Re: [PATCH bpf v3] bpf: fix NULL pointer dereference in bpf_task_from_vpid()

Next message: Miguel Ojeda: "Re: [PATCH v2] fault-inject: rust: add a Rust API for fault-injection"
Previous message: Loic Poulain: "Re: [PATCH v3 10/10] arm64: dts: qcom: shikra: Enable Bluetooth and WiFi on EVK boards"
In reply to: bot+bpf-ci: "Re: [PATCH bpf v3] bpf: fix NULL pointer dereference in bpf_task_from_vpid()"
Next in thread: Kumar Kartikeya Dwivedi: "Re: [PATCH bpf v3] bpf: fix NULL pointer dereference in bpf_task_from_vpid()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Sat Jun 06 2026 - 08:58:45 EST

On 2026/6/6 17:19, Sechang Lim wrote:
[...]
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index b5314c9fed3c..226c31ccb5d6 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -2912,7 +2912,14 @@ __bpf_kfunc struct task_struct *bpf_task_from_vpid(s32 vpid)
> {
> struct task_struct *p;
>
> + if (in_interrupt())
> + return NULL;
> +
> rcu_read_lock();

Better to use guard(rcu)() here, and drop the rcu_read_unlock().

Thanks,
Leon

> + if (!task_active_pid_ns(current)) {
> + rcu_read_unlock();
> + return NULL;
> + }
> p = find_task_by_vpid(vpid);
> if (p)
> p = bpf_task_acquire(p);