Message ID | 20220520031548.338934-6-song@kernel.org (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | bpf_prog_pack followup | expand |
On Thu, May 19, 2022 at 08:15:45PM -0700, Song Liu wrote: > Also, remove set_vm_flush_reset_perms() from alloc_new_pack() and use > set_memory_[nx|rw] in bpf_prog_pack_free(). This is because > VM_FLUSH_RESET_PERMS does not work with huge pages yet. [1] > > [1] https://lore.kernel.org/bpf/aeeeaf0b7ec63fdba55d4834d2f524d8bf05b71b.camel@intel.com/ > Suggested-by: Rick Edgecombe <rick.p.edgecombe@intel.com> > Signed-off-by: Song Liu <song@kernel.org> > --- Rick, although VM_FLUSH_RESET_PERMS is rather new my concern here is we're essentially enabling sloppy users to grow without also addressing what if we have to take the leash back to support VM_FLUSH_RESET_PERMS properly? If the hack to support this on other architectures other than x86 is as simple as the one you in vm_remove_mappings() today: if (flush_reset && !IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) { set_memory_nx(addr, area->nr_pages); set_memory_rw(addr, area->nr_pages); } then I suppose this isn't a big deal. I'm just concerned here this being a slippery slope of sloppiness leading to something which we will regret later. My intution tells me this shouldn't be a big issue, but I just want to confirm. Luis > diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c > index cacd8684c3c4..b64d91fcb0ba 100644 > @@ -949,6 +947,8 @@ static void bpf_prog_pack_free(struct bpf_binary_header *hdr) > > mutex_lock(&pack_mutex); > if (hdr->size > bpf_prog_pack_size) { > + set_memory_nx((unsigned long)hdr, hdr->size / PAGE_SIZE); > + set_memory_rw((unsigned long)hdr, hdr->size / PAGE_SIZE); > module_memfree(hdr); > goto out; > } > @@ -975,6 +975,8 @@ static void bpf_prog_pack_free(struct bpf_binary_header *hdr) > if (bitmap_find_next_zero_area(pack->bitmap, bpf_prog_chunk_count(), 0, > bpf_prog_chunk_count(), 0) == 0) { > list_del(&pack->list); > + set_memory_nx((unsigned long)pack->ptr, bpf_prog_pack_size / PAGE_SIZE); > + set_memory_rw((unsigned long)pack->ptr, bpf_prog_pack_size / PAGE_SIZE); > module_memfree(pack->ptr); > kfree(pack); > } > -- > 2.30.2 >
On Fri, May 20, 2022 at 06:00:57PM -0700, Luis Chamberlain wrote: > On Thu, May 19, 2022 at 08:15:45PM -0700, Song Liu wrote: > > Use module_alloc_huge for bpf_prog_pack so that BPF programs sit on > > PMD_SIZE pages. This benefits system performance by reducing iTLB miss > > rate. Benchmark of a real web service workload shows this change gives > > another ~0.2% performance boost on top of PAGE_SIZE bpf_prog_pack > > (which improve system throughput by ~0.5%). Also, seems like a is a missed opportunity to show iTLB misses with more detail. If there was a selftest to stress bpf JIT you could use perf and enable anyone to quanitfy gains. Dave hinted with some ideas with perf: perf stat -e cpu/event=0x8,umask=0x84,name=dtlb_load_misses_walk_duration/,cpu/event=0x8,umask=0x82,name=dtlb_load_misses_walk_completed/,cpu/event=0x49,umask=0x4,name=dtlb_store_misses_walk_duration/,cpu/event=0x49,umask=0x2,name=dtlb_store_misses_walk_completed/,cpu/event=0x85,umask=0x4,name=itlb_misses_walk_duration/,cpu/event=0x85,umask=0x2,name=itlb_misses_walk_completed/ some_bpf_jit_test Luis
On Fri, 2022-05-20 at 18:00 -0700, Luis Chamberlain wrote: > although VM_FLUSH_RESET_PERMS is rather new my concern here is we're > essentially enabling sloppy users to grow without also addressing > what if we have to take the leash back to support > VM_FLUSH_RESET_PERMS > properly? If the hack to support this on other architectures other > than > x86 is as simple as the one you in vm_remove_mappings() today: > > if (flush_reset && > !IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) { > set_memory_nx(addr, area->nr_pages); > set_memory_rw(addr, area->nr_pages); > } > > then I suppose this isn't a big deal. I'm just concerned here this > being > a slippery slope of sloppiness leading to something which we will > regret later. > > My intution tells me this shouldn't be a big issue, but I just want > to > confirm. Yea, I