Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7160877ybi; Mon, 8 Jul 2019 15:53:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqxnpdJOdx0y8K/OCQPE/XD4ronFCJldi3p7Pmf54jMZ7ztNPTG33+emwW0FRp3z4tJXB4fk X-Received: by 2002:a63:550e:: with SMTP id j14mr17023758pgb.302.1562626427652; Mon, 08 Jul 2019 15:53:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562626427; cv=none; d=google.com; s=arc-20160816; b=dS5A1WihkE6FfsI3d9Di4h6RN9T33Eogf1folnMKgRMDV4O978Xk6NdYKIf1eo+lQK H1v+x0TJDij0BItaJnub6lA1ZI0KRXJSHaezCi9pn0LYJV9grfNFHGK0i7to2Y0tSUtX Jgb9/8ciL0e/HFbeCo4y90J3Pb94dTO2KOtY2N2NWWq45jTWWHJEoI6z20oCTX7PNF2O AGlAYah0zWkUjokQoyIA7HDvFPTkeyFRRJfkEyrTZED/2EDIwQAnudTImU7u4EFFqAZg ZFEcinDdkJtc2GszlxtP0UjmhABf305rpbjJnacrGwWrM7WwVQv90wcQ59cHWrIqkV/G /Oig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Bqu4OOG1U9yg+uZBPqnsvY5viByjOp0IKzDegiLwXbA=; b=mKeUEfahuJ+O4vmNIwXhd0+buYDryKseIcTGjHtPS8xPfsTwGsirYdrofxcNKMi3bh JafxX/xSklMPQEHKft3RBnt1xdJoFBKdQMbIrHQaIv1tcf3DUdsrwtLy6xawJAxBL35d hhw5CxoPxQrDHCsrRZJLOtQ6BHq/39W/TfXj7g80MqCeKaBQzpRbTrZatnBMgTRcKKij tT0PwM4Z1uD/jhFujsxMy0vugqFnX4SfBJNmJxTpR+0lDp1arNTrHRDnvcjWGiBcDbGk rRV6EO+NSABp+ciGSkqw7SpZcvsd+Axp/o8ENZxSVMDOa1o0Lb4PysxCBSLoOtcIpGgx IPEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=aBjL0ytY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z5si19128400plo.434.2019.07.08.15.53.32; Mon, 08 Jul 2019 15:53:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=aBjL0ytY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405328AbfGHWPw (ORCPT + 99 others); Mon, 8 Jul 2019 18:15:52 -0400 Received: from mail-lf1-f44.google.com ([209.85.167.44]:41055 "EHLO mail-lf1-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732782AbfGHWPv (ORCPT ); Mon, 8 Jul 2019 18:15:51 -0400 Received: by mail-lf1-f44.google.com with SMTP id 62so11988222lfa.8; Mon, 08 Jul 2019 15:15:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Bqu4OOG1U9yg+uZBPqnsvY5viByjOp0IKzDegiLwXbA=; b=aBjL0ytYIv/HhFUOC86GB1cWhIa+J2o6BD7OBDrXlkNjnNtvPusFwQ3ZarJ9Urb7/s WlRWYacdp+Xds5h1WYGLzV96erM3/Buuu3xQYANGrflXgZuSP7flD+ykdfOOTIyvDONt RMLyXyUyGjrXIUd9lMyM2jce67wVc0VUBl+1/zaJcqIRsqgIEQo0KxhN+mo0JuroWmWn 3AUOyPusm0kgDrsi1RJ4PYvLhP6A2uEsTwW/W1NJU1w3iZPkCOaV3iMgOAEY/lqCbalh OmT1gz1/gUypeNd/Xixdzos9XMHmJ2xkxTGqR00MYGC1+suVHel9+ZHZnqfmAuTLf8nS mq5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Bqu4OOG1U9yg+uZBPqnsvY5viByjOp0IKzDegiLwXbA=; b=VSaqj54rFYyaFu4eYMm665Syg6qiRS8eaRm228RZZPeovqkDj8ce+r7VKd2+NSt0HD 6k/X4l5uX29uiwG5VCsaRh53FDI8itDvBUZl11VcXr5HXnOLb0hcdz+MEc9f/+JdkRhr i0FhvivLP/xQSxJ7QMjEuC0XcxjP7nrU7MwSq208KmRWhXK/RydHUgo7WMk7o6qemW0B 83KcE3UNr5Bqd9fPztIriyzMUHMVGT5wWJHwtZWuok9c3gSEVK9M8JBbMysq8MWI5LM4 42xSWyFLeHscnfZzfDL3ETGEG3KmWBcaAgsMzSJW6inf+ukNgXg4GI4jNQR7mMGRINM7 9oXw== X-Gm-Message-State: APjAAAWWPBxUrUloB+wuiOu7YwzKv4BoR+98yKAUPPrrE8qdKUC0+tnc x7lafKBZSovrLOcfMgzrl0hGlc4EBA8LVPbnyXg= X-Received: by 2002:ac2:5337:: with SMTP id f23mr9951017lfh.15.1562624149427; Mon, 08 Jul 2019 15:15:49 -0700 (PDT) MIME-Version: 1.0 References: <881939122b88f32be4c374d248c09d7527a87e35.1561685471.git.jpoimboe@redhat.com> <20190706202942.GA123403@gmail.com> <20190707013206.don22x3tfldec4zm@treble> <20190707055209.xqyopsnxfurhrkxw@treble> In-Reply-To: <20190707055209.xqyopsnxfurhrkxw@treble> From: Alexei Starovoitov Date: Mon, 8 Jul 2019 15:15:37 -0700 Message-ID: Subject: Re: [tip:x86/urgent] bpf: Fix ORC unwinding in non-JIT BPF code To: Josh Poimboeuf Cc: Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Song Liu , Thomas Gleixner , Steven Rostedt , Kairui Song , Daniel Borkmann , Alexei Starovoitov , Peter Zijlstra , LKML , linux-tip-commits@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jul 6, 2019 at 10:52 PM Josh Poimboeuf wrote: > > On Sat, Jul 06, 2019 at 08:32:06PM -0500, Josh Poimboeuf wrote: > > On Sat, Jul 06, 2019 at 10:29:42PM +0200, Ingo Molnar wrote: > > > Hm, I get this new build warning on x86-64 