* [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory
@ 2021-11-09 0:30 Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 1/3] bpf: Prevent write to ksym memory Hao Luo
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: Hao Luo @ 2021-11-09 0:30 UTC (permalink / raw)
To: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann
Cc: KP Singh, bpf, Hao Luo
There are currently two ways to modify a kernel memory in bpf programs:
1. declare a ksym of scalar type and directly modify its memory.
2. Pass a RDONLY_BUF into a helper function which will override
its arguments. For example, bpf_d_path, bpf_snprintf.
This patchset fixes these two problem. For the first, we introduce a
new reg type PTR_TO_RDONLY_MEM for the scalar typed ksym, which forbids
writing. For the second, we introduce a new arg type ARG_CONST_PTR_TO_MEM
to differentiate the arg types that only read the memory from those
that may write the memory. The previous ARG_PTR_TO_MEM is now only
compatible with writable memories. If a helper doesn't write into its
argument, it can use ARG_CONST_PTR_TO_MEM, which is also compatible
with read-only memories.
In v2, Andrii suggested using the name "ARG_PTR_TO_RDONLY_MEM", but I
find it is sort of misleading. Because the new arg_type is compatible
with both write and read-only memory. So I chose ARG_CONST_PTR_TO_MEM
instead.
Hao Luo (3):
bpf: Prevent write to ksym memory
bpf: Introduce ARG_CONST_PTR_TO_MEM
bpf/selftests: Test PTR_TO_RDONLY_MEM
include/linux/bpf.h | 20 +++++-
include/uapi/linux/bpf.h | 4 +-
kernel/bpf/btf.c | 2 +-
kernel/bpf/cgroup.c | 2 +-
kernel/bpf/helpers.c | 12 ++--
kernel/bpf/ringbuf.c | 2 +-
kernel/bpf/syscall.c | 2 +-
kernel/bpf/verifier.c | 60 +++++++++++++----
kernel/trace/bpf_trace.c | 26 ++++----
net/core/filter.c | 64 +++++++++----------
tools/include/uapi/linux/bpf.h | 4 +-
.../selftests/bpf/prog_tests/ksyms_btf.c | 14 ++++
.../bpf/progs/test_ksyms_btf_write_check.c | 29 +++++++++
13 files changed, 168 insertions(+), 73 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
--
2.34.0.rc0.344.g81b53c2807-goog
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v3 bpf-next 1/3] bpf: Prevent write to ksym memory
2021-11-09 0:30 [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Hao Luo
@ 2021-11-09 0:30 ` Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 2/3] bpf: Introduce ARG_CONST_PTR_TO_MEM Hao Luo
` (2 subsequent siblings)
3 siblings, 0 replies; 9+ messages in thread
From: Hao Luo @ 2021-11-09 0:30 UTC (permalink / raw)
To: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann
Cc: KP Singh, bpf, Hao Luo
A ksym could be used to refer a global variable in the kernel.
Previously if this variable is of non-struct type, bpf verifier resolves
its value type to be PTR_TO_MEM, which allows the program to write
to the memory. This patch introduces PTR_TO_RDONLY_MEM, which is
similar to PTR_TO_MEM, but forbids writing. This should prevent
program from writing kernel memory through ksyms.
Right now a PTR_TO_RDONLY_MEM can not be passed into any helper as
argument. But a PTR_TO_RDONLY_MEM can be read into a PTR_TO_MEM (e.g.
stack variable), which can be passed to helpers such as bpf_snprintf.
The following patch will add checks to differentiate the read-write
arguments and read-only arguments, and support for passing
PTR_TO_RDONLY_MEM to helper's read-only arguments.
Fixes: 63d9b80dcf2c ("bpf: Introducte bpf_this_cpu_ptr()")
Fixes: eaa6bcb71ef6 ("bpf: Introduce bpf_per_cpu_ptr()")
Fixes: 4976b718c355 ("bpf: Introduce pseudo_btf_id")
Signed-off-by: Hao Luo <haoluo@google.com>
---
Changes since v2:
- Rebase
Changes since v1:
- Added Fixes tag.
- Removed PTR_TO_RDONLY_MEM[_OR_NULL] from reg_type_may_be_refcounted.
include/linux/bpf.h | 6 ++++--
include/uapi/linux/bpf.h | 4 ++--
kernel/bpf/helpers.c | 4 ++--
kernel/bpf/verifier.c | 36 ++++++++++++++++++++++++++--------
tools/include/uapi/linux/bpf.h | 4 ++--
5 files changed, 38 insertions(+), 16 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index df3410bff4b0..64494d5964fa 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -356,8 +356,8 @@ enum bpf_return_type {
RET_PTR_TO_SOCK_COMMON_OR_NULL, /* returns a pointer to a sock_common or NULL */
RET_PTR_TO_ALLOC_MEM_OR_NULL, /* returns a pointer to dynamically allocated memory or NULL */
RET_PTR_TO_BTF_ID_OR_NULL, /* returns a pointer to a btf_id or NULL */
- RET_PTR_TO_MEM_OR_BTF_ID_OR_NULL, /* returns a pointer to a valid memory or a btf_id or NULL */
- RET_PTR_TO_MEM_OR_BTF_ID, /* returns a pointer to a valid memory or a btf_id */
+ RET_PTR_TO_RDONLY_MEM_OR_BTF_ID_OR_NULL, /* returns a pointer to a readonly memory or a btf_id or NULL */
+ RET_PTR_TO_RDONLY_MEM_OR_BTF_ID, /* returns a pointer to a readonly memory or a btf_id */
RET_PTR_TO_BTF_ID, /* returns a pointer to a btf_id */
};
@@ -460,6 +460,8 @@ enum bpf_reg_type {
PTR_TO_PERCPU_BTF_ID, /* reg points to a percpu kernel variable */
PTR_TO_FUNC, /* reg points to a bpf program function */
PTR_TO_MAP_KEY, /* reg points to a map element key */
+ PTR_TO_RDONLY_MEM, /* reg points to valid readonly memory region */
+ PTR_TO_RDONLY_MEM_OR_NULL, /* reg points to valid readonly memory region or null */
__BPF_REG_TYPE_MAX,
};
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 509eee5f0393..19c8511c1b14 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1142,8 +1142,8 @@ enum bpf_link_type {
* insn[0].off: 0
* insn[1].off: 0
* ldimm64 rewrite: address of the kernel variable
- * verifier type: PTR_TO_BTF_ID or PTR_TO_MEM, depending on whether the var
- * is struct/union.
+ * verifier type: PTR_TO_BTF_ID or PTR_TO_RDONLY_MEM, depending on whether
+ * the var is struct/union.
