From patchwork Wed Apr 9 03:33:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 880787 Received: from fhigh-a4-smtp.messagingengine.com (fhigh-a4-smtp.messagingengine.com [103.168.172.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E6D3524F; Wed, 9 Apr 2025 03:34:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=103.168.172.155 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744169680; cv=none; b=j82csWbpyI1whYxBWj7fbbfLd4zMstPvK4BR/HopSOmE89HxjXzOYb6HfHObftuHbD4uCkVs7xX8r+kutx9vtkA3nVfV2pRSOa4g98DswH+C0rDLWfDedOXisfg/LIDJnck+OZ3mdL+CYl3TdqF6rfkZBcEjbGeQIi5achLC73E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744169680; c=relaxed/simple; bh=b6zV8GOspPN/yp1UaoSQi7HmMP0SFPNWk+enfaKC0e0=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=Q0SLfrQ8gbpJxAyEGrIfsOibMnZgmEevN9Exgpqvf87lSYUuXdCOZpoTledwP/Ml7LqNU0OkuZvBXou8gTX0Ax8K92BkI3CZRN7woMOpv5whaj3RKeVq1JgGbmMXDHapOAldVqwCmvAfyPv1f8KkXYSUx3ey6Q2sf8jYLfpO8co= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=dxuuu.xyz; spf=pass smtp.mailfrom=dxuuu.xyz; dkim=pass (2048-bit key) header.d=dxuuu.xyz header.i=@dxuuu.xyz header.b=JU3QQPb/; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=ljlxsW4z; arc=none smtp.client-ip=103.168.172.155 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=dxuuu.xyz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=dxuuu.xyz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=dxuuu.xyz header.i=@dxuuu.xyz header.b="JU3QQPb/"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="ljlxsW4z" Received: from phl-compute-10.internal (phl-compute-10.phl.internal [10.202.2.50]) by mailfhigh.phl.internal (Postfix) with ESMTP id 4DAFF11401EC; Tue, 8 Apr 2025 23:34:35 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-10.internal (MEProxy); Tue, 08 Apr 2025 23:34:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to; s=fm1; t=1744169675; x=1744256075; bh=KgpeIAFHyGKVpKQfj8mF9 93N7YtyGNtKnt7Z58kWdLQ=; b=JU3QQPb/wN6HqjxOlGWZqrnhmlvF1faE0Zgdz 3CFe2Q+Cxm2IZn2E0vXdVcJ8wNhu75Au/Y/ExoZt6tTDJNbPNzrfOnL/yDC9v4nc i1hCDGfw50sOnp+RmV8ALPhXNCwT/lnV+vfbxk/70Sgbu8vv4Ci1/sWUnB1iLg3y 4Fv7FjQQ+7Awl9PaumIjQ+qwEBedBaaBnVrFiSzbEc9Z4MqSzyEhwHiDdV9xRTHJ +CF1Ab/I30CNq1BeNUpI6fQzI1bbs/66SPDg28hs/VpurNEZ/9a5LQ3RkdLRnlLH 6IHCz1FUX6b9MuQhPj5IEGYmMpgdDQvOJE8PLw98EAGuKTDQw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1744169675; x=1744256075; bh=KgpeIAFHyGKVpKQfj8mF993N7YtyGNtKnt7 Z58kWdLQ=; b=ljlxsW4zn2160lMrJTz+xXf8n8+EGpRB6HnSg9hVs8sJYIkOu+1 O3BKQ9A9XLS1dnYfxo42SMGSCc3vtmXj9EtsrifKGvtB1CfYJoG21Vm871O9M2/h 0DYuVp42/N8s9160n7BKZ7DYtykNDFrd3jWE7brW/yIcZldr/Pslqy0yO4GeEHwO 4crMURsOxvbJvQ5d1qj1pV+CWyGv2W7NIc0AvCwF2F4tGjSy9f4I9upViBcvvA8O jLu2w7HYJx6lBGPgrKJnFGwyjdJVDCI9E0pO4lscn5CztpS5i0/jOT0LT5bAKwSk a/DQFKrHFgM+hPBePNFwTmWfzdgwcTrev9A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvtdegledvucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffuc dlvdefmdenogfuohhrthgvugftvggtihhpvdculdegtddmnecujfgurhephffvufffkffo ggfgsedtkeertdertddtnecuhfhrohhmpeffrghnihgvlhcuighuuceougiguhesugiguh huuhdrgiihiieqnecuggftrfgrthhtvghrnhephfeijeelueeuveekjeejteeitdegieff gfeguefhjeeljedtiefgvdejkedtfeelnecuffhomhgrihhnpehkvghrnhgvlhdrohhrgh dpghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepugiguhesugiguhhuuhdrgiihiidpnhgspghrtghpthhtohepuddtpd hmohguvgepshhmthhpohhuthdprhgtphhtthhopehlihhnuhigqdhfshguvghvvghlsehv ghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidqthhrrggtvgdqkh gvrhhnvghlsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidq phgvrhhfqdhushgvrhhssehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplh hinhhugidqkhhsvghlfhhtvghsthesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphht thhopehnvghtfhhilhhtvghrqdguvghvvghlsehvghgvrhdrkhgvrhhnvghlrdhorhhgpd hrtghpthhtohepsghpfhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopegt ohhrvghtvggrmhesnhgvthhfihhlthgvrhdrohhrghdprhgtphhtthhopehlihhnuhigqd hkvghrnhgvlhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehlihhnuhig qdhmvgguihgrsehvghgvrhdrkhgvrhhnvghlrdhorhhg X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 8 Apr 2025 23:34:33 -0400 (EDT) From: Daniel Xu To: linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, linux-kselftest@vger.kernel.org, netfilter-devel@vger.kernel.org, bpf@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, netdev@vger.kernel.org Subject: [RFC bpf-next 00/13] bpf: Introduce modular verifier Date: Tue, 8 Apr 2025 21:33:55 -0600 Message-ID: X-Mailer: git-send-email 2.47.1 Precedence: bulk X-Mailing-List: linux-media@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patchset adds the base infrastructure for modular BPF verifier. The motivation remains unchanged from the LSFMMBPF25 proposal [0]. However, the design has diverged. Rather than immediately going for the facade described in [0], we instead make a stop first at the continously exported copies of the verifier in an out-of-tree repository, with a separate copy for each kernel release. Each copy will receive as many verifier backports as possible within the "boundary" of the modular portions. For example, a patch that changes the verifier at the same time as one of the kernel symbols it depends on cannot be applied, as at runtime only the verifier portion can be updated. However, a patch that only changes verifier.c can be applied, as it's within the boundary. Rough analysis of past data shows that most verifier changes fall within the latter category. The jupyter notebook for this can be found here [1].