commented the same concern on the last thread: https://lore.kernel.org/lkml/83a69976cb93e69c5ad7a9511b5e57c402eee19d.camel@intel.com/ Song said he plans to make kprobes and ftrace work with this new allocator. If that happens VM_FLUSH_RESET_PERMS would only have one user - modules. Care to chime in with your plans for modules? If there are actual near term plans to keep working on this, VM_FLUSH_RESET_PERMS might be changed again or turn into something else. Like if we are about to re-think everything, then it doesn't matter as much to fix what would then be old. Besides not fixing VM_FLUSH_RESET_PERMS/hibernate though, I think this allocator still feels a little rough. For example I don't think we actually know how much the huge mappings are helping. It is also allocating memory in a big chunk from a single node and reusing it, where before we were allocating based on numa node for each jit. Would some user's suffer from that? Maybe it's obvious to others, but I would have expected to see more discussion of MM things like that. But I like general direction of caching and using text_poke() to write the jits a lot. However it works, it seems to make a big impact in at least some workloads. So yea, seems sloppy, but probably (...I guess?) more good for users then sloppy for us.
On Sat, May 21, 2022 at 03:20:28AM +0000, Edgecombe, Rick P wrote: > On Fri, 2022-05-20 at 18:00 -0700, Luis Chamberlain wrote: > > although VM_FLUSH_RESET_PERMS is rather new my concern here is we're > > essentially enabling sloppy users to grow without also addressing > > what if we have to take the leash back to support > > VM_FLUSH_RESET_PERMS > > properly? If the hack to support this on other architectures other > > than > > x86 is as simple as the one you in vm_remove_mappings() today: > > > > if (flush_reset && > > !IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) { > > set_memory_nx(addr, area->nr_pages); > > set_memory_rw(addr, area->nr_pages); > > } > > > > then I suppose this isn't a big deal. I'm just concerned here this > > being > > a slippery slope of sloppiness leading to something which we will > > regret later. > > > > My intution tells me this shouldn't be a big issue, but I just want > > to > > confirm. > > Yea, I commented the same concern on the last thread: > > https://lore.kernel.org/lkml/83a69976cb93e69c5ad7a9511b5e57c402eee19d.camel@intel.com/ > > Song said he plans to make kprobes and ftrace work with this new > allocator. If that happens VM_FLUSH_RESET_PERMS would only have one > user - modules. Care to chime in with your plans for modules? My plans are to not break things and to slowly tidy things up. If you see linux-next, things are at least starting to be split in nice pieces. With time, clean that further so to not break things. You were the one who added VM_FLUSH_RESET_PERMS, wasn't that to deal with secmem stuff? So wouldn't you know better what you recommend for it? Seeing all this, given module_alloc() users are growing and seeing the tiny bit of growth of use in this space, I'd think we should rename module_alloc() to vmalloc_exec(), and likewise the same for module_memfree() to vmalloc_exec_free(). But it would be our first __weak vmalloc, and not sure if that's looked down upon. > If there > are actual near term plans to keep working on this, > VM_FLUSH_RESET_PERMS might be changed again or turn into something > else. Like if we are about to re-think everything, then it doesn't > matter as much to fix what would then be old. I think it's up to you as you added it and I'm not looking to add any bells or wistles, just tidy things up *slowly*. > Besides not fixing VM_FLUSH_RESET_PERMS/hibernate though, I think this > allocator still feels a little rough. For example I don't think we > actually know how much the huge mappings are helping. Right, 100% agreed. The performance numbers provided are nice but they are not anything folks can reproduce at all. I hinted towards perf stuff which could be used and enable other users later to also use similar stats to showcase its value if they want to move to huge pages. It is a