*/
#define BPF_PSEUDO_BTF_ID 3
/* insn[0].src_reg: BPF_PSEUDO_FUNC
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 1ffd469c217f..14531757087f 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -667,7 +667,7 @@ BPF_CALL_2(bpf_per_cpu_ptr, const void *, ptr, u32, cpu)
const struct bpf_func_proto bpf_per_cpu_ptr_proto = {
.func = bpf_per_cpu_ptr,
.gpl_only = false,
- .ret_type = RET_PTR_TO_MEM_OR_BTF_ID_OR_NULL,
+ .ret_type = RET_PTR_TO_RDONLY_MEM_OR_BTF_ID_OR_NULL,
.arg1_type = ARG_PTR_TO_PERCPU_BTF_ID,
.arg2_type = ARG_ANYTHING,
};
@@ -680,7 +680,7 @@ BPF_CALL_1(bpf_this_cpu_ptr, const void *, percpu_ptr)
const struct bpf_func_proto bpf_this_cpu_ptr_proto = {
.func = bpf_this_cpu_ptr,
.gpl_only = false,
- .ret_type = RET_PTR_TO_MEM_OR_BTF_ID,
+ .ret_type = RET_PTR_TO_RDONLY_MEM_OR_BTF_ID,
.arg1_type = ARG_PTR_TO_PERCPU_BTF_ID,
};
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1aafb43f61d1..eb3ae4a140ac 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -453,6 +453,7 @@ static bool reg_type_may_be_null(enum bpf_reg_type type)
type == PTR_TO_TCP_SOCK_OR_NULL ||
type == PTR_TO_BTF_ID_OR_NULL ||
type == PTR_TO_MEM_OR_NULL ||
+ type == PTR_TO_RDONLY_MEM_OR_NULL ||
type == PTR_TO_RDONLY_BUF_OR_NULL ||
type == PTR_TO_RDWR_BUF_OR_NULL;
}
@@ -571,6 +572,8 @@ static const char * const reg_type_str[] = {
[PTR_TO_PERCPU_BTF_ID] = "percpu_ptr_",
[PTR_TO_MEM] = "mem",
[PTR_TO_MEM_OR_NULL] = "mem_or_null",
+ [PTR_TO_RDONLY_MEM] = "rdonly_mem",
+ [PTR_TO_RDONLY_MEM_OR_NULL] = "rdonly_mem_or_null",
[PTR_TO_RDONLY_BUF] = "rdonly_buf",
[PTR_TO_RDONLY_BUF_OR_NULL] = "rdonly_buf_or_null",
[PTR_TO_RDWR_BUF] = "rdwr_buf",
@@ -1183,6 +1186,9 @@ static void mark_ptr_not_null_reg(struct bpf_reg_state *reg)
case PTR_TO_MEM_OR_NULL:
reg->type = PTR_TO_MEM;
break;
+ case PTR_TO_RDONLY_MEM_OR_NULL:
+ reg->type = PTR_TO_RDONLY_MEM;
+ break;
case PTR_TO_RDONLY_BUF_OR_NULL:
reg->type = PTR_TO_RDONLY_BUF;
break;
@@ -2741,6 +2747,8 @@ static bool is_spillable_regtype(enum bpf_reg_type type)
case PTR_TO_PERCPU_BTF_ID:
case PTR_TO_MEM:
case PTR_TO_MEM_OR_NULL:
+ case PTR_TO_RDONLY_MEM:
+ case PTR_TO_RDONLY_MEM_OR_NULL:
case PTR_TO_FUNC:
case PTR_TO_MAP_KEY:
return true;
@@ -3367,6 +3375,7 @@ static int __check_mem_access(struct bpf_verifier_env *env, int regno,
off, size, regno, reg->id, off, mem_size);
break;
case PTR_TO_MEM:
+ case PTR_TO_RDONLY_MEM:
default:
verbose(env, "invalid access to memory, mem_size=%u off=%d size=%d\n",
mem_size, off, size);
@@ -4377,6 +4386,16 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
reg->mem_size, false);
if (!err && t == BPF_READ && value_regno >= 0)
mark_reg_unknown(env, regs, value_regno);
+ } else if (reg->type == PTR_TO_RDONLY_MEM) {
+ if (t == BPF_WRITE) {
+ verbose(env, "R%d cannot write into %s\n",
+ regno, reg_type_str[reg->type]);
+ return -EACCES;
+ }
+ err = check_mem_region_access(env, regno, off, size,
+ reg->mem_size, false);
+ if (!err && value_regno >= 0)
+ mark_reg_unknown(env, regs, value_regno);
} else if (reg->type == PTR_TO_CTX) {
enum bpf_reg_type reg_type = SCALAR_VALUE;
struct btf *btf = NULL;
@@ -6579,8 +6598,8 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
mark_reg_known_zero(env, regs, BPF_REG_0);
regs[BPF_REG_0].type = PTR_TO_MEM_OR_NULL;
regs[BPF_REG_0].mem_size = meta.mem_size;
- } else if (fn->ret_type == RET_PTR_TO_MEM_OR_BTF_ID_OR_NULL ||
- fn->ret_type == RET_PTR_TO_MEM_OR_BTF_ID) {
+ } else if (fn->ret_type == RET_PTR_TO_RDONLY_MEM_OR_BTF_ID_OR_NULL ||
+ fn->ret_type == RET_PTR_TO_RDONLY_MEM_OR_BTF_ID) {
const struct btf_type *t;
mark_reg_known_zero(env, regs, BPF_REG_0);
@@ -6599,12 +6618,12 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
return -EINVAL;
}
regs[BPF_REG_0].type =
- fn->ret_type == RET_PTR_TO_MEM_OR_BTF_ID ?
- PTR_TO_MEM : PTR_TO_MEM_OR_NULL;
+ fn->ret_type == RET_PTR_TO_RDONLY_MEM_OR_BTF_ID ?
+ PTR_TO_RDONLY_MEM : PTR_TO_RDONLY_MEM_OR_NULL;
regs[BPF_REG_0].mem_size = tsize;
} else {
regs[BPF_REG_0].type =
- fn->ret_type == RET_PTR_TO_MEM_OR_BTF_ID ?
+ fn->ret_type == RET_PTR_TO_RDONLY_MEM_OR_BTF_ID ?
PTR_TO_BTF_ID : PTR_TO_BTF_ID_OR_NULL;
regs[BPF_REG_0].btf = meta.ret_btf;
regs[BPF_REG_0].btf_id = meta.ret_btf_id;
@@ -9410,7 +9429,7 @@ static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn)
dst_reg->type = aux->btf_var.reg_type;
switch (dst_reg->type) {
- case PTR_TO_MEM:
+ case PTR_TO_RDONLY_MEM:
dst_reg->mem_size = aux->btf_var.mem_size;
break;
case PTR_TO_BTF_ID:
@@ -11557,7 +11576,7 @@ static int check_pseudo_btf_id(struct bpf_verifier_env *env,
err = -EINVAL;
goto err_put;
}
- aux->btf_var.reg_type = PTR_TO_MEM;
+ aux->btf_var.reg_type = PTR_TO_RDONLY_MEM;
aux->btf_var.mem_size = tsize;
} else {
aux->btf_var.reg_type = PTR_TO_BTF_ID;
@@ -13379,7 +13398,8 @@ static int do_check_common(struct bpf_verifier_env *env, int subprog)
mark_reg_known_zero(env, regs, i);
else if (regs[i].type == SCALAR_VALUE)
mark_reg_unknown(env, regs, i);
- else if (regs[i].type == PTR_TO_MEM_OR_NULL) {
+ else if (regs[i].type == PTR_TO_MEM_OR_NULL ||
+ regs[i].type == PTR_TO_RDONLY_MEM_OR_NULL) {
const u32 mem_size = regs[i].mem_size;
mark_reg_known_zero(env, regs, i);
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 509eee5f0393..19c8511c1b14 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -1142,8 +1142,8 @@ enum bpf_link_type {
* insn[0].off: 0
* insn[1].off: 0
* ldimm64 rewrite: address of the kernel variable
- * verifier type: PTR_TO_BTF_ID or PTR_TO_MEM, depending on whether the var
- * is struct/union.
