BPF List
 help / color / mirror / Atom feed
From: KaFai Wan <kafai.wan@linux.dev>
To: Tiezhu Yang <yangtiezhu@loongson.cn>,
	Alexei Starovoitov <ast@kernel.org>,
	 Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andrii@kernel.org>,
	Eduard Zingerman <eddyz87@gmail.com>,
	 Kumar Kartikeya Dwivedi <memxor@gmail.com>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Song Liu <song@kernel.org>,
	Yonghong Song <yonghong.song@linux.dev>,
	Jiri Olsa <jolsa@kernel.org>,
	Emil Tsalapatis <emil@etsalapatis.com>
Cc: bpf@vger.kernel.org, loongarch@lists.linux.dev,
	"Leon Hwang" <leon.hwang@linux.dev>,
	"Puranjay Mohan" <puranjay@kernel.org>,
	"Björn Töpel" <bjorn@kernel.org>
Subject: Re: [PATCH bpf-next v7 1/2] bpf: Introduce jit_required flag and refactor kfunc path
Date: Sat, 04 Jul 2026 09:57:10 +0800	[thread overview]
Message-ID: <2240908fb833182e502d1804b392874cccf17b6c.camel@linux.dev> (raw)
In-Reply-To: <2d1babdf-a4d9-9902-77b0-3f5640871323@loongson.cn>

On Sat, 2026-07-04 at 00:14 +0800, Tiezhu Yang wrote:
> On 7/3/26 21:55, KaFai Wan wrote:
> > On Thu, 2026-07-02 at 22:36 +0800, Tiezhu Yang wrote:
> > > Introduce a 'jit_required' bitfield flag at the end of the
> > > flags group in struct bpf_prog. This bit tracks whether a
> > > program strictly requires the JIT compiler.
> > > 
> > > Set this flag to 1 when a kfunc call is added at the end of
> > > bpf_add_kfunc_call().
> > > 
> > > In __bpf_prog_select_runtime(), check with fp->jit_required
> > > rather than bpf_prog_has_kfunc_call() to unify the logic.
> > > 
> > > Suggested-by: Alexei Starovoitov <ast@kernel.org>
> > > Suggested-by: KaFai Wan <kafai.wan@linux.dev>
> > > Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
> > > ---
> > >   include/linux/bpf.h   | 3 ++-
> > >   kernel/bpf/core.c     | 3 +--
> > >   kernel/bpf/verifier.c | 2 ++
> > >   3 files changed, 5 insertions(+), 3 deletions(-)
> > > 
> > > diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> > > index ba09795e0bfd..4e2b059d71f3 100644
> > > --- a/include/linux/bpf.h
> > > +++ b/include/linux/bpf.h
> > > @@ -1880,7 +1880,8 @@ struct bpf_prog {
> > >   				call_get_func_ip:1, /* Do we call get_func_ip() */
> > >   				call_session_cookie:1, /* Do we call bpf_session_cookie() */
> > >   				tstamp_type_access:1, /* Accessed __sk_buff->tstamp_type */
> > > -				sleepable:1;	/* BPF program is sleepable */
> > > +				sleepable:1,	/* BPF program is sleepable */
> > > +				jit_required:1;	/* program strictly requires JIT
> > > compiler
> > > */
> > 
> > In v6 you're using 'u8 jit_required', I thought it would be 'u8 jit_required:1', so we use one
> > byte
> > and left 3 byte hole for future use.
> > 
> > This version left 2 bytes hole, same as v5, but it can easily be misleading because of the u16
> > type,
> > since we used 17 bits. I prefer v5, it has better readability.
> 
> OK, I will use the previous layout in v8, like this:
> 
> ```
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index ba09795e0bfd..463fae6a5c33 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -1865,8 +1865,9 @@ struct bpf_prog_aux {
> 
>   struct bpf_prog {
>   	u16			pages;		/* Number of allocated pages */
> -	u16			jited:1,	/* Is our filter JIT'ed? */
> +	u32			jited:1,	/* Is our filter JIT'ed? */
>   				jit_requested:1,/* archs need to JIT the prog */
> +				jit_required:1, /* program strictly requires JIT compiler */
>   				gpl_compatible:1, /* Is filter GPL compatible? */
>   				cb_access:1,	/* Is control block accessed? */
>   				dst_needed:1,	/* Do we need dst entry? */
> ```
> 
> > 
> > >   	enum bpf_prog_type	type;		/* Type of BPF program */
> > >   	enum bpf_attach_type	expected_attach_type; /* For some prog types */
> > >   	u32			len;		/* Number of filter blocks */
> > > diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> > > index 649cce41e13f..5fcd19ccb41a 100644
> > > --- a/kernel/bpf/core.c
> > > +++ b/kernel/bpf/core.c
> > > @@ -2619,8 +2619,7 @@ struct bpf_prog *__bpf_prog_select_runtime(struct bpf_verifier_env *env,
> > > struct
> > >   	if (fp->bpf_func)
> > >   		goto finalize;
> > >   
> > > -	if (IS_ENABLED(CONFIG_BPF_JIT_ALWAYS_ON) ||
> > > -	    bpf_prog_has_kfunc_call(fp))
> > > +	if (IS_ENABLED(CONFIG_BPF_JIT_ALWAYS_ON) || fp->jit_required)
> > >   		jit_needed = true;
> > >   
> > >   	if (!bpf_prog_select_interpreter(fp))
> > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > > index 25aea4271cd0..f496b45b9da4 100644
> > > --- a/kernel/bpf/verifier.c
> > > +++ b/kernel/bpf/verifier.c
> > > @@ -2765,6 +2765,8 @@ int bpf_add_kfunc_call(struct bpf_verifier_env *env, u32 func_id, u16
> > > offset)
> > >   	desc->func_model = func_model;
> > >   	sort(tab->descs, tab->nr_descs, sizeof(tab->descs[0]),
> > >   	     kfunc_desc_cmp_by_id_off, NULL);
> > > +
> > > +	env->prog->jit_required = 1;
> > 
> > That's ok, and I think Sashiko is right about this patch.
> > 
> > >   	return 0;
> > >   }
> 
> As discussed in another thread, I will update bpf_prog_has_kfunc_call()
> in v8, like this:
> 
> ```
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 25aea4271cd0..c34cc524651a 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -2770,7 +2770,7 @@ int bpf_add_kfunc_call(struct bpf_verifier_env
> *env, u32 func_id, u16 offset)
> 
>    bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog)
>    {
> -       return !!prog->aux->kfunc_tab;
> +       return prog->aux->kfunc_tab && prog->aux->kfunc_tab->nr_descs;
>    }
> 
>    static int add_subprog_and_kfunc(struct bpf_verifier_env *env)
> ```
> 
> IIUC, there are two places to modify so far:
> (1) struct bpf_prog

