Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data

[RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Amery Hung <hidden> · 2025-08-25
[RFC bpf-next v1 1/7] net/mlx5e: Fix generating skb from nonlinear xdp_buff · Amery Hung <hidden> · 2025-08-25
Re: [RFC bpf-next v1 1/7] net/mlx5e: Fix generating skb from nonlinear xdp_buff · Dragos Tatulea <dtatulea@nvidia.com> · 2025-08-27
Re: [RFC bpf-next v1 1/7] net/mlx5e: Fix generating skb from nonlinear xdp_buff · Amery Hung <hidden> · 2025-08-28
Re: [RFC bpf-next v1 1/7] net/mlx5e: Fix generating skb from nonlinear xdp_buff · Dragos Tatulea <dtatulea@nvidia.com> · 2025-08-28
Re: [RFC bpf-next v1 1/7] net/mlx5e: Fix generating skb from nonlinear xdp_buff · Amery Hung <hidden> · 2025-09-04
Re: [RFC bpf-next v1 1/7] net/mlx5e: Fix generating skb from nonlinear xdp_buff · Nimrod Oren <hidden> · 2025-08-28
[RFC bpf-next v1 2/7] bpf: Allow bpf_xdp_shrink_data to shrink a frag from head and tail · Amery Hung <hidden> · 2025-08-25
Re: [RFC bpf-next v1 2/7] bpf: Allow bpf_xdp_shrink_data to shrink a frag from head and tail · Nimrod Oren <hidden> · 2025-08-28
Re: [RFC bpf-next v1 2/7] bpf: Allow bpf_xdp_shrink_data to shrink a frag from head and tail · Amery Hung <hidden> · 2025-09-04
Re: [RFC bpf-next v1 2/7] bpf: Allow bpf_xdp_shrink_data to shrink a frag from head and tail · Jakub Kicinski <kuba@kernel.org> · 2025-09-05
[RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Amery Hung <hidden> · 2025-08-25
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Stanislav Fomichev <hidden> · 2025-08-25
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Amery Hung <hidden> · 2025-08-25
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Jakub Kicinski <kuba@kernel.org> · 2025-08-25
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Amery Hung <hidden> · 2025-08-25
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Stanislav Fomichev <hidden> · 2025-08-25
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Jakub Kicinski <kuba@kernel.org> · 2025-08-25
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Stanislav Fomichev <hidden> · 2025-08-26
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Jakub Kicinski <kuba@kernel.org> · 2025-08-26
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Jakub Kicinski <kuba@kernel.org> · 2025-08-25
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Amery Hung <hidden> · 2025-08-26
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Jakub Kicinski <kuba@kernel.org> · 2025-08-26
Re: [RFC bpf-next v1 3/7] bpf: Support pulling non-linear xdp data · Amery Hung <hidden> · 2025-08-26
[RFC bpf-next v1 4/7] bpf: Clear packet pointers after changing packet data in kfuncs · Amery Hung <hidden> · 2025-08-25
[RFC bpf-next v1 5/7] bpf: Support specifying linear xdp packet data size in test_run · Amery Hung <hidden> · 2025-08-25
[RFC bpf-next v1 6/7] selftests/bpf: Test bpf_xdp_pull_data · Amery Hung <hidden> · 2025-08-25
[RFC bpf-next v1 7/7] selftests: drv-net: Pull data before parsing headers · Amery Hung <hidden> · 2025-08-25
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Jakub Kicinski <kuba@kernel.org> · 2025-08-25
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Gal Pressman <hidden> · 2025-08-26
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Nimrod Oren <hidden> · 2025-08-28
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Amery Hung <hidden> · 2025-08-29
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Jakub Kicinski <kuba@kernel.org> · 2025-08-30
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Nimrod Oren <hidden> · 2025-09-09
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Martin KaFai Lau <martin.lau@linux.dev> · 2025-08-29
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Amery Hung <hidden> · 2025-09-04
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Martin KaFai Lau <martin.lau@linux.dev> · 2025-09-05
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Amery Hung <hidden> · 2025-09-04
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Nimrod Oren <hidden> · 2025-09-09
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Amery Hung <hidden> · 2025-09-09
Re: [RFC bpf-next v1 0/7] Add kfunc bpf_xdp_pull_data · Amery Hung <hidden> · 2025-09-09

