bpf: use common instruction history across all states #7990
+62
−62
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![kernel-patches-daemon-bpf[bot]](https://avatars.githubusercontent.com/u/70728002?s=60&v=4){kind=small}
|
Upstream branch: e626a13 |
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
3c8d365
to
8f9bc60
Compare
|
Upstream branch: e5e4799 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/904858=>bpf-next
branch
from
f7c286f
to
1d96d69
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
8f9bc60
to
103c737
Compare
|
Upstream branch: 4d99e50 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/904858=>bpf-next
branch
from
1d96d69
to
1fdd28f
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
103c737
to
0e4003e
Compare
|
Upstream branch: 77017b9 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/904858=>bpf-next
branch
from
1fdd28f
to
05cb3e7
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
0e4003e
to
5e2942e
Compare
|
Upstream branch: f2daa5a |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/904858=>bpf-next
branch
from
05cb3e7
to
9432462
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
5e2942e
to
3e790e1
Compare
|
Upstream branch: 9a78313 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/904858=>bpf-next
branch
from
9432462
to
170ecb9
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
3e790e1
to
2f0c8a7
Compare
Instead of allocating and copying instruction history each time we enqueue child verifier state, switch to a model where we use one common dynamically sized array of instruction history entries across all states. The key observation for proving this is correct is that instruction history is only relevant while state is active, which means it either is a current state (and thus we are actively modifying instruction history and no other state can interfere with us) or we are checkpointed state with some children still active (either enqueued or being current). In the latter case our portion of instruction history is finalized and won't change or grow, so as long as we keep it immutable until the state is finalized, we are good. Now, when state is finalized and is put into state hash for potentially future pruning lookups, instruction history is not used anymore. This is because instruction history is only used by precision marking logic, and we never modify precision markings for finalized states. So, instead of each state having its own small instruction history, we keep a global dynamically-sized instruction history, where each state in current DFS path from root to active state remembers its portion of instruction history. Current state can append to this history, but cannot modify any of its parent histories. Async callback state enqueing, while logically detached from parent state, still is part of verification backtracking tree, so has to follow the same schema as normal state checkpoints. Because the insn_hist array can be grown through realloc, states don't keep pointers, they instead maintain two indices, [start, end), into global instruction history array. End is exclusive index, so `start == end` means there is no relevant instruction history. This eliminates a lot of allocations and minimizes overall memory usage. For instance, running a worst-case test from [0] (but without the heuristics-based fix [1]), it took 12.5 minutes until we get -ENOMEM. With the changes in this patch the whole test succeeds in 10 minutes (very slow, so heuristics from [1] is important, of course). To further validate correctness, veristat-based comparison was performed for Meta production BPF objects and BPF selftests objects. In both cases there were no differences *at all* in terms of verdict or instruction and state counts, providing a good confidence in the change. Having this low-memory-overhead solution of keeping dynamic per-instruction history cheaply opens up some new possibilities, like keeping extra information for literally every single validated instruction. This will be used for simplifying precision backpropagation logic in follow up patches. [0] https://lore.kernel.org/bpf/[email protected]/ [1] https://lore.kernel.org/bpf/[email protected]/ Acked-by: Eduard Zingerman <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]>
|
Upstream branch: 1850ce1 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/904858=>bpf-next
branch
from
170ecb9
to
8e1368d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: use common instruction history across all states
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=904858