Re: [PATCH bpf-next v3 3/6] bpf: Disallow !kprobe_write_ctx progs tail-calling kprobe_write_ctx progs

Next message: Rob Herring: "Re: [PATCH v5 2/5] dt-bindings: PCI: imx6q-pcie: Add i.MX94 and i.MX943 PCIe compatible strings"
Previous message: David Jeffery: "Re: [PATCH 2/5] driver core: separate function to shutdown one device"
In reply to: Jiri Olsa: "Re: [PATCH bpf-next v3 3/6] bpf: Disallow !kprobe_write_ctx progs tail-calling kprobe_write_ctx progs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Thu Mar 12 2026 - 09:40:55 EST

On 2026/3/12 18:46, Jiri Olsa wrote:
> On Thu, Mar 12, 2026 at 10:24:24AM +0800, Leon Hwang wrote:
>> On 12/3/26 06:45, Jiri Olsa wrote:
[...]
>>
>> Actually, without this patch, when "bpf_fentry_test1" runs, the arg "a"
>> will be updated as 0. Thus, bpf_prog_test_run_tracing() returns -EFAULT
>> instead of 0.
>>
>> bpf_prog_test_run_tracing()
>> |-->bpf_fentry_test1()
>> |-->dummy_kprobe()
>> |-->kprobe() /* via tail call */
>> |-->regs->di = 0;
>> return 1; /* instead of 2 */
>> return -EFAULT;
>>
>> Yep, the commit log is not clear to describe this abuse problem. Will
>> update it.
>
> ah right :-\ ok, I think we need to do the suggested one way check and
> that should prevent kprobes having writeable ctx
>

Yeah, will apply strict both-ways check. See
https://lore.kernel.org/bpf/8a3c7f14-b3d1-4208-acbd-76e5db6c5320@xxxxxxxxx/.

Thanks,
Leon