On Thu, May 4, 2023 at 3:20 PM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Tue, May 02, 2023 at 04:06:19PM -0700, Andrii Nakryiko wrote:
> > diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> > index 4d057d39c286..c0d60da7e0e0 100644
> > --- a/kernel/bpf/core.c
> > +++ b/kernel/bpf/core.c
> > @@ -661,7 +661,7 @@ static bool bpf_prog_kallsyms_candidate(const struct bpf_prog *fp)
> > void bpf_prog_kallsyms_add(struct bpf_prog *fp)
> > {
> > if (!bpf_prog_kallsyms_candidate(fp) ||
> > - !bpf_capable())
> > + !fp->aux->bpf_capable)
> > return;
>
> Looking at this bit made me worry about classic bpf.
> bpf_prog_alloc_no_stats() zeros all fields include aux->bpf_capable.
> And loading of classic progs doesn't go through bpf_check().
> So fp->aux->bpf_capable will stay 'false' even when root loads cBPF.
> It doesn't matter here, since bpf_prog_kallsyms_candidate() will return false
> for cBPF.
>
> Maybe we should init aux->bpf_capable in bpf_prog_alloc_no_stats()
> to stay consistent between cBPF and eBPF ?
> It probably has no effect, but anyone looking at crash dumps with drgn
> will have a consistent view of aux->bpf_capable field.
classic BPF predates my involvement with BPF, so I didn't even think
about that. I'll check and make sure we do initialize aux->bpf_capable
for that
