From: Daniel Xu <dxu@xxxxxxxxx>
Since commit 27ae7997a661 ("bpf: Introduce BPF_PROG_TYPE_STRUCT_OPS")
there has existed bpf_verifier_ops:btf_struct_access. When
btf_struct_access is _unset_ for a prog type, the verifier runs the
default implementation, which is to enforce read only:
if (env->ops->btf_struct_access) {
[...]
} else {
if (atype != BPF_READ) {
verbose(env, "only read is supported\n");
return -EACCES;
}
[...]
}
When btf_struct_access is _set_, the expectation is that
btf_struct_access has full control over accesses, including if writes
are allowed.
Rather than carve out an exception for each prog type that may write to
BTF ptrs, delete the redundant check and give full control to
btf_struct_access.
[
Kartikeya: We also require to remove this check, as we are enabling
writes to local kptrs, which are a special type of PTR_TO_BTF_ID
pointing to btf_id in program BTF.
Note that probe_mem conversions, we only need then when such local
kptr is marked with PTR_UNTRUSTED.
There are two cases when it is so. One is when node is marked for
expiry on the end of critical section, it is marked as PTR_UNTRUSTED
but with a non-zero ref_obj_id. This means that writing is still
permitted to it, as is reading, and technically PROBE_MEM load
conversion is not needed. It is just used to prevent passing this
local kptr elsewhere.
The second case is loading reference local kptr from a map. In this
case the pointer may well be invalid by the time we access it. Hence,
writing to is disallowed but reading isn't. Here, PROBE_MEM conversion
is crucial.
We could discern between ref_obj_id set vs unset case, but for it's
left out of the current series.
]
Cc: Martin KaFai Lau <kafai@xxxxxx>
Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
Signed-off-by: Daniel Xu <dxu@xxxxxxxxx>
[ Kartikeya: Expanded commit message ]
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
---
kernel/bpf/verifier.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index b795fe9a88da..2897f780e8be 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -14889,9 +14889,6 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
insn->code = BPF_LDX | BPF_PROBE_MEM |
BPF_SIZE((insn)->code);
env->prog->aux->num_exentries++;
- } else if (resolve_prog_type(env->prog) != BPF_PROG_TYPE_STRUCT_OPS) {
- verbose(env, "Writes through BTF pointers are not allowed\n");
- return -EINVAL;
}
continue;
default:
--
2.34.1
