On Thu, 17 Oct 2019, David Miller wrote:
> From: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
> Date: Thu, 17 Oct 2019 17:40:21 +0200
>
> > On 2019-10-17 16:53:58 [+0200], Daniel Borkmann wrote:
> >> On Thu, Oct 17, 2019 at 11:05:01AM +0200, Sebastian Andrzej Siewior wrote:
> >> > Disable BPF on PREEMPT_RT because
> >> > - it allocates and frees memory in atomic context
> >> > - it uses up_read_non_owner()
> >> > - BPF_PROG_RUN() expects to be invoked in non-preemptible context
> >>
> >> For the latter you'd also need to disable seccomp-BPF and everything
> >> cBPF related as they are /all/ invoked via BPF_PROG_RUN() ...
> >
> > I looked at tracing and it depended on BPF_SYSCALL so I assumed they all
> > do… Now looking for BPF_PROG_RUN() there is PPP_FILTER,
> > NET_TEAM_MODE_LOADBALANCE and probably more. I didn't find a symbol for
> > seccomp-BPF.
> > Would it make sense to override BPF_PROG_RUN() and make each caller fail
> > instead? Other recommendations?
>
> I hope you understand that basically you are disabling any packet sniffing
> on the system with this patch you are proposing.
>
> This means no tcpdump, not wireshark, etc. They will all become
> non-functional.
>
> Turning off BPF just because PREEMPT_RT is enabled is a non-starter it is
> absolutely essential functionality for a Linux system at this point.
I'm all ears for an alternative solution. Here are the pain points:
#1) BPF disables preemption unconditionally with no way to do a proper RT
substitution like most other infrastructure in the kernel provides
via spinlocks or other locking primitives.
#2) BPF does allocations in atomic contexts, which is a dubious decision
even for non RT. That's related to #1
#3) BPF uses the up_read_non_owner() hackery which was only invented to
deal with already existing horrors and not meant to be proliferated.
Yes, I know it's a existing facility ....
TBH, I have no idea how to deal with those things. So the only way forward
for RT right now is to disable the whole thing.
Clark might have some insight from the product side for you how much that
impacts usability.
Thanks,
tglx
