projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b9d44bc) | patch
bpf: rdonly_untrusted_mem for btf id walk pointer leafs
authorEduard Zingerman <eddyz87@gmail.com>
Fri, 4 Jul 2025 23:03:48 +0000 (16:03 -0700)
committerAlexei Starovoitov <ast@kernel.org>
Mon, 7 Jul 2025 15:25:06 +0000 (08:25 -0700)
commit2d5c91e1cc14c3511d163ac36ee869ecf3a29cc2
treeed64783a3c0c40d6449ef7ccd0218e72f4483a72tree
parentb9d44bc9fd30550052d0854d71b0c0731dc9f053commit | diff
bpf: rdonly_untrusted_mem for btf id walk pointer leafs

When processing a load from a PTR_TO_BTF_ID, the verifier calculates
the type of the loaded structure field based on the load offset.
For example, given the following types:

  struct foo {
    struct foo *a;
    int *b;
  } *p;

The verifier would calculate the type of `p->a` as a pointer to
`struct foo`. However, the type of `p->b` is currently calculated as a
SCALAR_VALUE.

This commit updates the logic for processing PTR_TO_BTF_ID to instead
calculate the type of p->b as PTR_TO_MEM|MEM_RDONLY|PTR_UNTRUSTED.
This change allows further dereferencing of such pointers (using probe
memory instructions).

Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250704230354.1323244-3-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
kernel/bpf/btf.c diff | blob | blame | history
kernel/bpf/verifier.c diff | blob | blame | history
tools/testing/selftests/bpf/prog_tests/linked_list.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)