On Tue, 31 Mar 2026 at 16:54, Leon Hwang <[email protected]> wrote: > > The potential issue of kprobe_write_ctx+freplace was mentioned in > "bpf: Disallow !kprobe_write_ctx progs tail-calling kprobe_write_ctx progs" > [1]. > > It is true issue, that the test in patch #2 verifies that > kprobe_write_ctx=false > kprobe progs can be abused to modify struct pt_regs via kprobe_write_ctx=true > freplace progs. > > When struct pt_regs is modified, bpf_prog_test_run_opts() gets -EFAULT instead > of 0. > > test_freplace_kprobe_write_ctx:FAIL:bpf_prog_test_run_opts unexpected error: > -14 (errno 14) > > We will disallow attaching freplace programs on kprobe programs with different > kprobe_write_ctx values. > > Links: > [1] > https://lore.kernel.org/bpf/cap01t74w4kvmn9bewpqxrk+bqcuxzb6vw1sq_qvny0a4ey-...@mail.gmail.com/ >
Acked-by: Kumar Kartikeya Dwivedi <[email protected]> Discussed offline with Leon to follow up on other cases and incorporate his fixes for tail calls. > [...]