From: Amery Hung <hidden>
Date: 2025-08-26 05:12:33
Also in: bpf

On Mon, Aug 25, 2025 at 3:39 PM Jakub Kicinski [off-list ref] wrote:

On Mon, 25 Aug 2025 12:39:14 -0700 Amery Hung wrote:

quoted

+__bpf_kfunc int bpf_xdp_pull_data(struct xdp_md *x, u32 len, u64 flags)
+{
+     struct xdp_buff *xdp = (struct xdp_buff *)x;
+     struct skb_shared_info *sinfo = xdp_get_shared_info_from_buff(xdp);
+     void *data_end, *data_hard_end = xdp_data_hard_end(xdp);
+     int i, delta, buff_len, n_frags_free = 0, len_free = 0;
+
+     buff_len = xdp_get_buff_len(xdp);
+
+     if (unlikely(len > buff_len))
+             return -EINVAL;
+
+     if (!len)
+             len = xdp_get_buff_len(xdp);
+
+     data_end = xdp->data + len;
+     delta = data_end - xdp->data_end;
+
+     if (delta <= 0)
+             return 0;
+
+     if (unlikely(data_end > data_hard_end))
+             return -EINVAL;

Is this safe against pointers wrapping on 32b systems?

You are right. This may be a problem.

Maybe it's better to do:

         if (unlikely(data_hard_end - xdp->data_end < delta))

?

But delta may be negative if the pointer wraps around and then the
function will still continue. How about adding data_end < xdp->data
check and reorganizing the checks like this?

        buff_len = xdp_get_buff_len(xdp);

        /* cannot pull more than the packet size */
        if (unlikely(len > buff_len))
                return -EINVAL;

        len = len ?: buff_len;

        data_end = xdp->data + len;

        /* pointer wraps around */
        if (unlikely(data_end < xdp->data))
                return -EINVAL;

        /* cannot pull without enough tailroom in the linear area */
        if (unlikely(data_end > data_hard_end))
                return -EINVAL;

        /* len bytes of data already in the linear area */
        delta = data_end - xdp->data_end;
        if (delta <= 0)
                return 0;

quoted

+     for (i = 0; i < sinfo->nr_frags && delta; i++) {
+             skb_frag_t *frag = &sinfo->frags[i];
+             u32 shrink = min_t(u32, delta, skb_frag_size(frag));
+
+             memcpy(xdp->data_end + len_free, skb_frag_address(frag), shrink);
+
+             len_free += shrink;
+             delta -= shrink;
+             if (bpf_xdp_shrink_data(xdp, frag, shrink, false))
+                     n_frags_free++;

possibly

                else
                        break;

and then you don't have to check delta in the for loop condition?

I will drop the delta check and add the else branch. I will also make
the bpf_xdp_shrink_data() refactor in patch 2 consistent with this.

quoted

+     }
+
+     for (i = 0; i < sinfo->nr_frags - n_frags_free; i++) {
+             memcpy(&sinfo->frags[i], &sinfo->frags[i + n_frags_free],
+                    sizeof(skb_frag_t));

This feels like it'd really want to be a memmove(), no?

Right. Thanks for the suggestion!

quoted

+     }
+
+     sinfo->nr_frags -= n_frags_free;
+     sinfo->xdp_frags_size -= len_free;
+     xdp->data_end = data_end;
+
+     if (unlikely(!sinfo->nr_frags))
+             xdp_buff_clear_frags_flag(xdp);
+
+     return 0;
+}

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help