+ * verifier type: PTR_TO_BTF_ID or PTR_TO_RDONLY_MEM, depending on whether
+ * the var is struct/union.
*/
#define BPF_PSEUDO_BTF_ID 3
/* insn[0].src_reg: BPF_PSEUDO_FUNC
--
2.34.0.rc0.344.g81b53c2807-goog
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH v3 bpf-next 2/3] bpf: Introduce ARG_CONST_PTR_TO_MEM
2021-11-09 0:30 [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 1/3] bpf: Prevent write to ksym memory Hao Luo
@ 2021-11-09 0:30 ` Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 3/3] bpf/selftests: Test PTR_TO_RDONLY_MEM Hao Luo
2021-11-10 4:43 ` [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Andrii Nakryiko
3 siblings, 0 replies; 9+ messages in thread
From: Hao Luo @ 2021-11-09 0:30 UTC (permalink / raw)
To: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann
Cc: KP Singh, bpf, Hao Luo
Some helper functions may modify its arguments, for example,
bpf_d_path, bpf_get_stack etc. Previously, their argument types
were marked as ARG_PTR_TO_MEM, which is compatible with read-only
mem types, such as PTR_TO_RDONLY_BUF. Therefore it's legitimate
to modify a read-only memory by passing it into one of such helper
functions.
This patch excludes those read-only memory from ARG_PTR_TO_MEM and
introduces a new arg type ARG_CONST_PTR_TO_MEM. Argument types that
are marked as ARG_CONST_PTR_TO_MEM gives promise that the helper
function does not modify that argument, therefore it's compatible
with both read-only and writable memories.
The helper functions that previously modify their arguments will
continue using ARG_PTR_TO_MEM, but limited to modifible memories.
Helper functions that do not modify their arguments are replaced
to use ARG_CONST_PTR_TO_MEM.
So far the difference between ARG_PTR_TO_MEM and ARG_CONST_PTR_TO_MEM
is PTR_TO_RDONLY_BUF and PTR_TO_RDONLY_MEM. PTR_TO_RDONLY_BUF is
only used in bpf_iter prog as the type of key, which hasn't been
used in the affected helper functions. PTR_TO_RDONLY_MEM has
currently no consumers.
Signed-off-by: Hao Luo <haoluo@google.com>
---
Changes since v2:
- Introduce ARG_CONST_PTR_TO_MEM and limit the previous
ARG_PTR_TO_MEM to writable memory.
Changes since v1:
- new patch, introduced ARG_PTR_TO_WRITABLE_MEM to differentiate
read-only and read-write mem arg types.
include/linux/bpf.h | 14 ++++++++-
kernel/bpf/btf.c | 2 +-
kernel/bpf/cgroup.c | 2 +-
kernel/bpf/helpers.c | 8 ++---
kernel/bpf/ringbuf.c | 2 +-
kernel/bpf/syscall.c | 2 +-
kernel/bpf/verifier.c | 24 +++++++++++++--
kernel/trace/bpf_trace.c | 26 ++++++++--------
net/core/filter.c | 64 ++++++++++++++++++++--------------------
9 files changed, 87 insertions(+), 57 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 64494d5964fa..3486debc0753 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -313,7 +313,13 @@ enum bpf_arg_type {
/* the following constraints used to prototype bpf_memcmp() and other
* functions that access data on eBPF program stack
*/
- ARG_PTR_TO_MEM, /* pointer to valid memory (stack, packet, map value) */
+ ARG_PTR_TO_MEM, /* pointer to valid memory (stack, packet, map value).
+ * This arg_type isn't compatible with read-only
+ * memory. It marks that the helper may modify
+ * the memory this arg points to. If the helper doesn't
+ * modify its memory and expects to take a read-only
+ * memory, use ARG_CONST_PTR_TO_MEM instead.
+ */
ARG_PTR_TO_MEM_OR_NULL, /* pointer to valid memory or NULL */
ARG_PTR_TO_UNINIT_MEM, /* pointer to memory does not need to be initialized,
* helper function must fill all bytes or clear
@@ -342,6 +348,12 @@ enum bpf_arg_type {
ARG_PTR_TO_STACK_OR_NULL, /* pointer to stack or NULL */
ARG_PTR_TO_CONST_STR, /* pointer to a null terminated read-only string */
ARG_PTR_TO_TIMER, /* pointer to bpf_timer */
+ ARG_CONST_PTR_TO_MEM, /* pointer to valid memory. CONST means the helper won't
+ * write into the memory.
+ */
+ ARG_CONST_PTR_TO_MEM_OR_NULL, /* pointer to memory or null, similar to
+ * ARG_CONST_PTR_TO_MEM.
