Currently there are two ways to modify a kernel memory in bpf programs: 1. declare a ksym of scalar type and directly modify its memory. 2. Pass a RDONLY_BUF into a helper function which will override its arguments. For example, bpf_d_path, bpf_snprintf. This patchset fixes these two problem. For the first, we introduce a new reg type PTR_TO_RDONLY_MEM for the scalar typed ksym, which forbids writing. Second, we introduce a new arg type ARG_PTR_TO_WRITABLE_MEM, which is a proper subset of the ARG_PTR_TO_MEM and includes only those reg types that are writable. For helper functions that may override its argument, they should use ARG_PTR_TO_WRITABLE_MEM. For other helper functions, they can continue using ARG_PTR_TO_MEM. There is an alternative solution to the second problem, that is, an ARG_PTR_TO_CONST_MEM, which represents the current ARG_PTR_TO_MEM, and ARG_PTR_TO_MEM, which represents the ARG_PTR_TO_WRITABLE_MEM in this patchset. But I find the naming here is too confusing. Most of the helper functions should not override their arguments, therefore, using ARG_PTR_TO_MEM sounds natural. Hao Luo (3): bpf: Prevent write to ksym memory bpf: Introduce ARG_PTR_TO_WRITABLE_MEM bpf/selftests: Test PTR_TO_RDONLY_MEM include/linux/bpf.h | 15 +++++- include/uapi/linux/bpf.h | 4 +- kernel/bpf/cgroup.c | 2 +- kernel/bpf/helpers.c | 6 +-- kernel/bpf/verifier.c | 54 ++++++++++++++++--- kernel/trace/bpf_trace.c | 6 +-- net/core/filter.c | 6 +-- tools/include/uapi/linux/bpf.h | 4 +- .../selftests/bpf/prog_tests/ksyms_btf.c | 14 +++++ .../bpf/progs/test_ksyms_btf_write_check.c | 29 ++++++++++ 10 files changed, 116 insertions(+), 24 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c -- 2.33.0.1079.g6e70778dc9-goog
