From: Menglong Dong <menglong8.dong@gmail.com>
To: ast@kernel.org, rostedt@goodmis.org
Cc: daniel@iogearbox.net, john.fastabend@gmail.com,
andrii@kernel.org, martin.lau@linux.dev, eddyz87@gmail.com,
song@kernel.org, yonghong.song@linux.dev, kpsingh@kernel.org,
sdf@fomichev.me, haoluo@google.com, jolsa@kernel.org,
mhiramat@kernel.org, mark.rutland@arm.com,
mathieu.desnoyers@efficios.com, bpf@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: [PATCH RFC bpf-next 0/7] bpf trampoline support "jmp" mode
Date: Fri, 14 Nov 2025 17:24:43 +0800 [thread overview]
Message-ID: <20251114092450.172024-1-dongml2@chinatelecom.cn> (raw)
For now, the bpf trampoline is called by the "call" instruction. However,
it break the RSB and introduce extra overhead in x86_64 arch.
For example, we hook the function "foo" with fexit, the call and return
logic will be like this:
call foo -> call trampoline -> call foo-body ->
return foo-body -> return foo
As we can see above, there are 3 call, but 2 return, which break the RSB
balance. We can pseudo a "return" here, but it's not the best choice,
as it will still cause once RSB miss:
call foo -> call trampoline -> call foo-body ->
return foo-body -> return dummy -> return foo
The "return dummy" doesn't pair the "call trampoline", which can also
cause the RSB miss.
Therefore, we introduce the "jmp" mode for bpf trampoline, as advised by
Alexei in [1]. And the logic will become this:
call foo -> jmp trampoline -> call foo-body ->
return foo-body -> return foo
As we can see above, the RSB is totally balanced. After the modification,
the performance of fexit increases from 76M/s to 130M/s.
In this series, we introduce the FTRACE_OPS_FL_JMP for ftrace to make it
use the "jmp" instruction instead of "call".
And we introduce the bpf_arch_text_poke_type(), which is able to specify
both the current and new opcode.
Not sure if I should split the first 2 patches into a separate series and
send to the ftrace tree.
Link: https://lore.kernel.org/bpf/CAADnVQLX54sVi1oaHrkSiLqjJaJdm3TQjoVrgU-LZimK6iDcSA@mail.gmail.com/[1]
Menglong Dong (7):
ftrace: introduce FTRACE_OPS_FL_JMP
x86/ftrace: implement DYNAMIC_FTRACE_WITH_JMP
bpf: fix the usage of BPF_TRAMP_F_SKIP_FRAME
bpf,x86: adjust the "jmp" mode for bpf trampoline
bpf: introduce bpf_arch_text_poke_type
bpf,x86: implement bpf_arch_text_poke_type for x86_64
bpf: implement "jmp" mode for trampoline
arch/riscv/net/bpf_jit_comp64.c | 2 +-
arch/x86/Kconfig | 1 +
arch/x86/kernel/ftrace.c | 7 ++++-
arch/x86/kernel/ftrace_64.S | 12 +++++++-
arch/x86/net/bpf_jit_comp.c | 45 ++++++++++++++++++++--------
include/linux/bpf.h | 22 ++++++++++++++
include/linux/ftrace.h | 48 +++++++++++++++++++++++++++++
kernel/bpf/core.c | 10 +++++++
kernel/bpf/trampoline.c | 53 +++++++++++++++++++++++++++------
kernel/trace/Kconfig | 12 ++++++++
kernel/trace/ftrace.c | 9 +++++-
11 files changed, 195 insertions(+), 26 deletions(-)
--
2.51.2
next reply other threads:[~2025-11-14 9:24 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 9:24 Menglong Dong [this message]
2025-11-14 9:24 ` [PATCH RFC bpf-next 1/7] ftrace: introduce FTRACE_OPS_FL_JMP Menglong Dong
2025-11-14 10:20 ` bot+bpf-ci
2025-11-14 10:57 ` Menglong Dong
2025-11-14 9:24 ` [PATCH RFC bpf-next 2/7] x86/ftrace: implement DYNAMIC_FTRACE_WITH_JMP Menglong Dong
2025-11-14 16:39 ` Steven Rostedt
2025-11-15 2:12 ` Menglong Dong
2025-11-14 9:24 ` [PATCH RFC bpf-next 3/7] bpf: fix the usage of BPF_TRAMP_F_SKIP_FRAME Menglong Dong
2025-11-14 18:23 ` Alexei Starovoitov
2025-11-14 9:24 ` [PATCH RFC bpf-next 4/7] bpf,x86: adjust the "jmp" mode for bpf trampoline Menglong Dong
2025-11-14 18:22 ` Alexei Starovoitov
2025-11-15 2:14 ` Menglong Dong
2025-11-14 9:24 ` [PATCH RFC bpf-next 5/7] bpf: introduce bpf_arch_text_poke_type Menglong Dong
2025-11-14 10:20 ` bot+bpf-ci
2025-11-14 18:41 ` Alexei Starovoitov
2025-11-15 2:26 ` Menglong Dong
2025-11-14 9:24 ` [PATCH RFC bpf-next 6/7] bpf,x86: implement bpf_arch_text_poke_type for x86_64 Menglong Dong
2025-11-14 9:24 ` [PATCH RFC bpf-next 7/7] bpf: implement "jmp" mode for trampoline Menglong Dong
2025-11-14 18:50 ` Alexei Starovoitov
2025-11-15 2:39 ` Menglong Dong
2025-11-15 2:42 ` Alexei Starovoitov
2025-11-14 13:38 ` [PATCH RFC bpf-next 0/7] bpf trampoline support "jmp" mode Steven Rostedt
2025-11-14 13:58 ` Menglong Dong
2025-11-14 16:28 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251114092450.172024-1-dongml2@chinatelecom.cn \
--to=menglong8.dong@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=martin.lau@linux.dev \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox