On Mon, Jun 30, 2025 at 09:25 AM -07, Stanislav Fomichev wrote: > On 06/30, Jakub Sitnicki wrote: >> With the extension of bpf_dynptr_from_skb(BPF_DYNPTR_F_SKB_METADATA), all >> BPF programs authorized to call this kfunc now have access to the skb >> metadata area. >> >> These programs can read up to skb_shinfo(skb)->meta_len bytes located just >> before skb_mac_header(skb), regardless of what data is currently there. >> >> However, as the network stack processes the skb, headers may be added or >> removed. Hence, we cannot assume that skb_mac_header() always marks the end >> of the metadata area. >> >> To avoid potential pitfalls, reset the skb metadata length to zero before >> passing the skb to the protocol layers. This is a temporary measure until >> we can make metadata persist through protocol processing. >> >> Signed-off-by: Jakub Sitnicki <jakub@xxxxxxxxxxxxxx> >> --- >> net/core/dev.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/net/core/dev.c b/net/core/dev.c >> index be97c440ecd5..4a2389997535 100644 >> --- a/net/core/dev.c >> +++ b/net/core/dev.c >> @@ -5839,6 +5839,7 @@ static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, >> } >> #endif >> skb_reset_redirect(skb); >> + skb_metadata_clear(skb); > > And the assumption that it's not gonna break the existing cases is > because there is currently no way to read that metadata out afterwards? Correct, only tc_cls_act_is_valid_access tags the register as PTR_TO_PACKET_META when loading __skb->data_meta, which allows access. Something worth adding to the description. Thanks.
