On Tue, 2026-03-10 at 23:16 +1100, Slava Imameev wrote: [...]
> I verified whether PTR->FUNC, PTR->DATASEC, PTR->VAR can be passed to > btf_ctx_access() in the current mainline. > > I added helpers that inject PTR->FUNC, PTR->DATASEC, PTR->VAR as pre or > post calls to btf_check_meta(). In all cases, the BPF program load > failed with errors "arg0 type FUNC / DATASEC / VAR is not a struct", > which indicates that btf_check_meta() can indeed be called with > PTR->FUNC, PTR->DATASEC, PTR->VAR. > > If the condition for pointer check is changed to > `if (!btf_type_is_struct_ptr(btf, t))`, these BPF programs will load > successfully with arguments set to scalar(). > > Do we accept this change in behavior? Kernel validates BTF before loading, see kernel/bpf/btf.c:btf_resolve(). Validation is applied to kernel, module and program-level BTF. Does BTF containing PTR->DATASEC and PTR->VAR pass validation? If it does, validation should be updated to reject such cases. For PTR->FUNC, which one is legit PTR->FUNC or PTR->FUNC_PROTO? The legit one should be allowed and invalid should be rejected at validation phase. You can craft invalid BTF as in the following selftest: tools/testing/selftests/bpf/prog_tests/btf.c. [...]
