bpf: Rename ARG_PTR_TO_KPTR -> ARG_KPTR_XCHG_DEST

ARG_PTR_TO_KPTR is currently only used by the bpf_kptr_xchg helper.
Although it limits reg types for that helper's first arg to
PTR_TO_MAP_VALUE, any arbitrary mapval won't do: further custom
verification logic ensures that the mapval reg being xchgd-into is
pointing to a kptr field. If this is not the case, it's not safe to xchg
into that reg's pointee.

Let's rename the bpf_arg_type to more accurately describe the fairly
specific expectations that this arg type encodes.

This is a nonfunctional change.

Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Signed-off-by: Amery Hung <amery.hung@bytedance.com>
Link: https://lore.kernel.org/r/20240813212424.2871455-4-amery.hung@bytedance.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 00dc4dd28cbd99d8f2901e76e0927794136d8bf9..dc63083f76b7c9f06a657db3040b81a14d079e96 100644 (file)
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -744,7 +744,7 @@ enum bpf_arg_type {
        ARG_PTR_TO_STACK,       /* pointer to stack */
        ARG_PTR_TO_CONST_STR,   /* pointer to a null terminated read-only string */
        ARG_PTR_TO_TIMER,       /* pointer to bpf_timer */
-       ARG_PTR_TO_KPTR,        /* pointer to referenced kptr */
+       ARG_KPTR_XCHG_DEST,     /* pointer to destination that kptrs are bpf_kptr_xchg'd into */
        ARG_PTR_TO_DYNPTR,      /* pointer to bpf_dynptr. See bpf_type_flag for dynptr type */
        __BPF_ARG_TYPE_MAX,
 

diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 4105b4af6e0352df7278b92843e60af4f2fc1757..bf55b81b3e064a8dc677803c4dfff3ebdfdd6347 100644 (file)
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -1636,7 +1636,7 @@ static const struct bpf_func_proto bpf_kptr_xchg_proto = {
        .gpl_only     = false,
        .ret_type     = RET_PTR_TO_BTF_ID_OR_NULL,
        .ret_btf_id   = BPF_PTR_POISON,
-       .arg1_type    = ARG_PTR_TO_KPTR,
+       .arg1_type    = ARG_KPTR_XCHG_DEST,
        .arg2_type    = ARG_PTR_TO_BTF_ID_OR_NULL | OBJ_RELEASE,
        .arg2_btf_id  = BPF_PTR_POISON,
 };

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 14853644645767f553dca524db846ade3494f8fb..5fe2a8978bb86b1993ee194858666dd7a4079967 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -8412,7 +8412,7 @@ static const struct bpf_reg_types func_ptr_types = { .types = { PTR_TO_FUNC } };
 static const struct bpf_reg_types stack_ptr_types = { .types = { PTR_TO_STACK } };
 static const struct bpf_reg_types const_str_ptr_types = { .types = { PTR_TO_MAP_VALUE } };
 static const struct bpf_reg_types timer_types = { .types = { PTR_TO_MAP_VALUE } };
-static const struct bpf_reg_types kptr_types = { .types = { PTR_TO_MAP_VALUE } };
+static const struct bpf_reg_types kptr_xchg_dest_types = { .types = { PTR_TO_MAP_VALUE } };
 static const struct bpf_reg_types dynptr_types = {
        .types = {
                PTR_TO_STACK,
@@ -8444,7 +8444,7 @@ static const struct bpf_reg_types *compatible_reg_types[__BPF_ARG_TYPE_MAX] = {
        [ARG_PTR_TO_STACK]              = &stack_ptr_types,
        [ARG_PTR_TO_CONST_STR]          = &const_str_ptr_types,
        [ARG_PTR_TO_TIMER]              = &timer_types,
-       [ARG_PTR_TO_KPTR]               = &kptr_types,
+       [ARG_KPTR_XCHG_DEST]            = &kptr_xchg_dest_types,
        [ARG_PTR_TO_DYNPTR]             = &dynptr_types,
 };
 
@@ -9044,7 +9044,7 @@ skip_type_check:
                        return err;
                break;
        }
-       case ARG_PTR_TO_KPTR:
+       case ARG_KPTR_XCHG_DEST:
                err = process_kptr_func(env, regno, meta);
                if (err)
                        return err;