side note, and perhaps a stupid question, as I don't grok mm, but I'm perplexed about the fact that if the value is seen so high towards huge pages for exec stuff in kernel, wouldn't there be a few folks who might want to try this for regular exec stuff? Wouldn't there be much more gains there? > It is also > allocating memory in a big chunk from a single node and reusing it, > where before we were allocating based on numa node for each jit. Would > some user's suffer from that? Maybe it's obvious to others, but I would > have expected to see more discussion of MM things like that. Curious, why was it moved to use a single node? > But I like general direction of caching and using text_poke() to write > the jits a lot. However it works, it seems to make a big impact in at > least some workloads. > > So yea, seems sloppy, but probably (...I guess?) more good for users > then sloppy for us. The impact of sloppiness lies in possible odd bugs later and trying to decipher what was being done. So I do have concerns with the immediate tribal knowlege incurred by the current implementation. What is your own roadmap for VM_FLUSH_RESET_PERMS? Sounds like a future possibly maybe re-do? Luis
On Sat, 2022-05-21 at 13:06 -0700, Luis Chamberlain wrote: > On Sat, May 21, 2022 at 03:20:28AM +0000, Edgecombe, Rick P wrote: > > On Fri, 2022-05-20 at 18:00 -0700, Luis Chamberlain wrote: > > > although VM_FLUSH_RESET_PERMS is rather new my concern here is > > > we're > > > essentially enabling sloppy users to grow without also addressing > > > what if we have to take the leash back to support > > > VM_FLUSH_RESET_PERMS > > > properly? If the hack to support this on other architectures > > > other > > > than > > > x86 is as simple as the one you in vm_remove_mappings() today: > > > > > > if (flush_reset && > > > !IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) { > > > set_memory_nx(addr, area->nr_pages); > > > set_memory_rw(addr, area->nr_pages); > > > } > > > > > > then I suppose this isn't a big deal. I'm just concerned here > > > this > > > being > > > a slippery slope of sloppiness leading to something which we will > > > regret later. > > > > > > My intution tells me this shouldn't be a big issue, but I just > > > want > > > to > > > confirm. > > > > Yea, I commented the same concern on the last thread: > > > > https://lore.kernel.org/lkml/83a69976cb93e69c5ad7a9511b5e57c402eee19d.camel@intel.com/ > > > > Song said he plans to make kprobes and ftrace work with this new > > allocator. If that happens VM_FLUSH_RESET_PERMS would only have one > > user - modules. Care to chime in with your plans for modules? > > My plans are to not break things and to slowly tidy things up. If > you see linux-next, things are at least starting to be split in > nice pieces. With time, clean that further so to not break things. > You were the one who added VM_FLUSH_RESET_PERMS, wasn't that to deal > with secmem stuff? So wouldn't you know better what you recommend for > it? It was originally to correct some W^X issues. If a vmalloc was freed with X permission it caused some exposure. The security side could be fixed with copious set_memory() calls in just the right order, but there was a suggestion to make vmalloc handle it so it could be done more efficiently and callers would not have to know the details for at least that part of the operation. This prog pack stuff is already more efficient with respect to TLB flushes. So while VM_FLUSH_RESET_PERMS could still improve it slightly, the situation is now probably better than it was pre-VM_FLUSH_RESET_PERMS anyway. So that mostly leaves the problem of some special knowledge leaking back into the callers. With a next solution it would hopefully be handled differently still, using the the unmapped page stuff Mike Rapoport was working on. > > Seeing all this, given module_alloc() users are growing and seeing > the tiny bit of growth of use in this space, I'd think we should > rename module_alloc() to vmalloc_exec(), and likewise the same for > module_memfree() to vmalloc_exec_free(). But it would be our first > __weak vmalloc, and