lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 23 Sep 2020 11:41:40 -0700
From:   Alexei Starovoitov <>
To:     Lorenz Bauer <>
Cc:     Maciej Fijalkowski <>,
        John Fastabend <>,
        Alexei Starovoitov <>,
        Daniel Borkmann <>,
        bpf <>,
        Network Development <>,
        Björn Töpel <>,
        "Karlsson, Magnus" <>,
        Andrii Nakryiko <>,
        Martin KaFai Lau <>
Subject: Re: [PATCH v8 bpf-next 0/7] bpf: tailcalls in BPF subprograms

On Wed, Sep 23, 2020 at 9:11 AM Lorenz Bauer <> wrote:
> On Fri, 18 Sep 2020 at 04:26, Alexei Starovoitov
> <> wrote:
> [...]
> >
> > Lorenz,
> > if you can test it on cloudflare progs would be awesome.
> Our programs all bpf_tail_call from the topmost function, so no calls
> from subprogs. I stripped out our FORCE_INLINE flag, recompiled and
> ran our testsuite. cls_redirect.c (also in the kernel selftests) has a
> test failure that I currently can't explain, but I don't have the time
> to look at it in detail right now.

selftests's test_cls_redirect.c does not have any tail calls,
so it's not an interesting target.
But your internal code relying on tail_call and until today
you could not use subprograms at all.
It doesn't matter that you do tail_call out of topmost function.
The verifier would disallow subprogs, so you were missing
on lots of new functionality.
What I'm suggesting to try is to keep your code as-is
(with tail_call in topmost) and simply remove always_inline.
Let the compiler decide on better code layout.
That will improve performance and most likely improve verification time too.
If you convert some of the subprograms into global functions then
you will be able to use function-by-function verification which will
drastically improve verification time.

Same thing for cilium. Their progs use tail_calls and because of that
couldn't use subprogs at all.
I think John was saying that prog load time is important for cilium.
The answer is to use global functions.
Now with tail_calls being compatible with subprogs all that is available.

Powered by blists - more mailing lists