Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc

Next message: Krzysztof Kozlowski: "Re: [PATCH v4 1/3] dt-bindings: thermal: Add SpacemiT K1 thermal sensor"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 13/13] arm64: defconfig: Enable I3C and SPD5118 hwmon"
In reply to: Feng Yang: "[PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Next in thread: Leon Hwang: "Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Fri Apr 10 2026 - 03:21:46 EST

On 10/4/26 14:10, Feng Yang wrote:
> From: Feng Yang <yangfeng@xxxxxxxxxx>
>

[...]

> +
> +static int check_attach_sleepable(u32 btf_id, unsigned long addr, const char *func_name)
> +{
> + /* fentry/fexit/fmod_ret progs can be sleepable if they are
> + * attached to ALLOW_ERROR_INJECTION and are not in denylist.
> + */
> + if (!check_non_sleepable_error_inject(btf_id) &&
> + within_error_injection_list(addr))
> + return 0;
> +
> + return -EINVAL;
> +}
> +
> +static int check_attach_modify_return(unsigned long addr, const char *func_name)
> +{
> + if (within_error_injection_list(addr) ||
> + !strncmp(SECURITY_PREFIX, func_name, sizeof(SECURITY_PREFIX) - 1))
> + return 0;
> +
> + return -EINVAL;
> +}

Why did you move them here? Seems that you didn't use them.

> +
> +static int modify_return_get_retval_range(const struct bpf_prog *prog,
> + struct bpf_retval_range *retval_range)

NIT: code format issue here.

Thanks,
Leon

> +{
[...]