On February 9, 2023 2:01:15 PM PST, Alexei Starovoitov alexei.starovoitov@gmail.com wrote:
On Thu, Feb 9, 2023 at 1:12 PM Kees Cook keescook@chromium.org wrote:
On Thu, Feb 09, 2023 at 12:50:28PM -0800, Alexei Starovoitov wrote:
On Thu, Feb 9, 2023 at 12:05 PM Kees Cook keescook@chromium.org wrote:
On Thu, Feb 09, 2023 at 11:52:10AM -0800, Andrii Nakryiko wrote:
Do we need to add a new type to UAPI at all here? We can make this new struct internal to kernel code (e.g. struct bpf_lpm_trie_key_kern) and point out that it should match the layout of struct bpf_lpm_trie_key. User-space can decide whether to use bpf_lpm_trie_key as-is, or if just to ensure their custom struct has the same layout (I see some internal users at Meta do just this, just make sure that they have __u32 prefixlen as first member).
The uses outside the kernel seemed numerous enough to justify a new UAPI struct (samples, selftests, etc). It also paves a single way forward when the userspace projects start using modern compiler options (e.g. systemd is usually pretty quick to adopt new features).
I don't understand how the new uapi struct bpf_lpm_trie_key_u8 helps. cilium progs and progs/map_ptr_kern.c cannot do s/bpf_lpm_trie_key/bpf_lpm_trie_key_u8/. They will fail to build, so they're stuck with bpf_lpm_trie_key.
Right -- I'm proposing not changing bpf_lpm_trie_key. I'm proposing _adding_ bpf_lpm_trie_key_u8 for new users who will be using modern compiler options (i.e. where "data[0]" is nonsense).
Can we do just struct bpf_lpm_trie_key_kern { __u32 prefixlen; __u8 data[]; }; and use it in the kernel?
Yeah, I can do that if that's preferred, but it leaves userspace hanging when they eventually trip over this in their code when they enable -fstrict-flex-arrays=3 too.
What is the disadvantage?
It seemed better to give a working example of how to migrate this code.
I understand and agree with intent, but I'm still missing how you're going to achieve this migration. bpf_lpm_trie_key_u8 doesn't provide a migration path to cilium progs and pretty much all bpf progs that use LPM map. Sure, one can change the user space part, like you did in test_lpm_map.c, but it doesn't address the full scope. imo half way is worse than not doing it.
Maybe I'm missing something, but if a program isn't building with -fstrict-flex-arrays=3, it can keep on using struct bpf_lpm_trie_key as before. If/when it starts using -fsfa, if can use struct bpf_lpm_trie_key in composite structs as a header just like before, but if it has places using the "data" member as an array of u8, it can switch to something using struct bpf_lpm_trie_key_u8, either directly or as a union with whatever ever struct they have. (And this replacement is what I did for all the samples/selftests.)