On 10/05/2017 11:26 PM, Jakub Kicinski wrote:
On Thu, 05 Oct 2017 23:10:03 +0200, Daniel Borkmann wrote:
include/linux/bpf_verifier.h | 7 +++--
kernel/bpf/verifier.c| 64
+++-
2 files changed, 50 insertions(+), 21 deletions(-)
diff --git
On Thu, 05 Oct 2017 23:10:03 +0200, Daniel Borkmann wrote:
> > include/linux/bpf_verifier.h | 7 +++--
> > kernel/bpf/verifier.c| 64
> > +++-
> > 2 files changed, 50 insertions(+), 21 deletions(-)
> >
> > diff --git a/include/linux/bpf_verifier
On 10/05/2017 05:34 PM, Jakub Kicinski wrote:
Verifier log buffer can be quite large (up to 16MB currently).
As Eric Dumazet points out if we allow multiple verification
requests to proceed simultaneously, malicious user may use the
verifier as a way of allocating large amounts of unswappable
mem
Verifier log buffer can be quite large (up to 16MB currently).
As Eric Dumazet points out if we allow multiple verification
requests to proceed simultaneously, malicious user may use the
verifier as a way of allocating large amounts of unswappable
memory to OOM the host.
Switch to a strategy of al
