBPF action (section "l3_l4" in tap_bpf_program.c).
> However, for non-RSS flows, skb->cb[1] may contain a random unset value,
> which could falsely be interpreted as a valid RSS queue.
> To avoid this potential error, tap_bpf_program.c has been updated as
> follows:
> 1. After calculating the RSS queue number, it is added a unique offset in
> order to uniquely identify it as a valid RSS queue number.
> 2. After matching an RSS queue to a packet, skb->cb[1] is set to 0.
>
> Fixes: cdc07e83bb24 ("net/tap: add eBPF program file")
> Fixes: aabe70df73a3 ("net/tap: add eBPF bytes code")
>
> Signed-off-by: Ophir Munk <ophirmu@mellanox.com>
> ---
>  drivers/net/tap/tap_bpf_insns.h   | 23 +++++++++++++----------
>  drivers/net/tap/tap_bpf_program.c |  9 ++++++---
>  2 files changed, 19 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/net/tap/tap_bpf_insns.h b/drivers/net/tap/tap_bpf_insns.h
> index c406f78..89873b6 100644
> --- a/drivers/net/tap/tap_bpf_insns.h
> +++ b/drivers/net/tap/tap_bpf_insns.h
> @@ -6,17 +6,20 @@
>  
>  /* bpf_insn array matching cls_q section. See tap_bpf_program.c file */
>  struct bpf_insn cls_q_insns[] = {
> -	{0x61,    1,    1,       52, 0x00000000},
> -	{0x18,    2,    0,        0, 0xdeadbeef},
> +	{0x61,    2,    1,       52, 0x00000000},
> +	{0x18,    3,    0,        0, 0xdeadbeef},
>  	{0x00,    0,    0,        0, 0x00000000},
> -	{0x63,   10,    2,       -4, 0x00000000},
> -	{0x61,    2,   10,       -4, 0x00000000},
> -	{0x07,    2,    0,        0, 0x00000001},
> -	{0x67,    2,    0,        0, 0x00000020},
> -	{0x77,    2,    0,        0, 0x00000020},
> -	{0xb7,    0,    0,        0, 0xffffffff},
> -	{0x1d,    1,    2,        1, 0x00000000},
> +	{0x63,   10,    3,       -4, 0x00000000},
>  	{0xb7,    0,    0,        0, 0x00000000},
> +	{0x61,    3,   10,       -4, 0x00000000},
> +	{0x07,    3,    0,        0, 0x7cafe800},
> +	{0x67,    3,    0,        0, 0x00000020},
> +	{0x77,    3,    0,        0, 0x00000020},
> +	{0x5d,    2,    3,        4, 0x00000000},
> +	{0xb7,    2,    0,        0, 0x00000000},
> +	{0x63,    1,    2,       52, 0x00000000},
> +	{0x18,    0,    0,        0, 0xffffffff},
> +	{0x00,    0,    0,        0, 0x00000000},
>  	{0x95,    0,    0,        0, 0x00000000},
>  };
>  
> @@ -1685,7 +1688,7 @@ struct bpf_insn l3_l4_hash_insns[] = {
>  	{0x4f,    3,    2,        0, 0x00000000},
>  	{0x67,    3,    0,        0, 0x00000010},
>  	{0x4f,    3,    1,        0, 0x00000000},
> -	{0x07,    3,    0,        0, 0x00000001},
> +	{0x07,    3,    0,        0, 0x7cafe800},
>  	{0x63,    5,    3,       52, 0x00000000},
>  	{0xb7,    7,    0,        0, 0x00000001},
>  	{0xbf,    0,    7,        0, 0x00000000},
> diff --git a/drivers/net/tap/tap_bpf_program.c b/drivers/net/tap/tap_bpf_program.c
> index 848c50b..8abb3b7 100644
> --- a/drivers/net/tap/tap_bpf_program.c
> +++ b/drivers/net/tap/tap_bpf_program.c
> @@ -28,10 +28,10 @@
>  		((b) & 0xff))
>  
>  /*
> - * The queue number is offset by 1, to distinguish packets that have
> - * gone through this rule (skb->cb[1] != 0) from others.
> + * The queue number is offset by a unique QUEUE_OFFSET, to distinguish
> + * packets that have gone through this rule (skb->cb[1] != 0) from others.
>   */
> -#define QUEUE_OFFSET		1
> +#define QUEUE_OFFSET		0x7cafe800
>  #define PIN_GLOBAL_NS		2
>  
>  #define KEY_IDX			0
> @@ -63,6 +63,9 @@ match_q(struct __sk_buff *skb)
>  
>  	if (queue != match_queue)
>  		return TC_ACT_OK;
> +
> +	/* queue match */
> +	skb->cb[1] = 0;
>  	return TC_ACT_UNSPEC;
>  }
>