Maciej Żenczykowski <maze@xxxxxxxxxx> writes: > On Tue, Sep 15, 2020 at 1:47 AM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: >> >> [ just jumping in to answer this bit: ] >> >> > Would you happen to know what ebpf startup overhead is? >> > How big a problem is having two (or more) back to back tc programs >> > instead of one? >> >> With a jit'ed BPF program and the in-kernel dispatcher code (which >> avoids indirect calls), it's quite close to a native function call. > > Hmm, I know we have (had? they're upstream now I think) some CFI vs > BPF interaction issues. > We needed to mark the BPF call into JIT'ed code as CFI exempt. > > CFI is Code Flow Integrity and is some compiler magic, to quote wikipedia: > Google has shipped Android with the Linux kernel compiled by Clang > with link-time optimization (LTO) and CFI since 2018.[12] > I don't know much more about it. > > But we do BPF_JIT_ALWAYS_ON on 64-bit kernels, so it sounds like we > might be good. No idea about the CFI thing... >> > We're running into both verifier performance scaling problems and code >> > ownership issues with large programs... >> > >> > [btw. I understand for XDP we could only use 1 program anyway...] >> >> Working on that! See my talk at LPC: >> https://linuxplumbersconf.org/event/7/contributions/671/ > > Yes, I'm aware and excited about it! Great! :) > Unfortunately, Android S will only support 4.19, 5.4 and 5.10 for > newly launched devices (and 4.9/4.14 for upgrades). > (5.10 here means 'whatever is the next 5.x LTS', but that's most likely 5.10) > I don't (yet) even have real phone hardware running 5.4, and 5.10 > within the next year is even more of a stretch. Right, I saw your talk at LPC and of course the kernel version thing is a bit of an issue. I suppose you could do some compile-time magic to wrap programs and use the tail-call-based chaining for older kernels - bit of a hassle, though :/ -Toke
