Re: [PATCH bpf-next v2 1/2] bpf: Fix abuse of kprobe_write_ctx via freplace

Next message: Ratheesh Kannoth: "[PATCH v9 net-next 4/6] octeontx2-af: npc: cn20k: add subbank search order control"
Previous message: Ratheesh Kannoth: "[PATCH v9 net-next 5/6] octeontx2-af: npc: cn20k: dynamically allocate and free default MCAM entries"
In reply to: Song Liu: "Re: [PATCH bpf-next v2 1/2] bpf: Fix abuse of kprobe_write_ctx via freplace"
Next in thread: Song Liu: "Re: [PATCH bpf-next v2 1/2] bpf: Fix abuse of kprobe_write_ctx via freplace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Mon Mar 30 2026 - 01:38:40 EST

On 28/3/26 05:39, Song Liu wrote:
> On Thu, Mar 26, 2026 at 7:17 AM Leon Hwang <leon.hwang@xxxxxxxxx> wrote:
[...]
>> @@ -3733,6 +3733,11 @@ static int bpf_tracing_prog_attach(struct bpf_prog *prog,
>> tr = prog->aux->dst_trampoline;
>> tgt_prog = prog->aux->dst_prog;
>> }
>> + if (prog->type == BPF_PROG_TYPE_EXT &&
>> + prog->aux->kprobe_write_ctx != tgt_prog->aux->kprobe_write_ctx) {
>> + err = -EINVAL;
>> + goto out_unlock;
>> + }
>
> This also blocks uprobe+freplace when prog and tgt_prog have different
> kprobe_write_ctx, right? Is this the expected behavior?
>

Intuitively, yes, this also blocks uprobe+freplace.

However, how can we distinguish uprobe/kprobe here?

At attach time, uprobe/kprobe is recognized by the target perf event
flags instead of BPF prog's expected_attach_type. Thus, we cannot infer
the use of prog by prog itself.

If we can distinguish them here, I'd like to do it.

Thanks,
Leon