not sure if that's looked down upon. A rename seems good to me. Module space is really just dynamically allocated text space now. There used to be a vmalloc_exec() that allocated text in vmalloc space, so maybe the name should have something to denote that it goes into the special arch specific text space. > > > If there > > are actual near term plans to keep working on this, > > VM_FLUSH_RESET_PERMS might be changed again or turn into something > > else. Like if we are about to re-think everything, then it doesn't > > matter as much to fix what would then be old. > > I think it's up to you as you added it and I'm not looking to add > any bells or wistles, just tidy things up *slowly*. > > > Besides not fixing VM_FLUSH_RESET_PERMS/hibernate though, I think > > this > > allocator still feels a little rough. For example I don't think we > > actually know how much the huge mappings are helping. > > Right, 100% agreed. The performance numbers provided are nice but > they are not anything folks can reproduce at all. I hinted towards > perf stuff which could be used and enable other users later to also > use similar stats to showcase its value if they want to move to > huge pages. > > It is a side note, and perhaps a stupid question, as I don't grok mm, > but I'm perplexed about the fact that if the value is seen so high > towards > huge pages for exec stuff in kernel, wouldn't there be a few folks > who > might want to try this for regular exec stuff? Wouldn't there be much > more gains there? Core kernel text is already 2MB mapped, on x86 at least. It indeed helps performance. I'd like to see about 2MB module text. I can only assume that it would help performance though. Some people wiser than me in performance stuff suggested it should be tested to actually know. > > > It is also > > allocating memory in a big chunk from a single node and reusing it, > > where before we were allocating based on numa node for each jit. > > Would > > some user's suffer from that? Maybe it's obvious to others, but I > > would > > have expected to see more discussion of MM things like that. > > Curious, why was it moved to use a single node? To allocate from the closest node you need to have per-node caches. When I tried to do something similar to this with the grouped page cache, having per-node caches was suggested should be required. I never benchmarked the difference though. > > > But I like general direction of caching and using text_poke() to > > write > > the jits a lot. However it works, it seems to make a big impact in > > at > > least some workloads. > > > > So yea, seems sloppy, but probably (...I guess?) more good for > > users > > then sloppy for us. > > The impact of sloppiness lies in possible odd bugs later and trying > to > decipher what was being done. So I do have concerns with the > immediate > tribal knowlege incurred by the current implementation. I am also bothered by it. I'm glad to hear someone else cares. I can think about doing it more incrementally. The problem is you kind of need to know if you can integrate with all the module_alloc() users and get sane behavior on the backend, to tell if your new interface is actually any good. This is pretty much how I think we can: - remove all special knowledge from callers - support all module_alloc() callers - do things more efficiently on x86 - support all the arch specific extra capabilities that I know about https://lore.kernel.org/lkml/20201120202426.18009-1-rick.p.edgecombe@intel.com/#r It's why I shrug a little about writing caller code with special knowledge in it. It's not really possible to avoid it completely with the current interfaces IMO. > What is your > own roadmap for VM_FLUSH_RESET_PERMS? Sounds like a future possibly > maybe re-do? If it were me, I would start back with that RFC and try to move the allocation side forward too. I haven't seen anything since, that makes me think it was the wrong direction. But I have employer tasks that take priority unfortunately. If anyone else wants to take a shot at it, I can help review. Otherwise, hopefully I can get back to it someday.
