• Alexei Starovoitov's avatar
    bpf: reduce verifier memory consumption · 9c399760
    Alexei Starovoitov authored
    verifier keeps track of register state spilled to stack.
    registers are 8-byte wide and always aligned, so instead of tracking them
    in every byte-sized stack slot, use MAX_BPF_STACK / 8 array to track
    spilled register state.
    Though verifier runs in user context and its state freed immediately
    after verification, it makes sense to reduce its memory usage.
    This optimization reduces sizeof(struct verifier_state)
    from 12464 to 1712 on 64-bit and from 6232 to 1112 on 32-bit.
    
    Note, this patch doesn't change existing limits, which are there to bound
    time and memory during verification: 4k total number of insns in a program,
    1k number of jumps (states to visit) and 32k number of processed insn
    (since an insn may be visited multiple times). Theoretical worst case memory
    during verification is 1712 * 1k = 17Mbyte. Out-of-memory situation triggers
    cleanup and rejects the program.
    Suggested-by: default avatarAndy Lutomirski <luto@amacapital.net>
    Signed-off-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    9c399760
verifier.c 53.4 KB