From nobody Sun Jun 14 04:08:53 2026 Received: from CWXP265CU009.outbound.protection.outlook.com (mail-ukwestazon11021089.outbound.protection.outlook.com [52.101.100.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 906DB269D18; Sun, 3 May 2026 15:37:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.100.89 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777822659; cv=fail; b=uAQhQirziqZNvl6EpGrVhiqVi9CInRNBXb1FBaPKe0M66s7Akj7kZZ96XygsApLpsHtNBfwWqe7N4koNV4hXtosPAaa1oZpBJmGadxnxf7NUhKyIdmE+hx/7U7kMWtHY8HtheDkIf+O+x5/NVC4GxX3nHdbxwilbypJPN9yTFxI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777822659; c=relaxed/simple; bh=EjyuMHGg8JTvl/X2z0RATRMo/Iq/Bl9zkJ7+/eFHhFk=; h=From:To:Cc:Subject:Date:Message-ID:Content-Type:MIME-Version; b=I2WIc5+XbVctOrvWy6PlxKLOKRmx98nr83xMlhdvqg2ahV2R97gQaj3GP0NxNwZW49hH8EFV+O5xAJAC9AbfjeJ3SZ0F61QhNjuk46afwFlMmaAZW86wJzsnogUifJw9eeMOBFMuMY2vshvLjkIHtyNYgb1g7y0XVSWWkNVXxtw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=atomlin.com; spf=pass smtp.mailfrom=atomlin.com; arc=fail smtp.client-ip=52.101.100.89 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=atomlin.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=atomlin.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sdCHqmLqMlYAAdH0rrqfnjjMzBFxhZAsdcZoYlFw8elhhJt6syYeKHZi65GAEV0C3ifGriXkIOlbB/SSxAdGoDsKeCDRGMRnBP7QajNSapEfUNVacZSWcmUQFQ+5R/4j55jHWYiizGLVfShd+aN6+XLWsWSK4TfS400bu+KhClAX7wxlHpTME+pbkff/YUUyA6wl6vS97jZz4e6QsCa8hO1NU3td9ngPT+JCKBAMvKxYRxcQMqVZVDw1weCTGEEN9HFHCVNl0uUs+zYdzzk0Tz8Z6XpVMN8Fuxt8VV1pS4ABK/jlmobv0fSmmoekkg0GF4A8N3CBfl/Jx9zD2rXgLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VNDg4s4CxElRJ7ZQ8/5ti1QR2j6oH79ZmmsCBtGcQoQ=; b=zG9ieQgP36NvZznIHPaillT4cAl2nyEUAv57M+y5GHr5eFUv/nQhXgqhrXBBCr6gleo3AvjuEsva/bpLoqwRSF9KDArLP4z0C79Mw44xGzglbjOTMYB+DN0o6eyKZfBq2G5zh2IBIa/xCN16FIjaUNNh3nBTQ6QK/5wNsAqKpHwE7jv7yPG8jcwLELFloxWN3hIXdxS1ScuO3bzavDiwwl7f2HaelryXD7dHGPCB5zj88dd1GKZWJpH2YtR2PLafh0Bzf1rk7nZNZAYTxL2CGxQfq2sskeZWJooAGbLWIok08Yzzi+O8MP3fP24NOl1uSwSUyS8mYlhutDd9fFjp1g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=atomlin.com; dmarc=pass action=none header.from=atomlin.com; dkim=pass header.d=atomlin.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=atomlin.com; Received: from CWLP123MB3523.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:70::10) by CWLP123MB4066.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:8d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9870.25; Sun, 3 May 2026 15:37:33 +0000 Received: from CWLP123MB3523.GBRP123.PROD.OUTLOOK.COM ([fe80::de8e:2e4f:6c6:f3bf]) by CWLP123MB3523.GBRP123.PROD.OUTLOOK.COM ([fe80::de8e:2e4f:6c6:f3bf%2]) with mapi id 15.20.9846.025; Sun, 3 May 2026 15:37:33 +0000 From: Aaron Tomlin To: corbet@lwn.net, song@kernel.org, kpsingh@kernel.org, mattbobrowski@google.com, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, eddyz87@gmail.com, memxor@gmail.com, rostedt@goodmis.org, mhiramat@kernel.org Cc: skhan@linuxfoundation.org, jolsa@kernel.org, martin.lau@linux.dev, yonghong.song@linux.dev, mathieu.desnoyers@efficios.com, rdunlap@infradead.org, atomlin@atomlin.com, neelx@suse.com, sean@ashe.io, chjohnst@gmail.com, steve@abita.co, mproche@gmail.com, nick.lange@gmail.com, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, linux-trace-kernel@vger.kernel.org Subject: [RFC PATCH v2] bpf: introduce TAINT_UNSAFE_BPF for mutating helpers Date: Sun, 3 May 2026 11:37:30 -0400 Message-ID: <20260503153730.541685-1-atomlin@atomlin.com> X-Mailer: git-send-email 2.51.