From: Eduard Zingerman <eddyz87@gmail.com>
To: Jakub Sitnicki <jakub@cloudflare.com>, bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>,
Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
Amery Hung <ameryhung@gmail.com>,
netdev@vger.kernel.org, kernel-team@cloudflare.com
Subject: Re: [PATCH bpf-next 1/4] bpf, verifier: Support direct helper calls from prologue/epilogue
Date: Mon, 19 Jan 2026 14:44:19 -0800 [thread overview]
Message-ID: <f9ffbb877c73e5655fa6cfc4480624a320fcf94e.camel@gmail.com> (raw)
In-Reply-To: <20260119-skb-meta-bpf-emit-call-from-prologue-v1-1-e8b88d6430d8@cloudflare.com>
On Mon, 2026-01-19 at 20:53 +0100, Jakub Sitnicki wrote:
> Prepare to remove support for calling kfuncs from prologue & epilogue.
>
> Instead allow direct helpers calls using BPF_EMIT_CALL. Such calls already
> contain helper offset relative to __bpf_call_base and must bypass the
> verifier's patch_call_imm fixup, which expects BPF helper IDs rather than a
> pre-resolved offsets.
>
> Add a finalized_call flag to bpf_insn_aux_data to mark call instructions
> with resolved offsets so the verifier can skip patch_call_imm fixup for
> these calls.
>
> Note that the target of BPF_EMIT_CALL should be wrapped with BPF_CALL_x to
> prevent an ABI mismatch between BPF and C on 32-bit architectures.
>
> Suggested-by: Alexei Starovoitov <ast@kernel.org>
> Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
> ---
Reviewed-by: Eduard Zingerman <eddyz87@gmail.com>
[...]
> @@ -21867,6 +21880,8 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
> ret = add_kfunc_in_insns(env, insn_buf, cnt - 1);
> if (ret < 0)
> return ret;
> +
> + mark_helper_calls_finalized(env, 0, cnt - 1);
Note to reviewers:
`cnt - 1` is because each prologue-generating function does
`*insn++ = prog->insnsi[0];` in the end. Confusing every time.
> }
> }
>
> @@ -21880,6 +21895,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
>
> for (i = 0; i < insn_cnt; i++, insn++) {
> bpf_convert_ctx_access_t convert_ctx_access;
> + bool is_epilogue = false;
Nit: maybe rename this to finalize_helper_calls and untie from epilogue_idx?
In case someone would want to add a kfunc call not in an epilogue?
> u8 mode;
>
> if (env->insn_aux_data[i + delta].nospec) {
[...]
@@ -23477,6 +23497,9 @@ static int do_misc_fixups(struct bpf_verifier_env *env)
goto next_insn;
}
patch_call_imm:
+ if (env->insn_aux_data[i + delta].finalized_call)
+ goto next_insn;
+
Note: This jumps over env->ops->get_func_proto() call.
Which means that env->ops will not have means to specialize
helper calls inside pro/epilogue. Not a problem at the moment,
as the only helper called seem to be 'bpf_skb_pull_data' and
it does not appear to have alternative implementations.
Something to keep in mind when extending the code, though.
fn = env->ops->get_func_proto(insn->imm, env->prog);
/* all functions that have prototype and verifier allowed
* programs to call them, must be real in-kernel functions
[...]
next prev parent reply other threads:[~2026-01-19 22:44 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-19 19:53 [PATCH bpf-next 0/4] Switch from kfuncs to direct helper calls in prologue/epilogue Jakub Sitnicki
2026-01-19 19:53 ` [PATCH bpf-next 1/4] bpf, verifier: Support direct helper calls from prologue/epilogue Jakub Sitnicki
2026-01-19 22:44 ` Eduard Zingerman [this message]
2026-01-20 23:44 ` Martin KaFai Lau
2026-01-19 19:53 ` [PATCH bpf-next 2/4] bpf: net_sched: Use direct helper calls instead of kfuncs in pro/epilogue Jakub Sitnicki
2026-01-19 22:50 ` Eduard Zingerman
2026-01-20 23:45 ` Martin KaFai Lau
2026-01-19 19:53 ` [PATCH bpf-next 3/4] bpf: Remove kfunc support in prologue and epilogue Jakub Sitnicki
2026-01-19 22:55 ` Eduard Zingerman
2026-01-21 9:54 ` Jakub Sitnicki
2026-01-21 17:01 ` Alexei Starovoitov
2026-01-19 19:53 ` [PATCH bpf-next 4/4] selftests/bpf: Remove tests for prologue/epilogue with kfuncs Jakub Sitnicki
2026-01-19 22:56 ` Eduard Zingerman
2026-01-20 23:48 ` Martin KaFai Lau
2026-01-21 9:49 ` Jakub Sitnicki
2026-01-21 19:13 ` Martin KaFai Lau
2026-01-23 3:10 ` [PATCH bpf-next 0/4] Switch from kfuncs to direct helper calls in prologue/epilogue Amery Hung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f9ffbb877c73e5655fa6cfc4480624a320fcf94e.camel@gmail.com \
--to=eddyz87@gmail.com \
--cc=ameryhung@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=jakub@cloudflare.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kernel-team@cloudflare.com \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox