bpf: Mark cgroup_subsys_state->cgroup RCU safe

Mark struct cgroup_subsys_state->cgroup as safe under RCU read lock. This
will enable accessing css->cgroup from a bpf css iterator.

Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/20250623063854.1896364-4-song@kernel.org
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index a7d6e0c5928bc0a2e48a964bee9bf6307bf8c287..db01bf51c792384deca1ff71b4fd9c515d45a4d5 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6993,6 +6993,10 @@ BTF_TYPE_SAFE_RCU(struct css_set) {
        struct cgroup *dfl_cgrp;
 };
 
+BTF_TYPE_SAFE_RCU(struct cgroup_subsys_state) {
+       struct cgroup *cgroup;
+};
+
 /* RCU trusted: these fields are trusted in RCU CS and can be NULL */
 BTF_TYPE_SAFE_RCU_OR_NULL(struct mm_struct) {
        struct file __rcu *exe_file;
@@ -7043,6 +7047,7 @@ static bool type_is_rcu(struct bpf_verifier_env *env,
        BTF_TYPE_EMIT(BTF_TYPE_SAFE_RCU(struct task_struct));
        BTF_TYPE_EMIT(BTF_TYPE_SAFE_RCU(struct cgroup));
        BTF_TYPE_EMIT(BTF_TYPE_SAFE_RCU(struct css_set));
+       BTF_TYPE_EMIT(BTF_TYPE_SAFE_RCU(struct cgroup_subsys_state));
 
        return btf_nested_type_is_trusted(&env->log, reg, field_name, btf_id, "__safe_rcu");
 }