Re: [PATCH 5/5] MIPS: Add support for eBPF JIT.

From: David Daney
Date: Fri May 26 2017 - 15:20:44 EST


On 05/26/2017 12:09 PM, Daniel Borkmann wrote:
On 05/26/2017 05:39 PM, David Daney wrote:
On 05/26/2017 08:14 AM, Daniel Borkmann wrote:
On 05/26/2017 02:38 AM, David Daney wrote:
Since the eBPF machine has 64-bit registers, we only support this in
64-bit kernels. As of the writing of this commit log test-bpf is showing:

test_bpf: Summary: 316 PASSED, 0 FAILED, [308/308 JIT'ed]

All current test cases are successfully compiled.

Signed-off-by: David Daney <david.daney@xxxxxxxxxx>

Awesome work!

Did you also manage to run tools/testing/selftests/bpf/ fine with
the JIT enabled?

I haven't done that yet, I will before the next revision.

[...]
+struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
+{
+ struct jit_ctx ctx;
+ unsigned int alloc_size;
+
+ /* Only 64-bit kernel supports eBPF */
+ if (!IS_ENABLED(CONFIG_64BIT) || !bpf_jit_enable)

Isn't this already reflected by the following?

select HAVE_EBPF_JIT if (64BIT && !CPU_MICROMIPS)

Not exactly. The eBPF JIT is in the same file as the classic-BPF JIT, so when HAVE_EBPF_JIT is false this will indeed never be called. But the kernel would otherwise contain all the JIT code.

By putting in !IS_ENABLED(CONFIG_64BIT) we allow gcc to eliminate all the dead code when compiling the JITs.

Side-effect would still be that for cBPF you go through the cBPF
JIT instead of letting the kernel convert all cBPF to eBPF and
later on go through your eBPF JIT. If you still prefer to have
everything in one single file and let gcc eliminate dead code
then you can just do single line change ...

void bpf_jit_compile(struct bpf_prog *fp)
{
struct jit_ctx ctx;
unsigned int alloc_size, tmp_idx;

if (IS_ENABLED(CONFIG_HAVE_EBPF_JIT) || !bpf_jit_enable)
return;

Yes. In fact I did that for testing.

The cBPF JIT generates smaller code for:

test_bpf: #274 BPF_MAXINSNS: ld_abs+get_processor_id jited:1 44128 PASS

When we attempt to use the eBPF JIT for this, some of the MIPS branch instructions cannot reach their targets (+- 32K instructions). I didn't feel like fixing the code generation quite yet to handle branches that span more than 32K instructions, so I left the cBPF in place so I could claim that all of the test cases were JITed :-)

For the next revision of the patch I will revisit this.

David.

[...]
}

... and bpf_prog_ebpf_jited() et al wouldn't need to be changed
in the core, which are used in kallsyms, and kernel will then
also be able to automatically JIT all of seccomp-BPF and the
missing cBPF extensions we have through the eBPF JIT w/o extra
work.