]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
bpf: Emit verbose message when prog-specific btf_struct_access rejects a write
authorAlexei Starovoitov <ast@kernel.org>
Mon, 15 Jun 2026 23:21:46 +0000 (16:21 -0700)
committerAlexei Starovoitov <ast@kernel.org>
Mon, 22 Jun 2026 00:58:49 +0000 (17:58 -0700)
When BPF_WRITE goes through a PTR_TO_BTF_ID register, check_ptr_to_btf_access()
delegates to env->ops->btf_struct_access(). Most implementations
(bpf_scx_btf_struct_access, tc_cls_act_btf_struct_access, etc.) return
-EACCES for disallowed fields without logging anything, so the verifier
rejects the program with an empty message. For example a scx program doing

  1: R1=trusted_ptr_task_struct()
  ...
  4: (7b) *(u64 *)(r1 +0) = r2
  verification time 83 usec
  the program is rejected

leaves the user guessing which field is off-limits.
Emit verbose message.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20260615232146.5491-1-alexei.starovoitov@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
kernel/bpf/verifier.c

index 50e80dbbc1784667eb5ade4c662f6640abe54bde..a2b348f980807304dbe9b8f0dbd201d639a96b7c 100644 (file)
@@ -5787,6 +5787,10 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env,
                        return -EFAULT;
                }
                ret = env->ops->btf_struct_access(&env->log, reg, off, size);
+               if (ret < 0)
+                       verbose(env,
+                               "%s cannot write into ptr_%s at off=%d size=%d\n",
+                               reg_arg_name(env, argno), tname, off, size);
        } else {
                /* Writes are permitted with default btf_struct_access for
                 * program allocated objects (which always have id > 0),