From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: "Maciej Żenczykowski" <maze@google.com>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>,
Jakub Kicinski <kuba@kernel.org>, bpf <bpf@vger.kernel.org>,
Linux NetDev <netdev@vger.kernel.org>,
Daniel Borkmann <borkmann@iogearbox.net>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
John Fastabend <john.fastabend@gmail.com>
Subject: Re: [PATCH bpf-next] bpf: don't check against device MTU in __bpf_skb_max_len
Date: Wed, 16 Sep 2020 13:37:27 +0200 [thread overview]
Message-ID: <875z8eq7ew.fsf@toke.dk> (raw)
In-Reply-To: <CANP3RGf581mZKE2Eky-bY6swU6TAFv1vzxxZ24SQ+yB9TGAD8w@mail.gmail.com>
Maciej Żenczykowski <maze@google.com> writes:
> On Tue, Sep 15, 2020 at 1:47 AM Toke Høiland-Jørgensen <toke@redhat.com> wrote:
>>
>> [ just jumping in to answer this bit: ]
>>
>> > Would you happen to know what ebpf startup overhead is?
>> > How big a problem is having two (or more) back to back tc programs
>> > instead of one?
>>
>> With a jit'ed BPF program and the in-kernel dispatcher code (which
>> avoids indirect calls), it's quite close to a native function call.
>
> Hmm, I know we have (had? they're upstream now I think) some CFI vs
> BPF interaction issues.
> We needed to mark the BPF call into JIT'ed code as CFI exempt.
>
> CFI is Code Flow Integrity and is some compiler magic, to quote wikipedia:
> Google has shipped Android with the Linux kernel compiled by Clang
> with link-time optimization (LTO) and CFI since 2018.[12]
> I don't know much more about it.
>
> But we do BPF_JIT_ALWAYS_ON on 64-bit kernels, so it sounds like we
> might be good.
No idea about the CFI thing...
>> > We're running into both verifier performance scaling problems and code
>> > ownership issues with large programs...
>> >
>> > [btw. I understand for XDP we could only use 1 program anyway...]
>>
>> Working on that! See my talk at LPC:
>> https://linuxplumbersconf.org/event/7/contributions/671/
>
> Yes, I'm aware and excited about it!
Great! :)
> Unfortunately, Android S will only support 4.19, 5.4 and 5.10 for
> newly launched devices (and 4.9/4.14 for upgrades).
> (5.10 here means 'whatever is the next 5.x LTS', but that's most likely 5.10)
> I don't (yet) even have real phone hardware running 5.4, and 5.10
> within the next year is even more of a stretch.
Right, I saw your talk at LPC and of course the kernel version thing is
a bit of an issue. I suppose you could do some compile-time magic to
wrap programs and use the tail-call-based chaining for older kernels -
bit of a hassle, though :/
-Toke
prev parent reply other threads:[~2020-09-16 20:32 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-04 9:30 [PATCH bpf-next] bpf: don't check against device MTU in __bpf_skb_max_len Jesper Dangaard Brouer
2020-09-04 23:39 ` Jakub Kicinski
2020-09-07 14:07 ` Jesper Dangaard Brouer
2020-09-10 20:00 ` Maciej Żenczykowski
2020-09-14 14:05 ` Jesper Dangaard Brouer
2020-09-14 20:50 ` Maciej Żenczykowski
2020-09-15 8:47 ` Toke Høiland-Jørgensen
2020-09-16 0:12 ` Maciej Żenczykowski
2020-09-16 11:37 ` Toke Høiland-Jørgensen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875z8eq7ew.fsf@toke.dk \
--to=toke@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=borkmann@iogearbox.net \
--cc=bpf@vger.kernel.org \
--cc=brouer@redhat.com \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=maze@google.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.