git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Alexei Starovoitov <ast@fb.com>
	Wed, 3 Apr 2019 18:39:01 +0000 (18:39 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 20 Apr 2019 07:15:08 +0000 (09:15 +0200)
commit	28356c21ac32d49d15a3ea7383b0a96052d15394
tree	fb87bd4bfd416d680fbe78f1b75875ed5d7504d7	tree \| snapshot
parent	8991f1af962d939c3f3456990f5a826c3aa628fd	commit \| diff

bpf: reduce verifier memory consumption

commit 638f5b90d46016372a8e3e0a434f199cc5e12b8c upstream.

the verifier got progressively smarter over time and size of its internal
state grew as well. Time to reduce the memory consumption.

Before:
sizeof(struct bpf_verifier_state) = 6520
After:
sizeof(struct bpf_verifier_state) = 896

It's done by observing that majority of BPF programs use little to
no stack whereas verifier kept all of 512 stack slots ready always.
Instead dynamically reallocate struct verifier state when stack
access is detected.
Runtime difference before vs after is within a noise.
The number of processed instructions stays the same.

Cc: jakub.kicinski@netronome.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[Backported to 4.14 by sblbir]
Signed-off-by: Balbir Singh <sblbir@amzn.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/net/ethernet/netronome/nfp/bpf/verifier.c		diff \| blob \| blame \| history
include/linux/bpf_verifier.h		diff \| blob \| blame \| history
kernel/bpf/verifier.c		diff \| blob \| blame \| history