bpf: Invoke btf_struct_access() callback only for writes.

Remove duplicated if (atype == BPF_READ) btf_struct_access() from
btf_struct_access() callback and invoke it only for writes. This is
possible to do because currently btf_struct_access() custom callback
always delegates to generic btf_struct_access() helper for BPF_READ
accesses.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: David Vernet <void@manifault.com>
Link: https://lore.kernel.org/bpf/20230404045029.82870-2-alexei.starovoitov@gmail.com

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index eaf9c52..8398456 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5504,7 +5504,7 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env,
                return -EACCES;
        }
 
-       if (env->ops->btf_struct_access && !type_is_alloc(reg->type)) {
+       if (env->ops->btf_struct_access && !type_is_alloc(reg->type) && atype == BPF_WRITE) {
                if (!btf_is_kernel(reg->btf)) {
                        verbose(env, "verifier internal error: reg->btf must be kernel btf\n");
                        return -EFAULT;

diff --git a/net/bpf/bpf_dummy_struct_ops.c b/net/bpf/bpf_dummy_struct_ops.c
index ff4f89a..9535c85 100644 (file)
--- a/net/bpf/bpf_dummy_struct_ops.c
+++ b/net/bpf/bpf_dummy_struct_ops.c
@@ -198,7 +198,7 @@ static int bpf_dummy_ops_btf_struct_access(struct bpf_verifier_log *log,
        if (err < 0)
                return err;
 
-       return atype == BPF_READ ? err : NOT_INIT;
+       return NOT_INIT;
 }
 
 static const struct bpf_verifier_ops bpf_dummy_verifier_ops = {

diff --git a/net/core/filter.c b/net/core/filter.c
index 3370efa..8b9f409 100644 (file)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -8753,9 +8753,6 @@ static int tc_cls_act_btf_struct_access(struct bpf_verifier_log *log,
 {
        int ret = -EACCES;
 
-       if (atype == BPF_READ)
-               return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
-
        mutex_lock(&nf_conn_btf_access_lock);
        if (nfct_btf_struct_access)
                ret = nfct_btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
@@ -8830,9 +8827,6 @@ static int xdp_btf_struct_access(struct bpf_verifier_log *log,
 {
        int ret = -EACCES;
 
-       if (atype == BPF_READ)
-               return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
-
        mutex_lock(&nf_conn_btf_access_lock);
        if (nfct_btf_struct_access)
                ret = nfct_btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);

diff --git a/net/ipv4/bpf_tcp_ca.c b/net/ipv4/bpf_tcp_ca.c
index ea21c96..d646587 100644 (file)
--- a/net/ipv4/bpf_tcp_ca.c
+++ b/net/ipv4/bpf_tcp_ca.c
@@ -78,9 +78,6 @@ static int bpf_tcp_ca_btf_struct_access(struct bpf_verifier_log *log,
        const struct btf_type *t;
        size_t end;
 
-       if (atype == BPF_READ)
-               return btf_struct_access(log, reg, off, size, atype, next_btf_id, flag);
-
        t = btf_type_by_id(reg->btf, reg->btf_id);
        if (t != tcp_sock_type) {
                bpf_log(log, "only read is supported\n");