lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+Fy8UaKWJ+8SoF_purtcOju-Xdt-m5qeUvg5keK3KGW9=ApQw@mail.gmail.com>
Date: Fri, 15 Nov 2024 08:06:29 -0800
From: Ryan Wilson <ryantimwilson@...il.com>
To: Toke Høiland-Jørgensen <toke@...hat.com>
Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>, 
	Network Development <netdev@...r.kernel.org>, Jakub Kicinski <kuba@...nel.org>, 
	Jesper Dangaard Brouer <hawk@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, bpf <bpf@...r.kernel.org>, 
	Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, ryantimwilson@...a.com, 
	Willem de Bruijn <willemdebruijn.kernel@...il.com>, Jason Wang <jasowang@...hat.com>, 
	Eric Dumazet <edumazet@...gle.com>
Subject: Re: [PATCH bpf-next] bpf: Add multi-prog support for XDP BPF programs

On Fri, Nov 15, 2024 at 3:07 AM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
>
> Hi Ryan
>
> I'll take a more detailed look at your patch later, but wanted to add
> a few smallish comment now, see below:
>
>
> Ryan Wilson <ryantimwilson@...il.com> writes:
> > On Thu, Nov 14, 2024 at 4:52 PM Alexei Starovoitov
> > <alexei.starovoitov@...il.com> wrote:
> >>
> >> On Thu, Nov 14, 2024 at 9:07 AM Ryan Wilson <ryantimwilson@...il.com> wrote:
> >> >
> >> > Currently, network devices only support a single XDP program. However,
> >> > there are use cases for multiple XDP programs per device. For example,
> >> > at Meta, we have XDP programs for firewalls, DDOS and logging that must
> >> > all run in a specific order. To work around the lack of multi-program
> >> > support, a single daemon loads all programs and uses bpf_tail_call()
> >> > in a loop to jump to each program contained in a BPF map.
> >>
> >> The support for multiple XDP progs per netdev is long overdue.
> >> Thank you for working on this!
>
> +1 on this!
>
>
> [...]
>
> > Note for real drivers, we do not hit this code. This is how it works
> > for real drivers:
> > - When installing a BPF program on a driver, we call the driver's
> > ndo_bpf() callback function with command = XDP_QUERY_MPROG_SUPPORT. If
> > this returns 0, then mprog is supported. Otherwise, mprog is not
> > supported.
>
> We already have feature flags for XDP, so why not just make mprog
> support a feature flag instead of the query thing? It probably should be
> anyway, so it can also be reported to userspace.

Oh wow can't believe I missed the feature flag API. Yes, I'll use this
in v2 instead. Thanks for the suggestion!

And if it's exposed to userspace, users no longer need to guess if
their driver supports mprog or not - although hopefully this is an
intermediary state and the mprog migration for all drivers will be
relatively quick and painless.

>
> >> I think it will remove this branch and XDP performance will remain
> >> the same ?
> >> Benchmarking on real NIC matters, of course.
> >
> > Good point. I will migrate a real driver and add XDP benchmarking
> > numbers to v2.
>
> Yes, please, looking forward to seeing benchmark numbers!
>
> -Toke
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