+ */
__BPF_ARG_TYPE_MAX,
};
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index cdb0fba65600..2c3add7eeced 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6336,7 +6336,7 @@ const struct bpf_func_proto bpf_btf_find_by_name_kind_proto = {
.func = bpf_btf_find_by_name_kind,
.gpl_only = false,
.ret_type = RET_INTEGER,
- .arg1_type = ARG_PTR_TO_MEM,
+ .arg1_type = ARG_CONST_PTR_TO_MEM,
.arg2_type = ARG_CONST_SIZE,
.arg3_type = ARG_ANYTHING,
.arg4_type = ARG_ANYTHING,
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 03145d45e3d5..7c4e81120901 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1753,7 +1753,7 @@ static const struct bpf_func_proto bpf_sysctl_set_new_value_proto = {
.gpl_only = false,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
};
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 14531757087f..fae555b3c2a3 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -530,7 +530,7 @@ const struct bpf_func_proto bpf_strtol_proto = {
.func = bpf_strtol,
.gpl_only = false,
.ret_type = RET_INTEGER,
- .arg1_type = ARG_PTR_TO_MEM,
+ .arg1_type = ARG_CONST_PTR_TO_MEM,
.arg2_type = ARG_CONST_SIZE,
.arg3_type = ARG_ANYTHING,
.arg4_type = ARG_PTR_TO_LONG,
@@ -558,7 +558,7 @@ const struct bpf_func_proto bpf_strtoul_proto = {
.func = bpf_strtoul,
.gpl_only = false,
.ret_type = RET_INTEGER,
- .arg1_type = ARG_PTR_TO_MEM,
+ .arg1_type = ARG_CONST_PTR_TO_MEM,
.arg2_type = ARG_CONST_SIZE,
.arg3_type = ARG_ANYTHING,
.arg4_type = ARG_PTR_TO_LONG,
@@ -630,7 +630,7 @@ const struct bpf_func_proto bpf_event_output_data_proto = {
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_CONST_MAP_PTR,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -1011,7 +1011,7 @@ const struct bpf_func_proto bpf_snprintf_proto = {
.arg1_type = ARG_PTR_TO_MEM_OR_NULL,
.arg2_type = ARG_CONST_SIZE_OR_ZERO,
.arg3_type = ARG_PTR_TO_CONST_STR,
- .arg4_type = ARG_PTR_TO_MEM_OR_NULL,
+ .arg4_type = ARG_CONST_PTR_TO_MEM_OR_NULL,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c
index 9e0c10c6892a..b515ce10e5ed 100644
--- a/kernel/bpf/ringbuf.c
+++ b/kernel/bpf/ringbuf.c
@@ -444,7 +444,7 @@ const struct bpf_func_proto bpf_ringbuf_output_proto = {
.func = bpf_ringbuf_output,
.ret_type = RET_INTEGER,
.arg1_type = ARG_CONST_MAP_PTR,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE_OR_ZERO,
.arg4_type = ARG_ANYTHING,
};
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 50f96ea4452a..379f17719c3b 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4757,7 +4757,7 @@ static const struct bpf_func_proto bpf_sys_bpf_proto = {
.gpl_only = false,
.ret_type = RET_INTEGER,
.arg1_type = ARG_ANYTHING,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
};
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index eb3ae4a140ac..d219dac006f2 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -486,7 +486,8 @@ static bool arg_type_may_be_null(enum bpf_arg_type type)
type == ARG_PTR_TO_CTX_OR_NULL ||
type == ARG_PTR_TO_SOCKET_OR_NULL ||
type == ARG_PTR_TO_ALLOC_MEM_OR_NULL ||
- type == ARG_PTR_TO_STACK_OR_NULL;
+ type == ARG_PTR_TO_STACK_OR_NULL ||
+ type == ARG_CONST_PTR_TO_MEM_OR_NULL;
}
/* Determine whether the function releases some resources allocated by another
@@ -4971,6 +4972,8 @@ static bool arg_type_is_mem_ptr(enum bpf_arg_type type)
{
return type == ARG_PTR_TO_MEM ||
type == ARG_PTR_TO_MEM_OR_NULL ||
+ type == ARG_CONST_PTR_TO_MEM ||
+ type == ARG_CONST_PTR_TO_MEM_OR_NULL ||
type == ARG_PTR_TO_UNINIT_MEM;
}
@@ -5078,6 +5081,19 @@ static const struct bpf_reg_types mem_types = {
PTR_TO_MEM,
PTR_TO_RDONLY_BUF,
PTR_TO_RDWR_BUF,
+ PTR_TO_RDONLY_MEM,
+ },
+};
+
+static const struct bpf_reg_types writable_mem_types = {
+ .types = {
+ PTR_TO_STACK,
+ PTR_TO_PACKET,
+ PTR_TO_PACKET_META,
+ PTR_TO_MAP_KEY,
+ PTR_TO_MAP_VALUE,
+ PTR_TO_MEM,
+ PTR_TO_RDWR_BUF,
},
};
@@ -5123,11 +5139,13 @@ static const struct bpf_reg_types *compatible_reg_types[__BPF_ARG_TYPE_MAX] = {
[ARG_PTR_TO_SOCKET_OR_NULL] = &fullsock_types,
[ARG_PTR_TO_BTF_ID] = &btf_ptr_types,
[ARG_PTR_TO_SPIN_LOCK] = &spin_lock_types,
- [ARG_PTR_TO_MEM] = &mem_types,
- [ARG_PTR_TO_MEM_OR_NULL] = &mem_types,
+ [ARG_PTR_TO_MEM] = &writable_mem_types,
+ [ARG_PTR_TO_MEM_OR_NULL] = &writable_mem_types,
[ARG_PTR_TO_UNINIT_MEM] = &mem_types,
[ARG_PTR_TO_ALLOC_MEM] = &alloc_mem_types,
[ARG_PTR_TO_ALLOC_MEM_OR_NULL] = &alloc_mem_types,
+ [ARG_CONST_PTR_TO_MEM] = &mem_types,
+ [ARG_CONST_PTR_TO_MEM_OR_NULL] = &mem_types,
[ARG_PTR_TO_INT] = &int_ptr_types,
[ARG_PTR_TO_LONG] = &int_ptr_types,
[ARG_PTR_TO_PERCPU_BTF_ID] = &percpu_btf_ptr_types,
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 390176a3031a..f585c61c4418 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -345,7 +345,7 @@ static const struct bpf_func_proto bpf_probe_write_user_proto = {
.gpl_only = true,
.ret_type = RET_INTEGER,
.arg1_type = ARG_ANYTHING,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
};
@@ -394,7 +394,7 @@ static const struct bpf_func_proto bpf_trace_printk_proto = {
.func = bpf_trace_printk,
.gpl_only = true,
.ret_type = RET_INTEGER,
- .arg1_type = ARG_PTR_TO_MEM,
+ .arg1_type = ARG_CONST_PTR_TO_MEM,
.arg2_type = ARG_CONST_SIZE,
};
@@ -450,9 +450,9 @@ static const struct bpf_func_proto bpf_trace_vprintk_proto = {
.func = bpf_trace_vprintk,
.gpl_only = true,
.ret_type = RET_INTEGER,
- .arg1_type = ARG_PTR_TO_MEM,
+ .arg1_type = ARG_CONST_PTR_TO_MEM,
.arg2_type = ARG_CONST_SIZE,
- .arg3_type = ARG_PTR_TO_MEM_OR_NULL,
+ .arg3_type = ARG_CONST_PTR_TO_MEM_OR_NULL,
.arg4_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -492,9 +492,9 @@ static const struct bpf_func_proto bpf_seq_printf_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_BTF_ID,
.arg1_btf_id = &btf_seq_file_ids[0],
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
- .arg4_type = ARG_PTR_TO_MEM_OR_NULL,
+ .arg4_type = ARG_CONST_PTR_TO_MEM_OR_NULL,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -509,7 +509,7 @@ static const struct bpf_func_proto bpf_seq_write_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_BTF_ID,
.arg1_btf_id = &btf_seq_file_ids[0],
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -533,7 +533,7 @@ static const struct bpf_func_proto bpf_seq_printf_btf_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_BTF_ID,
.arg1_btf_id = &btf_seq_file_ids[0],
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE_OR_ZERO,
.arg4_type = ARG_ANYTHING,
};
@@ -694,7 +694,7 @@ static const struct bpf_func_proto bpf_perf_event_output_proto = {
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_CONST_MAP_PTR,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -1004,7 +1004,7 @@ const struct bpf_func_proto bpf_snprintf_btf_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_MEM,
.arg2_type = ARG_CONST_SIZE,
- .arg3_type = ARG_PTR_TO_MEM,
+ .arg3_type = ARG_CONST_PTR_TO_MEM,
.arg4_type = ARG_CONST_SIZE,
.arg5_type = ARG_ANYTHING,
};
@@ -1289,7 +1289,7 @@ static const struct bpf_func_proto bpf_perf_event_output_proto_tp = {
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_CONST_MAP_PTR,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -1515,7 +1515,7 @@ static const struct bpf_func_proto bpf_perf_event_output_proto_raw_tp = {
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_CONST_MAP_PTR,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -1569,7 +1569,7 @@ static const struct bpf_func_proto bpf_get_stack_proto_raw_tp = {
