On 11/26, Jann Horn wrote: > > On Fri, Nov 22, 2024 at 4:59 AM Andrii Nakryiko <andrii@xxxxxxxxxx> wrote: > > At the point where find_active_uprobe_rcu() is used we know that VMA in > > question has triggered software breakpoint, so we don't need to validate > > vma->vm_flags. Keep only vma->vm_file NULL check. > > How do we know that the VMA we find triggered a software breakpoint? > Between the time a software breakpoint was hit and the time we took > the mmap_read_lock(), the VMA could have been replaced with an > entirely different one, right? Right, but this doesn't really differ from the case when another thread replaces (or even unmaps) this VMA after find_active_uprobe_rcu() drops mm->mmap_lock and returns a found uprobe. So I think this is fine. Oleg.
