On 28/3/26 04:41, Jiri Olsa wrote:
> On Tue, Mar 24, 2026 at 11:04:43PM +0800, Leon Hwang wrote:
[...]
>> --- a/kernel/bpf/verifier.c
>> +++ b/kernel/bpf/verifier.c
>> @@ -6404,6 +6404,14 @@ static int check_ctx_access(struct bpf_verifier_env
>> *env, int insn_idx, int off,
>> /* remember the offset of last byte accessed in ctx */
>> if (env->prog->aux->max_ctx_offset < off + size)
>> env->prog->aux->max_ctx_offset = off + size;
>> + if (env->prog->type == BPF_PROG_TYPE_EXT) {
>> + struct bpf_prog *dst_prog = env->prog->aux->dst_prog;
>> +
>> + if (env->prog->aux->kprobe_write_ctx !=
>> dst_prog->aux->kprobe_write_ctx) {
>> + verbose(env, "Extension program cannot have
>> different kprobe_write_ctx value with target prog\n");
>> + return -EINVAL;
>> + }
>> + }
>
> would it be more clear to check this in bpf_check_attach_target,
> instead of depending on actual write to context
>
I've considered it.
But we can't, because bpf_check_attach_target is before check_ctx_access
at load time.
Besides, sashiko has pointed out that this check in check_ctx_access can
be bypassed when attaching to kprobe_write_ctx=false target [1].
So, I posted v2 to do the check in bpf_tracing_prog_attach at attach
time [2].
[1]
https://sashiko.dev/#/patchset/20260324150444.68166-1-leon.hwang%40linux.dev
[2] https://lore.kernel.org/bpf/[email protected]/
Thanks,
Leon
