Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 1/4] dt-bindings: vendor-prefixes: Add QST Corporation"
Previous message: Russell King (Oracle): "Re: [PATCH net 1/1] net: stmmac: Update default_an_inband before passing value to phylink_config"
In reply to: Feng Yang: "Re: [PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Next in thread: Feng Yang: "[PATCH v2 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Fri Apr 10 2026 - 03:50:53 EST

On 10/4/26 15:40, Feng Yang wrote:
> On Fri, 10 Apr 2026 15:21:26 +0800 Leon Hwang wrote:
>> On 10/4/26 14:10, Feng Yang wrote:
>>> From: Feng Yang <yangfeng@xxxxxxxxxx>
>>>
>>
>> [...]
>>
>>> +
>>> +static int check_attach_sleepable(u32 btf_id, unsigned long addr, const char *func_name)
>>> +{
>>> + /* fentry/fexit/fmod_ret progs can be sleepable if they are
>>> + * attached to ALLOW_ERROR_INJECTION and are not in denylist.
>>> + */
>>> + if (!check_non_sleepable_error_inject(btf_id) &&
>>> + within_error_injection_list(addr))
>>> + return 0;
>>> +
>>> + return -EINVAL;
>>> +}
>>> +
>>> +static int check_attach_modify_return(unsigned long addr, const char *func_name)
>>> +{
>>> + if (within_error_injection_list(addr) ||
>>> + !strncmp(SECURITY_PREFIX, func_name, sizeof(SECURITY_PREFIX) - 1))
>>> + return 0;
>>> +
>>> + return -EINVAL;
>>> +}
>>
>> Why did you move them here? Seems that you didn't use them.
>
> Because CONFIG_FUNCTION_ERROR_INJECTION is directly reused here,
> and the function has_arch_syscall_prefix is intended to be used.
>

You can declare the function instead. No?

But, the function has_arch_syscall_prefix was not used in your new code?

Thanks,
Leon