From: Kumar Kartikeya Dwivedi Date: Tue, 9 Jun 2026 15:39:46 +0000 (+0200) Subject: Merge branch 'bpf-enforce-btf-pointer-write-checks-for-global-args' X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1a660bbd12dd855fce6cf13f144008c4e45e7c7;p=thirdparty%2Flinux.git Merge branch 'bpf-enforce-btf-pointer-write-checks-for-global-args' Nuoqi Gui says: ==================== bpf: Enforce BTF pointer write checks for global args check_mem_reg() verifies both read and write access when a caller passes memory into a global subprogram. For PTR_TO_BTF_ID callers, check_helper_mem_access() currently always checks the access as BPF_READ. That lets a tracing program pass a task_struct field pointer to a global subprogram argument typed as writable memory. The direct field store is rejected with "only read is supported", but the callee is validated with a generic writable PTR_TO_MEM argument and can store through it. Forward the requested access type into the PTR_TO_BTF_ID helper-access path and add verifier coverage for the global-subprogram argument case. Validation (tested on bpf-next 8496d9020ff3): Without this series: direct BTF field store rejected with "only read is supported"; global-subprogram candidate loaded, attached, and runtime-confirmed. With this series applied: direct BTF field store rejected with "only read is supported"; global-subprogram candidate rejected with "only read is supported". Signed-off-by: Nuoqi Gui --- ==================== Link: https://patch.msgid.link/20260609-f01-04-btf-writable-arg-v1-0-f449cd970669@mails.tsinghua.edu.cn Signed-off-by: Kumar Kartikeya Dwivedi --- f1a660bbd12dd855fce6cf13f144008c4e45e7c7