Re: [PATCH v7 net-next 1/3] filter: add Extended BPF interpreter and converter

From: Alexei Starovoitov
Date: Sun Mar 09 2014 - 13:39:07 EST

Next message: Rafael J. Wysocki: "Re: 3.13.?: Strange / dangerous fan policy..."
Previous message: Rafael J. Wysocki: "Re: [RFC PATCH 6/8] ACPI: use platform bus as the default bus for _HID enumeration"
In reply to: Eric Dumazet: "Re: [PATCH v7 net-next 1/3] filter: add Extended BPF interpreter and converter"
Next in thread: Eric Dumazet: "Re: [PATCH v7 net-next 1/3] filter: add Extended BPF interpreter and converter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Mar 9, 2014 at 7:45 AM, Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote:
> On Sat, 2014-03-08 at 15:15 -0800, Alexei Starovoitov wrote:
>
>> +/**
>> + * sk_run_filter_ext - run an extended filter
>> + * @ctx: buffer to run the filter on
>> + * @insn: filter to apply
>> + *
>> + * Decode and execute extended BPF instructions.
>> + * @ctx is the data we are operating on.
>> + * @filter is the array of filter instructions.
>> + */
>> +notrace u32 sk_run_filter_ext(void *ctx, const struct sock_filter_ext *insn)
>> +{
>> + u64 stack[64];
>> + u64 regs[16];
>> + void *ptr;
>> + u64 tmp;
>> + int off;

First of all, great that you finally reviewed it! Feedback is appreciated :)

> Why is this 'notrace' ?

to avoid overhead of dummy call.
JITed filters are not adding this dummy call.
So 'notrace' on interpreter brings it to parity with JITed filters.

> 80 u64 on the stack, that is 640 bytes to run a filter ????

yes. that was described in commit log and in Doc...filter.txt:
"
- 16 4-byte stack slots for register spill-fill replaced with
up to 512 bytes of multi-use stack space
"

For interpreter it is prohibitive to dynamically allocate stack space
that's why it just grabs 64*8 to run any program.
For JIT it's going to be close to zero for majority of filters, since
generated program will allocate only as much as was allowed
by sk_chk_filter_ext(). Only largest programs would need 'up to 512'.
This much stack would be needed for programs that need to use
large key/value pairs in their ebpf tables.
So far I haven't seen a program that approaches this limit,
but it seems to me that 512 is reasonable, since kernel warns on
functions with > 1k stack.

btw, current x86 jit just does 'subq $96,%rsp',
I think ebpf jit should use the minimum amount of stack. Only amount
that is needed.
May be I'm over thinking it and having 'subq $512, %rsp' for JIT is also fine.
Let me know.

Thanks
Alexei
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rafael J. Wysocki: "Re: 3.13.?: Strange / dangerous fan policy..."
Previous message: Rafael J. Wysocki: "Re: [RFC PATCH 6/8] ACPI: use platform bus as the default bus for _HID enumeration"
In reply to: Eric Dumazet: "Re: [PATCH v7 net-next 1/3] filter: add Extended BPF interpreter and converter"
Next in thread: Eric Dumazet: "Re: [PATCH v7 net-next 1/3] filter: add Extended BPF interpreter and converter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]