On Wed, 17 Aug 2022 at 20:43, Daniel Xu <dxu@xxxxxxxxx> wrote:
>
> Since commit 27ae7997a661 ("bpf: Introduce BPF_PROG_TYPE_STRUCT_OPS")
> there has existed bpf_verifier_ops:btf_struct_access. When
> btf_struct_access is _unset_ for a prog type, the verifier runs the
> default implementation, which is to enforce read only:
>
> if (env->ops->btf_struct_access) {
> [...]
> } else {
> if (atype != BPF_READ) {
> verbose(env, "only read is supported\n");
> return -EACCES;
> }
>
> [...]
> }
>
> When btf_struct_access is _set_, the expectation is that
> btf_struct_access has full control over accesses, including if writes
> are allowed.
>
> Rather than carve out an exception for each prog type that may write to
> BTF ptrs, delete the redundant check and give full control to
> btf_struct_access.
>
> Signed-off-by: Daniel Xu <dxu@xxxxxxxxx>
> ---
Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
