MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
bpf
Search

[$] Bounded loops in BPF programs

Monday December 3, 2018. 11:45 PM , from LWN.net
The BPF verifier is charged with ensuring that any given BPF program is
safe for the kernel to load and run. Programs that fail to terminate are
clearly unsafe, as they present an opportunity for denial-of-service
attacks. In current kernels, the verifier uses a heavy-handed technique to
block such
programs: it disallows any program containing loops. This works, but at the
cost of disallowing a wide range of useful programs; if the verifier could
determine whether any given loop would terminate within a bounded time,
this restriction could be lifted. John Fastabend presented a plan for
doing so during the BPF
microconference at the 2018 Linux Plumbers
Conference.
https://lwn.net/Articles/773605/rss
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Thu 21 - 17:06 CET