On Tue, May 24, 2022 at 05:40:53PM +0000, Edgecombe, Rick P wrote: > On Sat, 2022-05-21 at 13:06 -0700, Luis Chamberlain wrote: > > On Sat, May 21, 2022 at 03:20:28AM +0000, Edgecombe, Rick P wrote: > > > On Fri, 2022-05-20 at 18:00 -0700, Luis Chamberlain wrote: > > > > although VM_FLUSH_RESET_PERMS is rather new my concern here is > > > > we're > > > > essentially enabling sloppy users to grow without also addressing > > > > what if we have to take the leash back to support > > > > VM_FLUSH_RESET_PERMS > > > > properly? If the hack to support this on other architectures > > > > other > > > > than > > > > x86 is as simple as the one you in vm_remove_mappings() today: > > > > > > > > if (flush_reset && > > > > !IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) { > > > > set_memory_nx(addr, area->nr_pages); > > > > set_memory_rw(addr, area->nr_pages); > > > > } > > > > > > > > then I suppose this isn't a big deal. I'm just concerned here > > > > this > > > > being > > > > a slippery slope of sloppiness leading to something which we will > > > > regret later. > > > > > > > > My intution tells me this shouldn't be a big issue, but I just > > > > want > > > > to > > > > confirm. > > > > > > Yea, I commented the same concern on the last thread: > > > > > > > https://lore.kernel.org/lkml/83a69976cb93e69c5ad7a9511b5e57c402eee19d.camel@intel.com/ > > > > > > Song said he plans to make kprobes and ftrace work with this new > > > allocator. If that happens VM_FLUSH_RESET_PERMS would only have one > > > user - modules. Care to chime in with your plans for modules? > > > > My plans are to not break things and to slowly tidy things up. If > > you see linux-next, things are at least starting to be split in > > nice pieces. With time, clean that further so to not break things. > > You were the one who added VM_FLUSH_RESET_PERMS, wasn't that to deal > > with secmem stuff? So wouldn't you know better what you recommend for > > it? > > It was originally to correct some W^X issues. If a vmalloc was freed > with X permission it caused some exposure. Perhaps clarifying this on the docs would help as it was not clear on patch review taking a time machine, but that's as a vm-outsider. > The security side could be > fixed with copious set_memory() calls in just the right order, but > there was a suggestion to make vmalloc handle it so it could be done > more efficiently and callers would not have to know the details for at > least that part of the operation. Makes sense also given there are more users than modules using module_alloc() now. > This prog pack stuff is already more > efficient with respect to TLB flushes. So while VM_FLUSH_RESET_PERMS > could still improve it slightly, the situation is now probably better > than it was pre-VM_FLUSH_RESET_PERMS anyway. So that mostly leaves the > problem of some special knowledge leaking back into the callers. OK that I think is a good summary then of the impact of not having this generalized. > With a next solution it would hopefully be handled differently still, > using the the unmapped page stuff Mike Rapoport was working on. Thanks for the heads ups. > > Seeing all this, given module_alloc() users are growing and seeing > > the tiny bit of growth of use in this space, I'd think we should > > rename module_alloc() to vmalloc_exec(), and likewise the same for > > module_memfree() to vmalloc_exec_free(). But it would be our first > > __weak vmalloc, and not sure if that's looked down upon. > > A rename seems good to me. Module space is really just dynamically > allocated text space now. There used to be a vmalloc_exec() that > allocated text in vmalloc space, Yes I saw that but it was generic and it did not do the arch-specific override, and so that is why Christoph ripped it out and open coded it on the only user, on module_alloc(). > so maybe the name should have > something to denote that it goes into the special arch specific text > space. On the arch space other precedents I see in vmalloc space are vm_pgprot_modify() which calls to pgprot_modify which arch can override. I think we'll have to just keep the __weak effort behing module_alloc(), we can strive for that post v5.19. > > > If there > > > are actual near term plans to keep working on this, > > > VM_FLUSH_RESET_PERMS might be changed again or turn into something > > > else. Like if we are about to re-think everything, then it doesn't > > > matter as much to fix what would then be old. > > > > I think it's up to you as you added it and I'm not looking to add > > any bells or wistles, just tidy things up *slowly*. > > > > > Besides not fixing VM_FLUSH_RESET_PERMS/hibernate though, I think > > > this > > > allocator still feels a little rough. For example I don't think we > > > actually know how much the huge mappings are helping. > > > > Right, 100% agreed. The performance numbers provided are nice but > > they are not anything folks can reproduce at all. I hinted towards > > perf stuff which could be used and enable other users later to also > > use similar stats to showcase its value if they want to move to > > huge pages. > > > > It is a side note, and perhaps a stupid question, as I don't grok mm, > > but I'm perplexed about the fact that if the value is seen so high > > towards > > huge pages for exec stuff in kernel, wouldn't there be a few folks > > who > > might want to try this for regular exec stuff? Wouldn't there be much > > more gains there? > > Core kernel text is already 2MB mapped, on x86 at least. It indeed > helps performance. I'd like to see about 2MB module text. Yeah that would make sense *if* the arch supports it. I went and read your 2020 "[PATCH RFC 00/10] New