Re: [PATCH bpf-next 09/10] bpf: use recorded bpf_capable flag in JIT code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, May 4, 2023 at 3:09 PM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Tue, May 02, 2023 at 04:06:18PM -0700, Andrii Nakryiko wrote:
> >
> > -int bpf_jit_charge_modmem(u32 size)
> > +int bpf_jit_charge_modmem(u32 size, const struct bpf_prog *prog)
> >  {
> >       if (atomic_long_add_return(size, &bpf_jit_current) > READ_ONCE(bpf_jit_limit)) {
> > -             if (!bpf_capable()) {
> > -                     atomic_long_sub(size, &bpf_jit_current);
> > -                     return -EPERM;
> > -             }
> > +             if (prog ? prog->aux->bpf_capable : bpf_capable())
> > +                     return 0;
>
> I would drop this patch.
> It still has to fall back to bpf_capable for trampolines and
> its 'help' to cap_bpf is minimal. That limit on all practical systems is huge.
> It won't have any effect for your future follow ups for cap_bpf in containers.

fair enough, will drop
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux