Re: [PATCH bpf-next 0/2] bpf: Align syscall writeback behavior with user-declared size

Next message: Chen-Yu Tsai: "Re: [PATCH v2 3/3] arm64: dts: allwinner: A133: add support for Baijie Helper A133 board"
Previous message: Thomas Lin: "[PATCH v3 0/3] arm64: Add LECARC ACPI IDs for DesignWare GPIO, SPI, I2C"
Next in thread: Yuyang Huang: "Re: [PATCH bpf-next 0/2] bpf: Align syscall writeback behavior with user-declared size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexei Starovoitov

Date: Sun May 17 2026 - 23:30:30 EST

On Fri, May 15, 2026 at 12:15 AM Yuyang Huang <yuyanghuang@xxxxxxxxxx> wrote:
>
> The bpf(cmd, attr, size) syscall copies up to 'size' bytes on input, but
> several commands write outputs back to userspace unconditionally. If the
> caller passes a short buffer, this can lead to out-of-bounds writes,
> potentially overwriting adjacent userspace memory.

The whole thing sounds like a user space bug.
Please demonstrate a case where this issue is seen
by using libbpf APIs.