Paul Chaignon

@pchaigno

System security, BPF, and programmable networks. Co-maintainer of github-linguist library. He/him.

Vrijeme pridruživanja: kolovoz 2015.

Medijski sadržaj

  1. 13. lis 2019.
    Odgovor korisniku/ci

    Do you mean the syntax from ubpf-disassembler? That would be cool, though it is quite different. It might be easier to update ubpf-disassembler to return something closer to bpftool/objdump's syntax than have the lexer recognize both.

    Example output BPF bytecode from ubpf-disassembler.
  2. 9. lis 2019.

    And a third (proof-of-concept) BPF verifier! In this paper, et al. explain how they automatically transform a BPF interpreter into a BPF verifier using symbolic execution. They then use it to find 15 bugs in Linux's JIT compilers!

    Screenshot of the paper "Scaling symbolic evaluation for automated verification of systems code with Serval" by Luke Nelson, James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, and Xi Wang.
    Prikaži ovu nit
  3. 2. lis 2019.
    Prikaži ovu nit
  4. 20. kol 2019.
    Odgovor korisniku/ci

    Thanks! There's one thing actually: I can't figure out what defer[k] means. Is that deferring the actual jump by k instructions? Why?

  5. 19. kol 2019.

    hashmap_ops() first looks up the map (with hashmap_get_fd()) and the entry matching the key, then applies the hashmap operation. For example, in case of a lookup, it reads the hashmap entry in out_ent_addr with macro __hashmap_read_field().

    This code snippet shows the macro argument OP being compared to HASHMAP_OP_LOOKUP, after what __hashmap_read_field is called and the map lock released.
    Prikaži ovu nit
  6. 19. kol 2019.

    We haven't seen how the BPF program is actually executed though. That happens in the microcode macro ebpf_call() in the NIC's datapath. It computes the jump offset, prepares the BPF stack, and jumps to the loaded program.

    This screenshot shows the 20 lines of microcode used to compute the jump offset, prepare the BPF stack, and jump to the loaded program.
    Prikaži ovu nit
  7. 19. kol 2019.

    The MicroC function update_bpf_prog() writes the BPF program to the NIC's code store. Most of the code is there to ensure the write is atomic (since there are multiple threads per Flow Processing Core).

    This code snippet shows the content of function update_bpf_prog. It first signals the threads to go quiescent. It then computes the offset for the write and write the BPF program to the code store in chunks.
    Prikaži ovu nit
  8. 19. kol 2019.

    The BPF program is received by the NIC's control plane (the README is worth a read, to get a grasp of the overall architecture).

    The code snippet shows the content of function process_pf_reconfig. In particular, the update type is compared against NFP_NET_CFG_UPDATE_BPF, and if it matches, nic_local_bpf_reconfig is called.
    Prikaži ovu nit
  9. 19. kol 2019.

    BPF offload starts in the nfp driver. It does a number of checks and sets up DMA mapping before actually reconfiguring the NIC.

    The code snippet shows the dma_map_single function being called, followed by a call to nfp_net_reconfig with NFP_NET_CFG_UPDATE_BPF as an argument.
    Prikaži ovu nit
  10. 2. srp 2019.

    The cyclomatic complexity averaged over all functions is stable, but the most complex functions have been growing even more complex.

    Average cyclomatic complexity for BPF for all functions and 10 most complex functions. The average for all is stable around 10 with a slight decrease towards v5.1. The average of the top10 is growing from around 25 to 50 between v3.18 and v5.1.
    Prikaži ovu nit
  11. 2. srp 2019.

    (See the blog post for the annotated versions: .) It's growing! You probably expected as much given how active BPF development is. Fair enough, let's compare to the rest of the BPF subsystem:

    Number of lines of code for the BPF verifier alone and for the whole BPF subsystem. Both are increasing. Also plotted is the percentage of verifier code in the BPF subsystem. It decreased from 40% in v3.18 to 20% in v5.1.
    Prikaži ovu nit
  12. 2. srp 2019.

    To better understand how the BPF verifier's complexity is evolving over time, I plotted a few complexity metrics. Let's start with the simplest one, the number of lines of code!

    BPF verifier size in lines of code. The number of lines of code is growing rapidly from about 1.5k to 7k between v3.18 and v5.1. The increase is faster in recent releases. Number of lines of code without comments follows the same trend.
    Prikaži ovu nit
  13. 14. kol 2018.
    Odgovor korisniku/ci

    Now I wish I went to CMU... I loved the Andromeda's paper for a its different perspective on end-host cloud networking (wrt. EC2 and Azure's hardware approaches). Plus, they discuss performance isolation in software!

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·