On Wed, 2026-02-18 at 09:13 +1100, Slava Imameev wrote:
[...]
> The verifier assigns SCALAR type to single-level pointers (void*, int*).
So, the simplest change for pointers to pointers would be as below, right?
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6906,7 +6906,8 @@ bool btf_ctx_access(int off, int size, enum
bpf_access_type type,
* If it's a pointer to void, it's the same as scalar from the
verifier
* safety POV. Either way, no futher pointer walking is allowed.
*/
- if (is_void_or_int_ptr(btf, t))
+ if (is_void_or_int_ptr(btf, t) || !is_ptr_to_struct(btf, t))
return true;
/* this is a pointer to another type */
Except that loaded value would be marked as scalar() and one would
need to cast it using e.g. bpf_core_cast() to obtain an untrusted
pointer.
> For multi-level pointers, I selected PTR_TO_MEM to enable memory access
> through a single load instruction for the first level of dereference,
> with subsequent dereferences becoming SCALAR. This design eliminates
> helper call for parameter dereference, replacing it with a load
> instruction (e.g., void* ptr = *pptr).
If going this route instead, is there a technical reason to limit this
logic to multi-level pointers? Applying same rules to `int *` and
alike seem more consistent.
[...]
