mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 12:57:53 +00:00
Code Issues Releases Wiki Activity

bpf: Invoke btf_struct_access() callback only for writes.

Browse source 
Remove duplicated if (atype == BPF_READ) btf_struct_access() from
btf_struct_access() callback and invoke it only for writes. This is
possible to do because currently btf_struct_access() custom callback
always delegates to generic btf_struct_access() helper for BPF_READ
accesses.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: David Vernet <void@manifault.com>
Link: https://lore.kernel.org/bpf/20230404045029.82870-2-alexei.starovoitov@gmail.com
This commit is contained in:
Alexei Starovoitov 2023-04-03 21:50:22 -07:00 committed by Andrii Nakryiko
parent 8fc59c26d2
commit 7d64c51328
4 changed files with 2 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
kernel/bpf/verifier.c
View file

@ -5504,7 +5504,7 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env,
return -EACCES;
}
if (env->ops->btf_struct_access && !type_is_alloc(reg->type)) {
if (env->ops->btf_struct_access && !type_is_alloc(reg->type) && atype == BPF_WRITE) {
if (!btf_is_kernel(reg->btf)) {
verbose(env, "verifier internal error: reg->btf must be kernel btf\n");
return -EFAULT;

2
net/bpf/bpf_dummy_struct_ops.c
View file

@ -198,7 +198,7 @@ static int bpf_dummy_ops_btf_struct_access(struct bpf_verifier_log *log,
if (err < 0)
return err;
return atype == BPF_READ ? err : NOT_INIT;
return NOT_INIT;
}
static const struct bpf_verifier_ops bpf_dummy_verifier_ops = {

6
net/core/filter.c
View file

@ -8753,9 +8753,6 @@ static int tc_cls_act_btf_struct_access(struct bpf_verifier_log *log,
{
int ret = -EACCES;
if (atype == BPF_READ)
return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
mutex_lock(&nf_conn_btf_access_lock);
if (nfct_btf_struct_access)
ret = nfct_btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
@ -8830,9 +8827,6 @@ static int xdp_btf_struct_access(struct bpf_verifier_log *log,
{
int ret = -EACCES;
if (atype == BPF_READ)
return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
mutex_lock(&nf_conn_btf_access_lock);
if (nfct_btf_struct_access)
ret = nfct_btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);

3
net/ipv4/bpf_tcp_ca.c
View file

@ -78,9 +78,6 @@ static int bpf_tcp_ca_btf_struct_access(struct bpf_verifier_log *log,
const struct btf_type *t;
size_t end;
if (atype == BPF_READ)
return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
t = btf_type_by_id(reg->btf, reg->btf_id);
if (t != tcp_sock_type) {
bpf_log(log, "only read is supported\n");