The potential issue of kprobe_write_ctx+freplace was mentioned in "bpf: Disallow !kprobe_write_ctx progs tail-calling kprobe_write_ctx progs" [1].
It is true issue, that the test in patch #2 verifies that kprobe_write_ctx=false kprobe progs can be abused to modify struct pt_regs via kprobe_write_ctx=true freplace progs. When struct pt_regs is modified, bpf_prog_test_run_opts() gets -EFAULT instead of 0. test_freplace_kprobe_write_ctx:FAIL:bpf_prog_test_run_opts unexpected error: -14 (errno 14) We will disallow attaching freplace programs on kprobe programs with different kprobe_write_ctx values. Links: [1] https://lore.kernel.org/bpf/cap01t74w4kvmn9bewpqxrk+bqcuxzb6vw1sq_qvny0a4ey-...@mail.gmail.com/ Changes: v1 -> v2: * Drop patch #1 in v1, as it wasn't an issue (per Toke). * Check kprobe_write_ctx value at attach time instead of at load time, to prevent attaching kprobe_write_ctx=true freplace progs on kprobe_write_ctx=false kprobe progs (per Gemini/sashiko). * Move kprobe_write_ctx test code to attach_probe.c and kprobe_write_ctx.c. v1: https://lore.kernel.org/bpf/[email protected]/ Leon Hwang (2): bpf: Fix abuse of kprobe_write_ctx via freplace selftests/bpf: Add test to verify the fix of kprobe_write_ctx abuse kernel/bpf/syscall.c | 5 ++ .../selftests/bpf/prog_tests/attach_probe.c | 64 +++++++++++++++++++ .../selftests/bpf/progs/kprobe_write_ctx.c | 19 ++++++ 3 files changed, 88 insertions(+) -- 2.53.0
