On 2026/3/12 18:46, Jiri Olsa wrote: > On Thu, Mar 12, 2026 at 10:24:24AM +0800, Leon Hwang wrote: >> On 12/3/26 06:45, Jiri Olsa wrote: [...] >> >> Actually, without this patch, when "bpf_fentry_test1" runs, the arg "a" >> will be updated as 0. Thus, bpf_prog_test_run_tracing() returns -EFAULT >> instead of 0. >> >> bpf_prog_test_run_tracing() >> |-->bpf_fentry_test1() >> |-->dummy_kprobe() >> |-->kprobe() /* via tail call */ >> |-->regs->di = 0; >> return 1; /* instead of 2 */ >> return -EFAULT; >> >> Yep, the commit log is not clear to describe this abuse problem. Will >> update it. > > ah right :-\ ok, I think we need to do the suggested one way check and > that should prevent kprobes having writeable ctx >
Yeah, will apply strict both-ways check. See https://lore.kernel.org/bpf/[email protected]/. Thanks, Leon
