From: sashiko-bot@kernel.org
To: "Jianlin Shi" <shijianlin11@foxmail.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH] bpf: return -EINVAL from bpf_ringbuf_query for unknown flags
Date: Fri, 10 Jul 2026 04:06:18 +0000 [thread overview]
Message-ID: <20260710040618.817871F000E9@smtp.kernel.org> (raw)
In-Reply-To: <tencent_39A7924F2A472D74FA6AD444744E57027905@qq.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Critical] Returning -EINVAL from a u64-returning BPF helper breaks stable UAPI and results in massive positive values.
--
--- Patch [1]: [PATCH] bpf: return -EINVAL from bpf_ringbuf_query for unknown flags ---
commit 9dc2317be6516748b67981dfde67e0a14dcc2725
Author: Jianlin Shi <shijianlin11@foxmail.com>
bpf: return -EINVAL from bpf_ringbuf_query for unknown flags
This commit changes the fallback behavior of bpf_ringbuf_query() to return
-EINVAL for unrecognized flags instead of 0. It also updates the UAPI
documentation to reflect this new error code.
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
[ ... ]
> @@ -4694,13 +4694,14 @@ union bpf_attr {
[ ... ]
> - * Requested value, or 0, if *flags* are not recognized.
> + * Requested value on success. **-EINVAL** if *flags* are not recognized.
> *
> diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c
> --- a/kernel/bpf/ringbuf.c
> +++ b/kernel/bpf/ringbuf.c
> @@ -656,7 +656,7 @@ BPF_CALL_2(bpf_ringbuf_query, struct bpf_map *, map, u64, flags)
> case BPF_RB_OVERWRITE_POS:
> return smp_load_acquire(&rb->overwrite_pos);
> default:
> - return 0;
> + return -EINVAL;
[Severity: Critical]
Does this regression break the stable UAPI for existing programs that might be
relying on the helper returning 0 when probing for unsupported flags?
Since bpf_ringbuf_query() is defined to return a u64, returning -EINVAL (-22)
will be implicitly cast to a very large positive integer (0xffffffffffffffea).
If a BPF program checks whether the returned value is greater than 0,
wouldn't it now wrongly assume a huge size or position instead of
handling it as an error?
Also, because ring buffer positions are monotonic byte counters, could a
perfectly valid position eventually reach 0xffffffffffffffea and become
completely indistinguishable from this new error code?
> }
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/tencent_39A7924F2A472D74FA6AD444744E57027905@qq.com?part=1
next prev parent reply other threads:[~2026-07-10 4:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-10 3:55 [PATCH] bpf: return -EINVAL from bpf_ringbuf_query for unknown flags Jianlin Shi
2026-07-10 4:06 ` sashiko-bot [this message]
2026-07-10 4:43 ` bot+bpf-ci
2026-07-10 22:11 ` Andrii Nakryiko
[not found] <20260710035555.3725522-1-shijianlin11@foxmail.com>
2026-07-13 1:31 ` Jianlin Shi
2026-07-13 1:44 ` Jianlin Shi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260710040618.817871F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=shijianlin11@foxmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.