Re: [PATCH bpf-next v3 1/2] bpf: Fix memory access flags in helper prototypes

[Eduard Zingerman]

On Tue, 2026-01-20 at 16:28 +0800, Zesen Liu wrote:
> After commit 37cce22dbd51 ("bpf: verifier: Refactor helper access type tracking"),
> the verifier started relying on the access type flags in helper
> function prototypes to perform memory access optimizations.
> 
> Currently, several helper functions utilizing ARG_PTR_TO_MEM lack the
> corresponding MEM_RDONLY or MEM_WRITE flags. This omission causes the
> verifier to incorrectly assume that the buffer contents are unchanged
> across the helper call. Consequently, the verifier may optimize away
> subsequent reads based on this wrong assumption, leading to correctness
> issues.
> 
> For bpf_get_stack_proto_raw_tp, the original MEM_RDONLY was incorrect
> since the helper writes to the buffer. Change it to ARG_PTR_TO_UNINIT_MEM
> which correctly indicates write access to potentially uninitialized memory.
> 
> Similar issues were recently addressed for specific helpers in commit
> ac44dcc788b9 ("bpf: Fix verifier assumptions of bpf_d_path's output buffer")
> and commit 2eb7648558a7 ("bpf: Specify access type of bpf_sysctl_get_name args").
> 
> Fix these prototypes by adding the correct memory access flags.
> 
> Fixes: 37cce22dbd51 ("bpf: verifier: Refactor helper access type tracking")
> Co-developed-by: Shuran Liu <electronlsr@xxxxxxxxx>
> Signed-off-by: Shuran Liu <electronlsr@xxxxxxxxx>
> Co-developed-by: Peili Gao <gplhust955@xxxxxxxxx>
> Signed-off-by: Peili Gao <gplhust955@xxxxxxxxx>
> Co-developed-by: Haoran Ni <haoran.ni.cs@xxxxxxxxx>
> Signed-off-by: Haoran Ni <haoran.ni.cs@xxxxxxxxx>
> Signed-off-by: Zesen Liu <ftyghome@xxxxxxxxx>
> ---

Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>