Re: [PATCH bpf-next v2 1/4] bpf: Remove duplicate PTR_TO_BTF_ID RO check

From: Kumar Kartikeya Dwivedi
Date: Wed Aug 17 2022 - 16:08:40 EST

Next message: Kumar Kartikeya Dwivedi: "Re: [PATCH bpf-next v2 2/4] bpf: Add stub for btf_struct_access()"
Previous message: Kees Cook: "Re: [PATCH v9 07/27] rust: import upstream `alloc` crate"
In reply to: Daniel Xu: "[PATCH bpf-next v2 1/4] bpf: Remove duplicate PTR_TO_BTF_ID RO check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 17 Aug 2022 at 20:43, Daniel Xu <dxu@xxxxxxxxx> wrote:
>
> Since commit 27ae7997a661 ("bpf: Introduce BPF_PROG_TYPE_STRUCT_OPS")
> there has existed bpf_verifier_ops:btf_struct_access. When
> btf_struct_access is _unset_ for a prog type, the verifier runs the
> default implementation, which is to enforce read only:
>
> if (env->ops->btf_struct_access) {
> [...]
> } else {
> if (atype != BPF_READ) {
> verbose(env, "only read is supported\n");
> return -EACCES;
> }
>
> [...]
> }
>
> When btf_struct_access is _set_, the expectation is that
> btf_struct_access has full control over accesses, including if writes
> are allowed.
>
> Rather than carve out an exception for each prog type that may write to
> BTF ptrs, delete the redundant check and give full control to
> btf_struct_access.
>
> Signed-off-by: Daniel Xu <dxu@xxxxxxxxx>
> ---

Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>

Next message: Kumar Kartikeya Dwivedi: "Re: [PATCH bpf-next v2 2/4] bpf: Add stub for btf_struct_access()"
Previous message: Kees Cook: "Re: [PATCH v9 07/27] rust: import upstream `alloc` crate"
In reply to: Daniel Xu: "[PATCH bpf-next v2 1/4] bpf: Remove duplicate PTR_TO_BTF_ID RO check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]