Skip to content

Commit dc503a8

Browse files
ecree-solarflaredavem330
ecree-solarflare
authored and
davem330
committed
bpf/verifier: track liveness for pruning
State of a register doesn't matter if it wasn't read in reaching an exit; a write screens off all reads downstream of it from all explored_states upstream of it. This allows us to prune many more branches; here are some processed insn counts for some Cilium programs: Program before after bpf_lb_opt_-DLB_L3.o 6515 3361 bpf_lb_opt_-DLB_L4.o 8976 5176 bpf_lb_opt_-DUNKNOWN.o 2960 1137 bpf_lxc_opt_-DDROP_ALL.o 95412 48537 bpf_lxc_opt_-DUNKNOWN.o 141706 78718 bpf_netdev.o 24251 17995 bpf_overlay.o 10999 9385 The runtime is also improved; here are 'time' results in ms: Program before after bpf_lb_opt_-DLB_L3.o 24 6 bpf_lb_opt_-DLB_L4.o 26 11 bpf_lb_opt_-DUNKNOWN.o 11 2 bpf_lxc_opt_-DDROP_ALL.o 1288 139 bpf_lxc_opt_-DUNKNOWN.o 1768 234 bpf_netdev.o 62 31 bpf_overlay.o 15 13 Signed-off-by: Edward Cree <ecree@solarflare.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 0461b76 commit dc503a8

File tree

2 files changed

+156
-44
lines changed

2 files changed

+156
-44
lines changed

include/linux/bpf_verifier.h

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,12 @@
2121
*/
2222
#define BPF_MAX_VAR_SIZ INT_MAX
2323

24+
enum bpf_reg_liveness {
25+
REG_LIVE_NONE = 0, /* reg hasn't been read or written this branch */
26+
REG_LIVE_READ, /* reg was read, so we're sensitive to initial value */
27+
REG_LIVE_WRITTEN, /* reg was written first, screening off later reads */
28+
};
29+
2430
struct bpf_reg_state {
2531
enum bpf_reg_type type;
2632
union {
@@ -40,7 +46,7 @@ struct bpf_reg_state {
4046
* came from, when one is tested for != NULL.
4147
*/
4248
u32 id;
43-
/* These five fields must be last. See states_equal() */
49+
/* Ordering of fields matters. See states_equal() */
4450
/* For scalar types (SCALAR_VALUE), this represents our knowledge of
4551
* the actual value.
4652
* For pointer types, this represents the variable part of the offset
@@ -57,6 +63,8 @@ struct bpf_reg_state {
5763
s64 smax_value; /* maximum possible (s64)value */
5864
u64 umin_value; /* minimum possible (u64)value */
5965
u64 umax_value; /* maximum possible (u64)value */
66+
/* This field must be last, for states_equal() reasons. */
67+
enum bpf_reg_liveness live;
6068
};
6169

6270
enum bpf_stack_slot_type {
@@ -74,6 +82,7 @@ struct bpf_verifier_state {
7482
struct bpf_reg_state regs[MAX_BPF_REG];
7583
u8 stack_slot_type[MAX_BPF_STACK];
7684
struct bpf_reg_state spilled_regs[MAX_BPF_STACK / BPF_REG_SIZE];
85+
struct bpf_verifier_state *parent;
7786
};
7887

7988
/* linked list of verifier states used to prune search */

0 commit comments

Comments
 (0)