Re: [PATCH bpf-next 1/1] bpf: Allow fall back to interpreter for programs with stack size <= 512

All of lore.kernel.org
 help / color / mirror / Atom feed

From: KaFai Wan <kafai.wan@linux.dev>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	 John Fastabend <john.fastabend@gmail.com>,
	Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Eduard <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
	 Yonghong Song <yonghong.song@linux.dev>,
	KP Singh <kpsingh@kernel.org>,
	Stanislav Fomichev <sdf@fomichev.me>,
	 Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
	Jiayuan Chen <mrpre@163.com>, bpf <bpf@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>, Felix Fietkau <nbd@nbd.name>
Subject: Re: [PATCH bpf-next 1/1] bpf: Allow fall back to interpreter for programs with stack size <= 512
Date: Mon, 11 Aug 2025 19:28:26 +0800	[thread overview]
Message-ID: <d845425e524ee4c81e0f12553e3ed9daa549ce9a.camel@linux.dev> (raw)
In-Reply-To: <CAADnVQLecBEmQzxOzUwv_2mO9BDrKSp1xiC4WY8-gL2w4OaxaQ@mail.gmail.com>

On Thu, 2025-08-07 at 09:50 -0700, Alexei Starovoitov wrote:
> On Tue, Aug 5, 2025 at 4:55 AM KaFai Wan <kafai.wan@linux.dev> wrote:
> > 
> > OpenWRT users reported regression on ARMv6 devices after updating
> > to latest
> > HEAD, where tcpdump filter:
> > 
> > tcpdump -i mon1 \
> > "not wlan addr3 3c37121a2b3c and not wlan addr2 184ecbca2a3a \
> > and not wlan addr2 14130b4d3f47 and not wlan addr2 f0f61cf440b7 \
> > and not wlan addr3 a84b4dedf471 and not wlan addr3 d022be17e1d7 \
> > and not wlan addr3 5c497967208b and not wlan addr2 706655784d5b"
> > 
> > fails with warning: "Kernel filter failed: No error information"
> > when using config:
> >  # CONFIG_BPF_JIT_ALWAYS_ON is not set
> >  CONFIG_BPF_JIT_DEFAULT_ON=y
> > 
> > The issue arises because commits:
> > 1. "bpf: Fix array bounds error with may_goto" changed default
> > runtime to
> >    __bpf_prog_ret0_warn when jit_requested = 1
> > 2. "bpf: Avoid __bpf_prog_ret0_warn when jit fails" returns error
> > when
> >    jit_requested = 1 but jit fails
> > 
> > This change restores interpreter fallback capability for BPF
> > programs with
> > stack size <= 512 bytes when jit fails.
> > 
> > Reported-by: Felix Fietkau <nbd@nbd.name>
> > Closes:
> > https://lore.kernel.org/bpf/2e267b4b-0540-45d8-9310-e127bf95fc63@nbd.name/
> > Fixes: 6ebc5030e0c5 ("bpf: Fix array bounds error with may_goto")
> 
> This commit looks fine.
> 
> > Fixes: 86bc9c742426 ("bpf: Avoid __bpf_prog_ret0_warn when jit
> > fails")
> 
> But this one is indeed problematic.
> But before we revert, please provide a selftest that is causing
> valid classic bpf prog to fail JITing on arm,
> because it has to be fixed as well. 
> 
OK, I'll add a test for it.

> Sounds like OpenWRT was suffering performance loss due to the
> interpreter.
> 
> > Signed-off-by: KaFai Wan <kafai.wan@linux.dev>
> > ---
> >  kernel/bpf/core.c | 12 +++++++-----
> >  1 file changed, 7 insertions(+), 5 deletions(-)
> > 
> > diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> > index 5d1650af899d..2d86bd4b0b97 100644
> > --- a/kernel/bpf/core.c
> > +++ b/kernel/bpf/core.c
> > @@ -2366,8 +2366,8 @@ static unsigned int
> > __bpf_prog_ret0_warn(const void *ctx,
> >                                          const struct bpf_insn
> > *insn)
> >  {
> >         /* If this handler ever gets executed, then
> > BPF_JIT_ALWAYS_ON
> > -        * is not working properly, or interpreter is being used
> > when
> > -        * prog->jit_requested is not 0, so warn about it!
> > +        * or may_goto may cause stack size > 512 is not working
> > properly,
> > +        * so warn about it!
> 
> We shouldn't have touched this comment. Let's not do it again.
> 
OK.
> >          */
> >         WARN_ON_ONCE(1);
> >         return 0;
> > @@ -2478,10 +2478,10 @@ static void bpf_prog_select_func(struct
> > bpf_prog *fp)
> >          * But for non-JITed programs, we don't need bpf_func, so
> > no bounds
> >          * check needed.
> >          */
> > -       if (!fp->jit_requested &&
> > -           !WARN_ON_ONCE(idx >= ARRAY_SIZE(interpreters))) {
> > +       if (idx < ARRAY_SIZE(interpreters)) {
> >                 fp->bpf_func = interpreters[idx];
> 
> this is fine.
> 
> >         } else {
> > +               WARN_ON_ONCE(!fp->jit_requested);
> 
> drop it. Let's not give syzbot more opportunities
> to spam us again with fault injection -like corner cases.
> 
OK, will drop it.

> >                 fp->bpf_func = __bpf_prog_ret0_warn;
> >         }
> >  #else
> > @@ -2505,7 +2505,7 @@ struct bpf_prog
> > *bpf_prog_select_runtime(struct bpf_prog *fp, int *err)
> >         /* In case of BPF to BPF calls, verifier did all the prep
> >          * work with regards to JITing, etc.
> >          */
> > -       bool jit_needed = fp->jit_requested;
> > +       bool jit_needed = false;
> 
> ok
> 
> > 
> >         if (fp->bpf_func)
> >                 goto finalize;
> > @@ -2515,6 +2515,8 @@ struct bpf_prog
> > *bpf_prog_select_runtime(struct bpf_prog *fp, int *err)
> >                 jit_needed = true;
> > 
> >         bpf_prog_select_func(fp);
> > +       if (fp->bpf_func == __bpf_prog_ret0_warn)
> > +               jit_needed = true;
> 
> This is too hacky.
> Change bpf_prog_select_func() to return bool and
> rename it bpf_prog_select_func/bpf_prog_select_interpreter()
> 
> true on success, false on when interpreter is impossible.
> 
OK, will change it.

> And target bpf tree.
> 
OK. 
> --
> pw-bot: cr
> 
> > 
> >         /* eBPF JITs can rewrite the program in case constant
> >          * blinding is active. However, in case of error during
> > --
> > 2.43.0
> > 

-- 
Thanks,
KaFai

     prev parent reply	other threads:[~2025-08-11 11:28 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-05 11:55 [PATCH bpf-next 1/1] bpf: Allow fall back to interpreter for programs with stack size <= 512 KaFai Wan
2025-08-05 17:45 ` Yonghong Song
2025-08-06 10:57   ` KaFai Wan
2025-08-06 17:37     ` Yonghong Song
2025-08-07 16:50 ` Alexei Starovoitov
2025-08-11 11:28   ` KaFai Wan [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d845425e524ee4c81e0f12553e3ed9daa549ce9a.camel@linux.dev \
    --to=kafai.wan@linux.dev \
    --cc=alexei.starovoitov@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mrpre@163.com \
    --cc=nbd@nbd.name \
    --cc=sdf@fomichev.me \
    --cc=song@kernel.org \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.