Re: [PATCH bpf-next v3 0/2] bpf: Fix abuse of kprobe_write_ctx via freplace

Next message: Luca Ceresoli: "Re: [RFC PATCH 09/15] Introduce structured tag value definition"
Previous message: Gary Guo: "Re: [PATCH 27/33] docs: rust: quick-start: remove Nix &quot;unstable channel&quot; note"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH bpf-next v3 0/2] bpf: Fix abuse of kprobe_write_ctx via freplace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kumar Kartikeya Dwivedi

Date: Wed Apr 01 2026 - 11:45:33 EST

On Tue, 31 Mar 2026 at 16:54, Leon Hwang <leon.hwang@xxxxxxxxx> wrote:
>
> The potential issue of kprobe_write_ctx+freplace was mentioned in
> "bpf: Disallow !kprobe_write_ctx progs tail-calling kprobe_write_ctx progs" [1].
>
> It is true issue, that the test in patch #2 verifies that kprobe_write_ctx=false
> kprobe progs can be abused to modify struct pt_regs via kprobe_write_ctx=true
> freplace progs.
>
> When struct pt_regs is modified, bpf_prog_test_run_opts() gets -EFAULT instead
> of 0.
>
> test_freplace_kprobe_write_ctx:FAIL:bpf_prog_test_run_opts unexpected error: -14 (errno 14)
>
> We will disallow attaching freplace programs on kprobe programs with different
> kprobe_write_ctx values.
>
> Links:
> [1] https://lore.kernel.org/bpf/CAP01T74w4KVMn9bEwpQXrk+bqcUxzb6VW1SQ_QvNy0A4EY-9Jg@xxxxxxxxxxxxxx/
>

Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>

Discussed offline with Leon to follow up on other cases and
incorporate his fixes for tail calls.

> [...]