On Tue, 2023-12-12 at 15:25 -0800, Andrii Nakryiko wrote:
> Instead of btf_check_subprog_arg_match(), use btf_prepare_func_args()
> logic to validate "trustworthiness" of main BPF program's BTF information,
> if it is present.
>
> We ignored results of original BTF check anyway, often times producing
> confusing and ominously-sounding "reg type unsupported for arg#0
> function" message, which has no apparent effect on program correctness
> and verification process.
>
> All the -EFAULT returning sanity checks are already performed in
> check_btf_info_early(), so there is zero reason to have this duplication
> of logic between btf_check_subprog_call() and btf_check_subprog_arg_match().
> Dropping btf_check_subprog_arg_match() simplifies
> btf_check_func_arg_match() further removing `bool processing_call` flag.
>
> One subtle bit that was done by btf_check_subprog_arg_match() was
> potentially marking main program's BTF as unreliable. We do this
> explicitly now with a dedicated simple check, preserving the original
> behavior, but now based on well factored btf_prepare_func_args() logic.
>
> Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
> ---
Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
[...]
> @@ -19944,21 +19945,19 @@ static int do_check_common(struct bpf_verifier_env *env, int subprog)
> }
> }
> } else {
> + /* if main BPF program has associated BTF info, validate that
> + * it's matching expected signature, and otherwise mark BTF
> + * info for main program as unreliable
> + */
> + if (env->prog->aux->func_info_aux) {
> + ret = btf_prepare_func_args(env, 0);
> + if (ret || sub->arg_cnt != 1 || sub->args[0].arg_type != ARG_PTR_TO_CTX)
> + env->prog->aux->func_info_aux[0].unreliable = true;
> + }
Nit: should this return if ret == -EFAULT?
