bpf: jne/jeq fork experiment#6885
Open
kernel-patches-daemon-bpf-rc[bot] wants to merge 2 commits intobpf-next_basefrom
Open
bpf: jne/jeq fork experiment#6885kernel-patches-daemon-bpf-rc[bot] wants to merge 2 commits intobpf-next_basefrom
kernel-patches-daemon-bpf-rc[bot] wants to merge 2 commits intobpf-next_basefrom
Conversation
added 2 commits
February 8, 2026 08:40
TLDR: not worth doing. When the verifier processes JEQ/JNE against a known constant, the existing logic in reg_set_min_max() refines: - equal branch: dst_reg = const (exact value) - not-equal branch: dst_reg != const (edge-trim only) The JNE edge-trim only tightens bounds when the constant sits at a range boundary (e.g. umin == const → umin++). For a register with range [0, 255] and "if r0 != 100", the not-equal branch keeps the full [0, 255] range — no useful information is gained. Improve this by forking the not-equal branch into two sub-states: - fork 1: dst > const (via JGT refinement → e.g. [101, 255]) - fork 2: dst < const (via JLT refinement → e.g. [0, 99]) This is implemented by pushing an additional verifier state onto the exploration stack after reg_set_min_max() and sync_linked_regs() have already processed the original two branches. The fork is guarded by feasibility checks requiring both unsigned and signed ranges to strictly span the constant (umin < val < umax and smin < val < smax). The signed check prevents infeasible states from reg_bounds_sync() cross-propagating signed bounds into unsigned after the JGT/JLT refinement. For JEQ: the not-equal branch is this_branch (fallthrough), and fork2 targets the next instruction. For JNE: the not-equal branch is other_branch (jump target), and push_stack copies env->cur_state (the equal branch), so dst_reg in fork2 must be overwritten with the not-equal branch's copy. Linked registers sharing the same ID are propagated via sync_linked_regs() on both forks. File Program Insns (A) Insns (B) Insns (DIFF) ------------------ ---------------------- --------- --------- ---------------- scx_beerland.bpf.o beerland_enqueue 332 361 +29 (+8.73%) scx_central.bpf.o central_enqueue 68 74 +6 (+8.82%) scx_central.bpf.o central_init 200 210 +10 (+5.00%) scx_chaos.bpf.o chaos_tick 14 15 +1 (+7.14%) scx_flash.bpf.o enable_sibling_cpu 120 113 -7 (-5.83%) scx_flatcg.bpf.o fcg_cgroup_init 120 132 +12 (+10.00%) scx_lavd.bpf.o lavd_dispatch 218925 237897 +18972 (+8.67%) scx_lavd.bpf.o lavd_quiescent 168 191 +23 (+13.69%) scx_lavd.bpf.o set_power_profile 167 109 -58 (-34.73%) scx_layered.bpf.o layered_dispatch 13909 14480 +571 (+4.11%) scx_layered.bpf.o layered_enqueue 13798 24143 +10345 (+74.97%) scx_layered.bpf.o layered_runnable 6077 6447 +370 (+6.09%) scx_layered.bpf.o layered_select_cpu 2288 3121 +833 (+36.41%) scx_layered.bpf.o layered_set_cpumask 238 250 +12 (+5.04%) scx_layered.bpf.o layered_stopping 598 643 +45 (+7.53%) scx_layered.bpf.o tp_task_rename 70 73 +3 (+4.29%) scx_qmap.bpf.o qmap_select_cpu 52 55 +3 (+5.77%) scx_rlfifo.bpf.o rustland_dispatch 340 363 +23 (+6.76%) scx_rustland.bpf.o rustland_dispatch 340 363 +23 (+6.76%) scx_rusty.bpf.o rusty_set_cpumask 3259 3552 +293 (+8.99%) scx_userland.bpf.o userland_enqueue 91 97 +6 (+6.59%) scx_userland.bpf.o userland_select_cpu 53 56 +3 (+5.66%) scxtop.bpf.o long_tail_tracker_exit 104 119 +15 (+14.42%) scxtop.bpf.o start_trace 127 134 +7 (+5.51%) Program Insns (A) Insns (B) Insns (DIFF) ---------------------------------------- --------- --------- ------------------ bpfj_dns_sendmsg 6322 8432 +2110 (+33.38%) bpfj_exec_execve 4790 4091 -699 (-14.59%) bpfj_exec_execveat 4790 4091 -699 (-14.59%) do_parse 157621 688994 +531373 (+337.12%) do_sendmsg 157635 689008 +531373 (+337.09%) balancer_ingress 62403 70516 +8113 (+13.00%) on_py_event 88094 76037 -12057 (-13.69%) on_custom_event_start 13847 15347 +1500 (+10.83%) Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Author
|
Upstream branch: db975de |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: jne/jeq fork experiment
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1052012