From: Daniel Borkmann <daniel@iogearbox.net>
To: Edward Cree <ecree@solarflare.com>,
Alexei Starovoitov <ast@fb.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: davem@davemloft.net, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org,
iovisor-dev <iovisor-dev@lists.iovisor.org>
Subject: Re: [PATCH v3 net-next 00/12] bpf: rewrite value tracking in verifier
Date: Fri, 07 Jul 2017 11:14:27 +0200 [thread overview]
Message-ID: <595F50F3.2030008@iogearbox.net> (raw)
In-Reply-To: <54b95191-697d-6b15-ec39-438c85e08adc@solarflare.com>
On 07/06/2017 08:27 PM, Edward Cree wrote:
> On 04/07/17 23:28, Daniel Borkmann wrote:
>> Have you tried with cilium's BPF code? The kernel selftests are quite small,
>> so not really pushing processed insns too far. I can send you a BPF obj file
>> if that's easier for testing.
> Results from the next (in-progress) version of the patch series, with the
> 'id' bugfix I mentioned in my other mail, and rebased onto an updated
> net-next (0e72582). Numbers collected with:
> # tc filter add dev lo egress bpf da obj /path/to/bpf_object.o sec $section verb 2>&1 | grep "processed" | awk -e 'BEGIN { N = 0; }' -e '{ N += $2; }' -e 'END { print N; }'
>
> Program net-next short full
> bpf_lb_opt_-DLB_L3.o 4707 5872 6515
> bpf_lb_opt_-DLB_L4.o 7662 8652 8976
> bpf_lb_opt_-DUNKNOWN.o 727 2972 2960
> bpf_lxc_opt_-DDROP_ALL.o 57725 85750 95412
> bpf_lxc_opt_-DUNKNOWN.o 93676 134043 141706
> bpf_netdev.o 14702 24665 24251
> bpf_overlay.o 7303 10939 10999
>
> Conclusion: the ptr&const and full-range min/max tracking make little
> difference (10% increase at most, sometimes a decrease); most of the
> increase comes from the basic "replace imm and aux_off/align with tnums"
> patch.
Okay, thanks for the analysis, Edward.
> So based on what Alexei was saying earlier, it sounds like the answer for
> now is to up the limit (say to a round 128k), get this series merged,
> then start work on pruning optimisation so we can hopefully bring that
> limit back down again later. Sound reasonable?
But this means the bpf_lxc_* cases increase quite significantly,
arguably one of them is pretty close already, but the other one not
so much, meaning while 142k would shoot over the 128k target quite a
bit, the 95k is quite close to the point that it wouldn't take much,
say, few different optimizations from compiler, to hit the limit as
well eventually, something like 156k for the time being would seem a
more adequate raise perhaps that needs to be evaluated carefully
given the situation.
next prev parent reply other threads:[~2017-07-07 9:14 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-27 12:53 [PATCH v3 net-next 00/12] bpf: rewrite value tracking in verifier Edward Cree
2017-06-27 12:56 ` [PATCH v3 net-next 01/12] selftests/bpf: add test for mixed signed and unsigned bounds checks Edward Cree
2017-06-28 13:51 ` Daniel Borkmann
2017-06-27 12:56 ` [PATCH v3 net-next 02/12] bpf/verifier: rework value tracking Edward Cree
2017-06-28 15:15 ` Daniel Borkmann
2017-06-28 16:07 ` Edward Cree
2017-06-28 19:44 ` Daniel Borkmann
2017-06-28 17:09 ` Daniel Borkmann
2017-06-28 18:28 ` Edward Cree
2017-06-29 7:48 ` kbuild test robot
2017-07-06 21:21 ` [iovisor-dev] " Nadav Amit
2017-07-07 13:48 ` Edward Cree
2017-07-07 17:45 ` Nadav Amit
2017-07-08 0:54 ` Nadav Amit
2017-07-12 19:13 ` Edward Cree
2017-07-12 22:07 ` Nadav Amit
2017-07-17 17:02 ` Edward Cree
2017-06-27 12:57 ` [PATCH v3 net-next 03/12] nfp: change bpf verifier hooks to match new verifier data structures Edward Cree
2017-06-28 20:47 ` Daniel Borkmann
2017-06-29 3:47 ` Jakub Kicinski
2017-06-27 12:57 ` [PATCH v3 net-next 04/12] bpf/verifier: track signed and unsigned min/max values Edward Cree
2017-06-27 12:58 ` [PATCH v3 net-next 05/12] bpf/verifier: more concise register state logs for constant var_off Edward Cree
2017-06-27 12:58 ` [PATCH v3 net-next 06/12] selftests/bpf: change test_verifier expectations Edward Cree
2017-06-27 12:59 ` [PATCH v3 net-next 07/12] selftests/bpf: rewrite test_align Edward Cree
2017-06-27 12:59 ` [PATCH v3 net-next 08/12] selftests/bpf: add a test to test_align Edward Cree
2017-06-27 12:59 ` [PATCH v3 net-next 09/12] selftests/bpf: add test for bogus operations on pointers Edward Cree
2017-06-27 12:59 ` [PATCH v3 net-next 10/12] selftests/bpf: don't try to access past MAX_PACKET_OFF in test_verifier Edward Cree
2017-06-27 13:00 ` [PATCH v3 net-next 11/12] selftests/bpf: add tests for subtraction & negative numbers Edward Cree
2017-06-27 13:00 ` [PATCH v3 net-next 12/12] selftests/bpf: variable offset negative tests Edward Cree
2017-06-28 13:50 ` [PATCH v3 net-next 00/12] bpf: rewrite value tracking in verifier Daniel Borkmann
2017-06-28 14:11 ` Edward Cree
2017-06-28 20:38 ` Daniel Borkmann
2017-06-28 21:37 ` Alexei Starovoitov
2017-06-30 16:44 ` Edward Cree
2017-06-30 17:34 ` [TEST PATCH] bpf/verifier: roll back ptr&const handling, and fix signed bounds Edward Cree
2017-06-30 18:15 ` [PATCH v3 net-next 00/12] bpf: rewrite value tracking in verifier Alexei Starovoitov
2017-07-04 19:22 ` Edward Cree
2017-07-04 22:28 ` Daniel Borkmann
2017-07-06 18:27 ` Edward Cree
2017-07-07 9:14 ` Daniel Borkmann [this message]
2017-07-07 12:50 ` Edward Cree
2017-07-07 13:05 ` Daniel Borkmann
2017-07-06 14:07 ` Edward Cree
2017-07-14 20:03 ` [iovisor-dev] " Y Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=595F50F3.2030008@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=alexei.starovoitov@gmail.com \
--cc=ast@fb.com \
--cc=davem@davemloft.net \
--cc=ecree@solarflare.com \
--cc=iovisor-dev@lists.iovisor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox