From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
Alexei Starovoitov <ast@kernel.org>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
Yonghong Song <yhs@fb.com>,
Marek Majkowski <marek@cloudflare.com>,
Lorenz Bauer <lmb@cloudflare.com>,
Alan Maguire <alan.maguire@oracle.com>,
Jesper Dangaard Brouer <brouer@redhat.com>,
David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 1/5] bpf: Support chain calling multiple BPF programs after each other
Date: Tue, 08 Oct 2019 10:07:46 +0200 [thread overview]
Message-ID: <87sgo3lkx9.fsf@toke.dk> (raw)
In-Reply-To: <20191007204234.p2bh6sul2uakpmnp@ast-mbp.dhcp.thefacebook.com>
Alexei Starovoitov <alexei.starovoitov@gmail.com> writes:
> On Mon, Oct 07, 2019 at 07:20:36PM +0200, Toke Høiland-Jørgensen wrote:
>> From: Toke Høiland-Jørgensen <toke@redhat.com>
>>
>> This adds support for wrapping eBPF program dispatch in chain calling
>> logic. The code injection is controlled by a flag at program load time; if
>> the flag is set, the BPF program will carry a flag bit that changes the
>> program dispatch logic to wrap it in a chain call loop.
>>
>> Ideally, it shouldn't be necessary to set the flag on program load time,
>> but rather inject the calls when a chain call program is first loaded. The
>> allocation logic sets the whole of struct bpf_prog to be read-only memory,
>> so it can't immediately be modified, but conceivably we could just unlock
>> the first page of the struct and flip the bit when a chain call program is
>> first attached.
>>
>> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
>> ---
>> include/linux/bpf.h | 3 +++
>> include/linux/filter.h | 34 ++++++++++++++++++++++++++++++++--
>> include/uapi/linux/bpf.h | 6 ++++++
>> kernel/bpf/core.c | 6 ++++++
>> kernel/bpf/syscall.c | 4 +++-
>> 5 files changed, 50 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
>> index 5b9d22338606..13e5f38cf5c6 100644
>> --- a/include/linux/bpf.h
>> +++ b/include/linux/bpf.h
>> @@ -365,6 +365,8 @@ struct bpf_prog_stats {
>> struct u64_stats_sync syncp;
>> };
>>
>> +#define BPF_NUM_CHAIN_SLOTS 8
>> +
>> struct bpf_prog_aux {
>> atomic_t refcnt;
>> u32 used_map_cnt;
>> @@ -383,6 +385,7 @@ struct bpf_prog_aux {
>> struct list_head ksym_lnode;
>> const struct bpf_prog_ops *ops;
>> struct bpf_map **used_maps;
>> + struct bpf_prog *chain_progs[BPF_NUM_CHAIN_SLOTS];
>> struct bpf_prog *prog;
>> struct user_struct *user;
>> u64 load_time; /* ns since boottime */
>> diff --git a/include/linux/filter.h b/include/linux/filter.h
>> index 2ce57645f3cd..3d1e4991e61d 100644
>> --- a/include/linux/filter.h
>> +++ b/include/linux/filter.h
>> @@ -21,6 +21,7 @@
>> #include <linux/kallsyms.h>
>> #include <linux/if_vlan.h>
>> #include <linux/vmalloc.h>
>> +#include <linux/nospec.h>
>>
>> #include <net/sch_generic.h>
>>
>> @@ -528,6 +529,7 @@ struct bpf_prog {
>> is_func:1, /* program is a bpf function */
>> kprobe_override:1, /* Do we override a kprobe? */
>> has_callchain_buf:1, /* callchain buffer allocated? */
>> + chain_calls:1, /* should this use the chain_call wrapper */
>> enforce_expected_attach_type:1; /* Enforce expected_attach_type checking at attach time */
>> enum bpf_prog_type type; /* Type of BPF program */
>> enum bpf_attach_type expected_attach_type; /* For some prog types */
>> @@ -551,6 +553,30 @@ struct sk_filter {
>> struct bpf_prog *prog;
>> };
>>
>> +#define BPF_MAX_CHAIN_CALLS 32
>> +static __always_inline unsigned int do_chain_calls(const struct bpf_prog *prog,
>> + const void *ctx)
>> +{
>> + int i = BPF_MAX_CHAIN_CALLS;
>> + int idx;
>> + u32 ret;
>> +
>> + do {
>> + ret = (*(prog)->bpf_func)(ctx, prog->insnsi);
>
> This breaks program stats.
Oh, right, silly me. Will fix.
>> +
>> + if (ret + 1 >= BPF_NUM_CHAIN_SLOTS) {
>> + prog = prog->aux->chain_progs[0];
>> + continue;
>> + }
>> + idx = ret + 1;
>> + idx = array_index_nospec(idx, BPF_NUM_CHAIN_SLOTS);
>> +
>> + prog = prog->aux->chain_progs[idx] ?: prog->aux->chain_progs[0];
>> + } while (prog && --i);
>> +
>> + return ret;
>> +}
>> +
>> DECLARE_STATIC_KEY_FALSE(bpf_stats_enabled_key);
>>
>> #define BPF_PROG_RUN(prog, ctx) ({ \
>> @@ -559,14 +585,18 @@ DECLARE_STATIC_KEY_FALSE(bpf_stats_enabled_key);
>> if (static_branch_unlikely(&bpf_stats_enabled_key)) { \
>> struct bpf_prog_stats *stats; \
>> u64 start = sched_clock(); \
>> - ret = (*(prog)->bpf_func)(ctx, (prog)->insnsi); \
>> + ret = prog->chain_calls ? \
>> + do_chain_calls(prog, ctx) : \
>> + (*(prog)->bpf_func)(ctx, (prog)->insnsi); \
>
> I thought you agreed on 'no performance regressions' rule?
