From: Jiayuan Chen <jiayuan.chen@linux.dev>
To: Dawei Feng <dawei.feng@seu.edu.cn>, martin.lau@linux.dev
Cc: emil@etsalapatis.com, ast@kernel.org, daniel@iogearbox.net,
andrii@kernel.org, eddyz87@gmail.com, memxor@gmail.com,
song@kernel.org, yonghong.song@linux.dev, jolsa@kernel.org,
kees@kernel.org, joel.granados@kernel.org, bpf@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
jianhao.xu@seu.edu.cn, stable@vger.kernel.org,
Zilin Guan <zilin@seu.edu.cn>
Subject: Re: [PATCH v3 3/3] bpf: Restore sysctl new-value from 1 to 0
Date: Wed, 3 Jun 2026 19:19:36 +0800 [thread overview]
Message-ID: <c57fe00a-5cb3-46dd-8c1e-a4f19567dfcb@linux.dev> (raw)
In-Reply-To: <20260603105317.944304-4-dawei.feng@seu.edu.cn>
On 6/3/26 6:53 PM, Dawei Feng wrote:
> Commit 4e63acdff864 ("bpf: Introduce bpf_sysctl_{get,set}_new_value
> helpers") changed the success return value to 0, but failed to update the
> corresponding check in __cgroup_bpf_run_filter_sysctl(). Since
> bpf_prog_run_array_cg() now returns 0 on success, the legacy ret == 1
> condition is never satisfied. As a result, the modified value is ignored,
> and bpf_sysctl_set_new_value() fails to replace the write buffer.
>
> Fix this by checking for a return value of 0 instead, so cgroup/sysctl
> programs can correctly replace the pending sysctl buffer.
>
> This bug was discovered during a manual code review. Tested via a
> cgroup/sysctl BPF reproducer overriding writes to a target sysctl.
> Pre-fix, bpf_sysctl_set_new_value("foo") was silently ignored: the write
> returned 8192 and the value remained "600". Post-fix, the BPF replacement
> buffer properly propagates: the write returns 3 and the value updates to
> "foo".
>
> Fixes: f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean")
> Cc: stable@vger.kernel.org
>
> Acked-by: Yonghong Song <yonghong.song@linux.dev>
> Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
> Signed-off-by: Dawei Feng <dawei.feng@seu.edu.cn>
Reviewed-by: Jiayuan Chen <jiayuan.chen@linux.dev>
next prev parent reply other threads:[~2026-06-03 11:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-03 10:53 [PATCH v3 0/3] bpf: fix sysctl new-value handling in __cgroup_bpf_run_filter_sysctl Dawei Feng
2026-06-03 10:53 ` [PATCH v3 1/3] bpf: NUL-terminate replaced sysctl value Dawei Feng
2026-06-03 11:36 ` bot+bpf-ci
2026-06-03 14:37 ` Yonghong Song
2026-06-03 23:23 ` Alexei Starovoitov
2026-06-04 19:35 ` Yonghong Song
2026-06-03 14:47 ` Yonghong Song
2026-06-03 10:53 ` [PATCH v3 2/3] bpf: use kvfree() for replaced sysctl write buffer Dawei Feng
2026-06-03 10:53 ` [PATCH v3 3/3] bpf: Restore sysctl new-value from 1 to 0 Dawei Feng
2026-06-03 11:19 ` Jiayuan Chen [this message]
2026-06-03 11:36 ` bot+bpf-ci
2026-06-03 13:32 ` Mykyta Yatsenko
2026-06-05 2:55 ` Xu Kuohai
2026-06-05 23:00 ` [PATCH v3 0/3] bpf: fix sysctl new-value handling in __cgroup_bpf_run_filter_sysctl patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c57fe00a-5cb3-46dd-8c1e-a4f19567dfcb@linux.dev \
--to=jiayuan.chen@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=dawei.feng@seu.edu.cn \
--cc=eddyz87@gmail.com \
--cc=emil@etsalapatis.com \
--cc=jianhao.xu@seu.edu.cn \
--cc=joel.granados@kernel.org \
--cc=jolsa@kernel.org \
--cc=kees@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=song@kernel.org \
--cc=stable@vger.kernel.org \
--cc=yonghong.song@linux.dev \
--cc=zilin@seu.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.