On Fri, 2025-01-31 at 11:28 -0800, Amery Hung wrote: > From: Amery Hung <amery.hung@xxxxxxxxxxxxx> > > Allow a struct_ops program to return a referenced kptr if the struct_ops > operator's return type is a struct pointer. To make sure the returned > pointer continues to be valid in the kernel, several constraints are > required: > > 1) The type of the pointer must matches the return type > 2) The pointer originally comes from the kernel (not locally allocated) > 3) The pointer is in its unmodified form > > Implementation wise, a referenced kptr first needs to be allowed to _leak_ > in check_reference_leak() if it is in the return register. Then, in > check_return_code(), constraints 1-3 are checked. During struct_ops > registration, a check is also added to warn about operators with > non-struct pointer return. > > In addition, since the first user, Qdisc_ops::dequeue, allows a NULL > pointer to be returned when there is no skb to be dequeued, we will allow > a scalar value with value equals to NULL to be returned. > > In the future when there is a struct_ops user that always expects a valid > pointer to be returned from an operator, we may extend tagging to the > return value. We can tell the verifier to only allow NULL pointer return > if the return value is tagged with MAY_BE_NULL. > > Signed-off-by: Amery Hung <amery.hung@xxxxxxxxxxxxx> > --- Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx> [...]