defconfig-ish kernels plus > > > these enabled: > > > > > > CONFIG_BPF=y > > > CONFIG_BPF_JIT=y > > > > > > kernel/bpf/core.o: warning: objtool: ___bpf_prog_run()+0x8da: sibling call from callable instruction with modified stack frame > > > > I assume you have CONFIG_RETPOLINE disabled? For some reason that > > causes GCC to add 166 indirect jumps to that function, which is giving > > objtool trouble. Looking into it. > > Alexei, do you have any objections to setting -fno-gcse for > ___bpf_prog_run()? Either for the function or the file? Doing so seems > to be recommended by the GCC manual for computed gotos. It would also > "fix" one of the issues. More details below. > > Details: > > With CONFIG_RETPOLINE=n, there are a couple of GCC optimizations in > ___bpf_prog_run() which objtool is having trouble with. > > 1) > > The function has: > > select_insn: > goto *jumptable[insn->code]; > > And then a bunch of "goto select_insn" statements. > > GCC is basically replacing > > select_insn: > jmp *jumptable(,%rax,8) > ... > ALU64_ADD_X: > ... > jmp select_insn > ALU_ADD_X: > ... > jmp select_insn > > with > > select_insn: > jmp *jumptable(, %rax, 8) > ... > ALU64_ADD_X: > ... > jmp *jumptable(, %rax, 8) > ALU_ADD_X: > ... > jmp *jumptable(, %rax, 8) > > > It does that 166 times. > > For some reason, it doesn't do the optimization with retpolines > enabled. > > Objtool has never seen multiple indirect jump sites which use the same > jump table. This is relatively trivial to fix (I already have a > working patch). > > 2) > > After doing the first optimization, GCC then does another one which is > a little trickier. It replaces: > > select_insn: > jmp *jumptable(, %rax, 8) > ... > ALU64_ADD_X: > ... > jmp *jumptable(, %rax, 8) > ALU_ADD_X: > ... > jmp *jumptable(, %rax, 8) > > with > > select_insn: > mov jumptable, %r12 > jmp *(%r12, %rax, 8) > ... > ALU64_ADD_X: > ... > jmp *(%r12, %rax, 8) > ALU_ADD_X: > ... > jmp *(%r12, %rax, 8) > > The problem is that it only moves the jumptable address into %r12 > once, for the entire function, then it goes through multiple recursive > indirect jumps which rely on that %r12 value. But objtool isn't yet > smart enough to be able to track the value across multiple recursive > indirect jumps through the jump table. > > After some digging I found that the quick and easy fix is to disable > -fgcse. In fact, this seems to be recommended by the GCC manual, for > code like this: > > -fgcse > Perform a global common subexpression elimination pass. This > pass also performs global constant and copy propagation. > > Note: When compiling a program using computed gotos, a GCC > extension, you may get better run-time performance if you > disable the global common subexpression elimination pass by > adding -fno-gcse to the command line. > > Enabled at levels -O2, -O3, -Os. > > This code indeed relies extensively on computed gotos. I don't know > *why* disabling this optimization would improve performance. In fact > I really don't see how it could make much of a difference either way. > > Anyway, using -fno-gcse makes optimization #2 go away and makes > objtool happy, with only a fix for #1 needed. > > If -fno-gcse isn't an option, we might be able to fix objtool by using > the "first_jump_src" thing which Peter added, improving it such that > it also takes table jumps into account. Sorry for delay. I'm mostly offgrid until next week. As far as -fno-gcse.. I don't mind as long as it doesn't hurt performance. Which I suspect it will :( All these indirect gotos are there for performance. Single indirect goto and a bunch of jmp select_insn are way slower, since there is only one instruction for cpu branch predictor to work with. When every insn is followed by "jmp *jumptable" there is more room for cpu to speculate. It's been long time, but when I wrote it the difference between all indirect goto vs single indirect goto was almost 2x.