Commit eb7024bf authored Apr 02, 2026 by Varun R Mallya Committed by Alexei Starovoitov Apr 02, 2026

bpf: Reject sleepable kprobe_multi programs at attach time



kprobe.multi programs run in atomic/RCU context and cannot sleep.
However, bpf_kprobe_multi_link_attach() did not validate whether the
program being attached had the sleepable flag set, allowing sleepable
helpers such as bpf_copy_from_user() to be invoked from a non-sleepable
context.

This causes a "sleeping function called from invalid context" splat:

  BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:169
  in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1787, name: sudo
  preempt_count: 1, expected: 0
  RCU nest depth: 2, expected: 0

Fix this by rejecting sleepable programs early in
bpf_kprobe_multi_link_attach(), before any further processing.

Fixes: 0dcac272 ("bpf: Add multi kprobe link")
Signed-off-by: Varun R Mallya <varunrmallya@gmail.com>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Acked-by: Leon Hwang <leon.hwang@linux.dev>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/r/20260401191126.440683-1-varunrmallya@gmail.com


Signed-off-by: Alexei Starovoitov <ast@kernel.org>

parent b0db1acc

kernel/trace/bpf_trace.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -2752,6 +2752,10 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr attr, struct bpf_prog pr
		if (!is_kprobe_multi(prog))
		return -EINVAL;

		/* kprobe_multi is not allowed to be sleepable. */
		if (prog->sleepable)
		return -EINVAL;

		/* Writing to context is not allowed for kprobes. */
		if (prog->aux->kprobe_write_ctx)
		return -EINVAL;