Re: [PATCH bpf-next v4 1/2] bpf: Allow access to const void pointer arguments in tracing programs

Wed, 23 Apr 2025 12:17:36 -0700 

On Wed, Apr 23, 2025 at 5:14 AM KaFai Wan <mannka...@gmail.com> wrote:
>
> Adding support to access arguments with const void pointer arguments
> in tracing programs.
>
> Currently we allow tracing programs to access void pointers. If we try to
> access argument which is pointer to const void like 2nd argument in kfree,
> verifier will fail to load the program with;
>
> 0: R1=ctx() R10=fp0
> ; asm volatile ("r2 = *(u64 *)(r1 + 8); ");
> 0: (79) r2 = *(u64 *)(r1 +8)
> func 'kfree' arg1 type UNKNOWN is not a struct
>
> Changing the is_int_ptr to void and generic integer check and renaming
> it to is_void_or_int_ptr.
>
> Cc: Leon Hwang <leon.hw...@linux.dev>
> Signed-off-by: KaFai Wan <mannka...@gmail.com>
> Acked-by: Jiri Olsa <jo...@kernel.org>
> ---
>  kernel/bpf/btf.c | 13 +++----------
>  1 file changed, 3 insertions(+), 10 deletions(-)
>
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 16ba36f34dfa..14cdefc15f0e 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -6383,12 +6383,12 @@ struct btf *bpf_prog_get_target_btf(const struct 
> bpf_prog *prog)
>                 return prog->aux->attach_btf;
>  }
>
> -static bool is_int_ptr(struct btf *btf, const struct btf_type *t)
> +static bool is_void_or_int_ptr(struct btf *btf, const struct btf_type *t)
>  {
>         /* skip modifiers */
>         t = btf_type_skip_modifiers(btf, t->type, NULL);
>
> -       return btf_type_is_int(t);
> +       return btf_type_is_void(t) || btf_type_is_int(t);
>  }
>
>  static u32 get_ctx_arg_idx(struct btf *btf, const struct btf_type 
> *func_proto,
> @@ -6776,14 +6776,7 @@ bool btf_ctx_access(int off, int size, enum 
> bpf_access_type type,
>                 }
>         }
>
> -       if (t->type == 0)
> -               /* This is a pointer to void.
> -                * It is the same as scalar from the verifier safety pov.
> -                * No further pointer walking is allowed.

I preserved this comment (with slight rewording to make sense in a
combined check context). Applied to bpf-next, thanks.

> -                */
> -               return true;
> -
> -       if (is_int_ptr(btf, t))
> +       if (is_void_or_int_ptr(btf, t))
>                 return true;
>
>         /* this is a pointer to another type */
> --
> 2.43.0
>

Reply via email to