[PATCH bpf-next v2 1/2] bpf: Mask pseudo pointer values in verifier logs

Next message: Nuoqi Gui: "[PATCH bpf-next v2 0/2] bpf: Mask pseudo pointer values in verifier logs"
Previous message: Nuoqi Gui: "[PATCH bpf-next v2 2/2] selftests/bpf: Cover pseudo-BTF ksym log masking"
In reply to: Nuoqi Gui: "[PATCH bpf-next v2 2/2] selftests/bpf: Cover pseudo-BTF ksym log masking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Nuoqi Gui

Date: Tue Jun 23 2026 - 06:44:44 EST

print_bpf_insn() masks ldimm64 immediates for pointer-bearing pseudo
sources when pointer leaks are not allowed, but the mask only covers
BPF_PSEUDO_MAP_FD and BPF_PSEUDO_MAP_VALUE.

BPF_PSEUDO_MAP_IDX, BPF_PSEUDO_MAP_IDX_VALUE, and BPF_PSEUDO_BTF_ID can
also be resolved to kernel pointer values before the verifier log prints
the instruction. Include them in the existing pointer classification so
the log prints 0x0 instead of the rewritten address.

Fixes: 4976b718c355 ("bpf: Introduce pseudo_btf_id")
Fixes: 387544bfa291 ("bpf: Introduce fd_idx")
Signed-off-by: Nuoqi Gui <gnq25@xxxxxxxxxxxxxxxxxxxxx>
---
kernel/bpf/disasm.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/disasm.c b/kernel/bpf/disasm.c
index f8a3c7eb451e..0391b3bc0073 100644
--- a/kernel/bpf/disasm.c
+++ b/kernel/bpf/disasm.c
@@ -323,7 +323,10 @@ void print_bpf_insn(const struct bpf_insn_cbs *cbs,
*/
u64 imm = ((u64)(insn + 1)->imm << 32) | (u32)insn->imm;
bool is_ptr = insn->src_reg == BPF_PSEUDO_MAP_FD ||
- insn->src_reg == BPF_PSEUDO_MAP_VALUE;
+ insn->src_reg == BPF_PSEUDO_MAP_VALUE ||
+ insn->src_reg == BPF_PSEUDO_MAP_IDX ||
+ insn->src_reg == BPF_PSEUDO_MAP_IDX_VALUE ||
+ insn->src_reg == BPF_PSEUDO_BTF_ID;
char tmp[64];

if (is_ptr && !allow_ptr_leaks)

--
2.34.1