bpf: make sure scalar args don't accept __arg_nonnull tag

Move scalar arg processing in btf_prepare_func_args() after all pointer
arg processing is done. This makes it easier to do validation. One
example of unintended behavior right now is ability to specify
__arg_nonnull for integer/enum arguments. This patch fixes this.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20240105000909.2818934-3-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 5964711..dbe7a59 100644 (file)
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -7058,10 +7058,6 @@ int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog)
 
                while (btf_type_is_modifier(t))
                        t = btf_type_by_id(btf, t->type);
-               if (btf_type_is_int(t) || btf_is_any_enum(t)) {
-                       sub->args[i].arg_type = ARG_ANYTHING;
-                       continue;
-               }
                if (btf_type_is_ptr(t) && btf_get_prog_ctx_type(log, btf, t, prog_type, i)) {
                        sub->args[i].arg_type = ARG_PTR_TO_CTX;
                        continue;
@@ -7091,6 +7087,10 @@ int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog)
                        bpf_log(log, "arg#%d marked as non-null, but is not a pointer type\n", i);
                        return -EINVAL;
                }
+               if (btf_type_is_int(t) || btf_is_any_enum(t)) {
+                       sub->args[i].arg_type = ARG_ANYTHING;
+                       continue;
+               }
                bpf_log(log, "Arg#%d type %s in %s() is not supported yet.\n",
                        i, btf_type_str(t), tname);
                return -EINVAL;