.gpl_only = true,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE_OR_ZERO,
.arg4_type = ARG_ANYTHING,
};
diff --git a/net/core/filter.c b/net/core/filter.c
index 8e8d3b49c297..24177fbcd028 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1713,7 +1713,7 @@ static const struct bpf_func_proto bpf_skb_store_bytes_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_ANYTHING,
- .arg3_type = ARG_PTR_TO_MEM,
+ .arg3_type = ARG_CONST_PTR_TO_MEM,
.arg4_type = ARG_CONST_SIZE,
.arg5_type = ARG_ANYTHING,
};
@@ -2018,9 +2018,9 @@ static const struct bpf_func_proto bpf_csum_diff_proto = {
.gpl_only = false,
.pkt_access = true,
.ret_type = RET_INTEGER,
- .arg1_type = ARG_PTR_TO_MEM_OR_NULL,
+ .arg1_type = ARG_CONST_PTR_TO_MEM_OR_NULL,
.arg2_type = ARG_CONST_SIZE_OR_ZERO,
- .arg3_type = ARG_PTR_TO_MEM_OR_NULL,
+ .arg3_type = ARG_CONST_PTR_TO_MEM_OR_NULL,
.arg4_type = ARG_CONST_SIZE_OR_ZERO,
.arg5_type = ARG_ANYTHING,
};
@@ -2541,7 +2541,7 @@ static const struct bpf_func_proto bpf_redirect_neigh_proto = {
.gpl_only = false,
.ret_type = RET_INTEGER,
.arg1_type = ARG_ANYTHING,
- .arg2_type = ARG_PTR_TO_MEM_OR_NULL,
+ .arg2_type = ARG_CONST_PTR_TO_MEM_OR_NULL,
.arg3_type = ARG_CONST_SIZE_OR_ZERO,
.arg4_type = ARG_ANYTHING,
};
@@ -4174,7 +4174,7 @@ static const struct bpf_func_proto bpf_skb_event_output_proto = {
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_CONST_MAP_PTR,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -4188,7 +4188,7 @@ const struct bpf_func_proto bpf_skb_output_proto = {
.arg1_btf_id = &bpf_skb_output_btf_ids[0],
.arg2_type = ARG_CONST_MAP_PTR,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -4371,7 +4371,7 @@ static const struct bpf_func_proto bpf_skb_set_tunnel_key_proto = {
.gpl_only = false,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
};
@@ -4397,7 +4397,7 @@ static const struct bpf_func_proto bpf_skb_set_tunnel_opt_proto = {
.gpl_only = false,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
};
@@ -4567,7 +4567,7 @@ static const struct bpf_func_proto bpf_xdp_event_output_proto = {
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_CONST_MAP_PTR,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -4581,7 +4581,7 @@ const struct bpf_func_proto bpf_xdp_output_proto = {
.arg1_btf_id = &bpf_xdp_output_btf_ids[0],
.arg2_type = ARG_CONST_MAP_PTR,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE_OR_ZERO,
};
@@ -5067,7 +5067,7 @@ const struct bpf_func_proto bpf_sk_setsockopt_proto = {
.arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
.arg2_type = ARG_ANYTHING,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE,
};
@@ -5101,7 +5101,7 @@ static const struct bpf_func_proto bpf_sock_addr_setsockopt_proto = {
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_ANYTHING,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE,
};
@@ -5135,7 +5135,7 @@ static const struct bpf_func_proto bpf_sock_ops_setsockopt_proto = {
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_ANYTHING,
.arg3_type = ARG_ANYTHING,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE,
};
@@ -5310,7 +5310,7 @@ static const struct bpf_func_proto bpf_bind_proto = {
.gpl_only = false,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
};
@@ -5898,7 +5898,7 @@ static const struct bpf_func_proto bpf_lwt_in_push_encap_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_ANYTHING,
- .arg3_type = ARG_PTR_TO_MEM,
+ .arg3_type = ARG_CONST_PTR_TO_MEM,
.arg4_type = ARG_CONST_SIZE
};
@@ -5908,7 +5908,7 @@ static const struct bpf_func_proto bpf_lwt_xmit_push_encap_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_ANYTHING,
- .arg3_type = ARG_PTR_TO_MEM,
+ .arg3_type = ARG_CONST_PTR_TO_MEM,
.arg4_type = ARG_CONST_SIZE
};
@@ -5951,7 +5951,7 @@ static const struct bpf_func_proto bpf_lwt_seg6_store_bytes_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_ANYTHING,
- .arg3_type = ARG_PTR_TO_MEM,
+ .arg3_type = ARG_CONST_PTR_TO_MEM,
.arg4_type = ARG_CONST_SIZE
};
@@ -6039,7 +6039,7 @@ static const struct bpf_func_proto bpf_lwt_seg6_action_proto = {
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
.arg2_type = ARG_ANYTHING,
- .arg3_type = ARG_PTR_TO_MEM,
+ .arg3_type = ARG_CONST_PTR_TO_MEM,
.arg4_type = ARG_CONST_SIZE
};
@@ -6264,7 +6264,7 @@ static const struct bpf_func_proto bpf_skc_lookup_tcp_proto = {
.pkt_access = true,
.ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6283,7 +6283,7 @@ static const struct bpf_func_proto bpf_sk_lookup_tcp_proto = {
.pkt_access = true,
.ret_type = RET_PTR_TO_SOCKET_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6302,7 +6302,7 @@ static const struct bpf_func_proto bpf_sk_lookup_udp_proto = {
.pkt_access = true,
.ret_type = RET_PTR_TO_SOCKET_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6339,7 +6339,7 @@ static const struct bpf_func_proto bpf_xdp_sk_lookup_udp_proto = {
.pkt_access = true,
.ret_type = RET_PTR_TO_SOCKET_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6362,7 +6362,7 @@ static const struct bpf_func_proto bpf_xdp_skc_lookup_tcp_proto = {
.pkt_access = true,
.ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6385,7 +6385,7 @@ static const struct bpf_func_proto bpf_xdp_sk_lookup_tcp_proto = {
.pkt_access = true,
.ret_type = RET_PTR_TO_SOCKET_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6404,7 +6404,7 @@ static const struct bpf_func_proto bpf_sock_addr_skc_lookup_tcp_proto = {
.gpl_only = false,
.ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6423,7 +6423,7 @@ static const struct bpf_func_proto bpf_sock_addr_sk_lookup_tcp_proto = {
.gpl_only = false,
.ret_type = RET_PTR_TO_SOCKET_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6442,7 +6442,7 @@ static const struct bpf_func_proto bpf_sock_addr_sk_lookup_udp_proto = {
.gpl_only = false,
.ret_type = RET_PTR_TO_SOCKET_OR_NULL,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
.arg5_type = ARG_ANYTHING,
@@ -6755,9 +6755,9 @@ static const struct bpf_func_proto bpf_tcp_check_syncookie_proto = {
.pkt_access = true,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE,
};
@@ -6824,9 +6824,9 @@ static const struct bpf_func_proto bpf_tcp_gen_syncookie_proto = {
.pkt_access = true,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
- .arg4_type = ARG_PTR_TO_MEM,
+ .arg4_type = ARG_CONST_PTR_TO_MEM,
.arg5_type = ARG_CONST_SIZE,
};
@@ -7055,7 +7055,7 @@ static const struct bpf_func_proto bpf_sock_ops_store_hdr_opt_proto = {
.gpl_only = false,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_CTX,
- .arg2_type = ARG_PTR_TO_MEM,
+ .arg2_type = ARG_CONST_PTR_TO_MEM,
.arg3_type = ARG_CONST_SIZE,
.arg4_type = ARG_ANYTHING,
};
--
2.34.0.rc0.344.g81b53c2807-goog
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH v3 bpf-next 3/3] bpf/selftests: Test PTR_TO_RDONLY_MEM
2021-11-09 0:30 [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 1/3] bpf: Prevent write to ksym memory Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 2/3] bpf: Introduce ARG_CONST_PTR_TO_MEM Hao Luo
@ 2021-11-09 0:30 ` Hao Luo
2021-11-10 4:49 ` Andrii Nakryiko
2021-11-10 4:43 ` [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Andrii Nakryiko
3 siblings, 1 reply; 9+ messages in thread
From: Hao Luo @ 2021-11-09 0:30 UTC (permalink / raw)
To: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann
Cc: KP Singh, bpf, Hao Luo
This test verifies that a ksym of non-struct can not be directly
updated.
