Currently, pointers returned by `bpf_rdonly_cast()` have a type of
"pointer to btf id", and only casts to structure types are allowed.
Access to memory pointed to by these pointers is done through
`BPF_PROBE_{MEM,MEMSX}` instructions and does not produce errors on
invalid memory access.
This patch set extends `bpf_rdonly_cast()` to allow casts to an
equivalent of 'void *', effectively replacing
`bpf_probe_read_kernel()` calls in situations where access to
individual bytes or integers is necessary.
The mechanism was suggested and explored by Andrii Nakryiko in [1].
To help with detecting support for this feature, an
`enum bpf_features` is added with intended usage as follows:
if (bpf_core_enum_value_exists(enum bpf_features,
BPF_FEAT_RDONLY_CAST_TO_VOID))
...
[1] https://github.com/anakryiko/linux/tree/bpf-mem-cast
Changelog:
v2: https://lore.kernel.org/bpf/20250625000520.2700423-1-eddyz87@xxxxxxxxx/
v2 -> v3:
- dropped direct numbering for __MAX_BPF_FEAT.
v1: https://lore.kernel.org/bpf/20250624191009.902874-1-eddyz87@xxxxxxxxx/
v1 -> v2:
- renamed BPF_FEAT_TOTAL to __MAX_BPF_FEAT and moved patch introducing
bpf_features enum to the start of the series (Alexei);
- dropped patch #3 allowing optout from CAP_SYS_ADMIN drop in
prog_tests/verifier.c, use a separate runner in prog_tests/*
instead.
Eduard Zingerman (3):
bpf: add bpf_features enum
bpf: allow void* cast using bpf_rdonly_cast()
selftests/bpf: check operations on untrusted ro pointers to mem
kernel/bpf/verifier.c | 79 ++++++++--
.../bpf/prog_tests/mem_rdonly_untrusted.c | 9 ++
.../bpf/progs/mem_rdonly_untrusted.c | 136 ++++++++++++++++++
3 files changed, 212 insertions(+), 12 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/mem_rdonly_untrusted.c
create mode 100644 tools/testing/selftests/bpf/progs/mem_rdonly_untrusted.c
--
2.47.1
