[PATCH bpf-next v2 0/2] bpf: Align syscall writeback behavior with user-declared size

Yuyang Huang Sat, 30 May 2026 17:48:30 -0700

This series addresses an out-of-bounds write regression in BPF_PROG_QUERY.
Based on upstream feedback, we simplified the fix by checking the size only
in the front-gate bpf_prog_query() function and returning -EFAULT.


Changes since v1:
- Simplify the kernel fix to checking the size only in bpf_prog_query().
- Revert all other subsystem query plumbing changes.
- Update BPF selftest to target BPF_CGROUP_INET_INGRESS cgroup query, and
  add verification for attr size boundaries.

Yuyang Huang (2):
  bpf: reject BPF_PROG_QUERY with short uattr size
  selftests/bpf: add verification for BPF_PROG_QUERY attr size
    boundaries

 kernel/bpf/syscall.c                          |  6 +-
 .../selftests/bpf/prog_tests/bpf_attr_size.c  | 65 +++++++++++++++++++
 2 files changed, 69 insertions(+), 2 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/bpf_attr_size.c

-- 
2.54.0.823.g6e5bcc1fc9-goog

[PATCH bpf-next v2 0/2] bpf: Align syscall writeback behavior with user-declared size

Reply via email to