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BN9PR03CA0667.namprd03.prod.outlook.com (2603:10b6:408:10e::12) To CWLP123MB3523.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:70::10) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CWLP123MB3523:EE_|CWLP123MB4066:EE_ X-MS-Office365-Filtering-Correlation-Id: cf8b956c-dfd6-4f40-ebf1-08dea929e504 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|7416014|1800799024|921020|18002099003|56012099003; X-Microsoft-Antispam-Message-Info: 2dBc8lxmb/aoOfklWEL9LG0KhKk2kgeWTffiyI0iNnSC2XOiVXE/YqryKZJf5Nf9++86KRM+MlEUO20GQ7lg5ls3MEq9k7padW/DmLpxbZ+c52LiO5DJOpXrtYIYF/RBwID/QU5UZ41ZIN+i5u8Mj0F/Gn3QGYG5l7PlhEhYnwDBZkCih42QLmJ9yAQsXn6kymJKJtREx6Er53Pbfh4OzyhKdfjs/SO4FHVIk4aGFBeFOKqbPUxZwlcproMIYNPsgXngrnsbnRTXqF2ra9JfyzFECYsJ02c9jT0Sb4sdf0qUihVr3o6wPhcGWvL98+oIDfm8fgSPHDO9koEE7yQmpWBDw0FJe+B7wctQLyKd35paBlVzx9OBQ8YobPsVXzLKz9e4I2RACj98rBB679fHRDYUF6T4L7COr1SC+a85PU6x0B0aDWnF2I6ojdtgT+IqgQRcGCdEAWvH6c8BLeWH7/1dVeHx7KRL8nt54XqKSPoqwFaVx6eGAVhSa9pjDNYWWK8bWG+QWuCityEyioZ4nx5vrxMm3tPL3yYEQFPVu5EZ0OMnZPQjc6JQIgFoz77FJpNJruaLg6r+PQ+kURVXmxJNLEYg/Eww39bKNVQdbgk+/hjWNQMzoEE6ruZapR0AV4rlz0mCX0kYXULNOJgcy5qqwLXVdAHd4h+yzMYksTTyTZEkALK4uTQjowIiwYEQIsqbIoKMuxnAno0D0Ht4GbkuPig4GIsjuLlVf37TQb1bat6guN7FKmuLCyuHnb3c X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CWLP123MB3523.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(7416014)(1800799024)(921020)(18002099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?uz8p9Q39ooE4QgCVNezri4ogcGUSsfL6dZZUQSKtiLhi3s7n09vssgHzRif4?= =?us-ascii?Q?/8uYBYgiC3pbbkWf+hUcb9l5pJTwKR09E/+uFc4xYctE2td7z4IK2HGooQIC?= =?us-ascii?Q?7eGt0yXv5KVXe6/lOlbxELzAO+arpNUWL0IIeOHbvMigRg6MlNOaYd7csBDK?= =?us-ascii?Q?l2JNdoZstOCjGfCle2/nikHscBqmkhhf166iV0ygGlmXc7rpoGQbA+wlZeLE?= =?us-ascii?Q?Deg0b8zCKsIoBsAuH5BSIMdOdXeZqEyjSttV5UGE1CqCg08A0KgvzjFLgcrZ?= =?us-ascii?Q?MypkMH3mQ1mkDPHayCKtdVycBZ36U9MPGlquVFcvfNQ6p9p612+6PbKLUGWh?= =?us-ascii?Q?z7MzobsXVoLw11ptdtk0gd9gy4XYIoZ3bCMuSoMwdLadCB1yfAmPIJxQUIyU?= =?us-ascii?Q?zsVhC/Jfjwd+ZbQE1G6SliizEJIoAzY7xygqMepQnik+1y9FdKafTTdxaobS?= =?us-ascii?Q?Qld7rk8TZatB9Lqh/D7Omv8O70jTehIURJ0FeaVDbwQK9M22uulqu6JC+YDU?= =?us-ascii?Q?miiPi33yvYqdi9od/+X7KSDEDwa0IfFq/2j833c5gx1IKL2a190MLzwd96Sy?= =?us-ascii?Q?EB0fqFbAIWyZyFuF9/uSqBS5eszIOiGn5i9X3c1mQKqEt73HOahqluFxUFLV?= =?us-ascii?Q?Nkel4LlbHimYDU7L1D2HtVDxI7yqGxxP7zb9YS03AkJhUxCLN19cwhTOInMx?= =?us-ascii?Q?RATgySm5OZL0wYCEFXekgyGoJXacgdwHC5pXdZXZ+IqdjCpz2TPWds81mSmY?= =?us-ascii?Q?q3kd3sZxh6RZKtY3Up1+NPT37hq8oIAUs2NzsOBGpSJJ5WV0Lw/ju1K+2Dzy?= =?us-ascii?Q?HJHgmPDxXN5v0Gs/O249AhsgIH7Cx1Gge4c78Az923AyV2RzyG0DqCES0C7S?= =?us-ascii?Q?