From: Leon Hwang <leon.hwang@linux.dev>
To: sashiko-reviews@lists.linux.dev
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v14 1/8] bpf: Extend BPF syscall with common attributes support
Date: Thu, 14 May 2026 22:24:28 +0800 [thread overview]
Message-ID: <98c92b19-c6fe-4de1-8caf-c09b04016ee0@linux.dev> (raw)
In-Reply-To: <20260513224823.6494FC19425@smtp.kernel.org>
On 2026/5/14 06:48, sashiko-bot@kernel.org wrote:
[...]
>>
>> +struct bpf_common_attr {
>> + __aligned_u64 log_buf;
>> + __u32 log_size;
>> + __u32 log_level;
>> + __u32 log_true_size;
>> +};
>
> Does this UAPI structure contain implicit trailing padding? With one
> __aligned_u64 (8 bytes) and three __u32 fields (12 bytes), there are 20
> bytes of data. Because of the 8-byte alignment, the compiler will pad the
> structure to 24 bytes.
>
> If a future kernel extension adds a new 4-byte field, older userspace programs
> allocating this structure on the stack might inadvertently pass uninitialized
> stack garbage into the new field, permanently breaking backward compatibility.
>
> Should this include an explicit __u32 pad; field, and should the kernel
> explicitly validate that attr_common.pad == 0?
>
This concern seems valid to me.
Propose my fix here:
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 6600e126fbfb..83de8fb9b9aa 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -6278,7 +6278,9 @@ static int __sys_bpf(enum bpf_cmd cmd, bpfptr_t
uattr, unsigned int size,
memset(&attr_common, 0, sizeof(attr_common));
if (cmd & BPF_COMMON_ATTRS) {
- err = bpf_check_uarg_tail_zero(uattr_common,
sizeof(attr_common), size_common);
+ err = bpf_check_uarg_tail_zero(uattr_common,
+ offsetofend(struct
bpf_common_attr, log_true_size),
+ size_common);
if (err)
return err;
This is to avoid adding an explicit __u32 pad in struct bpf_common_attr.
> [ ... ]
>
>> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
>> --- a/kernel/bpf/syscall.c
>> +++ b/kernel/bpf/syscall.c
>
> [ ... ]
>
>> @@ -6226,6 +6228,20 @@ static int __sys_bpf(enum bpf_cmd cmd, bpfptr_t uattr, unsigned int size)
>> if (copy_from_bpfptr(&attr, uattr, size) != 0)
>> return -EFAULT;
>>
>> + memset(&attr_common, 0, sizeof(attr_common));
>> + if (cmd & BPF_COMMON_ATTRS) {
>> + err = bpf_check_uarg_tail_zero(uattr_common, sizeof(attr_common), size_common);
>> + if (err)
>> + return err;
>> +
>> + cmd &= ~BPF_COMMON_ATTRS;
>
> By unconditionally stripping BPF_COMMON_ATTRS from the command here, won't any
> BPF command (such as BPF_MAP_FREEZE) successfully accept the flag but silently
> ignore the provided common attributes?
>
Correct.
> This might prevent userspace from correctly probing whether the running kernel
> actually supports common attributes for a given command.
>
> Should __sys_bpf() enforce a whitelist of supported commands before stripping
> the flag, or explicitly reject the flag for commands that do not support it?
>
If users want to probe for common attributes feature, they can do it by
the way of patch #2.
Thanks,
Leon
[...]
next prev parent reply other threads:[~2026-05-14 14:24 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-12 15:31 [PATCH bpf-next v14 0/8] bpf: Extend BPF syscall with common attributes support Leon Hwang
2026-05-12 15:31 ` [PATCH bpf-next v14 1/8] " Leon Hwang
2026-05-13 22:48 ` sashiko-bot
2026-05-14 14:24 ` Leon Hwang [this message]
2026-05-12 15:31 ` [PATCH bpf-next v14 2/8] libbpf: Add support for extended BPF syscall Leon Hwang
2026-05-12 16:23 ` bot+bpf-ci
2026-05-13 2:10 ` Leon Hwang
2026-05-12 15:31 ` [PATCH bpf-next v14 3/8] bpf: Refactor reporting log_true_size for prog_load Leon Hwang
2026-05-12 15:31 ` [PATCH bpf-next v14 4/8] bpf: Add syscall common attributes support " Leon Hwang
2026-05-13 23:56 ` sashiko-bot
2026-05-12 15:31 ` [PATCH bpf-next v14 5/8] bpf: Add syscall common attributes support for btf_load Leon Hwang
2026-05-12 15:31 ` [PATCH bpf-next v14 6/8] bpf: Add syscall common attributes support for map_create Leon Hwang
2026-05-14 0:46 ` sashiko-bot
2026-05-14 14:25 ` Leon Hwang
2026-05-12 15:31 ` [PATCH bpf-next v14 7/8] libbpf: " Leon Hwang
2026-05-14 1:08 ` sashiko-bot
2026-05-14 14:25 ` Leon Hwang
2026-05-12 15:31 ` [PATCH bpf-next v14 8/8] selftests/bpf: Add tests to verify map create failure log Leon Hwang
2026-05-14 1:25 ` sashiko-bot
2026-05-14 14:26 ` Leon Hwang
2026-05-12 19:50 ` [PATCH bpf-next v14 0/8] bpf: Extend BPF syscall with common attributes support patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=98c92b19-c6fe-4de1-8caf-c09b04016ee0@linux.dev \
--to=leon.hwang@linux.dev \
--cc=bpf@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.