From: Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
To: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
Cc: "David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Daniel Borkmann <daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>,
Michael Holzheu
<holzheu-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
Zi Shen Lim <zlim.lnx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Network Development
<netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH net-next 1/4] bpf: allow bpf programs to tail-call other bpf programs
Date: Thu, 21 May 2015 09:53:21 -0700 [thread overview]
Message-ID: <555E0D81.6060703@plumgrid.com> (raw)
In-Reply-To: <CALCETrX7xAuRoRv7WV+LS-r_pOknQdXPpBEbFy5TqB_6eGTD5Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On 5/21/15 9:43 AM, Andy Lutomirski wrote:
> On Thu, May 21, 2015 at 9:40 AM, Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org> wrote:
>> On 5/21/15 9:20 AM, Andy Lutomirski wrote:
>>>
>>>
>>> What I mean is: why do we need the interface to be "look up this index
>>> in an array and just to what it references" as a single atomic
>>> instruction? Can't we break it down into first "look up this index in
>>> an array" and then "do this tail call"?
>>
>>
>> I've actually considered to do this split and do first part as map lookup
>> and 2nd as 'tail call to this ptr' insn, but it turned out to be
>> painful: verifier gets more complicated, ctx pointer needs to kept
>> somewhere, JITs need to special case two things instead of one.
>> Also I couldn't see a use case for exposing program pointer to the
>> program itself. I've explored this path only because it felt more
>> traditional 'goto *ptr' like, but adding new PTR_TO_PROG type to
>> verifier looked wasteful.
>
> At some point, I think that it would be worth extending the verifier
> to support more general non-integral scalar types. "Pointer to
> tail-call target" would be just one of them. "Pointer to skb" might
> be nice as a real first-class scalar type that lives in a register as
> opposed to just being magic typed context.
well, I don't see a use case for 'pointer to tail-call target',
but more generic 'pointer to skb' indeed is a useful concept.
I was thinking more like 'pointer to structure of the type X',
then we can natively support 'pointer to task_struct',
'pointer to inode', etc which will help tracing programs to be
written in more convenient way.
Right now pointer walking has to be done via bpf_probe_read()
helper as demonstrated in tracex1_kern.c example.
With this future 'pointer to struct of type X' knowledge in verifier
we'll be able to do 'ptr->field' natively with higher performance.
> We'd still need some way to stick fds into a map, but that's not
> really the verifier's problem.
well, they both need to be aware of that. When it comes to safety
generalization suffers. Have to do extra checks both in map_update_elem
and in verifier. No way around that.
WARNING: multiple messages have this Message-ID (diff)
From: Alexei Starovoitov <ast@plumgrid.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "David S. Miller" <davem@davemloft.net>,
Ingo Molnar <mingo@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Michael Holzheu <holzheu@linux.vnet.ibm.com>,
Zi Shen Lim <zlim.lnx@gmail.com>,
Linux API <linux-api@vger.kernel.org>,
Network Development <netdev@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH net-next 1/4] bpf: allow bpf programs to tail-call other bpf programs
Date: Thu, 21 May 2015 09:53:21 -0700 [thread overview]
Message-ID: <555E0D81.6060703@plumgrid.com> (raw)
In-Reply-To: <CALCETrX7xAuRoRv7WV+LS-r_pOknQdXPpBEbFy5TqB_6eGTD5Q@mail.gmail.com>
On 5/21/15 9:43 AM, Andy Lutomirski wrote:
> On Thu, May 21, 2015 at 9:40 AM, Alexei Starovoitov <ast@plumgrid.com> wrote:
>> On 5/21/15 9:20 AM, Andy Lutomirski wrote:
>>>
>>>
>>> What I mean is: why do we need the interface to be "look up this index
>>> in an array and just to what it references" as a single atomic
>>> instruction? Can't we break it down into first "look up this index in
>>> an array" and then "do this tail call"?
>>
>>
>> I've actually considered to do this split and do first part as map lookup
>> and 2nd as 'tail call to this ptr' insn, but it turned out to be
>> painful: verifier gets more complicated, ctx pointer needs to kept
>> somewhere, JITs need to special case two things instead of one.
