Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 45a73c17 authored by Alexei Starovoitov's avatar Alexei Starovoitov Committed by Daniel Borkmann
Browse files

bpf: drop bpf_verifier_lock 



Drop bpf_verifier_lock for root to avoid being DoS-ed by unprivileged.
The BPF verifier is now fully parallel.
All unpriv users are still serialized by bpf_verifier_lock to avoid
exhausting kernel memory by running N parallel verifications.

Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent 7df737e9

kernel/bpf/verifier.c

+5 −3
Original line number Diff line number Diff line
@@ -8132,8 +8132,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, 
		env->insn_aux_data[i].orig_idx = i;

	env->prog = *prog;

	env->ops = bpf_verifier_ops[env->prog->type];

	is_priv = capable(CAP_SYS_ADMIN);



	/* grab the mutex to protect few globals used by verifier */

	if (!is_priv)

		mutex_lock(&bpf_verifier_lock);



	if (attr->log_level || attr->log_buf || attr->log_size) {
@@ -8157,7 +8159,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, 
	if (attr->prog_flags & BPF_F_ANY_ALIGNMENT)

		env->strict_alignment = false;



	is_priv = capable(CAP_SYS_ADMIN);

	env->allow_ptr_leaks = is_priv;



	ret = replace_map_fd_with_map_ptr(env);
@@ -8270,6 +8271,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, 
		release_maps(env);

	*prog = env->prog;

err_unlock:

	if (!is_priv)

		mutex_unlock(&bpf_verifier_lock);

	vfree(env->insn_aux_data);

err_free_env: