From: Alexei Starovoitov Date: Mon, 15 Jun 2026 23:21:46 +0000 (-0700) Subject: bpf: Emit verbose message when prog-specific btf_struct_access rejects a write X-Git-Tag: v7.2-rc1~25^2~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a933bade82b9cd9197c6c9a390623cfb1f8c0da7;p=thirdparty%2Flinux.git bpf: Emit verbose message when prog-specific btf_struct_access rejects a write When BPF_WRITE goes through a PTR_TO_BTF_ID register, check_ptr_to_btf_access() delegates to env->ops->btf_struct_access(). Most implementations (bpf_scx_btf_struct_access, tc_cls_act_btf_struct_access, etc.) return -EACCES for disallowed fields without logging anything, so the verifier rejects the program with an empty message. For example a scx program doing 1: R1=trusted_ptr_task_struct() ... 4: (7b) *(u64 *)(r1 +0) = r2 verification time 83 usec the program is rejected leaves the user guessing which field is off-limits. Emit verbose message. Signed-off-by: Alexei Starovoitov Reviewed-by: Emil Tsalapatis Acked-by: Yonghong Song Link: https://lore.kernel.org/r/20260615232146.5491-1-alexei.starovoitov@gmail.com Signed-off-by: Alexei Starovoitov --- diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 50e80dbbc1784..a2b348f980807 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5787,6 +5787,10 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, return -EFAULT; } ret = env->ops->btf_struct_access(&env->log, reg, off, size); + if (ret < 0) + verbose(env, + "%s cannot write into ptr_%s at off=%d size=%d\n", + reg_arg_name(env, argno), tname, off, size); } else { /* Writes are permitted with default btf_struct_access for * program allocated objects (which always have id > 0),