Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc

Next message: Manikanta Maddireddy: "[PATCH] PCI: tegra194: Use aspm-l1-entry-delay-ns DT property for L1 entrance latency"
Previous message: Varun R Mallya: "Re: [RFC PATCH bpf-next v3 3/3] libbpf: Auto-upgrade kprobes to multi-kprobes when supported"
In reply to: Leon Hwang: "Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Next in thread: Feng Yang: "Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Fri Apr 10 2026 - 03:36:43 EST

On 10/4/26 15:21, Leon Hwang wrote:
> On 10/4/26 14:10, Feng Yang wrote:
>> From: Feng Yang <yangfeng@xxxxxxxxxx>
>>
>
> [...]
>
>> +
>> +static int check_attach_sleepable(u32 btf_id, unsigned long addr, const char *func_name)
>> +{
>> + /* fentry/fexit/fmod_ret progs can be sleepable if they are
>> + * attached to ALLOW_ERROR_INJECTION and are not in denylist.
>> + */
>> + if (!check_non_sleepable_error_inject(btf_id) &&
>> + within_error_injection_list(addr))
>> + return 0;
>> +
>> + return -EINVAL;
>> +}
>> +
>> +static int check_attach_modify_return(unsigned long addr, const char *func_name)
>> +{
>> + if (within_error_injection_list(addr) ||
>> + !strncmp(SECURITY_PREFIX, func_name, sizeof(SECURITY_PREFIX) - 1))
>> + return 0;
>> +
>> + return -EINVAL;
>> +}
>
> Why did you move them here? Seems that you didn't use them.
>
>> +
>> +static int modify_return_get_retval_range(const struct bpf_prog *prog,
>> + struct bpf_retval_range *retval_range)
>
> NIT: code format issue here.
>

Sorry about this. It is false. I was misled by thunderbird.

> Thanks,
> Leon
>
>> +{
> [...]
>