On 2026/4/12 00:35, Feng Yang wrote: > From: Feng Yang <[email protected]> > [...] > > static bool return_retval_range(struct bpf_verifier_env *env, struct > bpf_retval_range *range) > { > @@ -18416,8 +18522,13 @@ static bool return_retval_range(struct > bpf_verifier_env *env, struct bpf_retval_ > *range = retval_range(0, 0); > break; > case BPF_TRACE_RAW_TP: > - case BPF_MODIFY_RETURN: > return false; > + case BPF_MODIFY_RETURN: > + if (!bpf_security_get_retval_range(env->prog, range)) > + break; > + if (modify_return_get_retval_range(env->prog, range)) > + return false; > + break;
return false by default, as what we did in the previous logic? + case BPF_MODIFY_RETURN: + if (!bpf_security_get_retval_range(env->prog, range)) + break; + if (!modify_return_get_retval_range(env->prog, range)) + break; + return false; > case BPF_TRACE_ITER: > default: > break; > @@ -25460,7 +25571,6 @@ static int check_struct_ops_btf_id(struct > bpf_verifier_env *env) > return bpf_prog_ctx_arg_info_init(prog, > st_ops_desc->arg_info[member_idx].info, > > st_ops_desc->arg_info[member_idx].cnt); > } > -#define SECURITY_PREFIX "security_" > > #ifdef CONFIG_FUNCTION_ERROR_INJECTION > >
