• Alexei Starovoitov's avatar
    bpf: increase complexity limit and maximum program size · c04c0d2b
    Alexei Starovoitov authored
    Large verifier speed improvements allow to increase
    verifier complexity limit.
    Now regardless of the program composition and its size it takes
    little time for the verifier to hit insn_processed limit.
    On typical x86 machine non-debug kernel processes 1M instructions
    in 1/10 of a second.
    (before these speed improvements specially crafted programs
    could be hitting multi-second verification times)
    Full kasan kernel with debug takes ~1 second for the same 1M insns.
    Hence bump the BPF_COMPLEXITY_LIMIT_INSNS limit to 1M.
    Also increase the number of instructions per program
    from 4k to internal BPF_COMPLEXITY_LIMIT_INSNS limit.
    4k limit was confusing to users, since small programs with hundreds
    of insns could be hitting BPF_COMPLEXITY_LIMIT_INSNS limit.
    Sometimes adding more insns and bpf_trace_printk debug statements
    would make the verifier accept the program while removing
    code would make the verifier reject it.
    Some user space application started to add #define MAX_FOO to
    their programs and do:
      MAX_FOO=100;
    again:
      compile with MAX_FOO;
      try to load;
      if (fails_to_load) { reduce MAX_FOO; goto again; }
    to be able to fit maximum amount of processing into single program.
    Other users artificially split their single program into a set of programs
    and use all 32 iterations of tail_calls to increase compute limits.
    And the most advanced folks used unlimited tc-bpf filter list
    to execute many bpf programs.
    Essentially the users managed to workaround 4k insn limit.
    This patch removes the limit for root programs from uapi.
    BPF_COMPLEXITY_LIMIT_INSNS is the kernel internal limit
    and success to load the program no longer depends on program size,
    but on 'smartness' of the verifier only.
    The verifier will continue to get smarter with every kernel release.
    Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    c04c0d2b
verifier.c 232 KB