bpf: write back the verifier log buffer as it gets filled - linux-dev - Linux kernel development work

diff options

author	Jakub Kicinski <jakub.kicinski@netronome.com>	2017-10-09 10:30:15 -0700
committer	David S. Miller <davem@davemloft.net>	2017-10-10 12:30:16 -0700
commit	a2a7d5701052542cd2260e7659b12443e0a74733 (patch)
tree	f879063be29de0e6d7435759db62f0157c7773ff /crypto
parent	bpf: don't rely on the verifier lock for metadata_dst allocation (diff)
download	linux-dev-a2a7d5701052542cd2260e7659b12443e0a74733.tar.xz linux-dev-a2a7d5701052542cd2260e7659b12443e0a74733.zip

bpf: write back the verifier log buffer as it gets filled

Verifier log buffer can be quite large (up to 16MB currently). As Eric Dumazet points out if we allow multiple verification requests to proceed simultaneously, malicious user may use the verifier as a way of allocating large amounts of unswappable memory to OOM the host. Switch to a strategy of allocating a smaller buffer (1024B) and writing it out into the user buffer after every print. While at it remove the old BUG_ON(). This is in preparation of the global verifier lock removal. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'crypto')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: