Re: [PATCH bpf-next v4 1/2] bpf: Only enforce 8 frame call stack limit for all-static stacks

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eduard Zingerman <eddyz87@gmail.com>
To: Emil Tsalapatis <emil@etsalapatis.com>, bpf@vger.kernel.org
Cc: andrii@kernel.org, ast@kernel.org, daniel@iogearbox.net,
	 martin.lau@kernel.org, memxor@gmail.com, song@kernel.org,
	yonghong.song@linux.dev
Subject: Re: [PATCH bpf-next v4 1/2] bpf: Only enforce 8 frame call stack limit for all-static stacks
Date: Mon, 09 Mar 2026 14:37:02 -0700	[thread overview]
Message-ID: <7ca5c5ed22705e31b4ff6085dd4b9a92fc653f53.camel@gmail.com> (raw)
In-Reply-To: <20260309204430.201219-2-emil@etsalapatis.com>

On Mon, 2026-03-09 at 16:44 -0400, Emil Tsalapatis wrote:
> The BPF verifier currently enforces a call stack depth of 8 frames,
> regardless of the actual stack space consumption of those frames. The
> limit is necessary for static call stacks, because the bookkeeping data
> structures used by the verifier when stepping into static functions
> during verification only support 8 stack frames. However, this
> limitation only matters for static stack frames: Global subprogs are
> verified by themselves and do not require limiting the call depth.
> 
> Relax this limitation to only apply to static stack frames. Verification
> now only fails when there is a sequence of 8 calls to non-global
> subprogs. Calling into a global subprog resets the counter. This allows
> deeper call stacks, provided all frames still fit in the stack.
> 
> The change does not increase the maximum size of the call stack, only
> the maximum number of frames we can place in it.
> 
> Also change the progs/test_global_func3.c selftest to use static
> functions, since with the new patch it would otherwise unexpectedly
> pass verification.
> 
> Signed-off-by: Emil Tsalapatis <emil@etsalapatis.com>
> ---

Acked-by: Eduard Zingerman <eddyz87@gmail.com>

[...]

> diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
> index 090aa26d1c98..b45c3bb801c5 100644
> --- a/include/linux/bpf_verifier.h
> +++ b/include/linux/bpf_verifier.h
> @@ -651,6 +651,12 @@ enum priv_stack_mode {
>  	PRIV_STACK_ADAPTIVE,
>  };
>  
> +struct bpf_subprog_call_depth_info {
> +	int ret_insn; /* caller instruction where we return to. */
> +	int caller; /* caller subprogram idx */
> +	int frame; /* # of consecutive static call stack frames on top of stack */
> +};
> +
>  struct bpf_subprog_info {
>  	/* 'start' has to be the first field otherwise find_subprog() won't work */
>  	u32 start; /* insn idx of function entry point */
> @@ -678,6 +684,9 @@ struct bpf_subprog_info {
>  
>  	enum priv_stack_mode priv_stack_mode;
>  	struct bpf_subprog_arg_info args[MAX_BPF_FUNC_REG_ARGS];
> +
> +	/* temporary state used for call frame depth calculation */
> +	struct bpf_subprog_call_depth_info dinfo;

Nit: I think this adds an unnecessary nesting level (e.g. I'd had it
     either at `env` level as a separate array, or here w/o additional
     struct).

[...]

next prev parent reply	other threads:[~2026-03-09 21:37 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-09 20:44 [PATCH bpf-next v4 0/2] bpf: Relax 8 frame limitation for global subprogs Emil Tsalapatis
2026-03-09 20:44 ` [PATCH bpf-next v4 1/2] bpf: Only enforce 8 frame call stack limit for all-static stacks Emil Tsalapatis
2026-03-09 21:23   ` bot+bpf-ci
2026-03-09 21:37   ` Eduard Zingerman [this message]
2026-03-10 19:07     ` Alexei Starovoitov
2026-03-10 14:04   ` Mykyta Yatsenko
2026-03-09 20:44 ` [PATCH bpf-next v4 2/2] bpf: Add deep call stack selftests Emil Tsalapatis
2026-03-11  2:59   ` Yonghong Song

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7ca5c5ed22705e31b4ff6085dd4b9a92fc653f53.camel@gmail.com \
    --to=eddyz87@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=emil@etsalapatis.com \
    --cc=martin.lau@kernel.org \
    --cc=memxor@gmail.com \
    --cc=song@kernel.org \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.