On 10/4/19 4:43 PM, Jerin Jacob wrote:
On Fri, Oct 4, 2019 at 7:39 PM Daniel Borkmann <dan...@iogearbox.net> wrote:
On 10/4/19 12:53 PM, Thomas Monjalon wrote:
04/10/2019 11:54, Steve Capper:
I'd recommend also reaching out the BPF maintainers:
BPF JIT for ARM64
M: Daniel Borkmann <dan...@iogearbox.net>
M: Alexei Starovoitov <a...@kernel.org>
M: Zi Shen Lim <zlim....@gmail.com>
L: net...@vger.kernel.org
L: b...@vger.kernel.org
S: Supported
F: arch/arm64/net/
As they will have much better knowledge of the state of play and will be
better able to advise.
As far as I know Alexei and Daniel are OK with the idea.
But better to let them reply here.
I suggest we think about a way to package the kernel BPF JIT
for userspace usage (not only DPDK) as a library.
I don't understand why the DPDK JIT should be different
or optimized differently.
That would be great indeed as both projects would benefit from a shared
JIT instead of reimplementing everything twice. I never looked into DPDK
too much, but I presume the idea would be as well to take the LLVM (or
bpf-gcc) generated object file and load it into a BPF 'engine' that sits
in user space on top of DPDK? Presumably loader could be libbpf here as
well since it already knows how to parse the ELF, perform the relocations
etc. The only difference would be that you have a different context and
different helpers? Is that the goal eventually?
The only real issue I see is the need for a dual licensing BSD-GPL.
This might be one avenue if all kernel JIT contributors would be on board.
Another option I'm wondering could be to extend the bpf() syscall in order
to pass down a description of context and helper mappings e.g. via BTF and
let everything go through the verifier in the kernel the usual way (I presume
one goal might be that you want to assure that the generated BPF code passes
the safety checks before running the prog), then have it JITed and extract
the generated image in order to use it from user space. Kernel would have
to make sure it never actually allows attaching this program in the kernel.
Generated opcodes can already be retrieved today (see below). Such infra
could potentially help bpf-gcc folks as well as they expressed desire to
have some sort of a simulator for their gcc BPF test suite.. and it would
allow for consistent behavior of the BPF runtime. Just a thought.
This idea looks good. This can remove the verifier code also from DPDK.
Right, definitely makes sense to have consolidation also on this one as well
aside from the JITs, and pushing to the kernel and receiving back the JITed
image seems quite nice and would be generic to open up many other use cases
outside of networking. From app pov, it's just an implementation detail where
to get that BPF opcode image from anyway.
A couple of downsides I can think of,
# We may need to extend the kernel verifier to understand the user-space address
and its symbols for CALL and MEM access operations.
Yep, that part would be needed, potentially BTF could be of help here as well
for the description of the user space runtime environment like context, helpers
etc, so that JIT knows how to handle this.
# DPDK supports FreeBSD and Windows OS as well
I'm not too familiar with the state on BPF for the latter two, but afaik FreeBSD
at least had some effort to implement a BPF runtime into their kernel as well,
so similar interface could be provided, but presumably as starting point vast
majority of DPDK users are running Linux underneath anyway?
# Need a different treatment for old Linux kernels.
Maybe, though I have little insight from DPDK angle here. Wrt BPF and kernel
from
what we see major cloud providers usually offer quite recent kernels as well as
most mainstream distros that are run there, but again, environments where DPDK
is
typically deployed may differ (?), so cannot really comment.
Thanks,
Daniel