>> Also I couldn't see a use case for exposing program pointer to the
>> program itself. I've explored this path only because it felt more
>> traditional 'goto *ptr' like, but adding new PTR_TO_PROG type to
>> verifier looked wasteful.
>
> At some point, I think that it would be worth extending the verifier
> to support more general non-integral scalar types. "Pointer to
> tail-call target" would be just one of them. "Pointer to skb" might
> be nice as a real first-class scalar type that lives in a register as
> opposed to just being magic typed context.
well, I don't see a use case for 'pointer to tail-call target',
but more generic 'pointer to skb' indeed is a useful concept.
I was thinking more like 'pointer to structure of the type X',
then we can natively support 'pointer to task_struct',
'pointer to inode', etc which will help tracing programs to be
written in more convenient way.
Right now pointer walking has to be done via bpf_probe_read()
helper as demonstrated in tracex1_kern.c example.
With this future 'pointer to struct of type X' knowledge in verifier
we'll be able to do 'ptr->field' natively with higher performance.
> We'd still need some way to stick fds into a map, but that's not
> really the verifier's problem.
well, they both need to be aware of that. When it comes to safety
generalization suffers. Have to do extra checks both in map_update_elem
and in verifier. No way around that.
next prev parent reply other threads:[~2015-05-21 16:53 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-19 23:59 [PATCH net-next 0/4] bpf: introduce bpf_tail_call() helper Alexei Starovoitov
2015-05-19 23:59 ` Alexei Starovoitov
[not found] ` <1432079946-9878-1-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-05-19 23:59 ` [PATCH net-next 1/4] bpf: allow bpf programs to tail-call other bpf programs Alexei Starovoitov
2015-05-19 23:59 ` Alexei Starovoitov
[not found] ` <1432079946-9878-2-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-05-20 0:13 ` Andy Lutomirski
2015-05-20 0:13 ` Andy Lutomirski
2015-05-20 0:18 ` Alexei Starovoitov
[not found] ` <555BD2E4.5050608-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-05-21 16:20 ` Andy Lutomirski
2015-05-21 16:20 ` Andy Lutomirski
2015-05-21 16:40 ` Alexei Starovoitov
2015-05-21 16:43 ` Andy Lutomirski
[not found] ` <CALCETrX7xAuRoRv7WV+LS-r_pOknQdXPpBEbFy5TqB_6eGTD5Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-21 16:53 ` Alexei Starovoitov [this message]
2015-05-21 16:53 ` Alexei Starovoitov
2015-05-21 16:57 ` Andy Lutomirski
[not found] ` <CALCETrWLpL8o9=P0sDGXUgcQ_LOkgJGrVdv0R6eaec=+WHPfkg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-21 17:16 ` Alexei Starovoitov
2015-05-21 17:16 ` Alexei Starovoitov
2015-05-21 16:17 ` Daniel Borkmann
2015-05-21 16:17 ` Daniel Borkmann
2015-05-21 21:08 ` [PATCH net-next 0/4] bpf: introduce bpf_tail_call() helper David Miller
2015-05-21 21:08 ` David Miller
2015-05-19 23:59 ` [PATCH net-next 2/4] x86: bpf_jit: implement " Alexei Starovoitov
2015-05-20 0:11 ` Andy Lutomirski
2015-05-20 0:14 ` Alexei Starovoitov
[not found] ` <555BD1E9.5000000-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-05-20 16:05 ` Andy Lutomirski
2015-05-20 16:05 ` Andy Lutomirski
[not found] ` <CALCETrV8CStuwvDXDPp5zsZw5FsSpYWBDXMYjLh6Qq703a=cgQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-20 16:29 ` Alexei Starovoitov
2015-05-20 16:29 ` Alexei Starovoitov
2015-05-19 23:59 ` [PATCH net-next 3/4] samples/bpf: bpf_tail_call example for tracing Alexei Starovoitov
2015-05-19 23:59 ` [PATCH net-next 4/4] samples/bpf: bpf_tail_call example for networking Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=555E0D81.6060703@plumgrid.com \
--to=ast-uqk4ao+rvk5wk0htik3j/w@public.gmane.org \
--cc=daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=holzheu-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=zlim.lnx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.