/1YBw1vcv9y3FVBvBrddH7xTnHK4SqYf67Dry19qqlT0e4HGl/alTFsl9o4T?= =?us-ascii?Q?y/6+HVpKlmTLrxJEkl9CPjmRudkixLKh0d/abbL+Ucyo/9GEKO7p5KoOzV3F?= =?us-ascii?Q?Lijc1AVFcD92iSGpR9IpBYY0F5xq4aM2/gbdu5Xfsvbo7kI/xlb1W66UPYid?= =?us-ascii?Q?6xc5J/vXu5jDsL1VBwTmBf7yhEOL21ilPd0FWaP6Yq78UHQAG0fOl6oHp3l2?= =?us-ascii?Q?ca8aPieINNf8woXLFLcHHIG8OjacKhQUMdQFOCxUNYAtTydVoKrApba+r6Vd?= =?us-ascii?Q?pMpVkd76cAp8CTFFWAuAN5PUuYpR3RAh83fSCNuqkxjqOimYRR1O3o280+ae?= =?us-ascii?Q?TU74l9Pb2lDetsvL1yU+hYTQ2Zq0YGjpbgcpw093iJg8LYZz8bx5sHfY7bR0?= =?us-ascii?Q?az66aCsS5wl5P3+oKiGLuwf2sqfZtyHr7mWrK32OWYROR3yXzzq13CL2/Lf9?= =?us-ascii?Q?McH1CgGD9pe7qDWazhPFu5ZIGqHxrUvL+kWO4Cc+w2YbOFI+INgyZXcK7HTL?= =?us-ascii?Q?U3p3AAx1JRbSt1Hkt7jVqI3RIGj7YrncN3IihXy0xiHZBzbew5XcmhP7xoHO?= =?us-ascii?Q?j/q/D7O5x/XoDX7bPSjShPB1auQxUhPjaVyUbKYDwNanPWODoQYSzy/0f0tm?= =?us-ascii?Q?y78jpreWnNPHrVMLGdCLCcTa7WKBQ07IOLvu9vTikkzTnitag8S2ZARHtOB1?= =?us-ascii?Q?axPXZd4EnO6h+LdWx7TXlkKDwNt4GeEDNkSWrizoWxEdrsGdIZwbePUUVTLX?= =?us-ascii?Q?619omkR3rdp+8cNlReZ+kqe001f1zMEfTY/Ua/MSeLHWKzqJGrMlUMpKNhH8?= =?us-ascii?Q?Pb+yOkDAMA=3D=3D?= X-OriginatorOrg: atomlin.com X-MS-Exchange-CrossTenant-Network-Message-Id: cf8b956c-dfd6-4f40-ebf1-08dea929e504 X-MS-Exchange-CrossTenant-AuthSource: CWLP123MB3523.GBRP123.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 May 2026 15:37:33.6545 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: e6a32402-7d7b-4830-9a2b-76945bbbcb57 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Ifcx49Brgsou469VFAJTANVmm2/KKLL7I+1S1LpUV/7XfkmjEZKpg8viqfE8tSH8b7HTPDyqZvjiVbGbUIp2OA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWLP123MB4066 Content-Type: text/plain; charset="utf-8" The primary remit of the eBPF verifier is to ensure that eBPF programs can neither crash the kernel nor corrupt memory. Nevertheless, administrative utilities such as "bpftrace --unsafe" permit the loading of programs that employ destructive or mutating helpers, most notably bpf_probe_write_user() and bpf_override_return(). Since commit b28573ebfabe ("bpf: Remove bpf_probe_write_user() warning message"), the kernel no longer issues a warning when an attempt is made to invoke such destructive helpers. Consequently, this patch introduces a novel kernel taint flag, TAINT_UNSAFE_BPF ("V"). Tainting the kernel establishes a permanent and readily auditable indicator (i.e., /proc/sys/kernel/tainted) to alert maintainers that the kernel's execution flow or user memory may have been compromised by an eBPF program. Signed-off-by: Aaron Tomlin --- Changes since v1 [1]: - Moved the taint from run-time execution to load-time verification - Added "V" flag decoding to tools/debugging/kernel-chktaint (Randy Dunlap) - Updated the seq command in tainted-kernels.rst to check all 21 bits (Randy Dunlap) - Fixed a Sphinx "Malformed table" warning by expanding the number column boundaries in tainted-kernels.rst [1]: https://lore.kernel.org/lkml/20260503035220.520479-1-atomlin@atomlin.c= om/ --- Documentation/admin-guide/tainted-kernels.rst | 56 ++++++++++--------- include/linux/panic.h | 3 +- kernel/bpf/verifier.c | 8 +++ kernel/panic.c | 1 + tools/debugging/kernel-chktaint | 8 +++ 5 files changed, 50 insertions(+), 26 deletions(-) diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/= admin-guide/tainted-kernels.rst index 9ead927a37c0..d26a8d29808c 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -74,35 +74,36 @@ a particular type of taint. It's best to leave that to = the aforementioned script, but if you need something quick you can use this shell command to = check which bits are set:: =20 - $ for i in $(seq 20); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted= )>>($i-1)&1));done + $ for i in $(seq 21); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted= )>>($i-1)&1));done =20 Table for decoding tainted state ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =20 -=3D=3D=3D =3D=3D=3D =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -Bit Log Number Reason that got the kernel tainted -=3D=3D=3D =3D=3D=3D =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D - 0 G/P 1 proprietary module was loaded - 1 _/F 2 module was force loaded - 2 _/S 4 kernel running on an out of specification system - 3 _/R 8 module was force unloaded - 4 _/M 16 processor reported a Machine Check Exception (MCE) - 5 _/B 32 bad page referenced or some unexpected page flags - 6 _/U 64 taint requested by userspace application - 7 _/D 128 kernel died recently, i.e. there was an OOPS or BUG - 8 _/A 256 ACPI table overridden by user - 9 _/W 512 kernel issued warning - 10 _/C 1024 staging driver was loaded - 11 _/I 2048 workaround for bug in platform firmware applied - 12 _/O 4096 externally-built ("out-of-tree") module was loaded - 13 _/E 8192 unsigned module was loaded - 14 _/L 16384 soft lockup occurred - 15 _/K 32768 kernel has been live patched - 16 _/X 65536 auxiliary taint, defined for and used by distros - 17 _/T 131072 kernel was built with the struct randomization plugin - 18 _/N 262144 an in-kernel test has been run - 19 _/J 524288 userspace used a mutating debug operation in fwctl -=3D=3D=3D =3D=3D=3D =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +=3D=3D=3D =3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Bit Log Number Reason that got the kernel tainted +=3D=3D=3D =3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + 0 G/P 1 proprietary module was loaded + 1 _/F 2 module was force loaded + 2 _/S 4 kernel running on an out of specification system + 3 _/R 8 module was force unloaded + 4 _/M 16 processor reported a Machine Check Exception (MCE) + 5 _/B 32 bad page referenced or some unexpected page flags + 6 _/U 64 taint requested by userspace application + 7 _/D 128 kernel died recently, i.e. there was an OOPS or BUG + 8 _/A 256 ACPI table overridden by user + 9 _/W 512 kernel issued warning + 10 _/C 1024 staging driver was loaded + 11 _/I 2048 workaround for bug in platform firmware applied + 12 _/O 4096 externally-built ("out-of-tree") module was loaded + 13 _/E 8192 unsigned module was loaded + 14 _/L 16384 soft lockup occurred + 15 _/K 32768 kernel has been live patched + 16 _/X 65536 auxiliary