Since bounded loop are now allowed in ebpf programs https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=2589726d12a1b12eaaa93c7f1ea64287e383c7a5 does the verifier still check in the first pass if the program control flow is a Direct Acyclic Graph?
Asked
Active
Viewed 685 times
1 Answers
5
Yes, it still does, and rejects programs with back-edges in two cases:
- If the program is loaded by an unprivileged user. The
env->allow_ptr_leaksboolean indicates a privileged user. - If the back-edge is performed using a call. Only normal jumps can make bounded loops (which doesn't mean you can't do a bpf-to-bpf call inside a bounded loop).
pchaigno
- 11,313
- 2
- 29
- 54
-
Thank you very much, it's really hard for me to understand that code :( Is also rejected if the loops is to big I imagine right? – Maicake Sep 07 '19 at 12:43
-
1Yes, that's correct. The verifier counts every instruction it verifies and when it reaches one million (for privileged users), it rejects the program. So a 4 instructions loop of 250001 iterations would be rejected. – pchaigno Sep 07 '19 at 13:07
-
Ok so 1 million limit is just for root and 130k for normal users right? And that numbers refer to all the possible instructions that the verifier can explore. I've read that and also that an eBPF program can't be larger than BPF_MAXINSNS but I don't understand why there is just one which value is 4096. I'd expect another BPF_MAXINSNS for root . – Maicake Sep 07 '19 at 13:13
-
2I think the maximum number of instructions the verifier can explore is 1 million for both privileged and unprivileged users actually. The [maximum program size](https://github.com/torvalds/linux/blob/1e3778cb223e861808ae0daccf353536e7573eed/kernel/bpf/syscall.c#L1640) is 1 million for privileged users and 4096 for unprivileged. – pchaigno Sep 07 '19 at 13:24