On Wed, 2018-03-07 at 22:10 +0100, Daniel Borkmann wrote:
> In Cilium some of the main programs we run today are hitting 9 passes
> on x64's JIT compiler, and we've had cases already where we surpassed
> the limit where the JIT then punts the program to the interpreter
> instead, leading to insertion failures due to
> CONFIG_BPF_JIT_ALWAYS_ON
> or insertion failures due to the prog array owner being JITed but the
> program to insert not (both must have the same JITed/non-JITed
> property).
>
> One concrete case the program image shrunk from 12,767 bytes down to
> 10,288 bytes where the image converged after 16 steps. I've measured
> that this took 340us in the JIT until it converges on my i7-6600U.
> Thus,
> increase the original limit we had from day one where the JIT covered
> cBPF only back then before we run into the case (as similar with the
> complexity limit) where we trip over this and hit program rejections.
> Also add a cond_resched() into the compilation loop, the JIT process
> runs without any locks and may sleep anyway.
>
> Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
> Acked-by: Alexei Starovoitov <a...@kernel.org>
> ---
> arch/x86/net/bpf_jit_comp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/net/bpf_jit_comp.c
> b/arch/x86/net/bpf_jit_comp.c
> index 45e4eb5..ce5b2eb 100644
> --- a/arch/x86/net/bpf_jit_comp.c
> +++ b/arch/x86/net/bpf_jit_comp.c
> @@ -1188,7 +1188,7 @@ struct bpf_prog *bpf_int_jit_compile(struct
> bpf_prog *prog)
> * may converge on the last pass. In such case do one more
> * pass to emit the final image
> */
> - for (pass = 0; pass < 10 || image; pass++) {
> + for (pass = 0; pass < 20 || image; pass++) {
> proglen = do_jit(prog, addrs, image, oldproglen,
> &ctx);
> if (proglen <= 0) {
> image = NULL;
> @@ -1215,6 +1215,7 @@ struct bpf_prog *bpf_int_jit_compile(struct
> bpf_prog *prog)
> }
> }
> oldproglen = proglen;
> + cond_resched();
> }
>
> if (bpf_jit_enable > 1)
Thanks !
Reviewed-by: Eric Dumazet <eduma...@google.com>
