When we are verifying a field in a union, we may verify another field which has the same offset. So we should annotate that field as untrusted. In some cases we have already known that some fields are safe and then we can add them into the union trusted allow list. Patch #3 fixes an issue found in our dev server. Changes: - bpf: Fix errors in verifying a union https://lore.kernel.org/bpf/20230628115205.248395-1-laoar.shao@xxxxxxxxx/ Yafang Shao (3): bpf: Introduce BTF_TYPE_SAFE_TRUSTED_UNION selftests/bpf: Add selftests for BTF_TYPE_SAFE_TRUSTED_UNION bpf: Fix an error in verifying a field in a union kernel/bpf/btf.c | 22 +++++++++---------- kernel/bpf/verifier.c | 21 ++++++++++++++++++ .../bpf/progs/nested_trust_failure.c | 16 ++++++++++++++ .../bpf/progs/nested_trust_success.c | 15 +++++++++++++ 4 files changed, 62 insertions(+), 12 deletions(-) -- 2.30.1 (Apple Git-130)
