From: Pu Lehui <pulehui@huaweicloud.com>
To: "Björn Töpel" <bjorn@kernel.org>,
bpf@vger.kernel.org, linux-riscv@lists.infradead.org,
netdev@vger.kernel.org
Cc: Song Liu <song@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Palmer Dabbelt <palmer@dabbelt.com>,
Luke Nelson <luke.r.nels@gmail.com>,
Pu Lehui <pulehui@huawei.com>
Subject: Re: [PATCH bpf-next v2 4/4] riscv, bpf: Mixing bpf2bpf and tailcalls
Date: Fri, 2 Feb 2024 17:44:04 +0800 [thread overview]
Message-ID: <160aaa6f-7efb-4a29-ab6f-dcf938d3419f@huaweicloud.com> (raw)
In-Reply-To: <87jznowbmf.fsf@all.your.base.are.belong.to.us>
[-- Attachment #1: Type: text/plain, Size: 3694 bytes --]
On 2024/2/1 21:35, Björn Töpel wrote:
> Pu Lehui <pulehui@huaweicloud.com> writes:
>
>> On 2024/2/1 18:10, Björn Töpel wrote:
>>> Pu Lehui <pulehui@huaweicloud.com> writes:
>>>
>>>>>> @@ -252,10 +220,7 @@ static void __build_epilogue(bool is_tail_call, struct rv_jit_context *ctx)
>>>>>> emit_ld(RV_REG_S5, store_offset, RV_REG_SP, ctx);
>>>>>> store_offset -= 8;
>>>>>> }
>>>>>> - if (seen_reg(RV_REG_S6, ctx)) {
>>>>>> - emit_ld(RV_REG_S6, store_offset, RV_REG_SP, ctx);
>>>>>> - store_offset -= 8;
>>>>>> - }
>>>>>> + emit_ld(RV_REG_TCC, store_offset, RV_REG_SP, ctx);
>>>>>
>>>>> Why do you need to restore RV_REG_TCC? We're passing RV_REG_TCC (a6) as
>>>>> an argument at all call-sites, and for tailcalls we're loading from the
>>>>> stack.
>>>>>
>>>>> Is this to fake the a6 argument for the tail-call? If so, it's better to
>>>>> move it to emit_bpf_tail_call(), instead of letting all programs pay for
>>>>> it.
>>>>
>>>> Yes, we can remove this duplicate load. will do that at next version.
>>>
>>> Hmm, no remove, but *move* right? Otherwise a6 can contain gargabe on
>>> entering the tailcall?
>>>
>>> Move it before __emit_epilogue() in the tailcall, no?
>>>
>>
>> IIUC, we don't need to load it again. In emit_bpf_tail_call function, we
>> load TCC from stack to A6, A6--, then store A6 back to stack. Then
>> unwind the current stack and jump to target bpf prog, during this
>> period, we did not touch the A6 register, do we still need to load it again?
>
> a6 has to be populated prior each call -- including tailcalls. An
> example, how it can break:
>
> main_prog() -> prologue (a6 := 0; push a6) -> bpf_helper() (random
> kernel path that clobbers a6) -> tailcall(foo()) (unwinds stack, enters
It's OK to clobbers A6 reg for helper/kfunc call, because we will load
TCC from stack to A6 reg before jump to tailcall target prog. In
addition, I found that we can remove the store A6 back to stack command
from the tailcall process. I try to describe the process involved:
PS: I'm attaching a picture to avoid the formatting below.
Main prog
A6 reg = 33
STORE A6 value(TCC=33) to main prog stack
...
/* helper call/kfunc call (not call to bpf prog)*/
LOAD TCC=33 from main prog stack to A6 reg
call bpf_helper_prog1/kfunc1
bpf_helper_prog1/kfunc1
break A6 reg
return Main prog
/* it's ok to break A6 reg, because we have stored A6 value to main
prog stack */
...
/* start tailcall(foo) */
LOAD TCC=33 from main prog stack to A6 reg
A6--: TCC=32
STORE A6 value(TCC=32) to main prog stack
UNWIND Main prog stack (at this time, A6 value 32 will not on any stack)
/* at this time, A6 reg is not affected. */
jump to foo()
foo() --- tailcall target
STORE A6 value(TCC=32) to foo prog stack
...
/* subprog call (call to bpf prog)*/
LOAD TCC=32 from foo prog stack to A6 reg
call subprog1
subprog1
STORE A6 value(TCC=32) to subprog1 stack
...
/* start tailcall(foo2) */
LOAD TCC=32 from subprog1 stack to A6 reg
A6--:TCC=31
STORE A6 value(TCC=31) to subprog1 stack
UNWIND subprog1 stack (at this time, `old` A6 value 32 still in foo
prog stack)
/* at this time, A6 reg is not affected. */
jump to foo2()
foo2() --- tailcall target
STORE A6 value(TCC=31) to foo2 prog stack
...
UNWIND foo2 prog stack (at this time, `old` A6 value 32 still in
foo prog stack)
return to foo()
...
/* if have any call will load `old` A6 value 32 to A6 reg */
...
UNWIND foo prog stack (at this time, old A6 32 will not on any stack)
return to the caller of Main prog
> foo() with a6 garbage, and push a6).
>
> Am I missing something?
[-- Attachment #2: tailcalls.JPG --]
[-- Type: image/jpeg, Size: 92740 bytes --]
[-- Attachment #3: Type: text/plain, Size: 161 bytes --]
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2024-02-02 16:30 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-30 4:09 [PATCH bpf-next v2 0/4] Mixing bpf2bpf and tailcalls for RV64 Pu Lehui
2024-01-30 4:09 ` [PATCH bpf-next v2 1/4] riscv, bpf: Remove redundant ctx->offset initialization Pu Lehui
2024-01-30 16:04 ` Björn Töpel
2024-01-30 4:09 ` [PATCH bpf-next v2 2/4] riscv, bpf: Using kvcalloc to allocate cache buffer Pu Lehui
2024-01-30 16:05 ` Björn Töpel
2024-01-30 4:09 ` [PATCH bpf-next v2 3/4] riscv, bpf: Add RV_TAILCALL_OFFSET macro to format tailcall offset Pu Lehui
2024-01-30 16:05 ` Björn Töpel
2024-01-30 4:09 ` [PATCH bpf-next v2 4/4] riscv, bpf: Mixing bpf2bpf and tailcalls Pu Lehui
2024-01-30 17:30 ` Björn Töpel
2024-02-01 8:22 ` Pu Lehui
2024-02-01 10:10 ` Björn Töpel
2024-02-01 12:10 ` Pu Lehui
2024-02-01 13:35 ` Björn Töpel
2024-02-02 9:44 ` Pu Lehui [this message]
2024-02-02 13:04 ` Björn Töpel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=160aaa6f-7efb-4a29-ab6f-dcf938d3419f@huaweicloud.com \
--to=pulehui@huaweicloud.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bjorn@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=luke.r.nels@gmail.com \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=palmer@dabbelt.com \
--cc=pulehui@huawei.com \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).