Skip to content

Fix ftrace for livepatch + BPF fexit programs #6229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Fix ftrace for livepatch + BPF fexit programs #6229

wants to merge 4 commits into from

Conversation

@kernel-patches-daemon-bpf-rc
Copy link

Pull request for series with
subject: Fix ftrace for livepatch + BPF fexit programs
version: 4
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1016392

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: 8ce93aa
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1016392
version: 4

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: 2cbb259
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1016392
version: 4

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: 14a7f23
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1016392
version: 4

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: be708ed
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1016392
version: 4

@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: ba36dd5
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1016392
version: 4

@liu-song-6
ftrace: Fix BPF fexit with livepatch
8f160b5 
When livepatch is attached to the same function as bpf trampoline with
a fexit program, bpf trampoline code calls register_ftrace_direct()
twice. The first time will fail with -EAGAIN, and the second time it
will succeed. This requires register_ftrace_direct() to unregister
the address on the first attempt. Otherwise, the bpf trampoline cannot
attach. Here is an easy way to reproduce this issue:

  insmod samples/livepatch/livepatch-sample.ko
  bpftrace -e 'fexit:cmdline_proc_show {}'
  ERROR: Unable to attach probe: fexit:vmlinux:cmdline_proc_show...

Fix this by cleaning up the hash when register_ftrace_function_nolock hits
errors.

Also, move the code that resets ops->func and ops->trampoline to the error
path of register_ftrace_direct(); and add a helper function reset_direct()
in register_ftrace_direct() and unregister_ftrace_direct().

Fixes: d05cb47 ("ftrace: Fix modification of direct_function hash while in use")
Cc: stable@vger.kernel.org # v6.6+
Reported-by: Andrey Grodzovsky <andrey.grodzovsky@crowdstrike.com>
Closes: https://lore.kernel.org/live-patching/c5058315a39d4615b333e485893345be@crowdstrike.com/
Cc: Steven Rostedt (Google) <rostedt@goodmis.org>
Cc: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Acked-and-tested-by: Andrey Grodzovsky <andrey.grodzovsky@crowdstrike.com>
Signed-off-by: Song Liu <song@kernel.org>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
@liu-song-6
ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct()
4f7691d 
ftrace_hash_ipmodify_enable() checks IPMODIFY and DIRECT ftrace_ops on
the same kernel function. When needed, ftrace_hash_ipmodify_enable()
calls ops->ops_func() to prepare the direct ftrace (BPF trampoline) to
share the same function as the IPMODIFY ftrace (livepatch).

ftrace_hash_ipmodify_enable() is called in register_ftrace_direct() path,
but not called in modify_ftrace_direct() path. As a result, the following
operations will break livepatch:

1. Load livepatch to a kernel function;
2. Attach fentry program to the kernel function;
3. Attach fexit program to the kernel function.

After 3, the kernel function being used will not be the livepatched
version, but the original version.

Fix this by adding __ftrace_hash_update_ipmodify() to
__modify_ftrace_direct() and adjust some logic around the call.

Signed-off-by: Song Liu <song@kernel.org>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
@liu-song-6
selftests/bpf: Add tests for livepatch + bpf trampoline
fb9ab64 
Both livepatch and BPF trampoline use ftrace. Special attention is needed
when livepatch and fexit program touch the same function at the same
time, because livepatch updates a kernel function and the BPF trampoline
need to call into the right version of the kernel function.

Use samples/livepatch/livepatch-sample.ko for the test.

The test covers two cases:
  1) When a fentry program is loaded first. This exercises the
     modify_ftrace_direct code path.
  2) When a fentry program is loaded first. This exercises the
     register_ftrace_direct code path.

Signed-off-by: Song Liu <song@kernel.org>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
@kernel-patches-daemon-bpf-rc
Copy link
Author

Upstream branch: 6146a0f
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1016392
version: 4

@kernel-patches-daemon-bpf-rc
Copy link
Author

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=1016392 irrelevant now. Closing PR.

@kernel-patches-daemon-bpf-rc kernel-patches-daemon-bpf-rc bot deleted the series/1016392=>bpf branch November 4, 2025 02:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

accepted bpf V4-ci-fail V4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liu-song-6