[PATCH bpf-next v2 0/2] bpf: Align syscall writeback behavior with user-declared size

Next message: Yuyang Huang: "[PATCH bpf-next v2 1/2] bpf: reject BPF_PROG_QUERY with short uattr size"
Previous message: kernel test robot: "Re: [PATCH v2] spi: cadence-xspi: Support 32bit and 64bit slave dma interface"
Next in thread: Yuyang Huang: "[PATCH bpf-next v2 1/2] bpf: reject BPF_PROG_QUERY with short uattr size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yuyang Huang

Date: Sat May 30 2026 - 20:48:31 EST

This series addresses an out-of-bounds write regression in BPF_PROG_QUERY.
Based on upstream feedback, we simplified the fix by checking the size only
in the front-gate bpf_prog_query() function and returning -EFAULT.

Changes since v1:
- Simplify the kernel fix to checking the size only in bpf_prog_query().
- Revert all other subsystem query plumbing changes.
- Update BPF selftest to target BPF_CGROUP_INET_INGRESS cgroup query, and
add verification for attr size boundaries.

Yuyang Huang (2):
bpf: reject BPF_PROG_QUERY with short uattr size
selftests/bpf: add verification for BPF_PROG_QUERY attr size
boundaries

kernel/bpf/syscall.c | 6 +-
.../selftests/bpf/prog_tests/bpf_attr_size.c | 65 +++++++++++++++++++
2 files changed, 69 insertions(+), 2 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/bpf_attr_size.c

--
2.54.0.823.g6e5bcc1fc9-goog