Re: perf_event_detach_bpf_prog() broken?

From: Sean Young
Date: Tue Oct 22 2024 - 10:13:35 EST


On Tue, Oct 22, 2024 at 04:03:40PM +0200, Jiri Olsa wrote:
> On Tue, Oct 22, 2024 at 01:16:38PM +0200, Peter Zijlstra wrote:
> > Hi guys,
> >
> > Per commit 170a7e3ea070 ("bpf: bpf_prog_array_copy() should return
> > -ENOENT if exclude_prog not found") perf_event_detach_bpf_prog() can now
> > return without doing bpf_prog_put() and leaving event->prog set.
> >
> > This is very 'unexpected' behaviour.
> >
> > I'm not sure what's sane from the BPF side of things here, but leaving
> > event->prog set is really rather unexpected.
> >
> > Help?
>
> IIUC the ENOENT should never happen in perf event context, so not
> sure why we have that check.. also does not seem to be used from
> lirc code, Sean?

You can deattach a lirc program using the bpf syscall with command
BPF_PROG_DETACH, and if you pass an incorrect (as in, not attached) program,
then this commit ensures you get ENOENT rather than success.


Sean

> perf_event_detach_bpf_prog is called when the event is being freed
> so I think we should always put and clear the event->prog
>
> jirka