Correct the trusted pointer story in the docs. #88
Description
It seems the current docs surrounding BPF_PROG_TYPE_RAW_TRACEPOINT and https://docs.ebpf.io/linux/program-type/BPF_PROG_TYPE_TRACING/#raw-tracepoint is not quite accurate. The tp_raw elf section in fact is a fentry program that attaches like a tracepoint and its arguments are BTF aware.
This ties into kernel pointers(__kptr) / trusted pointer (__arg_trusted) such as the one returned by bpf_get_current_task_btf or bpf_cpumask_create.
And the arguments to certain program types being trusted and thus not requiring the usage of bpf_probe_read_kernel
static bool prog_args_trusted(const struct bpf_prog *prog)
{
enum bpf_attach_type atype = prog->expected_attach_type;
switch (prog->type) {
case BPF_PROG_TYPE_TRACING:
return atype == BPF_TRACE_RAW_TP || atype == BPF_TRACE_ITER;
case BPF_PROG_TYPE_LSM:
return bpf_lsm_is_trusted(prog);
case BPF_PROG_TYPE_STRUCT_OPS:
return true;
default:
return false;
}
}
We should make a concept page for the concept of these trusted pointers and correct some incorrect and missing info on related pages.