bpf, verifier: Turn seen_direct_write flag into a bitmap

jsitnicki · Kernel Patches Daemon · commit 3876ce1d96cd · 2025-11-24T08:38:19.000-08:00
Convert seen_direct_write from a boolean to a bitmap (seen_packet_access)
in preparation for tracking additional packet access patterns.

No functional change.

Signed-off-by: Jakub Sitnicki &lt;jakub@cloudflare.com&gt;
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
@@ -637,6 +637,10 @@ enum priv_stack_mode {
 	PRIV_STACK_ADAPTIVE,
 };
 
+enum packet_access_flags {
+	PA_F_DIRECT_WRITE = BIT(0),
+};
+
 struct bpf_subprog_info {
 	/* 'start' has to be the first field otherwise find_subprog() won't work */
 	u32 start; /* insn idx of function entry point */
@@ -760,7 +764,7 @@ struct bpf_verifier_env {
 	bool bpf_capable;
 	bool bypass_spec_v1;
 	bool bypass_spec_v4;
-	bool seen_direct_write;
+	u8 seen_packet_access;	/* combination of enum packet_access_flags */
 	bool seen_exception;
 	struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */
 	const struct bpf_line_info *prev_linfo;
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
@@ -7625,7 +7625,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
 					value_regno);
 				return -EACCES;
 			}
-			env->seen_direct_write = true;
+			env->seen_packet_access |= PA_F_DIRECT_WRITE;
 		}
 		err = check_packet_access(env, regno, off, size, false);
 		if (!err && t == BPF_READ && value_regno >= 0)
@@ -13768,7 +13768,7 @@ static int check_special_kfunc(struct bpf_verifier_env *env, struct bpf_kfunc_ca
 				verbose(env, "the prog does not allow writes to packet data\n");
 				return -EINVAL;
 			}
-			env->seen_direct_write = true;
+			env->seen_packet_access |= PA_F_DIRECT_WRITE;
 		}
 
 		if (!meta->initialized_dynptr.id) {
@@ -21200,6 +21200,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
 	struct bpf_prog *new_prog;
 	enum bpf_access_type type;
 	bool is_narrower_load;
+	bool seen_direct_write;
 	int epilogue_idx = 0;
 
 	if (ops->gen_epilogue) {
@@ -21227,13 +21228,13 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
 		}
 	}
 
-	if (ops->gen_prologue || env->seen_direct_write) {
+	seen_direct_write = env->seen_packet_access & PA_F_DIRECT_WRITE;
+	if (ops->gen_prologue || seen_direct_write) {
 		if (!ops->gen_prologue) {
 			verifier_bug(env, "gen_prologue is null");
 			return -EFAULT;
 		}
-		cnt = ops->gen_prologue(insn_buf, env->seen_direct_write,
-					env->prog);
+		cnt = ops->gen_prologue(insn_buf, seen_direct_write, env->prog);
 		if (cnt >= INSN_BUF_SIZE) {
 			verifier_bug(env, "prologue is too long");
 			return -EFAULT;

Original file line number	Diff line number	Diff line change
`@@ -7625,7 +7625,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn`
`7625`	`7625`	`value_regno);`
`7626`	`7626`	`return -EACCES;`
`7627`	`7627`	`}`
`7628`		`- env->seen_direct_write = true;`
	`7628`	`+ env->seen_packet_access \|= PA_F_DIRECT_WRITE;`
`7629`	`7629`	`}`
`7630`	`7630`	`err = check_packet_access(env, regno, off, size, false);`
`7631`	`7631`	`if (!err && t == BPF_READ && value_regno >= 0)`
`@@ -13768,7 +13768,7 @@ static int check_special_kfunc(struct bpf_verifier_env *env, struct bpf_kfunc_ca`
`13768`	`13768`	`verbose(env, "the prog does not allow writes to packet data\n");`
`13769`	`13769`	`return -EINVAL;`
`13770`	`13770`	`}`
`13771`		`- env->seen_direct_write = true;`
	`13771`	`+ env->seen_packet_access \|= PA_F_DIRECT_WRITE;`
`13772`	`13772`	`}`
`13773`	`13773`
`13774`	`13774`	`if (!meta->initialized_dynptr.id) {`
`@@ -21200,6 +21200,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)`
`21200`	`21200`	`struct bpf_prog *new_prog;`
`21201`	`21201`	`enum bpf_access_type type;`
`21202`	`21202`	`bool is_narrower_load;`
	`21203`	`+ bool seen_direct_write;`
`21203`	`21204`	`int epilogue_idx = 0;`
`21204`	`21205`
`21205`	`21206`	`if (ops->gen_epilogue) {`
`@@ -21227,13 +21228,13 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)`
`21227`	`21228`	`}`
`21228`	`21229`	`}`
`21229`	`21230`
`21230`		`- if (ops->gen_prologue \|\| env->seen_direct_write) {`
	`21231`	`+ seen_direct_write = env->seen_packet_access & PA_F_DIRECT_WRITE;`
	`21232`	`+ if (ops->gen_prologue \|\| seen_direct_write) {`
`21231`	`21233`	`if (!ops->gen_prologue) {`
`21232`	`21234`	`verifier_bug(env, "gen_prologue is null");`
`21233`	`21235`	`return -EFAULT;`
`21234`	`21236`	`}`
`21235`		`- cnt = ops->gen_prologue(insn_buf, env->seen_direct_write,`
`21236`		`- env->prog);`
	`21237`	`+ cnt = ops->gen_prologue(insn_buf, seen_direct_write, env->prog);`
`21237`	`21238`	`if (cnt >= INSN_BUF_SIZE) {`
`21238`	`21239`	`verifier_bug(env, "prologue is too long");`
`21239`	`21240`	`return -EFAULT;`