Commit 7d64c513 authored by Alexei Starovoitov's avatar Alexei Starovoitov Committed by Andrii Nakryiko
Browse files

bpf: Invoke btf_struct_access() callback only for writes. 



Remove duplicated if (atype == BPF_READ) btf_struct_access() from
btf_struct_access() callback and invoke it only for writes. This is
possible to do because currently btf_struct_access() custom callback
always delegates to generic btf_struct_access() helper for BPF_READ
accesses.

Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Acked-by: default avatarDavid Vernet <void@manifault.com>
Link: https://lore.kernel.org/bpf/20230404045029.82870-2-alexei.starovoitov@gmail.com
parent 8fc59c26

kernel/bpf/verifier.c

+1 −1
Original line number Diff line number Diff line
@@ -5504,7 +5504,7 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, 
		return -EACCES;

	}









	if (env->ops->btf_struct_access && !type_is_alloc(reg->type)) {









	if (env->ops->btf_struct_access && !type_is_alloc(reg->type) && atype == BPF_WRITE) {









		if (!btf_is_kernel(reg->btf)) {









			verbose(env, "verifier internal error: reg->btf must be kernel btf\n");









			return -EFAULT;
































net/bpf/bpf_dummy_struct_ops.c



+1
−1






























Original line number
Diff line number
Diff line







@@ -198,7 +198,7 @@ static int bpf_dummy_ops_btf_struct_access(struct bpf_verifier_log *log,







	if (err < 0)









		return err;



















	return atype == BPF_READ ? err : NOT_INIT;









	return NOT_INIT;









}



















static const struct bpf_verifier_ops bpf_dummy_verifier_ops = {
































net/core/filter.c



+0
−6






























Original line number
Diff line number
Diff line







@@ -8753,9 +8753,6 @@ static int tc_cls_act_btf_struct_access(struct bpf_verifier_log *log,







{









	int ret = -EACCES;



















	if (atype == BPF_READ)









		return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);



















	mutex_lock(&nf_conn_btf_access_lock);









	if (nfct_btf_struct_access)









		ret = nfct_btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);








@@ -8830,9 +8827,6 @@ static int xdp_btf_struct_access(struct bpf_verifier_log *log,







{









	int ret = -EACCES;



















	if (atype == BPF_READ)









		return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);



















	mutex_lock(&nf_conn_btf_access_lock);









	if (nfct_btf_struct_access)









		ret = nfct_btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
































net/ipv4/bpf_tcp_ca.c



+0
−3






























Original line number
Diff line number
Diff line







@@ -78,9 +78,6 @@ static int bpf_tcp_ca_btf_struct_access(struct bpf_verifier_log *log,







	const struct btf_type *t;









	size_t end;



















	if (atype == BPF_READ)









		return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);



















	t = btf_type_by_id(reg->btf, reg->btf_id);









	if (t != tcp_sock_type) {









		bpf_log(log, "only read is supported\n");