Signed-off-by: Hao Luo <haoluo@google.com>
---
Changes since v2:
- Rebase
Changes since v1:
- Replaced CHECK() with ASSERT_ERR_PTR()
- Commented in the test for the reason of verification failure.
.../selftests/bpf/prog_tests/ksyms_btf.c | 14 +++++++++
.../bpf/progs/test_ksyms_btf_write_check.c | 29 +++++++++++++++++++
2 files changed, 43 insertions(+)
create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
diff --git a/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c b/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
index 79f6bd1e50d6..f6933b06daf8 100644
--- a/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
+++ b/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
@@ -8,6 +8,7 @@
#include "test_ksyms_btf_null_check.skel.h"
#include "test_ksyms_weak.skel.h"
#include "test_ksyms_weak.lskel.h"
+#include "test_ksyms_btf_write_check.skel.h"
static int duration;
@@ -137,6 +138,16 @@ static void test_weak_syms_lskel(void)
test_ksyms_weak_lskel__destroy(skel);
}
+static void test_write_check(void)
+{
+ struct test_ksyms_btf_write_check *skel;
+
+ skel = test_ksyms_btf_write_check__open_and_load();
+ ASSERT_ERR_PTR(skel, "unexpected load of a prog writing to ksym memory\n");
+
+ test_ksyms_btf_write_check__destroy(skel);
+}
+
void test_ksyms_btf(void)
{
int percpu_datasec;
@@ -167,4 +178,7 @@ void test_ksyms_btf(void)
if (test__start_subtest("weak_ksyms_lskel"))
test_weak_syms_lskel();
+
+ if (test__start_subtest("write_check"))
+ test_write_check();
}
diff --git a/tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c b/tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
new file mode 100644
index 000000000000..2180c41cd890
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2021 Google */
+
+#include "vmlinux.h"
+
+#include <bpf/bpf_helpers.h>
+
+extern const int bpf_prog_active __ksym; /* int type global var. */
+
+SEC("raw_tp/sys_enter")
+int handler(const void *ctx)
+{
+ int *active;
+ __u32 cpu;
+
+ cpu = bpf_get_smp_processor_id();
+ active = (int *)bpf_per_cpu_ptr(&bpf_prog_active, cpu);
+ if (active) {
+ /* Kernel memory obtained from bpf_{per,this}_cpu_ptr
+ * is read-only, should _not_ pass verification.
+ */
+ /* WRITE_ONCE */
+ *(volatile int *)active = -1;
+ }
+
+ return 0;
+}
+
+char _license[] SEC("license") = "GPL";
--
2.34.0.rc0.344.g81b53c2807-goog
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory
2021-11-09 0:30 [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Hao Luo
` (2 preceding siblings ...)
2021-11-09 0:30 ` [PATCH v3 bpf-next 3/3] bpf/selftests: Test PTR_TO_RDONLY_MEM Hao Luo
@ 2021-11-10 4:43 ` Andrii Nakryiko
2021-11-10 19:54 ` Hao Luo
3 siblings, 1 reply; 9+ messages in thread
From: Andrii Nakryiko @ 2021-11-10 4:43 UTC (permalink / raw)
To: Hao Luo
Cc: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, KP Singh, bpf
On Mon, Nov 8, 2021 at 4:31 PM Hao Luo <haoluo@google.com> wrote:
>
> There are currently two ways to modify a kernel memory in bpf programs:
> 1. declare a ksym of scalar type and directly modify its memory.
> 2. Pass a RDONLY_BUF into a helper function which will override
> its arguments. For example, bpf_d_path, bpf_snprintf.
>
> This patchset fixes these two problem. For the first, we introduce a
> new reg type PTR_TO_RDONLY_MEM for the scalar typed ksym, which forbids
> writing. For the second, we introduce a new arg type ARG_CONST_PTR_TO_MEM
> to differentiate the arg types that only read the memory from those
> that may write the memory. The previous ARG_PTR_TO_MEM is now only
> compatible with writable memories. If a helper doesn't write into its
> argument, it can use ARG_CONST_PTR_TO_MEM, which is also compatible
> with read-only memories.
>
> In v2, Andrii suggested using the name "ARG_PTR_TO_RDONLY_MEM", but I
> find it is sort of misleading. Because the new arg_type is compatible
> with both write and read-only memory. So I chose ARG_CONST_PTR_TO_MEM
> instead.
I find ARG_CONST_PTR_TO_MEM misleading. It's the difference between
`char * const` (const pointer to mutable memory) vs `const char *`
(pointer to an immutable memory). We need the latter semantics, and
that *is* PTR_TO_RDONLY_MEM in BPF verifier terms.
Drawing further analogies from C, you can pass `char *` (pointer to
mutable memory) to any function that expects `const char *`, because
it's safe to do so, but not the other way.
So I don't think it's confusing at all that it is PTR_TO_RDONLY_MEM
and that you can pass PTR_TO_MEM register to a helper that expects
ARG_PTR_TO_RDONLY_MEM.
