On Fri, 14 Apr 2017 17:46:44 -0700 Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > But that's probably bad idea, since I was assuming that such ring > reconfiguration can be made fast, which is unlikely. > If it takes seconds to setup a ring, then drivers should just > assume XDP_PACKET_HEADROOM, since at that time the program > properties are unknown and in the future other programs will be loaded. > > Take a look at our current setup with slots for xdp_dump, ddos, lb > programs. Only root program is attached at the begining. > If the driver configures the ring for such empty program that would break > dynamic addition of lb prog. > The driver must not interrupt the traffic when user adds another > prog to prog array. In such case XDP side doesn't even know that > prog array is used. It's all happening purely on bpf side. The bpf tail-call use-case is a very good example of why the verifier cannot deduct the needed HEADROOM upfront. Could we still make the verifier reject a program getting attached as a tail-call when a too "low"/small HEADROOM have been setup? (to satisfy programs needs) -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat LinkedIn: http://www.linkedin.com/in/brouer
|