bpf: consider types listed in reg2btf_ids as trusted (831deb29) · Commits · EulixOS / Software / Kernel

kernel/bpf/verifier.c

+12 −9

Original line number	Diff line number	Diff line
		@@ -5413,12 +5413,24 @@ static bool is_flow_key_reg(struct bpf_verifier_env *env, int regno)
		return reg->type == PTR_TO_FLOW_KEYS;
		}

		static u32 *reg2btf_ids[__BPF_REG_TYPE_MAX] = {
		#ifdef CONFIG_NET
		[PTR_TO_SOCKET] = &btf_sock_ids[BTF_SOCK_TYPE_SOCK],
		[PTR_TO_SOCK_COMMON] = &btf_sock_ids[BTF_SOCK_TYPE_SOCK_COMMON],
		[PTR_TO_TCP_SOCK] = &btf_sock_ids[BTF_SOCK_TYPE_TCP],
		#endif
		};

		static bool is_trusted_reg(const struct bpf_reg_state *reg)
		{
		/* A referenced register is always trusted. */
		if (reg->ref_obj_id)
		return true;

		/* Types listed in the reg2btf_ids are always trusted */
		if (reg2btf_ids[base_type(reg->type)])
		return true;

		/* If a register is not referenced, it is trusted if it has the
		* MEM_ALLOC or PTR_TRUSTED type modifiers, and no others. Some of the
		* other type modifiers may be safe, but we elect to take an opt-in
		@@ -10052,15 +10064,6 @@ static bool __btf_type_is_scalar_struct(struct bpf_verifier_env *env,
		return true;
		}


		static u32 *reg2btf_ids[__BPF_REG_TYPE_MAX] = {
		#ifdef CONFIG_NET
		[PTR_TO_SOCKET] = &btf_sock_ids[BTF_SOCK_TYPE_SOCK],
		[PTR_TO_SOCK_COMMON] = &btf_sock_ids[BTF_SOCK_TYPE_SOCK_COMMON],
		[PTR_TO_TCP_SOCK] = &btf_sock_ids[BTF_SOCK_TYPE_TCP],
		#endif
		};

		enum kfunc_ptr_arg_type {
		KF_ARG_PTR_TO_CTX,
		KF_ARG_PTR_TO_ALLOC_BTF_ID, /* Allocated object */