[PATCH] bpf: don't verify classic bpfs

Konstantin Ananyev konstantin.ananyev at huawei.com
Thu May 16 11:36:12 CEST 2024

Previous message (by thread): [PATCH] bpf: don't verify classic bpfs
Next message (by thread): [PATCH] bpf: don't verify classic bpfs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> On Sun, 12 May 2024 08:55:45 +0300
> Yoav Winstein <yoav.w at claroty.com> wrote:
> 
> > When classic BPFs with lots of branching instructions are compiled,
> > __rte_bpf_bpf_validate runs way too slow. A simple bpf such as:
> > 'ether host a0:38:6d:af:17:eb or b3:a3:ff:b6:c1:ef or ...' 12 times
> >
> > results in ~1 minute of bpf validation.
> > This patch makes __rte_bpf_bpf_validate be aware of bpf_prm originating
> > from classic BPF, allowing to safely skip over the validation.
> >
> > Signed-off-by: Yoav Winstein <yoav.w at claroty.com>
> > ---
> 
> No.
> Wallpapering over a performance bug in the BPF library is not
> the best way to handle this. Please analyze the problem in the BPF
> library; it should be fixed there.

+1
Blindly disabling verification for all cBPFs is the worst possible option here.
We need at least try to understand what exactly causing such slowdown.

Previous message (by thread): [PATCH] bpf: don't verify classic bpfs
Next message (by thread): [PATCH] bpf: don't verify classic bpfs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list