On 2026/3/30 17:28, Jiri Olsa wrote:
> On Thu, Mar 26, 2026 at 10:17:17PM +0800, Leon Hwang wrote:
[...]
>> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
>> index 51ade3cde8bb..1dd2ea076d8b 100644
>> --- a/kernel/bpf/syscall.c
>> +++ b/kernel/bpf/syscall.c
>> @@ -3733,6 +3733,11 @@ static int bpf_tracing_prog_attach(struct bpf_prog
>> *prog,
>> tr = prog->aux->dst_trampoline;
>> tgt_prog = prog->aux->dst_prog;
>> }
>
> could you please put some comment in here explaining the check, with that
>
Sure, will add such comment:
/*
* It is to prevent modifying struct pt_regs via kprobe_write_ctx=true
* freplace prog. Without this check, kprobe_write_ctx=true freplace
* prog is allowed to attach to kprobe_write_ctx=false kprobe prog, and
* then modify the registers of the kprobe prog's target kernel
* function.
*
* This also blocks the combination of uprobe+freplace, because it is
* unable to recognize the use of the tgt_prog as an uprobe or a kprobe
* by tgt_prog itself. At attach time, uprobe/kprobe is recognized by
* the target perf event flags in __perf_event_set_bpf_prog().
*/
> Acked-by: Jiri Olsa <[email protected]>
>
Thanks for your review.
Thanks,
Leon
