From: Leon Hwang <leon.hwang@linux.dev>
To: Xu Kuohai <xukuohai@huaweicloud.com>,
Menglong Dong <menglong.dong@linux.dev>,
Menglong Dong <menglong8.dong@gmail.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
jiang.biao@linux.dev, bpf <bpf@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
linux-trace-kernel <linux-trace-kernel@vger.kernel.org>
Subject: Re: [PATCH bpf-next v3 0/6] bpf trampoline support "jmp" mode
Date: Thu, 20 Nov 2025 10:07:07 +0800 [thread overview]
Message-ID: <e3c8daef-5267-4dda-9009-209a94224374@linux.dev> (raw)
In-Reply-To: <5f4d0bf9-9c74-44ce-8f29-c43fa5e8810a@huaweicloud.com>
On 19/11/25 20:36, Xu Kuohai wrote:
> On 11/19/2025 10:55 AM, Leon Hwang wrote:
>>
>>
>> On 19/11/25 10:47, Menglong Dong wrote:
>>> On 2025/11/19 08:28, Alexei Starovoitov wrote:
>>>> On Tue, Nov 18, 2025 at 4:36 AM Menglong Dong
>>>> <menglong8.dong@gmail.com> wrote:
>>>>>
>>>>> As we can see above, the performance of fexit increase from
>>>>> 80.544M/s to
>>>>> 136.540M/s, and the "fmodret" increase from 78.301M/s to 159.248M/s.
>>>>
>>>> Nice! Now we're talking.
>>>>
>>>> I think arm64 CPUs have a similar RSB-like return address predictor.
>>>> Do we need to do something similar there?
>>>> The question is not targeted to you, Menglong,
>>>> just wondering.
>>>
>>> I did some research before, and I find that most arch
>>> have such RSB-like stuff. I'll have a look at the loongarch
>>> later(maybe after the LPC, as I'm forcing on the English practice),
>>> and Leon is following the arm64.
>>
>> Yep, happy to take this on.
>>
>> I'm reviewing the arm64 JIT code now and will experiment with possible
>> approaches to handle this as well.
>>
>
> Unfortunately, the arm64 trampoline uses a tricky approach to bypass BTI
> by using ret instruction to invoke the patched function. This conflicts
> with the current approach, and seems there is no straightforward solution.
>
Hi Kuohai,
Thanks for the explanation.
Do you recall the original reason for using a ret instruction to bypass
BTI in the arm64 trampoline? I'm trying to understand whether that
constraint is fundamental or historical.
I'm wondering if we could structure the control flow like this:
foo "bl" bar -> bar:
bar "br" trampoline -> trampoline:
trampoline "bl" -> bar func body:
bar func body "ret" -> trampoline
trampoline "ret" -> foo
This would introduce two "bl"s and two "ret"s, keeping the RAS balanced
in a way similar to the x86 approach.
With this structure, we could also shrink the frame layout:
* SP + retaddr_off [ self ip ]
* [ FP ]
And then store the "self" return address elsewhere on the stack.
Do you think something along these lines could work?
Thanks,
Leon
next prev parent reply other threads:[~2025-11-20 2:07 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-18 12:36 [PATCH bpf-next v3 0/6] bpf trampoline support "jmp" mode Menglong Dong
2025-11-18 12:36 ` [PATCH bpf-next v3 1/6] ftrace: introduce FTRACE_OPS_FL_JMP Menglong Dong
2025-11-18 13:25 ` bot+bpf-ci
2025-11-18 13:51 ` Steven Rostedt
2025-11-18 12:36 ` [PATCH bpf-next v3 2/6] x86/ftrace: implement DYNAMIC_FTRACE_WITH_JMP Menglong Dong
2025-11-18 22:01 ` Jiri Olsa
2025-11-19 1:05 ` Menglong Dong
2025-11-18 12:36 ` [PATCH bpf-next v3 3/6] bpf: fix the usage of BPF_TRAMP_F_SKIP_FRAME Menglong Dong
2025-11-18 12:36 ` [PATCH bpf-next v3 4/6] bpf,x86: adjust the "jmp" mode for bpf trampoline Menglong Dong
2025-11-18 12:36 ` [PATCH bpf-next v3 5/6] bpf: specify the old and new poke_type for bpf_arch_text_poke Menglong Dong
2025-11-18 12:36 ` [PATCH bpf-next v3 6/6] bpf: implement "jmp" mode for trampoline Menglong Dong
2025-11-19 0:59 ` Alexei Starovoitov
2025-11-19 1:03 ` Steven Rostedt
2025-11-22 2:37 ` Alexei Starovoitov
2025-11-24 14:50 ` Steven Rostedt
2025-11-19 0:28 ` [PATCH bpf-next v3 0/6] bpf trampoline support "jmp" mode Alexei Starovoitov
2025-11-19 2:47 ` Menglong Dong
2025-11-19 2:55 ` Leon Hwang
2025-11-19 12:36 ` Xu Kuohai
2025-11-20 2:07 ` Leon Hwang [this message]
2025-11-20 3:24 ` Xu Kuohai
2025-11-24 18:00 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3c8daef-5267-4dda-9009-209a94224374@linux.dev \
--to=leon.hwang@linux.dev \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=jiang.biao@linux.dev \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=martin.lau@linux.dev \
--cc=mathieu.desnoyers@efficios.com \
--cc=menglong.dong@linux.dev \
--cc=menglong8.dong@gmail.com \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=xukuohai@huaweicloud.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).