From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexei Starovoitov <ast@kernel.org>
Subject: [PATCH bpf 0/3] bpf: improve verifier resilience
Date: Mon, 3 Dec 2018 22:46:03 -0800
Message-ID: <20181204064606.803625-1-ast@kernel.org>
Mime-Version: 1.0
Content-Type: text/plain
Cc: <daniel@iogearbox.net>, <ecree@solarflare.com>,
        <anatoly.trosinenko@gmail.com>, <netdev@vger.kernel.org>,
        <kernel-team@fb.com>
To: "David S . Miller" <davem@davemloft.net>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:38544 "EHLO
        mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1726026AbeLDGqQ (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 4 Dec 2018 01:46:16 -0500
Received: from pps.filterd (m0001303.ppops.net [127.0.0.1])
        by m0001303.ppops.net (8.16.0.27/8.16.0.27) with SMTP id wB46gI2r022805
        for <netdev@vger.kernel.org>; Mon, 3 Dec 2018 22:46:15 -0800
Received: from mail.thefacebook.com ([199.201.64.23])
        by m0001303.ppops.net with ESMTP id 2p5eq88vxb-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)
        for <netdev@vger.kernel.org>; Mon, 03 Dec 2018 22:46:15 -0800
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

Three patches to improve verifier ability to handle pathological bpf programs
with a lot of branches:
- make sure prog_load syscall can be aborted
- improve branch taken analysis
- introduce per-insn complexity limit for unprivileged programs

Alexei Starovoitov (3):
  bpf: check pending signals while verifying programs
  bpf: improve verifier branch analysis
  bpf: add per-insn complexity limit

 kernel/bpf/verifier.c                       | 103 +++++++++++++++++---
 tools/testing/selftests/bpf/test_verifier.c |   4 +-
 2 files changed, 91 insertions(+), 16 deletions(-)

-- 
2.17.1