Verifier log printing already hides ldimm64 immediates for map FD and map value pseudo sources when pointer leaks are not allowed. The same print path also sees rewritten immediates for BPF_PSEUDO_MAP_IDX, BPF_PSEUDO_MAP_IDX_VALUE, and BPF_PSEUDO_BTF_ID, but those sources were not included in the pointer classification.
Extend the existing masking so all pointer-producing ldimm64 pseudo sources print as 0x0 when allow_ptr_leaks is false. Patch 1 extends the disassembler-side masking. Patch 2 adds verifier selftest coverage for pseudo-BTF ksym logs. Signed-off-by: Nuoqi Gui <[email protected]> --- Changes in v2: - Replace the CAP_BPF gate with verifier-log masking in print_bpf_insn(). - Also mask BPF_PSEUDO_MAP_IDX and BPF_PSEUDO_MAP_IDX_VALUE immediates. - Update selftests to check masked pseudo-BTF ksym logs. - Link to v1: https://patch.msgid.link/20260620-f01-13-pseudo-btf-id-cap-bpf-v1-0-f950f69fe...@mails.tsinghua.edu.cn To: Quentin Monnet <[email protected]> To: Alexei Starovoitov <[email protected]> To: Daniel Borkmann <[email protected]> To: Andrii Nakryiko <[email protected]> To: Eduard Zingerman <[email protected]> To: Kumar Kartikeya Dwivedi <[email protected]> To: Martin KaFai Lau <[email protected]> To: Song Liu <[email protected]> To: Yonghong Song <[email protected]> To: Jiri Olsa <[email protected]> To: Emil Tsalapatis <[email protected]> To: Hao Luo <[email protected]> To: Shuah Khan <[email protected]> Cc: Andrii Nakryiko <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] --- Nuoqi Gui (2): bpf: Mask pseudo pointer values in verifier logs selftests/bpf: Cover pseudo-BTF ksym log masking kernel/bpf/disasm.c | 5 ++++- tools/testing/selftests/bpf/progs/verifier_unpriv.c | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) --- base-commit: a3847994b4d20c0701ccc54fe110920ea78e73dc change-id: 20260619-f01-13-pseudo-btf-id-cap-bpf-585f98eac268 Best regards, -- Nuoqi Gui <[email protected]>
