From: Mykyta Yatsenko Mark vm_area_struct in bpf_find_vma callback as trusted, also mark its field struct file *vm_file as trusted or NULL. Signed-off-by: Mykyta Yatsenko --- kernel/bpf/verifier.c | 8 +++++++- tools/testing/selftests/bpf/progs/find_vma.c | 6 ++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 528782835c84..a33ab6175651 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7102,6 +7102,10 @@ BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct socket) { struct sock *sk; }; +BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct vm_area_struct) { + struct file *vm_file; +}; + static bool type_is_rcu(struct bpf_verifier_env *env, struct bpf_reg_state *reg, const char *field_name, u32 btf_id) @@ -7133,6 +7137,7 @@ static bool type_is_trusted(struct bpf_verifier_env *env, BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED(struct bpf_iter__task)); BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED(struct linux_binprm)); BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED(struct file)); + BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED(struct vm_area_struct)); return btf_nested_type_is_trusted(&env->log, reg, field_name, btf_id, "__safe_trusted"); } @@ -7143,6 +7148,7 @@ static bool type_is_trusted_or_null(struct bpf_verifier_env *env, { BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct socket)); BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct dentry)); + BTF_TYPE_EMIT(BTF_TYPE_SAFE_TRUSTED_OR_NULL(struct vm_area_struct)); return btf_nested_type_is_trusted(&env->log, reg, field_name, btf_id, "__safe_trusted_or_null"); @@ -10859,7 +10865,7 @@ static int set_find_vma_callback_state(struct bpf_verifier_env *env, */ callee->regs[BPF_REG_1] = caller->regs[BPF_REG_1]; - callee->regs[BPF_REG_2].type = PTR_TO_BTF_ID; + callee->regs[BPF_REG_2].type = PTR_TO_BTF_ID | PTR_TRUSTED; __mark_reg_known_zero(&callee->regs[BPF_REG_2]); callee->regs[BPF_REG_2].btf = btf_vmlinux; callee->regs[BPF_REG_2].btf_id = btf_tracing_ids[BTF_TRACING_TYPE_VMA]; diff --git a/tools/testing/selftests/bpf/progs/find_vma.c b/tools/testing/selftests/bpf/progs/find_vma.c index 02b82774469c..75b85ba3ab6a 100644 --- a/tools/testing/selftests/bpf/progs/find_vma.c +++ b/tools/testing/selftests/bpf/progs/find_vma.c @@ -23,9 +23,11 @@ int find_addr_ret = -1; static long check_vma(struct task_struct *task, struct vm_area_struct *vma, struct callback_ctx *data) { - if (vma->vm_file) + struct file *file = vma->vm_file; + + if (file) bpf_probe_read_kernel_str(d_iname, DNAME_INLINE_LEN - 1, - vma->vm_file->f_path.dentry->d_shortname.string); + file->f_path.dentry->d_shortname.string); /* check for VM_EXEC */ if (vma->vm_flags & VM_EXEC) -- 2.51.0