As I wrote in the cover letter I could not measurable a performance
impact from this, even with the simplest possible XDP program (where
program setup time has the largest impact).
This was the performance before/after patch (also in the cover letter):
Before patch (XDP DROP program): 31.5 Mpps
After patch (XDP DROP program): 32.0 Mpps
So actually this *increases* performance ;)
(Or rather, the difference is within the measurement uncertainty on my
system).
-Toke
next prev parent reply other threads:[~2019-10-08 8:07 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-07 17:20 [PATCH bpf-next v3 0/5] xdp: Support multiple programs on a single interface through chain calls Toke Høiland-Jørgensen
2019-10-07 17:20 ` [PATCH bpf-next v3 1/5] bpf: Support chain calling multiple BPF programs after each other Toke Høiland-Jørgensen
2019-10-07 20:42 ` Alexei Starovoitov
2019-10-08 8:07 ` Toke Høiland-Jørgensen [this message]
2019-10-09 1:51 ` Alexei Starovoitov
2019-10-09 8:03 ` Toke Høiland-Jørgensen
2019-10-10 4:41 ` Alexei Starovoitov
2019-10-14 12:35 ` Toke Høiland-Jørgensen
2019-10-14 17:08 ` John Fastabend
2019-10-14 18:48 ` Toke Høiland-Jørgensen
2019-10-15 16:30 ` Edward Cree
2019-10-15 16:42 ` Toke Høiland-Jørgensen
2019-10-15 18:33 ` Edward Cree
2019-10-17 12:11 ` Toke Høiland-Jørgensen
2019-10-22 17:27 ` Edward Cree
2019-10-22 18:07 ` Toke Høiland-Jørgensen
2019-11-12 2:51 ` static and dynamic linking. Was: [PATCH bpf-next v3 1/5] bpf: Support chain calling multiple BPF Alexei Starovoitov
2019-11-12 16:20 ` Toke Høiland-Jørgensen
2019-11-12 19:52 ` Alexei Starovoitov
2019-11-12 21:25 ` Edward Cree
2019-11-12 23:18 ` Alexei Starovoitov
2019-11-13 18:30 ` Edward Cree
2019-11-13 18:51 ` Andrii Nakryiko
2019-11-15 2:13 ` Alexei Starovoitov
2019-11-15 16:56 ` John Fastabend
2019-11-12 23:25 ` John Fastabend
2019-11-13 0:21 ` Alexei Starovoitov
2019-11-13 5:33 ` John Fastabend
2019-11-15 1:50 ` Alexei Starovoitov
2019-11-15 16:39 ` John Fastabend
2019-11-14 15:41 ` Toke Høiland-Jørgensen
2019-11-12 16:32 ` Edward Cree
2019-11-15 11:48 ` Lorenz Bauer
2019-11-15 23:02 ` Alexei Starovoitov
2019-11-18 13:29 ` Lorenz Bauer
2019-10-21 23:51 ` [PATCH bpf-next v3 1/5] bpf: Support chain calling multiple BPF programs after each other Edward Cree
2019-10-16 2:28 ` Alexei Starovoitov
2019-10-16 8:27 ` Jesper Dangaard Brouer
2019-10-16 10:35 ` Daniel Borkmann
2019-10-16 11:16 ` Toke Høiland-Jørgensen
2019-10-16 13:51 ` Toke Høiland-Jørgensen
2019-10-19 20:09 ` bpf indirect calls Alexei Starovoitov
2019-10-20 10:58 ` Toke Høiland-Jørgensen
2019-10-25 16:30 ` Alexei Starovoitov
2019-10-27 12:15 ` Toke Høiland-Jørgensen
2023-09-27 13:27 ` Matt Bobrowski
2023-09-29 21:06 ` Alexei Starovoitov
2023-10-02 18:50 ` Barret Rhoden
2023-10-06 9:36 ` Matt Bobrowski
2023-10-06 18:49 ` Alexei Starovoitov
2023-10-19 12:28 ` Matt Bobrowski
2019-10-09 10:19 ` [PATCH bpf-next v3 1/5] bpf: Support chain calling multiple BPF programs after each other Jesper Dangaard Brouer
2019-10-09 17:57 ` Alexei Starovoitov
2019-10-07 17:20 ` [PATCH bpf-next v3 2/5] bpf: Add support for setting chain call sequence for programs Toke Høiland-Jørgensen
2019-10-07 20:38 ` Daniel Borkmann
2019-10-08 8:09 ` Toke Høiland-Jørgensen
2019-10-07 17:20 ` [PATCH bpf-next v3 3/5] tools: Update bpf.h header for program chain calls Toke Høiland-Jørgensen
2019-10-07 17:20 ` [PATCH bpf-next v3 4/5] libbpf: Add syscall wrappers for BPF_PROG_CHAIN_* commands Toke Høiland-Jørgensen
2019-10-07 17:20 ` [PATCH bpf-next v3 5/5] selftests: Add tests for XDP chain calls Toke Høiland-Jørgensen
2019-10-07 18:58 ` [PATCH bpf-next v3 0/5] xdp: Support multiple programs on a single interface through " John Fastabend
2019-10-08 8:42 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sgo3lkx9.fsf@toke.dk \
--to=toke@redhat.com \
--cc=alan.maguire@oracle.com \
--cc=alexei.starovoitov@gmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brouer@redhat.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=kafai@fb.com \
--cc=lmb@cloudflare.com \
--cc=marek@cloudflare.com \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.