lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <17247510f876045d49deabba99f8b668633715a2.camel@gmail.com>
Date: Mon, 05 Jan 2026 10:23:03 -0800
From: Eduard Zingerman <eddyz87@...il.com>
To: Jakub Sitnicki <jakub@...udflare.com>, bpf@...r.kernel.org
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Eric
 Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo
 Abeni <pabeni@...hat.com>,  Alexei Starovoitov	 <ast@...nel.org>, Daniel
 Borkmann <daniel@...earbox.net>, Jesper Dangaard Brouer <hawk@...nel.org>,
 John Fastabend <john.fastabend@...il.com>, Stanislav Fomichev	
 <sdf@...ichev.me>, Simon Horman <horms@...nel.org>, Andrii Nakryiko	
 <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Song Liu	
 <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, KP Singh	
 <kpsingh@...nel.org>, Hao Luo <haoluo@...gle.com>, Jiri Olsa
 <jolsa@...nel.org>, 	kernel-team@...udflare.com
Subject: Re: [PATCH bpf-next v2 11/16] bpf, verifier: Remove side effects
 from may_access_direct_pkt_data

On Mon, 2026-01-05 at 13:14 +0100, Jakub Sitnicki wrote:
> The may_access_direct_pkt_data() helper sets env->seen_direct_write as a
> side effect, which creates awkward calling patterns:
> 
> - check_special_kfunc() has a comment warning readers about the side effect
> - specialize_kfunc() must save and restore the flag around the call
> 
> Make the helper a pure function by moving the seen_direct_write flag
> setting to call sites that need it.
> 
> Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
> ---

Acked-by: Eduard Zingerman <eddyz87@...il.com>

>  kernel/bpf/verifier.c | 33 ++++++++++++---------------------
>  1 file changed, 12 insertions(+), 21 deletions(-)
> 
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 9394b0de2ef0..52d76a848f65 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -6151,13 +6151,9 @@ static bool may_access_direct_pkt_data(struct bpf_verifier_env *env,
>  		if (meta)
>  			return meta->pkt_access;
>  
> -		env->seen_direct_write = true;

Note to reviewers:
the call to may_access_direct_pkt_data() in check_func_arg() always
has a non-NULL 'meta', so it is correct to skip setting
'env->seen_direct_write' there, behavior does not change.

>  		return true;
>  
>  	case BPF_PROG_TYPE_CGROUP_SOCKOPT:
> -		if (t == BPF_WRITE)
> -			env->seen_direct_write = true;
> -
>  		return true;
>  
>  	default:

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