Thread (19 messages) 19 messages, 3 authors, 2026-03-04

Re: [PATCH bpf-next v10 3/8] bpf: Refactor reporting log_true_size for prog_load

From: Alexei Starovoitov <hidden>
Date: 2026-03-03 16:32:26
Also in: bpf, linux-kselftest, lkml

On Wed, Feb 11, 2026 at 7:13 AM Leon Hwang [off-list ref] wrote:
quoted hunk ↗ jump to hunk
The next commit will add support for reporting logs via extended common
attributes, including 'log_true_size'.

To prepare for that, refactor the 'log_true_size' reporting logic by
introducing a new struct bpf_log_attr to encapsulate log-related behavior:

 * bpf_log_attr_init(): initialize log fields, which will support
   extended common attributes in the next commit.
 * bpf_log_attr_finalize(): handle log finalization and write back
   'log_true_size' to userspace.

Signed-off-by: Leon Hwang <redacted>
---
 include/linux/bpf.h          |  4 +++-
 include/linux/bpf_verifier.h | 11 +++++++++++
 kernel/bpf/log.c             | 25 +++++++++++++++++++++++++
 kernel/bpf/syscall.c         | 13 ++++++++++---
 kernel/bpf/verifier.c        | 17 ++++-------------
 5 files changed, 53 insertions(+), 17 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index cd9b96434904..d4dbcc7ad156 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2913,7 +2913,9 @@ int bpf_check_uarg_tail_zero(bpfptr_t uaddr, size_t expected_size,
                             size_t actual_size);

 /* verify correctness of eBPF program */
-int bpf_check(struct bpf_prog **fp, union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size);
+struct bpf_log_attr;
+int bpf_check(struct bpf_prog **fp, union bpf_attr *attr, bpfptr_t uattr,
+             struct bpf_log_attr *attr_log);

 #ifndef CONFIG_BPF_JIT_ALWAYS_ON
 void bpf_patch_call_args(struct bpf_insn *insn, u32 stack_depth);
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index ef8e45a362d9..dbd9bdb955b3 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -635,6 +635,17 @@ static inline bool bpf_verifier_log_needed(const struct bpf_verifier_log *log)
        return log && log->level;
 }

+struct bpf_log_attr {
+       char __user *log_buf;
+       u32 log_size;
+       u32 log_level;
+       u32 __user *log_true_size;
+};
+
+int bpf_log_attr_init(struct bpf_log_attr *log, u64 log_buf, u32 log_size, u32 log_level,
+                     u32 __user *log_true_size);
+int bpf_log_attr_finalize(struct bpf_log_attr *attr, struct bpf_verifier_log *log);
+
 #define BPF_MAX_SUBPROGS 256

 struct bpf_subprog_arg_info {
diff --git a/kernel/bpf/log.c b/kernel/bpf/log.c
index a0c3b35de2ce..e31747b84fe2 100644
--- a/kernel/bpf/log.c
+++ b/kernel/bpf/log.c
@@ -863,3 +863,28 @@ void print_insn_state(struct bpf_verifier_env *env, const struct bpf_verifier_st
        }
        print_verifier_state(env, vstate, frameno, false);
 }
+
+int bpf_log_attr_init(struct bpf_log_attr *log, u64 log_buf, u32 log_size, u32 log_level,
+                     u32 __user *log_true_size)
+{
+       memset(log, 0, sizeof(*log));
+       log->log_buf = u64_to_user_ptr(log_buf);
+       log->log_size = log_size;
+       log->log_level = log_level;
+       log->log_true_size = log_true_size;
+       return 0;
+}
+
+int bpf_log_attr_finalize(struct bpf_log_attr *attr, struct bpf_verifier_log *log)
+{
+       u32 log_true_size;
+       int err;
+
+       err = bpf_vlog_finalize(log, &log_true_size);
+
+       if (attr->log_true_size && copy_to_user(attr->log_true_size, &log_true_size,
+                                               sizeof(log_true_size)))
+               return -EFAULT;
+
+       return err;
+}
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 0e231c0b1d04..e86674811996 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -2867,7 +2867,7 @@ static int bpf_prog_mark_insn_arrays_ready(struct bpf_prog *prog)
 /* last field in 'union bpf_attr' used by this command */
 #define BPF_PROG_LOAD_LAST_FIELD keyring_id

-static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size)
+static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, struct bpf_log_attr *attr_log)
 {
        enum bpf_prog_type type = attr->prog_type;
        struct bpf_prog *prog, *dst_prog = NULL;
@@ -3085,7 +3085,7 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size)
                goto free_prog_sec;

        /* run eBPF verifier */
-       err = bpf_check(&prog, attr, uattr, uattr_size);
+       err = bpf_check(&prog, attr, uattr, attr_log);
        if (err < 0)
                goto free_used_maps;
@@ -6189,7 +6189,10 @@ static int prog_assoc_struct_ops(union bpf_attr *attr)
 static int __sys_bpf(enum bpf_cmd cmd, bpfptr_t uattr, unsigned int size,
                     bpfptr_t uattr_common, unsigned int size_common)
 {
+       bool from_user = !bpfptr_is_kernel(uattr);
        struct bpf_common_attr attr_common;
+       u32 __user *log_true_size = NULL;
+       struct bpf_log_attr attr_log;
        union bpf_attr attr;
        int err;
@@ -6241,7 +6244,11 @@ static int __sys_bpf(enum bpf_cmd cmd, bpfptr_t uattr, unsigned int size,
                err = map_freeze(&attr);
                break;
        case BPF_PROG_LOAD:
-               err = bpf_prog_load(&attr, uattr, size);
+               if (from_user && size >= offsetofend(union bpf_attr, log_true_size))
+                       log_true_size = uattr.user + offsetof(union bpf_attr, log_true_size);
So you added 'from_user' gating because
you replaced copy_to_bpfptr_offset() with copy_to_user()?
This is a drastic change in behavior and you don't even talk about
it in the commit log.
You said "refactor". This is not a refactoring!

This is v10. The common_attr feature is useful, but
you really need to think harder about what your patches
are doing.

pw-bot: cr
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help