On Fri, Feb 7, 2025 at 2:01 AM Song Liu <song@xxxxxxxxxx> wrote: > > On Wed, Feb 5, 2025 at 6:55 PM Yafang Shao <laoar.shao@xxxxxxxxx> wrote: > [...] > > > I think we should first understand why the trampoline is not > > > freed. > > > > IIUC, the fexit works as follows, > > > > bpf_trampoline > > + __bpf_tramp_enter > > + percpu_ref_get(&tr->pcref); > > > > + call do_exit() > > > > + __bpf_tramp_exit > > + percpu_ref_put(&tr->pcref); > > > > Since do_exit() never returns, the refcnt of the trampoline image is > > never decremented, preventing it from being freed. > > Thanks for the explanation. In this case, I think it makes sense to > disallow attaching fexit programs on __noreturn functions. I am not > sure what is the best solution for it though. There is a tools/objtool/noreturns.h. Perhaps we could create a similar noreturns.h under kernel/bpf and add all relevant functions to the fexit deny list. -- Regards Yafang
