Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc

Next message: Luca Weiss: "[PATCH net-next v2 2/2] net: ipa: add IPA v5.2 configuration data"
Previous message: Luca Weiss: "[PATCH net-next v2 1/2] dt-bindings: net: qcom,ipa: add Milos compatible"
In reply to: Leon Hwang: "Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Next in thread: Leon Hwang: "Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Feng Yang

Date: Fri Apr 10 2026 - 03:41:40 EST

On Fri, 10 Apr 2026 15:21:26 +0800 Leon Hwang wrote:
> On 10/4/26 14:10, Feng Yang wrote:
> > From: Feng Yang <yangfeng@xxxxxxxxxx>
> >
>
> [...]
>
> > +
> > +static int check_attach_sleepable(u32 btf_id, unsigned long addr, const char *func_name)
> > +{
> > + /* fentry/fexit/fmod_ret progs can be sleepable if they are
> > + * attached to ALLOW_ERROR_INJECTION and are not in denylist.
> > + */
> > + if (!check_non_sleepable_error_inject(btf_id) &&
> > + within_error_injection_list(addr))
> > + return 0;
> > +
> > + return -EINVAL;
> > +}
> > +
> > +static int check_attach_modify_return(unsigned long addr, const char *func_name)
> > +{
> > + if (within_error_injection_list(addr) ||
> > + !strncmp(SECURITY_PREFIX, func_name, sizeof(SECURITY_PREFIX) - 1))
> > + return 0;
> > +
> > + return -EINVAL;
> > +}
>
> Why did you move them here? Seems that you didn't use them.

Because CONFIG_FUNCTION_ERROR_INJECTION is directly reused here,
and the function has_arch_syscall_prefix is intended to be used.

> > +
> > +static int modify_return_get_retval_range(const struct bpf_prog *prog,
> > + struct bpf_retval_range *retval_range)
>
> NIT: code format issue here.

Thanks.

> Thanks,
> Leon
>
> > +{
> [...]