On Sun, May 3, 2026 at 6:47 PM Aaron Tomlin <[email protected]> wrote: > > struct taint_flag { > diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c > index a3c0214ca934..34b25609e72b 100644 > --- a/kernel/bpf/syscall.c > +++ b/kernel/bpf/syscall.c > @@ -3083,6 +3083,13 @@ static int bpf_prog_load(union bpf_attr *attr, > bpfptr_t uattr, u32 uattr_size) > if (err < 0) > goto free_used_maps; > > + /* > + * The program has passed the verifier. If it utilises unsafe > + * helpers, formally taint the kernel now. > + */ > + if (prog->aux->taints_kernel) > + add_taint(TAINT_UNSAFE_BPF, LOCKDEP_STILL_OK); > + > err = bpf_prog_mark_insn_arrays_ready(prog); > if (err < 0) > goto free_used_maps; > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index 69d75515ed3f..9d56082a2ac1 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -10287,6 +10287,14 @@ static int check_helper_call(struct bpf_verifier_env > *env, struct bpf_insn *insn > return err; > } > > + /* > + * Flag the program if it attempts to use mutating helpers. > + * The actual taint is deferred until successful verification. > + */ > + if (func_id == BPF_FUNC_probe_write_user || > + func_id == BPF_FUNC_override_return) > + env->prog->aux->taints_kernel = true;
Nack. Please stop this spam. We're not doing it. These helpers have been around for a long time. There was no need to taint then. There is no need to taint now. pw-bot: cr
