From: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: ast@kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org,
bjorn.topel@intel.com, magnus.karlsson@intel.com
Subject: Re: [PATCH v4 bpf-next 2/6] bpf: propagate poke descriptors to subprograms
Date: Fri, 24 Jul 2020 18:52:20 +0200 [thread overview]
Message-ID: <20200724165220.GA5944@ranger.igk.intel.com> (raw)
In-Reply-To: <1545902f-3cbb-73bc-e241-d2e8a3118cd4@iogearbox.net>
On Fri, Jul 24, 2020 at 06:02:30PM +0200, Daniel Borkmann wrote:
> On 7/24/20 2:36 PM, Maciej Fijalkowski wrote:
> > Previously, there was no need for poke descriptors being present in
> > subprogram's bpf_prog_aux struct since tailcalls were simply not allowed
> > in them. Each subprog is JITed independently so in order to enable
> > JITing such subprograms, simply copy poke descriptors from main program
> > to subprogram's poke tab.
> >
> > Add also subprog's aux struct to the BPF map poke_progs list by calling
> > on it map_poke_track().
> >
> > In case of any error, call the map_poke_untrack() on subprog's aux
> > structs that have already been registered to prog array map.
> >
> > Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
> > ---
> > kernel/bpf/verifier.c | 41 +++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 41 insertions(+)
> >
> > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > index 9a6703bc3f36..3e931e3e2239 100644
> > --- a/kernel/bpf/verifier.c
> > +++ b/kernel/bpf/verifier.c
> > @@ -9900,9 +9900,12 @@ static int jit_subprogs(struct bpf_verifier_env *env)
> > {
> > struct bpf_prog *prog = env->prog, **func, *tmp;
> > int i, j, subprog_start, subprog_end = 0, len, subprog;
> > + struct bpf_map *map_ptr;
> > struct bpf_insn *insn;
> > void *old_bpf_func;
> > int err, num_exentries;
> > + int last_poke_desc = 0;
> > + int last_subprog = 0;
> > if (env->subprog_cnt <= 1)
> > return 0;
> > @@ -9967,6 +9970,26 @@ static int jit_subprogs(struct bpf_verifier_env *env)
> > func[i]->aux->btf = prog->aux->btf;
> > func[i]->aux->func_info = prog->aux->func_info;
> > + for (j = 0; j < prog->aux->size_poke_tab; j++) {
> > + int ret;
> > +
> > + ret = bpf_jit_add_poke_descriptor(func[i],
> > + &prog->aux->poke_tab[j]);
> > + if (ret < 0) {
> > + verbose(env, "adding tail call poke descriptor failed\n");
> > + goto out_untrack;
> > + }
> > + map_ptr = func[i]->aux->poke_tab[j].tail_call.map;
> > + ret = map_ptr->ops->map_poke_track(map_ptr, func[i]->aux);
> > + if (ret < 0) {
> > + verbose(env, "tracking tail call prog failed\n");
> > + goto out_untrack;
> > + }
> > + last_poke_desc = j;
> > + }
> > + last_poke_desc = 0;
> > + last_subprog = i;
> > +
> > /* Use bpf_prog_F_tag to indicate functions in stack traces.
> > * Long term would need debug info to populate names
> > */
> > @@ -10059,7 +10082,25 @@ static int jit_subprogs(struct bpf_verifier_env *env)
> > prog->aux->func_cnt = env->subprog_cnt;
> > bpf_prog_free_unused_jited_linfo(prog);
> > return 0;
> > +out_untrack:
> > + /* this loop is only for handling the case where propagating all of
> > + * the main prog's poke descs was not successful for a particular
> > + * subprog; last_poke_desc is zeroed once we walked through all
> > + * of the poke descs; if last_poke_desc != 0 then 'i' is valid since
> > + * it is pointing to the subprog that we were at when got an error
> > + */
> > + while (last_poke_desc--) {
> > + map_ptr = func[i]->aux->poke_tab[last_poke_desc].tail_call.map;
> > + map_ptr->ops->map_poke_untrack(map_ptr, func[i]->aux);
> > + }
> > + last_subprog = i - 1;
> > out_free:
> > + for (i = last_subprog; i >= 0; i--) {
> > + for (j = 0; j < prog->aux->size_poke_tab; j++) {
> > + map_ptr = func[i]->aux->poke_tab[j].tail_call.map;
> > + map_ptr->ops->map_poke_untrack(map_ptr, func[i]->aux);
> > + }
> > + }
>
> After staring at this code for a while, the logic looks correct to me, but feels overly
> complicated with making sure all the corner cases do function above. I wonder, why didn't
> you consider just something like ...
>
> for (i = 0; i < env->subprog_cnt; i++)
> if (func[i]) {
> for (j = 0; j < func[i]->aux->size_poke_tab; j++) {
> map_ptr = func[i]->aux->poke_tab[j].tail_call.map;
> map_ptr->ops->map_poke_untrack(map_ptr, func[i]->aux);
> }
> bpf_jit_free(func[i]);
> }
>
> ... instead of last_poke_desc/last_subprog tracking and the fallthrough trick above. Am
> I missing something?
No, that's just the great example of over-engineering. If we bail out
during the poke propagation loop then on error path the size_poke_tab from
func[i]->aux as you're suggesting will let us to simply go through all of
the previously copied descs. Other out_free will be addressed as well.
So, v5.
>
> > for (i = 0; i < env->subprog_cnt; i++)
> > if (func[i])
> > bpf_jit_free(func[i]);
> >
>
next prev parent reply other threads:[~2020-07-24 16:57 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-24 12:36 [PATCH v4 bpf-next 0/6] bpf: tailcalls in BPF subprograms Maciej Fijalkowski
2020-07-24 12:36 ` [PATCH v4 bpf-next 1/6] bpf, x64: use %rcx instead of %rax for tail call retpolines Maciej Fijalkowski
2020-07-24 12:36 ` [PATCH v4 bpf-next 2/6] bpf: propagate poke descriptors to subprograms Maciej Fijalkowski
2020-07-24 16:02 ` Daniel Borkmann
2020-07-24 16:52 ` Maciej Fijalkowski [this message]
2020-07-24 12:36 ` [PATCH v4 bpf-next 3/6] bpf: rename poke descriptor's 'ip' member to 'tailcall_target' Maciej Fijalkowski
2020-07-24 12:36 ` [PATCH v4 bpf-next 4/6] bpf, x64: rework pro/epilogue and tailcall handling in JIT Maciej Fijalkowski
2020-07-24 12:36 ` [PATCH v4 bpf-next 5/6] bpf: allow for tailcalls in BPF subprograms for x64 JIT Maciej Fijalkowski
2020-07-24 12:36 ` [PATCH v4 bpf-next 6/6] selftests: bpf: add dummy prog for bpf2bpf with tailcall Maciej Fijalkowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200724165220.GA5944@ranger.igk.intel.com \
--to=maciej.fijalkowski@intel.com \
--cc=ast@kernel.org \
--cc=bjorn.topel@intel.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=magnus.karlsson@intel.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).