permission vmalloc interface" and I suspect some new work on modules will help with your goals. There are some optimizations architectures will be able to do for v5.19+ by selecting ARCH_WANTS_MODULES_DATA_IN_VMALLOC so that module data uses vmalloc instead. This can be for two reasons: 1) On some architectures (like book3s/32) it is not possible to protect against execution on a page basis. The exec stuff is mapped can be mapped by different arch segment sizes (on book3s/32 that is 256M segments). By default the module area is in an Exec segment while vmalloc area is in a NoExec segment. Using vmalloc lets you muck with module data as noexec on those architectures whereas before you could not. 2) By pushing more module data to vmalloc you also increase the probability of module text to remain within a closer distance from kernel core text and this reduces trampolines, this has been reported on arm first and powerpc folks are following that lead. So I suspect that using ARCH_WANTS_MODULES_DATA_IN_VMALLOC plays well with your idea to separate at least the allocated space. The optimizations seem to be for exec and to zap this as well and hence your goal to use 2 MiB pages and fancy hacks for this. Yes, generalizing this for all architectures will be hard, but I think we can get enough arch folks to chime for a least a generic mechanism. > I can only > assume that it would help performance though. Some people wiser than me > in performance stuff suggested it should be tested to actually know. Folks speak of performance but I don't think we have generic baselines. For kernel image text I suppose we can use boot times. For tracepoints / ftrace and eBPF JIT and the rest I suppose we can use something like what Dave suggested: [0] https://lore.kernel.org/all/Yog+d+oR5TtPp2cs@bombadil.infradead.org/ But that still begs the question as to what to use to run perf with. Perhaps we just need a generic kernel module_alloc() abuser selftest which stresses the hell out of things with a few variability in ways in which we want to do allocations (2 MiB pages, test different archs, etc). I can work on that if folks think this can be useful as I don't think we have anything generic at the moment. > > > It is also > > > allocating memory in a big chunk from a single node and reusing it, > > > where before we were allocating based on numa node for each jit. > > > Would > > > some user's suffer from that? Maybe it's obvious to others, but I > > > would > > > have expected to see more discussion of MM things like that. > > > > Curious, why was it moved to use a single node? > > To allocate from the closest node you need to have per-node caches. > When I tried to do something similar to this with the grouped page > cache, having per-node caches was suggested should be required. I never > benchmarked the difference though. Sounds like tribal knowledge... > > > But I like general direction of caching and using text_poke() to > > > write > > > the jits a lot. However it works, it seems to make a big impact in > > > at > > > least some workloads. > > > > > > So yea, seems sloppy, but probably (...I guess?) more good for > > > users > > > then sloppy for us. > > > > The impact of sloppiness lies in possible odd bugs later and trying > > to > > decipher what was being done. So I do have concerns with the > > immediate > > tribal knowlege incurred by the current implementation. > > I am also bothered by it. I'm glad to hear someone else cares. I can > think about doing it more incrementally. The problem is you kind of > need to know if you can integrate with all the module_alloc() users and > get sane behavior on the backend, to tell if your new interface is > actually any good. > > This is pretty much how I think we can: > - remove all special knowledge from callers > - support all module_alloc() callers > - do things more efficiently on x86 > - support all the arch specific extra capabilities that I know about > > https://lore.kernel.org/lkml/20201120202426.18009-1-rick.p.edgecombe@intel.com/#r Consider me interested, I'm not a fan of hacks and requing developers to pick up on random tribal knowledge. > It's why I shrug a little about writing caller code with special > knowledge in it. It's not really possible to avoid it completely with > the current interfaces IMO. Yeah makes sense. > > What is your > > own roadmap for VM_FLUSH_RESET_PERMS? Sounds like a future possibly > > maybe re-do? > > If it were me, I would start back with that RFC and try to move the > allocation side forward too. I haven't seen anything since, that makes > me think it was the wrong direction. Did you get enough arch folks involved? > But I have employer tasks that > take priority unfortunately. If anyone else wants to take a shot at it, > I can help review. Otherwise, hopefully I can get back to it someday. Sure, understood. I can perhaps help on module_alloc() sefltest, and make module_alloc() generic. Happy to review patches too. Luis
On Tue, May 24, 2022 at 03:08:12PM -0700, Luis Chamberlain wrote: > > A rename seems good to me. Module space is really just dynamically > > allocated text space now. There used to be a vmalloc_exec() that > > allocated text in vmalloc space, > > Yes I saw that but it was generic and it did not do the arch-specific > override, and so that is why Christoph ripped it out and open coded > it on the only user, on module_alloc(). It it also because random code does not have any business allocating executable memory. Executable memory in kernel is basically for modules and module-like code like eBPF, and no one else has any business allocating pages with the execute bit set (or the NX bit not set).
