fmod_ret BPF programs can only be attached to selected functions. For convenience, the error injection list was originally used (along with functions prefixed with "security_"), which contains syscalls and several other functions. When error injection is disabled (CONFIG_FUNCTION_ERROR_INJECTION=n), that list is empty and fmod_ret programs are effectively unavailable for most of the functions. In such a case, at least enable fmod_ret programs on syscalls. Signed-off-by: Viktor Malik Acked-by: Kumar Kartikeya Dwivedi Acked-by: Leon Hwang --- kernel/bpf/verifier.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a52e57f3eb80..8e4f69918693 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -24952,15 +24952,6 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env) } #define SECURITY_PREFIX "security_" -static int check_attach_modify_return(unsigned long addr, const char *func_name) -{ - if (within_error_injection_list(addr) || - !strncmp(SECURITY_PREFIX, func_name, sizeof(SECURITY_PREFIX) - 1)) - return 0; - - return -EINVAL; -} - #ifdef CONFIG_FUNCTION_ERROR_INJECTION /* list of non-sleepable functions that are otherwise on @@ -24996,6 +24987,15 @@ static int check_attach_sleepable(u32 btf_id, unsigned long addr, const char *fu return -EINVAL; } +static int check_attach_modify_return(unsigned long addr, const char *func_name) +{ + if (within_error_injection_list(addr) || + !strncmp(SECURITY_PREFIX, func_name, sizeof(SECURITY_PREFIX) - 1)) + return 0; + + return -EINVAL; +} + #else /* Unfortunately, the arch-specific prefixes are hard-coded in arch syscall code @@ -25023,7 +25023,7 @@ static bool has_arch_syscall_prefix(const char *func_name) #endif } -/* Without error injection, allow sleepable progs on syscalls. */ +/* Without error injection, allow sleepable and fmod_ret progs on syscalls. */ static int check_attach_sleepable(u32 btf_id, unsigned long addr, const char *func_name) { @@ -25033,6 +25033,15 @@ static int check_attach_sleepable(u32 btf_id, unsigned long addr, const char *fu return -EINVAL; } +static int check_attach_modify_return(unsigned long addr, const char *func_name) +{ + if (has_arch_syscall_prefix(func_name) || + !strncmp(SECURITY_PREFIX, func_name, sizeof(SECURITY_PREFIX) - 1)) + return 0; + + return -EINVAL; +} + #endif /* CONFIG_FUNCTION_ERROR_INJECTION */ int bpf_check_attach_target(struct bpf_verifier_log *log, -- 2.53.0