[PATCH 0/2] bpf: cgroup: fix sysctl new-value handling in __cgroup_bpf_run_filter_sysctl

Next message: Bartosz Golaszewski: "Re: [PATCH v2 1/2] dt-bindings: soc: tegra: Document Nvidia Tegra modem pwrseq"
Previous message: Sergio Paracuellos: "[PATCH] gpio: mt7621: fix interrupt banks mapping on gpio chips"
In reply to: Dawei Feng: "Re: [PATCH 1/2] bpf: cgroup: fix sysctl new value replacement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dawei Feng

Date: Tue May 26 2026 - 09:24:44 EST

This series fixes two bugs in __cgroup_bpf_run_filter_sysctl().

Patch 1 restores cgroup/sysctl new-value replacement after
4e63acdff864 ("bpf: Introduce bpf_sysctl_{get,set}_new_value helpers")
changed the success return value to 0 but left the replacement path
checking for ret == 1.

Patch 2 fixes the buffer free primitive for that same path. The sysctl
write buffer originates from proc_sys_call_handler(), which allocates it
with kvzalloc(), so freeing it with kfree() is incorrect when the
allocation falls back to vmalloc().

Patch 1 validated with a cgroup/sysctl BPF reproducer overriding a target
sysctl write.
Patch 2 reproduced on a v7.1-rc4 QEMU x86_64 guest with KASAN and
CONFIG_FAILSLAB. After applying the fix, rerunning the reproducer no
longer triggers the Oops.

Dawei Feng (2):
bpf: cgroup: fix sysctl new value replacement
bpf: cgroup: Use kvfree instead of kfree in
__cgroup_bpf_run_filter_sysctl

kernel/bpf/cgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--
2.34.1