From: Leon Hwang <leon.hwang@linux.dev>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Shuah Khan <shuah@kernel.org>, Leon Hwang <leon.hwang@linux.dev>,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
kernel-patches-bot@fb.com
Subject: [PATCH bpf-next 1/5] bpf: Check tail zero of bpf_common_attr using offsetofend
Date: Mon, 18 May 2026 22:54:42 +0800 [thread overview]
Message-ID: <20260518145446.6794-2-leon.hwang@linux.dev> (raw)
In-Reply-To: <20260518145446.6794-1-leon.hwang@linux.dev>
Because of the 8-byte alignment, the compiler will pad struct
bpf_common_attr to 24 bytes. That said, sizeof(attr_common) is 24 instead
of 20.
When check tail zero using sizeof(attr_common) in
bpf_check_uarg_tail_zero(), there will be 4 bytes that won't be checked.
To also check the padding 4 bytes, replace sizeof(attr_common) with
offsetofend(struct bpf_common_attr, log_true_size).
Fixes: f28771c0691b ("bpf: Extend BPF syscall with common attributes support")
Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
---
kernel/bpf/syscall.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 6600e126fbfb..83de8fb9b9aa 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -6278,7 +6278,9 @@ static int __sys_bpf(enum bpf_cmd cmd, bpfptr_t uattr, unsigned int size,
memset(&attr_common, 0, sizeof(attr_common));
if (cmd & BPF_COMMON_ATTRS) {
- err = bpf_check_uarg_tail_zero(uattr_common, sizeof(attr_common), size_common);
+ err = bpf_check_uarg_tail_zero(uattr_common,
+ offsetofend(struct bpf_common_attr, log_true_size),
+ size_common);
if (err)
return err;
--
2.54.0
next prev parent reply other threads:[~2026-05-18 14:55 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-18 14:54 [PATCH bpf-next 0/5] bpf: Follow-up fixes for BPF syscall common attributes Leon Hwang
2026-05-18 14:54 ` Leon Hwang [this message]
2026-05-18 16:14 ` [PATCH bpf-next 1/5] bpf: Check tail zero of bpf_common_attr using offsetofend Mykyta Yatsenko
2026-05-19 2:45 ` Leon Hwang
2026-05-18 14:54 ` [PATCH bpf-next 2/5] bpf: Fix concurrent regression in map_create() Leon Hwang
2026-05-18 15:40 ` bot+bpf-ci
2026-05-19 2:48 ` Leon Hwang
2026-05-19 3:05 ` Alexei Starovoitov
2026-05-19 10:48 ` Leon Hwang
2026-05-18 16:43 ` Mykyta Yatsenko
2026-05-19 2:47 ` Leon Hwang
2026-05-19 15:15 ` Mykyta Yatsenko
2026-05-20 14:51 ` Leon Hwang
2026-05-18 14:54 ` [PATCH bpf-next 3/5] libbpf: Add OPTS_VALID() for log_opts in bpf_map_create Leon Hwang
2026-05-18 14:54 ` [PATCH bpf-next 4/5] selftests/bpf: Use -1 as token_fd in map create failure test Leon Hwang
2026-05-18 14:54 ` [PATCH bpf-next 5/5] selftests/bpf: Add test to verify checking padding bytes for BPF syscall common attributes Leon Hwang
2026-05-19 2:00 ` [PATCH bpf-next 0/5] bpf: Follow-up fixes " patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260518145446.6794-2-leon.hwang@linux.dev \
--to=leon.hwang@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=kernel-patches-bot@fb.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.