On Thu, 3 Jul 2025 at 00:44, Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
>
> Check usage of __arg_untrusted parameters of primitive type:
> - passing of {trusted, untrusted, map value, scalar value, values with
> variable offset} to untrusted `void *` or `char *` is ok;
> - varifier represents such parameters as rdonly_untrusted_mem(sz=0).
>
> Signed-off-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
> ---
LGTM, but can we also exercise BTF_KIND_ENUM{,64}? Since you
explicitly handle both of them. I guess char * covers BTF_KIND_INT, so
we don't need more cases (but up to you).
Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
> .../bpf/progs/verifier_global_ptr_args.c | 41 +++++++++++++++++++
> 1 file changed, 41 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/verifier_global_ptr_args.c b/tools/testing/selftests/bpf/progs/verifier_global_ptr_args.c
> index 772e8dd3e001..f91d9c2906aa 100644
> --- a/tools/testing/selftests/bpf/progs/verifier_global_ptr_args.c
> +++ b/tools/testing/selftests/bpf/progs/verifier_global_ptr_args.c
> @@ -245,4 +245,45 @@ int untrusted_to_trusted(void *ctx)
> return subprog_untrusted2(bpf_get_current_task_btf());
> }
>
> +__weak int subprog_void_untrusted(void *p __arg_untrusted)
> +{
> + return *(int *)p;
> +}
> +
> +__weak int subprog_char_untrusted(char *p __arg_untrusted)
> +{
> + return *(int *)p;
> +}
> +
> +SEC("tp_btf/sys_enter")
> +__success
> +__log_level(2)
> +__msg("r1 = {{.*}}; {{.*}}R1_w=trusted_ptr_task_struct()")
> +__msg("Func#1 ('subprog_void_untrusted') is global and assumed valid.")
> +__msg("Validating subprog_void_untrusted() func#1...")
> +__msg(": R1=rdonly_untrusted_mem(sz=0)")
> +int trusted_to_untrusted_mem(void *ctx)
> +{
> + return subprog_void_untrusted(bpf_get_current_task_btf());
> +}
> +
> +SEC("tp_btf/sys_enter")
> +__success
> +int anything_to_untrusted_mem(void *ctx)
> +{
> + /* untrusted to untrusted mem */
> + subprog_void_untrusted(bpf_core_cast(0, struct task_struct));
> + /* map value to untrusted mem */
> + subprog_void_untrusted(mem);
> + /* scalar to untrusted mem */
> + subprog_void_untrusted(0);
> + /* variable offset to untrusted mem (map) */
> + subprog_void_untrusted((void *)mem + off);
> + /* variable offset to untrusted mem (trusted) */
> + subprog_void_untrusted(bpf_get_current_task_btf() + off);
> + /* variable offset to untrusted char (map) */
> + subprog_char_untrusted(mem + off);
> + return 0;
> +}
> +
> char _license[] SEC("license") = "GPL";
> --
> 2.47.1
>
>
