Re: [PATCH v3 net-next] bpf/verifier: track liveness for pruning

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Borkmann <daniel@iogearbox.net>
To: Edward Cree <ecree@solarflare.com>,
	Alexei Starovoitov <ast@fb.com>,
	davem@davemloft.net,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	iovisor-dev <iovisor-dev@lists.iovisor.org>
Subject: Re: [PATCH v3 net-next] bpf/verifier: track liveness for pruning
Date: Mon, 21 Aug 2017 23:00:11 +0200	[thread overview]
Message-ID: <599B49DB.6010008@iogearbox.net> (raw)
In-Reply-To: <128a84cd-234d-f505-95e2-7561db974981@solarflare.com>

On 08/21/2017 10:44 PM, Edward Cree wrote:
> On 21/08/17 21:27, Daniel Borkmann wrote:
>> On 08/21/2017 08:36 PM, Edward Cree wrote:
>>> On 19/08/17 00:37, Alexei Starovoitov wrote:
>> [...]
>>> I'm tempted to just rip out env->varlen_map_value_access and always check
>>>    the whole thing, because honestly I don't know what it was meant to do
>>>    originally or how it can ever do any useful pruning.  While drastic, it
>>>    does cause your test case to pass.
>>
>> Original intention from 484611357c19 ("bpf: allow access into map
>> value arrays") was that it wouldn't potentially make pruning worse
>> if PTR_TO_MAP_VALUE_ADJ was not used, meaning that we wouldn't need
>> to take reg state's min_value and max_value into account for state
>> checking; this was basically due to min_value / max_value is being
>> adjusted/tracked on every alu/jmp ops for involved regs (e.g.
>> adjust_reg_min_max_vals() and others that mangle them) even if we
>> have the case that no actual dynamic map access is used throughout
>> the program. To give an example on net tree, the bpf_lxc.o prog's
>> section increases from 36,386 to 68,226 when env->varlen_map_value_access
>> is always true, so it does have an effect. Did you do some checks
>> on this on net-next?
> I tested with the cilium progs and saw no change in insn count.  I
>   suspect that for the normal case I already killed this optimisation
>   when I did my unification patch, it was previously about ignoring
>   min/max values on all regs (including scalars), whereas on net-next
>   it only ignores them on map_value pointers; in practice this is
>   useless because we tend to still have the offset scalar sitting in
>   a register somewhere.  (Come to think of it, this may have been
>   behind a large chunk of the #insn increase that my patches caused.)

Yeah, this would seem plausible.

> Since we use umax_value in find_good_pkt_pointers() now (to check
>   against MAX_PACKET_OFF and ensure our reg->range is really ok), we
>   can't just stop caring about all min/max values just because we
>   haven't done any variable map accesses.
> I don't see a way around this.

Agree, was thinking the same. If there's not really a regression in
terms of complexity, then lets kill the flag.

next prev parent reply	other threads:[~2017-08-21 21:00 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-15 19:34 [PATCH v3 net-next] bpf/verifier: track liveness for pruning Edward Cree
2017-08-15 19:34 ` Edward Cree via iovisor-dev
2017-08-15 22:12 ` Daniel Borkmann
2017-08-15 23:32   ` David Miller
2017-08-18  3:21 ` Alexei Starovoitov
2017-08-18  3:21   ` Alexei Starovoitov via iovisor-dev
2017-08-18 14:16   ` Edward Cree
2017-08-18 14:16     ` Edward Cree via iovisor-dev
2017-08-18 23:37     ` Alexei Starovoitov
2017-08-18 23:37       ` Alexei Starovoitov via iovisor-dev
2017-08-21 18:36       ` Edward Cree
2017-08-21 18:36         ` Edward Cree via iovisor-dev
2017-08-21 20:27         ` Daniel Borkmann
2017-08-21 20:27           ` Daniel Borkmann via iovisor-dev
2017-08-21 20:44           ` Edward Cree
2017-08-21 20:44             ` Edward Cree via iovisor-dev
2017-08-21 21:00             ` Daniel Borkmann [this message]
2017-08-21 21:23               ` Alexei Starovoitov
2017-08-21 21:23                 ` Alexei Starovoitov via iovisor-dev
2017-08-21 20:24     ` Edward Cree
2017-08-21 21:18       ` Alexei Starovoitov
2017-08-21 21:18         ` Alexei Starovoitov via iovisor-dev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=599B49DB.6010008@iogearbox.net \
    --to=daniel@iogearbox.net \
    --cc=alexei.starovoitov@gmail.com \
    --cc=ast@fb.com \
    --cc=davem@davemloft.net \
    --cc=ecree@solarflare.com \
    --cc=iovisor-dev@lists.iovisor.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.