>
> Hao Luo (3):
> bpf: Prevent write to ksym memory
> bpf: Introduce ARG_CONST_PTR_TO_MEM
> bpf/selftests: Test PTR_TO_RDONLY_MEM
>
> include/linux/bpf.h | 20 +++++-
> include/uapi/linux/bpf.h | 4 +-
> kernel/bpf/btf.c | 2 +-
> kernel/bpf/cgroup.c | 2 +-
> kernel/bpf/helpers.c | 12 ++--
> kernel/bpf/ringbuf.c | 2 +-
> kernel/bpf/syscall.c | 2 +-
> kernel/bpf/verifier.c | 60 +++++++++++++----
> kernel/trace/bpf_trace.c | 26 ++++----
> net/core/filter.c | 64 +++++++++----------
> tools/include/uapi/linux/bpf.h | 4 +-
> .../selftests/bpf/prog_tests/ksyms_btf.c | 14 ++++
> .../bpf/progs/test_ksyms_btf_write_check.c | 29 +++++++++
> 13 files changed, 168 insertions(+), 73 deletions(-)
> create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
>
> --
> 2.34.0.rc0.344.g81b53c2807-goog
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3 bpf-next 3/3] bpf/selftests: Test PTR_TO_RDONLY_MEM
2021-11-09 0:30 ` [PATCH v3 bpf-next 3/3] bpf/selftests: Test PTR_TO_RDONLY_MEM Hao Luo
@ 2021-11-10 4:49 ` Andrii Nakryiko
0 siblings, 0 replies; 9+ messages in thread
From: Andrii Nakryiko @ 2021-11-10 4:49 UTC (permalink / raw)
To: Hao Luo
Cc: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, KP Singh, bpf
On Mon, Nov 8, 2021 at 4:31 PM Hao Luo <haoluo@google.com> wrote:
>
> This test verifies that a ksym of non-struct can not be directly
> updated.
>
> Signed-off-by: Hao Luo <haoluo@google.com>
> ---
Love the simplicity of the test.
Acked-by: Andrii Nakryiko <andrii@kernel.org>
> Changes since v2:
> - Rebase
>
> Changes since v1:
> - Replaced CHECK() with ASSERT_ERR_PTR()
> - Commented in the test for the reason of verification failure.
>
> .../selftests/bpf/prog_tests/ksyms_btf.c | 14 +++++++++
> .../bpf/progs/test_ksyms_btf_write_check.c | 29 +++++++++++++++++++
> 2 files changed, 43 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c b/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
> index 79f6bd1e50d6..f6933b06daf8 100644
> --- a/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
> +++ b/tools/testing/selftests/bpf/prog_tests/ksyms_btf.c
> @@ -8,6 +8,7 @@
> #include "test_ksyms_btf_null_check.skel.h"
> #include "test_ksyms_weak.skel.h"
> #include "test_ksyms_weak.lskel.h"
> +#include "test_ksyms_btf_write_check.skel.h"
>
> static int duration;
>
> @@ -137,6 +138,16 @@ static void test_weak_syms_lskel(void)
> test_ksyms_weak_lskel__destroy(skel);
> }
>
> +static void test_write_check(void)
> +{
> + struct test_ksyms_btf_write_check *skel;
> +
> + skel = test_ksyms_btf_write_check__open_and_load();
> + ASSERT_ERR_PTR(skel, "unexpected load of a prog writing to ksym memory\n");
> +
> + test_ksyms_btf_write_check__destroy(skel);
> +}
> +
> void test_ksyms_btf(void)
> {
> int percpu_datasec;
> @@ -167,4 +178,7 @@ void test_ksyms_btf(void)
>
> if (test__start_subtest("weak_ksyms_lskel"))
> test_weak_syms_lskel();
> +
> + if (test__start_subtest("write_check"))
> + test_write_check();
> }
> diff --git a/tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c b/tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
> new file mode 100644
> index 000000000000..2180c41cd890
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
> @@ -0,0 +1,29 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2021 Google */
> +
> +#include "vmlinux.h"
> +
> +#include <bpf/bpf_helpers.h>
> +
> +extern const int bpf_prog_active __ksym; /* int type global var. */
> +
> +SEC("raw_tp/sys_enter")
> +int handler(const void *ctx)
> +{
> + int *active;
> + __u32 cpu;
> +
> + cpu = bpf_get_smp_processor_id();
> + active = (int *)bpf_per_cpu_ptr(&bpf_prog_active, cpu);
> + if (active) {
> + /* Kernel memory obtained from bpf_{per,this}_cpu_ptr
> + * is read-only, should _not_ pass verification.
> + */
> + /* WRITE_ONCE */
> + *(volatile int *)active = -1;
> + }
> +
> + return 0;
> +}
> +
> +char _license[] SEC("license") = "GPL";
> --
> 2.34.0.rc0.344.g81b53c2807-goog
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory
2021-11-10 4:43 ` [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Andrii Nakryiko
@ 2021-11-10 19:54 ` Hao Luo
2021-11-10 22:05 ` Alexei Starovoitov
0 siblings, 1 reply; 9+ messages in thread
From: Hao Luo @ 2021-11-10 19:54 UTC (permalink / raw)
To: Andrii Nakryiko
Cc: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, KP Singh, bpf
On Tue, Nov 9, 2021 at 8:43 PM Andrii Nakryiko
<andrii.nakryiko@gmail.com> wrote:
>
> On Mon, Nov 8, 2021 at 4:31 PM Hao Luo <haoluo@google.com> wrote:
> >
> > There are currently two ways to modify a kernel memory in bpf programs:
> > 1. declare a ksym of scalar type and directly modify its memory.
> > 2. Pass a RDONLY_BUF into a helper function which will override
> > its arguments. For example, bpf_d_path, bpf_snprintf.
> >
> > This patchset fixes these two problem. For the first, we introduce a
> > new reg type PTR_TO_RDONLY_MEM for the scalar typed ksym, which forbids
> > writing. For the second, we introduce a new arg type ARG_CONST_PTR_TO_MEM
> > to differentiate the arg types that only read the memory from those
> > that may write the memory. The previous ARG_PTR_TO_MEM is now only
> > compatible with writable memories. If a helper doesn't write into its
> > argument, it can use ARG_CONST_PTR_TO_MEM, which is also compatible
> > with read-only memories.
> >
> > In v2, Andrii suggested using the name "ARG_PTR_TO_RDONLY_MEM", but I
> > find it is sort of misleading. Because the new arg_type is compatible
> > with both write and read-only memory. So I chose ARG_CONST_PTR_TO_MEM
> > instead.
>
> I find ARG_CONST_PTR_TO_MEM misleading. It's the difference between
> `char * const` (const pointer to mutable memory) vs `const char *`
> (pointer to an immutable memory). We need the latter semantics, and
> that *is* PTR_TO_RDONLY_MEM in BPF verifier terms.
>
Ah, I am aware of the semantic difference between 'char * const' and
'const char *', but your explanation in the bracket helps me see your
point better. It does seem PTR_TO_RDONLY_MEM matches the semantics
now. Let me fix and send an update.
> Drawing further analogies from C, you can pass `char *` (pointer to
> mutable memory) to any function that expects `const char *`, because
> it's safe to do so, but not the other way.
>
> So I don't think it's confusing at all that it is PTR_TO_RDONLY_MEM
> and that you can pass PTR_TO_MEM register to a helper that expects
> ARG_PTR_TO_RDONLY_MEM.
