From: "Alexei Starovoitov" <alexei.starovoitov@gmail.com>
To: "Masoud Aghasi" <maghasi@disroot.org>, <bpf@vger.kernel.org>
Cc: <andrii@kernel.org>, <eddyz87@gmail.com>, <ast@kernel.org>,
<daniel@iogearbox.net>, <memxor@gmail.com>,
<martin.lau@linux.dev>, <song@kernel.org>,
<yonghong.song@linux.dev>, <jolsa@kernel.org>,
<emil@etsalapatis.com>
Subject: Re: [PATCH] libbpf: Add length checks for path parameters before memory allocation
Date: Tue, 30 Jun 2026 11:12:12 -0700 [thread overview]
Message-ID: <DJML5849E02H.EAOD5MGEV8L0@gmail.com> (raw)
In-Reply-To: <87da609e-ff8a-4f26-929a-338399f75288@disroot.org>
On Mon Jun 29, 2026 at 11:46 PM PDT, Masoud Aghasi wrote:
> On 29/06/2026 19:23, Alexei Starovoitov wrote:
>>
>> The code is fine as-is. We don't add defensive checks.
>>
>> pw-bot: cr
>
> Thanks for the review.
>
> I'm just starting to contribute to libbpf, so I'd like to make sure
> I understand the design philosophy correctly.
>
> Is the following understanding correct?
>
> Since the caller and libbpf share the same trust boundary
> (same process, same VAS), libbpf generally assumes that API arguments
> come from a trusted caller. If an application accepts input from an
> untrusted source, it's the application's responsibility to validate
> that input before passing it to libbpf.
No. It's nobody's responsiblity to validate anything.
Users of libbpf should use API correctly. That's it.
prev parent reply other threads:[~2026-06-30 18:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-29 12:25 [PATCH] libbpf: Add length checks for path parameters before memory allocation Masoud Aghasi
2026-06-29 13:13 ` bot+bpf-ci
2026-06-29 18:23 ` Alexei Starovoitov
2026-06-30 6:46 ` Masoud Aghasi
2026-06-30 18:12 ` Alexei Starovoitov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DJML5849E02H.EAOD5MGEV8L0@gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=emil@etsalapatis.com \
--cc=jolsa@kernel.org \
--cc=maghasi@disroot.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox