Re: [PATCH bpf-next v12 5/7] bpf: Add BPF_F_CPU and BPF_F_ALL_CPUS flags support for percpu_cgroup_storage maps

Wed, 26 Nov 2025 07:12:03 -0800 

> diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
> index aedf573bd..013f4db99 100644
> --- a/include/linux/bpf-cgroup.h
> +++ b/include/linux/bpf-cgroup.h

[ ... ]

> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index f79d2ae27..9e756db5e 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h

[ ... ]

> diff --git a/kernel/bpf/local_storage.c b/kernel/bpf/local_storage.c
> index 2ab4b60ff..1ccbf28b2 100644
> --- a/kernel/bpf/local_storage.c
> +++ b/kernel/bpf/local_storage.c
> @@ -180,7 +180,7 @@ static long cgroup_storage_update_elem(struct bpf_map 
> *map, void *key,
>  }
>
>  int bpf_percpu_cgroup_storage_copy(struct bpf_map *_map, void *key,
> -                                void *value)
> +                                void *value, u64 map_flags)
>  {
>       struct bpf_cgroup_storage_map *map = map_to_storage(_map);
>       struct bpf_cgroup_storage *storage;
> @@ -198,11 +198,17 @@ int bpf_percpu_cgroup_storage_copy(struct bpf_map 
> *_map, void *key,
>        * access 'value_size' of them, so copying rounded areas
>        * will not leak any kernel data
>        */
> +     if (map_flags & BPF_F_CPU) {
> +             cpu = map_flags >> 32;
> +             copy_map_value(_map, value, per_cpu_ptr(storage->percpu_buf, 
> cpu));
> +             goto unlock;
> +     }

Should check_and_init_map_value() be called here after copy_map_value()?

The similar implementations in bpf_percpu_array_copy() and
bpf_percpu_hash_copy() both call check_and_init_map_value() after
copying a single CPU's value when BPF_F_CPU is set:

  bpf_percpu_array_copy():
    if (map_flags & BPF_F_CPU) {
        cpu = map_flags >> 32;
        copy_map_value(map, value, per_cpu_ptr(pptr, cpu));
        check_and_init_map_value(map, value);
        goto unlock;
    }

  bpf_percpu_hash_copy():
    if (map_flags & BPF_F_CPU) {
        cpu = map_flags >> 32;
        copy_map_value(map, value, per_cpu_ptr(pptr, cpu));
        check_and_init_map_value(map, value);
        goto out;
    }

The check_and_init_map_value() call initializes special BTF fields
(timers, kptrs, etc.) when copying map values to userspace. Without it,
these fields might not be properly initialized if percpu_cgroup_storage
map values contain such fields.

>       size = round_up(_map->value_size, 8);
>       for_each_possible_cpu(cpu) {
>               copy_map_value_long(_map, value + off, 
> per_cpu_ptr(storage->percpu_buf, cpu));
>               off += size;
>       }
> +unlock:
>       rcu_read_unlock();
>       return 0;
>  }

[ ... ]


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/19708012130

Reply via email to