[PATCH RFC bpf-next 00/15] Decouple skb metadata tracking from MAC header offset
From: Jakub Sitnicki <jakub@cloudflare.com>
Date: 2025-11-24 16:29:11
Also in:
bpf
This series continues the effort to provide reliable access to xdp/skb metadata from BPF context on the receive path. Currently skb metadata location is tied to the MAC header offset, which breaks on L2 decapsulation (VLAN, GRE, etc.) when the MAC offset is reset. The naive fix is to memmove metadata on every decap path, but we can avoid this cost by tracking metadata position independently. Introduce a dedicated meta_end field in skb_shared_info that records where metadata ends relative to skb->head. This allows BPF dynptr access (bpf_dynptr_from_skb_meta()) to work without memmove. For skb->data_meta pointer access, which expects metadata immediately before skb->data, make the verifier inject realignment code in TC BPF prologue. Patches 1-9 enforce the calling convention: skb_metadata_set() must be called after skb->data points past the metadata area, ensuring meta_end captures the correct position. Patch 10 implements the core change. Patches 11-14 extend the verifier to track data_meta usage, and patch 15 adds the realignment logic. Note: This series does not address moving metadata on L2 encapsulation when forwarding packets. VLAN and QinQ have already been patched when fixing TC BPF helpers [1], but other tagging/tunnel code still requires changes. Selftests are missing. The series has been developed against an out-of-tree shell-based test suite at [2]. Note to maintainers: This not a typical series, in the sense that it touches both the networking drivers and the BPF verifier. The driver changes (patches 1-9) can be split out, if it makes things easier. Thanks, -jkbs [1] https://lore.kernel.org/all/20251105-skb-meta-rx-path-v4-0-5ceb08a9b37b@cloudflare.com/ (local) [2] https://github.com/jsitnicki/skb-metadata-tests/blob/main/rx_loopback_test.sh Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com> --- Jakub Sitnicki (15): bnxt_en: Call skb_metadata_set when skb->data points at metadata end i40e: Call skb_metadata_set when skb->data points at metadata end igb: Call skb_metadata_set when skb->data points at metadata end igc: Call skb_metadata_set when skb->data points at metadata end ixgbe: Call skb_metadata_set when skb->data points at metadata end net/mlx5e: Call skb_metadata_set when skb->data points at metadata end veth: Call skb_metadata_set when skb->data points at metadata end xsk: Call skb_metadata_set when skb->data points at metadata end xdp: Call skb_metadata_set when skb->data points at metadata end net: Track skb metadata end separately from MAC offset bpf, verifier: Remove side effects from may_access_direct_pkt_data bpf, verifier: Turn seen_direct_write flag into a bitmap bpf, verifier: Propagate packet access flags to gen_prologue bpf, verifier: Track when data_meta pointer is loaded bpf: Realign skb metadata for TC progs using data_meta drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 2 +- drivers/net/ethernet/intel/igb/igb_xsk.c | 2 +- drivers/net/ethernet/intel/igc/igc_main.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 2 +- .../net/ethernet/mellanox/mlx5/core/en/xsk/rx.c | 2 +- drivers/net/veth.c | 4 +- include/linux/bpf.h | 2 +- include/linux/bpf_verifier.h | 7 ++- include/linux/skbuff.h | 37 +++++++++--- kernel/bpf/cgroup.c | 2 +- kernel/bpf/verifier.c | 42 ++++++-------- net/core/dev.c | 5 +- net/core/filter.c | 66 +++++++++++++++++++--- net/core/skbuff.c | 10 +--- net/core/xdp.c | 2 +- net/sched/bpf_qdisc.c | 3 +- .../testing/selftests/bpf/test_kmods/bpf_testmod.c | 6 +- 18 files changed, 134 insertions(+), 66 deletions(-)