From: "Michael S. Tsirkin" <mst@redhat.com>
To: John Fastabend <john.fastabend@gmail.com>
Cc: jasowang@redhat.com, john.r.fastabend@intel.com,
netdev@vger.kernel.org, alexei.starovoitov@gmail.com,
daniel@iogearbox.net
Subject: XDP offload to hypervisor
Date: Mon, 23 Jan 2017 23:40:29 +0200 [thread overview]
Message-ID: <20170123230727-mutt-send-email-mst@kernel.org> (raw)
I've been thinking about passing XDP programs from guest to the
hypervisor. Basically, after getting an incoming packet, we could run
an XDP program in host kernel.
If the result is XDP_DROP or XDP_TX we don't need to wake up the guest at all!
When using tun for networking - especially with adjust_head - this
unfortunately probably means we need to do a data copy unless there is
enough headroom. How much is enough though?
Another issue is around host/guest ABI. Guest BPF could add new features
at any point. What if hypervisor can not support it all? I guess we
could try loading program into hypervisor and run it within guest on
failure to load, but this ignores question of cross-version
compatibility - someone might start guest on a new host
then try to move to an old one. So we will need an option
"behave like an older host" such that guest can start and then
move to an older host later. This will likely mean
implementing this validation of programs in qemu userspace unless linux
can supply something like this. Is this (disabling some features)
something that might be of interest to larger bpf community?
With a device such as macvtap there exist configurations where a single
guest is in control of the device (aka passthrough mode) in that case
there's a potential to run xdp on host before host skb is built, unless
host already has an xdp program attached. If it does we could run the
program within guest, but what if a guest program got attached first?
Maybe we should pass a flag in the packet "xdp passed on this packet in
host". Then, guest can skip running it. Unless we do a full reset
there's always a potential for packets to slip through, e.g. on xdp
program changes. Maybe a flush command is needed, or force queue or
device reset to make sure nothing is going on. Does this make sense?
Thanks!
--
MST
next reply other threads:[~2017-01-23 21:40 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-23 21:40 Michael S. Tsirkin [this message]
2017-01-23 21:56 ` XDP offload to hypervisor John Fastabend
2017-01-23 22:26 ` Michael S. Tsirkin
2017-01-25 2:45 ` Jason Wang
2017-01-25 3:17 ` Michael S. Tsirkin
2017-01-24 1:02 ` Alexei Starovoitov
2017-01-24 2:47 ` Michael S. Tsirkin
2017-01-24 3:33 ` Michael S. Tsirkin
2017-01-24 3:50 ` Alexei Starovoitov
2017-01-24 4:35 ` Michael S. Tsirkin
2017-01-25 2:51 ` Jason Wang
2017-01-25 3:03 ` Jason Wang
2017-01-25 2:41 ` Jason Wang
2017-01-25 3:12 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170123230727-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=daniel@iogearbox.net \
--cc=jasowang@redhat.com \
--cc=john.fastabend@gmail.com \
--cc=john.r.fastabend@intel.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).