Thread (19 messages) 19 messages, 3 authors, 2026-03-04

Re: [PATCH bpf-next v10 4/8] bpf: Add syscall common attributes support for prog_load

From: Andrii Nakryiko <hidden>
Date: 2026-02-11 22:08:46
Also in: bpf, linux-kselftest, lkml

On Wed, Feb 11, 2026 at 7:13 AM Leon Hwang [off-list ref] wrote:
quoted hunk ↗ jump to hunk
BPF_PROG_LOAD can now take log parameters from both union bpf_attr and
struct bpf_common_attr. The merge rules are:

- if both sides provide a complete log tuple (buf/size/level) and they
  match, use it;
- if only one side provides log parameters, use that one;
- if both sides provide complete tuples but they differ, return -EINVAL.

Signed-off-by: Leon Hwang <redacted>
---
 include/linux/bpf_verifier.h |  3 ++-
 kernel/bpf/log.c             | 31 ++++++++++++++++++++++++++++++-
 kernel/bpf/syscall.c         |  2 +-
 3 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index dbd9bdb955b3..34f28d40022a 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -643,7 +643,8 @@ struct bpf_log_attr {
 };

 int bpf_log_attr_init(struct bpf_log_attr *log, u64 log_buf, u32 log_size, u32 log_level,
-                     u32 __user *log_true_size);
+                     u32 __user *log_true_size, struct bpf_common_attr *common, bpfptr_t uattr,
+                     u32 size);
 int bpf_log_attr_finalize(struct bpf_log_attr *attr, struct bpf_verifier_log *log);

 #define BPF_MAX_SUBPROGS 256
diff --git a/kernel/bpf/log.c b/kernel/bpf/log.c
index e31747b84fe2..a2b41bf5e9cb 100644
--- a/kernel/bpf/log.c
+++ b/kernel/bpf/log.c
@@ -864,14 +864,43 @@ void print_insn_state(struct bpf_verifier_env *env, const struct bpf_verifier_st
        print_verifier_state(env, vstate, frameno, false);
 }

+static bool bpf_log_attrs_set(u64 log_buf, u32 log_size, u32 log_level)
+{
+       return log_buf && log_size && log_level;
+}
+
+static bool bpf_log_attrs_diff(struct bpf_common_attr *common, u64 log_buf, u32 log_size,
+                              u32 log_level)
+{
+       return bpf_log_attrs_set(log_buf, log_size, log_level) &&
+               bpf_log_attrs_set(common->log_buf, common->log_size, common->log_level) &&
+               (log_buf != common->log_buf || log_size != common->log_size ||
+                log_level != common->log_level);
+}
+
I'm not sure this check is doing what we discussed previously?... If
log_buf is set, but log_size or log_level is zero, you'll just ignore
log_buf here...

Maybe let's keep it super simple:

if (log_buf && common->log_buf && log_buf != common->log_buf)
    return -EINVAL;
/* same for log_size, log_level, log_true_size */

and then below just

log->log_buf = u64_to_user_ptr(log_buf ?: common->log_buf);
log->log_size = log_size ?: common->log_size;

and so on


We can be stricter than that, of course (as in, all triplets have to
be completely set in either/both common_attr and attr, and they should
completely match), but it's just more code for little benefit.
 int bpf_log_attr_init(struct bpf_log_attr *log, u64 log_buf, u32 log_size, u32 log_level,
-                     u32 __user *log_true_size)
+                     u32 __user *log_true_size, struct bpf_common_attr *common, bpfptr_t uattr,
+                     u32 size)
 {
+       if (bpf_log_attrs_diff(common, log_buf, log_size, log_level))
+               return -EINVAL;
+
        memset(log, 0, sizeof(*log));
        log->log_buf = u64_to_user_ptr(log_buf);
        log->log_size = log_size;
        log->log_level = log_level;
        log->log_true_size = log_true_size;
+
+       if (!log_buf && common->log_buf) {
+               log->log_buf = u64_to_user_ptr(common->log_buf);
+               log->log_size = common->log_size;
+               log->log_level = common->log_level;
+               if (size >= offsetofend(struct bpf_common_attr, log_true_size))
+                       log->log_true_size = uattr.user +
+                               offsetof(struct bpf_common_attr, log_true_size);
+               else
+                       log->log_true_size = NULL;
why not treat log_true_size same as log_buf/log_level/log_size? If
both are provided, they should match, and then we don't have a
possibility of inconsistency?
quoted hunk ↗ jump to hunk
+       }
        return 0;
 }
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index e86674811996..17116603ff51 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -6247,7 +6247,7 @@ static int __sys_bpf(enum bpf_cmd cmd, bpfptr_t uattr, unsigned int size,
                if (from_user && size >= offsetofend(union bpf_attr, log_true_size))
                        log_true_size = uattr.user + offsetof(union bpf_attr, log_true_size);
                err = bpf_log_attr_init(&attr_log, attr.log_buf, attr.log_size, attr.log_level,
-                                       log_true_size);
+                                       log_true_size, &attr_common, uattr_common, size_common);
                err = err ?: bpf_prog_load(&attr, uattr, &attr_log);
                break;
        case BPF_OBJ_PIN:
--
2.52.0
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help