taint, defined for and used by distros + 17 _/T 131072 kernel was built with the struct randomization plugin + 18 _/N 262144 an in-kernel test has been run + 19 _/J 524288 userspace used a mutating debug operation in fwctl + 20 _/V 1048576 an unsafe eBPF program (mutating helper) was loaded +=3D=3D=3D =3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 Note: The character ``_`` is representing a blank in this table to make re= ading easier. @@ -189,3 +190,8 @@ More detailed explanation for tainting 19) ``J`` if userspace opened /dev/fwctl/* and performed a FWTCL_RPC_DEBU= G_WRITE to use the devices debugging features. Device debugging features could cause the device to malfunction in undefined ways. + + 20) ``V`` if an eBPF program utilising unsafe, mutating helpers (such as + bpf_probe_write_user() or bpf_override_return()) was loaded. These he= lpers + bypass standard eBPF safety guarantees and can alter execution flow or + corrupt memory. diff --git a/include/linux/panic.h b/include/linux/panic.h index f1dd417e54b2..8622c02c2c24 100644 --- a/include/linux/panic.h +++ b/include/linux/panic.h @@ -88,7 +88,8 @@ static inline void set_arch_panic_timeout(int timeout, in= t arch_default_timeout) #define TAINT_RANDSTRUCT 17 #define TAINT_TEST 18 #define TAINT_FWCTL 19 -#define TAINT_FLAGS_COUNT 20 +#define TAINT_UNSAFE_BPF 20 +#define TAINT_FLAGS_COUNT 21 #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) =20 struct taint_flag { diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 69d75515ed3f..cf0634d8901f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -10287,6 +10287,14 @@ static int check_helper_call(struct bpf_verifier_e= nv *env, struct bpf_insn *insn return err; } =20 + /* + * Taint the kernel if the program attempts to use mutating + * helpers. + */ + if (func_id =3D=3D BPF_FUNC_probe_write_user || + func_id =3D=3D BPF_FUNC_override_return) + add_taint(TAINT_UNSAFE_BPF, LOCKDEP_STILL_OK); + /* eBPF programs must be GPL compatible to use GPL-ed functions */ if (!env->prog->gpl_compatible && fn->gpl_only) { verbose(env, "cannot call GPL-restricted function from non-GPL compatibl= e program\n"); diff --git a/kernel/panic.c b/kernel/panic.c index 20feada5319d..1ae19bd8fc1d 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -825,6 +825,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = =3D { TAINT_FLAG(RANDSTRUCT, 'T', ' '), TAINT_FLAG(TEST, 'N', ' '), TAINT_FLAG(FWCTL, 'J', ' '), + TAINT_FLAG(UNSAFE_BPF, 'V', ' '), }; =20 #undef TAINT_FLAG diff --git a/tools/debugging/kernel-chktaint b/tools/debugging/kernel-chkta= int index e1571c04afb5..c0fbd7bcfcfd 100755 --- a/tools/debugging/kernel-chktaint +++ b/tools/debugging/kernel-chktaint @@ -211,6 +211,14 @@ else addout "J" echo " * fwctl's mutating debug interface was used (#19)" fi + +T=3D`expr $T / 2` +if [ `expr $T % 2` -eq 0 ]; then + addout " " +else + addout "V" + echo " * an unsafe eBPF program (mutating helper) was loaded (#20)" +fi echo "Raw taint value as int/string: $taint/'$out'" =20 # report on any tainted loadable modules --=20 2.51.0