On 28/3/26 04:41, Jiri Olsa wrote:
On Tue, Mar 24, 2026 at 11:04:43PM +0800, Leon Hwang wrote:
[...]
quoted
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6404,6 +6404,14 @@ static int check_ctx_access(struct bpf_verifier_env *env, int insn_idx, int off,
/* remember the offset of last byte accessed in ctx */
if (env->prog->aux->max_ctx_offset < off + size)
env->prog->aux->max_ctx_offset = off + size;
+ if (env->prog->type == BPF_PROG_TYPE_EXT) {
+ struct bpf_prog *dst_prog = env->prog->aux->dst_prog;
+
+ if (env->prog->aux->kprobe_write_ctx != dst_prog->aux->kprobe_write_ctx) {
+ verbose(env, "Extension program cannot have different kprobe_write_ctx value with target prog\n");
+ return -EINVAL;
+ }
+ }
would it be more clear to check this in bpf_check_attach_target,
instead of depending on actual write to context
I've considered it.
But we can't, because bpf_check_attach_target is before check_ctx_access
at load time.
Besides, sashiko has pointed out that this check in check_ctx_access can
be bypassed when attaching to kprobe_write_ctx=false target [1].
So, I posted v2 to do the check in bpf_tracing_prog_attach at attach
time [2].
[1]
https://sashiko.dev/#/patchset/20260324150444.68166-1-leon.hwang%40linux.dev
[2] https://lore.kernel.org/bpf/20260326141718.17731-1-leon.hwang@linux.dev/ (local)
Thanks,
Leon