yes

> (2) bpf_prog_has_kfunc_call()

I think we can remove this func.

actually, I feed your patch to dsv4-pro and gpt-5.4 yesterday, both point out the we should do this
and change the log message.

diff --git a/kernel/bpf/fixups.c b/kernel/bpf/fixups.c
index 12a8a4eb757f..7fb92b5fa415 100644
--- a/kernel/bpf/fixups.c
+++ b/kernel/bpf/fixups.c
@@ -1378,7 +1378,6 @@ int bpf_fixup_call_args(struct bpf_verifier_env *env)
 #ifndef CONFIG_BPF_JIT_ALWAYS_ON
 	struct bpf_prog *prog = env->prog;
 	struct bpf_insn *insn = prog->insnsi;
-	bool has_kfunc_call = bpf_prog_has_kfunc_call(prog);
 	int depth;
 #endif
 	int i, err = 0;
@@ -1404,7 +1403,7 @@ int bpf_fixup_call_args(struct bpf_verifier_env *env)
 			return err;
 	}
 #ifndef CONFIG_BPF_JIT_ALWAYS_ON
-	if (has_kfunc_call) {
+	if (prog->jit_required) {
 		verbose(env, "calling kernel functions are not allowed in non-JITed programs\n");
 		return -EINVAL;
 	}

I think we can change the log message for general purpose no just for kunc, so we can know why prog
failed in patch#2 as you test yesterday.

> 
> If you have any more comments, please let me know.
> 
> Thanks,
> Tiezhu
> 

-- 
Thanks,
KaFai

  reply	other threads:[~2026-07-04  1:57 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-02 14:36 [PATCH bpf-next v7 0/2] Introduce jit_required to prevent a kernel panic Tiezhu Yang
2026-07-02 14:36 ` [PATCH bpf-next v7 1/2] bpf: Introduce jit_required flag and refactor kfunc path Tiezhu Yang
2026-07-02 14:58   ` sashiko-bot
2026-07-03  2:57     ` Tiezhu Yang
2026-07-03  5:24       ` Leon Hwang
2026-07-03  6:59         ` Tiezhu Yang
2026-07-03 14:14           ` Leon Hwang
2026-07-03 15:53             ` Tiezhu Yang
2026-07-04  1:17               ` KaFai Wan
2026-07-03 13:51       ` KaFai Wan
2026-07-03 15:56         ` Tiezhu Yang
2026-07-04  3:23           ` KaFai Wan
2026-07-03 13:55   ` KaFai Wan
2026-07-03 16:14     ` Tiezhu Yang
2026-07-04  1:57       ` KaFai Wan [this message]
2026-07-04  2:05       ` KaFai Wan
2026-07-02 14:36 ` [PATCH bpf-next v7 2/2] bpf: Reject programs with inlined helpers if JIT is unavailable Tiezhu Yang
2026-07-02 14:57   ` sashiko-bot
2026-07-03  4:14     ` Tiezhu Yang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2240908fb833182e502d1804b392874cccf17b6c.camel@linux.dev \
    --to=kafai.wan@linux.dev \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bjorn@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=emil@etsalapatis.com \
    --cc=jolsa@kernel.org \
    --cc=leon.hwang@linux.dev \
    --cc=loongarch@lists.linux.dev \
    --cc=martin.lau@linux.dev \
    --cc=memxor@gmail.com \
    --cc=puranjay@kernel.org \
    --cc=song@kernel.org \
    --cc=yangtiezhu@loongson.cn \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox