From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E41C544008; Sun, 12 May 2024 07:56:00 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D32A540268; Sun, 12 May 2024 07:56:00 +0200 (CEST) Received: from mail-wm1-f97.google.com (mail-wm1-f97.google.com [209.85.128.97]) by mails.dpdk.org (Postfix) with ESMTP id 1B7714003C for ; Sun, 12 May 2024 07:56:00 +0200 (CEST) Received: by mail-wm1-f97.google.com with SMTP id 5b1f17b1804b1-42011507a54so3255295e9.0 for ; Sat, 11 May 2024 22:56:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715493360; x=1716098160; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=3ORZ6gcS+Gm/QcMZV9HVPjBe+wMUzO0a/kP8e+8oeeo=; b=bKQpkvWDxVOOLMJDEmJajX6lPAW370ar4ekRn3dCNnFA9SoHL/YCkRx19tdPKIbAPn q+lbBd3Y3bLmLfZ356dE5f9+ZxwkZ2wBBJZ5N9uQN86iypfnLkZb8Nsz3DBpl5ikKuPH 5XQJSnuZZr1fIExJhigh7igYKosFhWPYLaNGRGncTsnFIsdFIbxXFlHLXSRmZKxF/D+k sLuwBBL6Gz4X95VCuQMjiT7qRBvrX+uaptqnf4og2bJps8X4jJ8bP6rjrxuaWeKSN4y+ txuH8Ro7MaTw7TD3H9W9fgr5cS8c57ZYnSYTMYm1IbmgYRjIyZZrAhZF+UB81lYTz+cT GNbA== X-Gm-Message-State: AOJu0Yy+k+HYGqVAp2J7KAGTZFiKrHshzugAdt4zo+6z1Df4BaHPkI/o M2DHfj6Zqnjbd+kenukU262CzK1H25mgUx5htRsnlb18/z5zBcREERcu1cy3kVeqJVdqT5gsVs7 ITXNlJ68NLvkPmw+lVgNmOW7Uw4ZRVL/8cvR4xJ2v X-Google-Smtp-Source: AGHT+IEOfAfo891QSzxvOso73VGZ4ESsboldHapBaZnwaoTJVBRqkBn02FIiJy+3n/BKmfBCSG7KWAKVXOgA X-Received: by 2002:a05:600c:468e:b0:418:2ab6:7123 with SMTP id 5b1f17b1804b1-41feaa41489mr59719125e9.10.1715493359804; Sat, 11 May 2024 22:55:59 -0700 (PDT) Received: from claroty.com ([31.186.239.9]) by smtp-relay.gmail.com with ESMTPS id 5b1f17b1804b1-41fccde1a65sm6834295e9.18.2024.05.11.22.55.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 May 2024 22:55:59 -0700 (PDT) X-Relaying-Domain: claroty.com Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-41dc9c831acso19841545e9.0 for ; Sat, 11 May 2024 22:55:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=claroty.com; s=google; t=1715493357; x=1716098157; darn=dpdk.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=3ORZ6gcS+Gm/QcMZV9HVPjBe+wMUzO0a/kP8e+8oeeo=; b=VmEWV1C3PEAKTtx/cPtj3M1mskt9v6cfZRB/o1Ud6Scw3tewZXgwd97kdqCQBA/3FL i5uVtLuHbbyHUWCS1LbRCCKk1PgZeSY7r/nE30OuBnqfkDsgo83Z5/TWlFatul3a3wLn 0pdnDe+EomuTYKO3UirYozZmcm236MjLCy1Xx675elZVE9gMuBDWXjFNetvpV3h0zP3u cnBFVADux5sLp/XqV5G7SRFPaza5jxEDotalGmKfcVWQsKQHGLXwiLV3NV5+S7R7vneC xXIptW7pLN2yeROf1sbLbg5GOnafxv2p7GaN9sLQVzo4CHjXWsPDIepG9ORSGz8Tr2YR jB4w== X-Received: by 2002:adf:e256:0:b0:34e:3d3a:e144 with SMTP id ffacd0b85a97d-35017fe1ed2mr7545624f8f.2.1715493357073; Sat, 11 May 2024 22:55:57 -0700 (PDT) X-Received: by 2002:adf:e256:0:b0:34e:3d3a:e144 with SMTP id ffacd0b85a97d-35017fe1ed2mr7545613f8f.2.1715493356736; Sat, 11 May 2024 22:55:56 -0700 (PDT) Received: from localhost.localdomain ([94.188.185.10]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3502b89573csm8186035f8f.29.2024.05.11.22.55.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 May 2024 22:55:56 -0700 (PDT) From: Yoav Winstein To: dev@dpdk.org Cc: Yoav Winstein , Konstantin Ananyev Subject: [PATCH] bpf: don't verify classic bpfs Date: Sun, 12 May 2024 08:55:45 +0300 Message-Id: <20240512055545.98297-1-yoav.w@claroty.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit x-netskope-inspected: true X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org When classic BPFs with lots of branching instructions are compiled, __rte_bpf_bpf_validate runs way too slow. A simple bpf such as: 'ether host a0:38:6d:af:17:eb or b3:a3:ff:b6:c1:ef or ...' 12 times results in ~1 minute of bpf validation. This patch makes __rte_bpf_bpf_validate be aware of bpf_prm originating from classic BPF, allowing to safely skip over the validation. Signed-off-by: Yoav Winstein --- app/test/test_bpf.c | 2 ++ lib/bpf/bpf_convert.c | 1 + lib/bpf/bpf_load.c | 6 ++++-- lib/bpf/rte_bpf.h | 1 + 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/test/test_bpf.c b/app/test/test_bpf.c index 53e3a31123..7aae290c1a 100644 --- a/app/test/test_bpf.c +++ b/app/test/test_bpf.c @@ -3407,6 +3407,8 @@ static const char * const sample_filters[] = { " and (tcp[((tcp[12] & 0xF0) >> 4 ) * 4 + 1] = 0x03)" " and (tcp[((tcp[12] & 0xF0) >> 4 ) * 4 + 2] < 0x04)" " and ((ip[2:2] - 4 * (ip[0] & 0x0F) - 4 * ((tcp[12] & 0xF0) >> 4) > 69))", + /* Performance */ + "ether host a0:38:6d:af:17:eb or b3:a3:ff:b6:c1:ef or 4a:e8:e7:5b:76:ce or 0d:87:fa:7a:a6:6d or bb:fd:c6:4b:bc:ae or 4e:28:dc:f1:1c:f6 or 3d:f2:b7:99:54:55 or 1c:5a:90:4b:82:ce or a7:28:08:ea:c9:84 or 1f:c0:2f:2f:0a:01 or c6:64:91:e9:78:f2 or 5b:cc:3f:90:39:ae or 4c:38:8f:ed:16:5c or cb:89:cb:54:0f:4f or 1e:0d:d7:b2:21:84 or 91:07:2b:88:e0:96 or 6c:ca:cf:bf:cf:3e or b9:df:f1:d6:dd:11 or ea:34:0b:b3:96:9e or 70:e5:18:9f:22:93", /* Other */ "len = 128", }; diff --git a/lib/bpf/bpf_convert.c b/lib/bpf/bpf_convert.c index d7ff2b4325..bc3c9a5d8e 100644 --- a/lib/bpf/bpf_convert.c +++ b/lib/bpf/bpf_convert.c @@ -567,6 +567,7 @@ rte_bpf_convert(const struct bpf_program *prog) /* Classic BPF programs use mbufs */ prm->prog_arg.type = RTE_BPF_ARG_PTR_MBUF; prm->prog_arg.size = sizeof(struct rte_mbuf); + prm->skip_verification = true; return prm; } diff --git a/lib/bpf/bpf_load.c b/lib/bpf/bpf_load.c index de43347405..e30797cb49 100644 --- a/lib/bpf/bpf_load.c +++ b/lib/bpf/bpf_load.c @@ -108,13 +108,15 @@ rte_bpf_load(const struct rte_bpf_prm *prm) return NULL; } - rc = __rte_bpf_validate(bpf); + if (!prm->skip_verification) + rc = __rte_bpf_validate(bpf); + if (rc == 0) { __rte_bpf_jit(bpf); if (mprotect(bpf, bpf->sz, PROT_READ) != 0) rc = -ENOMEM; } - + if (rc != 0) { rte_bpf_destroy(bpf); rte_errno = -rc; diff --git a/lib/bpf/rte_bpf.h b/lib/bpf/rte_bpf.h index 80ebb0210f..6f3b4e3c31 100644 --- a/lib/bpf/rte_bpf.h +++ b/lib/bpf/rte_bpf.h @@ -94,6 +94,7 @@ struct rte_bpf_prm { /**< array of external symbols that eBPF code is allowed to reference */ uint32_t nb_xsym; /**< number of elements in xsym */ struct rte_bpf_arg prog_arg; /**< eBPF program input arg description */ + bool skip_verification; /**< should skip eBPF verification before load */ }; /** -- 2.34.1