bpf: drop bpf_verifier_lock

Drop bpf_verifier_lock for root to avoid being DoS-ed by unprivileged.
The BPF verifier is now fully parallel.
All unpriv users are still serialized by bpf_verifier_lock to avoid
exhausting kernel memory by running N parallel verifications.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 5f0eb5bd55899c4509f0c600565643f7944672f3..423f242a5efb19b6ede76942ce2cfd9ace06de0d 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -8132,9 +8132,11 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr,
                env->insn_aux_data[i].orig_idx = i;
        env->prog = *prog;
        env->ops = bpf_verifier_ops[env->prog->type];
+       is_priv = capable(CAP_SYS_ADMIN);
 
        /* grab the mutex to protect few globals used by verifier */
-       mutex_lock(&bpf_verifier_lock);
+       if (!is_priv)
+               mutex_lock(&bpf_verifier_lock);
 
        if (attr->log_level || attr->log_buf || attr->log_size) {
                /* user requested verbose verifier output
@@ -8157,7 +8159,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr,
        if (attr->prog_flags & BPF_F_ANY_ALIGNMENT)
                env->strict_alignment = false;
 
-       is_priv = capable(CAP_SYS_ADMIN);
        env->allow_ptr_leaks = is_priv;
 
        ret = replace_map_fd_with_map_ptr(env);
@@ -8270,7 +8271,8 @@ err_release_maps:
                release_maps(env);
        *prog = env->prog;
 err_unlock:
-       mutex_unlock(&bpf_verifier_lock);
+       if (!is_priv)
+               mutex_unlock(&bpf_verifier_lock);
        vfree(env->insn_aux_data);
 err_free_env:
        kfree(env);