| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4BzbTtC19E_=RCk_KCjrOimbefhnXCEfURw4b+caxCY6SRQ@mail.gmail.com>
Date: Wed, 11 Feb 2026 14:08:32 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Leon Hwang <leon.hwang@...ux.dev>
Cc: bpf@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>,
Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>,
Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>,
Yonghong Song <yonghong.song@...ux.dev>, KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
Shuah Khan <shuah@...nel.org>, Christian Brauner <brauner@...nel.org>,
Seth Forshee <sforshee@...nel.org>, Yuichiro Tsuji <yuichtsu@...zon.com>,
Andrey Albershteyn <aalbersh@...hat.com>, Willem de Bruijn <willemb@...gle.com>,
Jason Xing <kerneljasonxing@...il.com>, Tao Chen <chen.dylane@...ux.dev>,
Mykyta Yatsenko <yatsenko@...a.com>, Kumar Kartikeya Dwivedi <memxor@...il.com>,
Anton Protopopov <a.s.protopopov@...il.com>, Amery Hung <ameryhung@...il.com>,
Rong Tao <rongtao@...tc.cn>, linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
linux-kselftest@...r.kernel.org, kernel-patches-bot@...com
Subject: Re: [PATCH bpf-next v10 4/8] bpf: Add syscall common attributes
support for prog_load
On Wed, Feb 11, 2026 at 7:13 AM Leon Hwang <leon.hwang@...ux.dev> wrote:
>
> BPF_PROG_LOAD can now take log parameters from both union bpf_attr and
> struct bpf_common_attr. The merge rules are:
>
> - if both sides provide a complete log tuple (buf/size/level) and they
> match, use it;
> - if only one side provides log parameters, use that one;
> - if both sides provide complete tuples but they differ, return -EINVAL.
>
> Signed-off-by: Leon Hwang <leon.hwang@...ux.dev>
> ---
> include/linux/bpf_verifier.h | 3 ++-
> kernel/bpf/log.c | 31 ++++++++++++++++++++++++++++++-
> kernel/bpf/syscall.c | 2 +-
> 3 files changed, 33 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
> index dbd9bdb955b3..34f28d40022a 100644
> --- a/include/linux/bpf_verifier.h
> +++ b/include/linux/bpf_verifier.h
> @@ -643,7 +643,8 @@ struct bpf_log_attr {
> };
>
> int bpf_log_attr_init(struct bpf_log_attr *log, u64 log_buf, u32 log_size, u32 log_level,
> - u32 __user *log_true_size);
> + u32 __user *log_true_size, struct bpf_common_attr *common, bpfptr_t uattr,
> + u32 size);
> int bpf_log_attr_finalize(struct bpf_log_attr *attr, struct bpf_verifier_log *log);
>
> #define BPF_MAX_SUBPROGS 256
> diff --git a/kernel/bpf/log.c b/kernel/bpf/log.c
> index e31747b84fe2..a2b41bf5e9cb 100644
> --- a/kernel/bpf/log.c
> +++ b/kernel/bpf/log.c
> @@ -864,14 +864,43 @@ void print_insn_state(struct bpf_verifier_env *env, const struct bpf_verifier_st
> print_verifier_state(env, vstate, frameno, false);
> }
>
> +static bool bpf_log_attrs_set(u64 log_buf, u32 log_size, u32 log_level)
> +{
> + return log_buf && log_size && log_level;
> +}
> +
> +static bool bpf_log_attrs_diff(struct bpf_common_attr *common, u64 log_buf, u32 log_size,
> + u32 log_level)
> +{
> + return bpf_log_attrs_set(log_buf, log_size, log_level) &&
> + bpf_log_attrs_set(common->log_buf, common->log_size, common->log_level) &&
> + (log_buf != common->log_buf || log_size != common->log_size ||
> + log_level != common->log_level);
> +}
> +
I'm not sure this check is doing what we discussed previously?... If
log_buf is set, but log_size or log_level is zero, you'll just ignore
log_buf here...
Maybe let's keep it super simple:
if (log_buf && common->log_buf && log_buf != common->log_buf)
return -EINVAL;
/* same for log_size, log_level, log_true_size */
and then below just
log->log_buf = u64_to_user_ptr(log_buf ?: common->log_buf);
log->log_size = log_size ?: common->log_size;
and so on
We can be stricter than that, of course (as in, all triplets have to
be completely set in either/both common_attr and attr, and they should
completely match), but it's just more code for little benefit.
> int bpf_log_attr_init(struct bpf_log_attr *log, u64 log_buf, u32 log_size, u32 log_level,
> - u32 __user *log_true_size)
> + u32 __user *log_true_size, struct bpf_common_attr *common, bpfptr_t uattr,
> + u32 size)
> {
> + if (bpf_log_attrs_diff(common, log_buf, log_size, log_level))
> + return -EINVAL;
> +
> memset(log, 0, sizeof(*log));
> log->log_buf = u64_to_user_ptr(log_buf);
> log->log_size = log_size;
> log->log_level = log_level;
> log->log_true_size = log_true_size;
> +
> + if (!log_buf && common->log_buf) {
> + log->log_buf = u64_to_user_ptr(common->log_buf);
> + log->log_size = common->log_size;
> + log->log_level = common->log_level;
> + if (size >= offsetofend(struct bpf_common_attr, log_true_size))
> + log->log_true_size = uattr.user +
> + offsetof(struct bpf_common_attr, log_true_size);
> + else
> + log->log_true_size = NULL;
why not treat log_true_size same as log_buf/log_level/log_size? If
both are provided, they should match, and then we don't have a
possibility of inconsistency?
> + }
> return 0;
> }
>
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index e86674811996..17116603ff51 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -6247,7 +6247,7 @@ static int __sys_bpf(enum bpf_cmd cmd, bpfptr_t uattr, unsigned int size,
> if (from_user && size >= offsetofend(union bpf_attr, log_true_size))
> log_true_size = uattr.user + offsetof(union bpf_attr, log_true_size);
> err = bpf_log_attr_init(&attr_log, attr.log_buf, attr.log_size, attr.log_level,
> - log_true_size);
> + log_true_size, &attr_common, uattr_common, size_common);
> err = err ?: bpf_prog_load(&attr, uattr, &attr_log);
> break;
> case BPF_OBJ_PIN:
> --
> 2.52.0
>
Powered by blists - more mailing lists