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index cacd8684c3c4..b64d91fcb0ba 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -857,7 +857,7 @@ static size_t select_bpf_prog_pack_size(void) void *ptr; size = BPF_HPAGE_SIZE * num_online_nodes(); - ptr = module_alloc(size); + ptr = module_alloc_huge(size); /* Test whether we can get huge pages. If not just use PAGE_SIZE * packs. @@ -881,7 +881,7 @@ static struct bpf_prog_pack *alloc_new_pack(bpf_jit_fill_hole_t bpf_fill_ill_ins GFP_KERNEL); if (!pack) return NULL; - pack->ptr = module_alloc(bpf_prog_pack_size); + pack->ptr = module_alloc_huge(bpf_prog_pack_size); if (!pack->ptr) { kfree(pack); return NULL; @@ -890,7 +890,6 @@ static struct bpf_prog_pack *alloc_new_pack(bpf_jit_fill_hole_t bpf_fill_ill_ins bitmap_zero(pack->bitmap, bpf_prog_pack_size / BPF_PROG_CHUNK_SIZE); list_add_tail(&pack->list, &pack_list); - set_vm_flush_reset_perms(pack->ptr); set_memory_ro((unsigned long)pack->ptr, bpf_prog_pack_size / PAGE_SIZE); set_memory_x((unsigned long)pack->ptr, bpf_prog_pack_size / PAGE_SIZE); return pack; @@ -909,10 +908,9 @@ static void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insn if (size > bpf_prog_pack_size) { size = round_up(size, PAGE_SIZE); - ptr = module_alloc(size); + ptr = module_alloc_huge(size); if (ptr) { bpf_fill_ill_insns(ptr, size); - set_vm_flush_reset_perms(ptr); set_memory_ro((unsigned long)ptr, size / PAGE_SIZE); set_memory_x((unsigned long)ptr, size / PAGE_SIZE); } @@ -949,6 +947,8 @@ static void bpf_prog_pack_free(struct bpf_binary_header *hdr) mutex_lock(&pack_mutex); if (hdr->size > bpf_prog_pack_size) { + set_memory_nx((unsigned long)hdr, hdr->size / PAGE_SIZE); + set_memory_rw((unsigned long)hdr, hdr->size / PAGE_SIZE); module_memfree(hdr); goto out; } @@ -975,6 +975,8 @@ static void bpf_prog_pack_free(struct bpf_binary_header *hdr) if (bitmap_find_next_zero_area(pack->bitmap, bpf_prog_chunk_count(), 0, bpf_prog_chunk_count(), 0) == 0) { list_del(&pack->list); + set_memory_nx((unsigned long)pack->ptr, bpf_prog_pack_size / PAGE_SIZE); + set_memory_rw((unsigned long)pack->ptr, bpf_prog_pack_size / PAGE_SIZE); module_memfree(pack->ptr); kfree(pack); }
Use module_alloc_huge for bpf_prog_pack so that BPF programs sit on PMD_SIZE pages. This benefits system performance by reducing iTLB miss rate. Benchmark of a real web service workload shows this change gives another ~0.2% performance boost on top of PAGE_SIZE bpf_prog_pack (which improve system throughput by ~0.5%). Also, remove set_vm_flush_reset_perms() from alloc_new_pack() and use set_memory_[nx|rw] in bpf_prog_pack_free(). This is because VM_FLUSH_RESET_PERMS does not work with huge pages yet. [1] [1] https://lore.kernel.org/bpf/aeeeaf0b7ec63fdba55d4834d2f524d8bf05b71b.camel@intel.com/ Suggested-by: Rick Edgecombe <rick.p.edgecombe@intel.com> Signed-off-by: Song Liu <song@kernel.org> --- kernel/bpf/core.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)