>
> >
> > Hao Luo (3):
> > bpf: Prevent write to ksym memory
> > bpf: Introduce ARG_CONST_PTR_TO_MEM
> > bpf/selftests: Test PTR_TO_RDONLY_MEM
> >
> > include/linux/bpf.h | 20 +++++-
> > include/uapi/linux/bpf.h | 4 +-
> > kernel/bpf/btf.c | 2 +-
> > kernel/bpf/cgroup.c | 2 +-
> > kernel/bpf/helpers.c | 12 ++--
> > kernel/bpf/ringbuf.c | 2 +-
> > kernel/bpf/syscall.c | 2 +-
> > kernel/bpf/verifier.c | 60 +++++++++++++----
> > kernel/trace/bpf_trace.c | 26 ++++----
> > net/core/filter.c | 64 +++++++++----------
> > tools/include/uapi/linux/bpf.h | 4 +-
> > .../selftests/bpf/prog_tests/ksyms_btf.c | 14 ++++
> > .../bpf/progs/test_ksyms_btf_write_check.c | 29 +++++++++
> > 13 files changed, 168 insertions(+), 73 deletions(-)
> > create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
> >
> > --
> > 2.34.0.rc0.344.g81b53c2807-goog
> >
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory
2021-11-10 19:54 ` Hao Luo
@ 2021-11-10 22:05 ` Alexei Starovoitov
2021-11-10 22:50 ` Hao Luo
0 siblings, 1 reply; 9+ messages in thread
From: Alexei Starovoitov @ 2021-11-10 22:05 UTC (permalink / raw)
To: Hao Luo
Cc: Andrii Nakryiko, Alexei Starovoitov, Andrii Nakryiko,
Daniel Borkmann, KP Singh, bpf
On Wed, Nov 10, 2021 at 11:55 AM Hao Luo <haoluo@google.com> wrote:
>
> On Tue, Nov 9, 2021 at 8:43 PM Andrii Nakryiko
> <andrii.nakryiko@gmail.com> wrote:
> >
> > On Mon, Nov 8, 2021 at 4:31 PM Hao Luo <haoluo@google.com> wrote:
> > >
> > > There are currently two ways to modify a kernel memory in bpf programs:
> > > 1. declare a ksym of scalar type and directly modify its memory.
> > > 2. Pass a RDONLY_BUF into a helper function which will override
> > > its arguments. For example, bpf_d_path, bpf_snprintf.
> > >
> > > This patchset fixes these two problem. For the first, we introduce a
> > > new reg type PTR_TO_RDONLY_MEM for the scalar typed ksym, which forbids
> > > writing. For the second, we introduce a new arg type ARG_CONST_PTR_TO_MEM
> > > to differentiate the arg types that only read the memory from those
> > > that may write the memory. The previous ARG_PTR_TO_MEM is now only
> > > compatible with writable memories. If a helper doesn't write into its
> > > argument, it can use ARG_CONST_PTR_TO_MEM, which is also compatible
> > > with read-only memories.
> > >
> > > In v2, Andrii suggested using the name "ARG_PTR_TO_RDONLY_MEM", but I
> > > find it is sort of misleading. Because the new arg_type is compatible
> > > with both write and read-only memory. So I chose ARG_CONST_PTR_TO_MEM
> > > instead.
> >
> > I find ARG_CONST_PTR_TO_MEM misleading. It's the difference between
> > `char * const` (const pointer to mutable memory) vs `const char *`
> > (pointer to an immutable memory). We need the latter semantics, and
> > that *is* PTR_TO_RDONLY_MEM in BPF verifier terms.
> >
>
> Ah, I am aware of the semantic difference between 'char * const' and
> 'const char *', but your explanation in the bracket helps me see your
> point better. It does seem PTR_TO_RDONLY_MEM matches the semantics
> now. Let me fix and send an update.
I thought earlier we agreed that flag approach is prefered.
Looks like OR_NULL discussion is progressing nicely and
IS_RDONLY or IS_RDWR flags will just fit right in.
What's the reason to go with this approach ?
It seems it will make the refactoring more tedious later.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory
2021-11-10 22:05 ` Alexei Starovoitov
@ 2021-11-10 22:50 ` Hao Luo
0 siblings, 0 replies; 9+ messages in thread
From: Hao Luo @ 2021-11-10 22:50 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: Andrii Nakryiko, Alexei Starovoitov, Andrii Nakryiko,
Daniel Borkmann, KP Singh, bpf
On Wed, Nov 10, 2021 at 2:05 PM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Wed, Nov 10, 2021 at 11:55 AM Hao Luo <haoluo@google.com> wrote:
> >
> > On Tue, Nov 9, 2021 at 8:43 PM Andrii Nakryiko
> > <andrii.nakryiko@gmail.com> wrote:
> > >
> > > On Mon, Nov 8, 2021 at 4:31 PM Hao Luo <haoluo@google.com> wrote:
> > > >
> > > > There are currently two ways to modify a kernel memory in bpf programs:
> > > > 1. declare a ksym of scalar type and directly modify its memory.
> > > > 2. Pass a RDONLY_BUF into a helper function which will override
> > > > its arguments. For example, bpf_d_path, bpf_snprintf.
> > > >
> > > > This patchset fixes these two problem. For the first, we introduce a
> > > > new reg type PTR_TO_RDONLY_MEM for the scalar typed ksym, which forbids
> > > > writing. For the second, we introduce a new arg type ARG_CONST_PTR_TO_MEM
> > > > to differentiate the arg types that only read the memory from those
> > > > that may write the memory. The previous ARG_PTR_TO_MEM is now only
> > > > compatible with writable memories. If a helper doesn't write into its
> > > > argument, it can use ARG_CONST_PTR_TO_MEM, which is also compatible
> > > > with read-only memories.
> > > >
> > > > In v2, Andrii suggested using the name "ARG_PTR_TO_RDONLY_MEM", but I
> > > > find it is sort of misleading. Because the new arg_type is compatible
> > > > with both write and read-only memory. So I chose ARG_CONST_PTR_TO_MEM
> > > > instead.
> > >
> > > I find ARG_CONST_PTR_TO_MEM misleading. It's the difference between
> > > `char * const` (const pointer to mutable memory) vs `const char *`
> > > (pointer to an immutable memory). We need the latter semantics, and
> > > that *is* PTR_TO_RDONLY_MEM in BPF verifier terms.
> > >
> >
> > Ah, I am aware of the semantic difference between 'char * const' and
> > 'const char *', but your explanation in the bracket helps me see your
> > point better. It does seem PTR_TO_RDONLY_MEM matches the semantics
> > now. Let me fix and send an update.
>
> I thought earlier we agreed that flag approach is prefered.
> Looks like OR_NULL discussion is progressing nicely and
> IS_RDONLY or IS_RDWR flags will just fit right in.
> What's the reason to go with this approach ?
> It seems it will make the refactoring more tedious later.
I felt this patch series has been holding for too long and is now mostly ready.
In contrast, I wasn't sure how many iterations are needed for the flag
patch and kind of worried it may further delay this patch, so I
developed these two patches independently.
I can certainly merge them into one if that's preferred.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-11-10 22:51 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-09 0:30 [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 1/3] bpf: Prevent write to ksym memory Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 2/3] bpf: Introduce ARG_CONST_PTR_TO_MEM Hao Luo
2021-11-09 0:30 ` [PATCH v3 bpf-next 3/3] bpf/selftests: Test PTR_TO_RDONLY_MEM Hao Luo
2021-11-10 4:49 ` Andrii Nakryiko
2021-11-10 4:43 ` [PATCH v3 bpf-next 0/3] bpf: Prevent writing read-only memory Andrii Nakryiko
2021-11-10 19:54 ` Hao Luo
2021-11-10 22:05 ` Alexei Starovoitov
2021-11-10 22:50 ` Hao Luo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.