Re: [PATCH bpf-next 2/5] bpf: Fix concurrent regression in map_create()

Next message: syyang: "[PATCH v9 1/2] dt-bindings: bridge: Add Lontium LT7911EXC eDP to MIPI DSI bridge"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 1/2] dt-bindings: soc: qcom: pmic-glink: Document batteryless property"
In reply to: Alexei Starovoitov: "Re: [PATCH bpf-next 2/5] bpf: Fix concurrent regression in map_create()"
Next in thread: Mykyta Yatsenko: "Re: [PATCH bpf-next 2/5] bpf: Fix concurrent regression in map_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Tue May 19 2026 - 07:04:29 EST

On 19/5/26 11:05, Alexei Starovoitov wrote:
> On Mon, May 18, 2026 at 7:48 PM Leon Hwang <leon.hwang@xxxxxxxxx> wrote:
>>
>> On 18/5/26 23:40, bot+bpf-ci@xxxxxxxxxx wrote:
[...]
>> diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
>> index 20c421b43849..a10ef58bb6ea 100644
>> --- a/include/linux/bpf_verifier.h
>> +++ b/include/linux/bpf_verifier.h
>> @@ -788,6 +788,7 @@ struct bpf_log_attr {
>> u32 level;
>> u32 offsetof_true_size;
>> bpfptr_t uattr;
>> + bool finalized;
>> };
>
> No. That looks worse.
> The suggestion was to do the finalize log _once_ before
> allocating FD.

Understand the suggestion.

When tried to finalize log once without "finalized" guard, it seemed
complicated to modify __map_create() to make sure finalize log once on
all code logic paths.

> Why are you doing it twice?

So, to simplify the change, finalize log the second time with the
"finalized" guard to cover all the check-failure paths.

After thinking hardly, the below patch is the way to make sure finalize
log once before security_bpf_map_create().

It works, but it is not good enough.

Thanks,
Leon

---