Re: [RFC PATCH v3] bpf: introduce TAINT_UNSAFE_BPF for mutating helpers

[Alexei Starovoitov]

On Sun, May 3, 2026 at 6:47 PM Aaron Tomlin <atomlin@xxxxxxxxxxx> wrote:
>
>  struct taint_flag {
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index a3c0214ca934..34b25609e72b 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -3083,6 +3083,13 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size)
>         if (err < 0)
>                 goto free_used_maps;
>
> +       /*
> +        * The program has passed the verifier. If it utilises unsafe
> +        * helpers, formally taint the kernel now.
> +        */
> +       if (prog->aux->taints_kernel)
> +               add_taint(TAINT_UNSAFE_BPF, LOCKDEP_STILL_OK);
> +
>         err = bpf_prog_mark_insn_arrays_ready(prog);
>         if (err < 0)
>                 goto free_used_maps;
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 69d75515ed3f..9d56082a2ac1 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -10287,6 +10287,14 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
>                 return err;
>         }
>
> +       /*
> +        * Flag the program if it attempts to use mutating helpers.
> +        * The actual taint is deferred until successful verification.
> +        */
> +       if (func_id == BPF_FUNC_probe_write_user ||
> +           func_id == BPF_FUNC_override_return)
> +               env->prog->aux->taints_kernel = true;

Nack.

Please stop this spam.
We're not doing it. These helpers have been around for a long time.
There was no need to taint then. There is no need to taint now.

pw-bot: cr