> diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
> index f5639d5ac331..50055ab73649 100644
> --- a/include/linux/syscalls.h
> +++ b/include/linux/syscalls.h
> @@ -936,7 +936,8 @@ asmlinkage long sys_seccomp(unsigned int op, unsigned int
> flags,
> asmlinkage long sys_getrandom(char __user *buf, size_t count,
> unsigned int flags);
> asmlinkage long sys_memfd_create(const char __user *uname_ptr, unsigned int
> flags);
> -asmlinkage long sys_bpf(int cmd, union bpf_attr __user *attr, unsigned int
> size);
> +asmlinkage long sys_bpf(int cmd, union bpf_attr __user *attr, unsigned int
> size,
> + struct bpf_common_attr __user *attr_common, unsigned
> int size_common);
> asmlinkage long sys_execveat(int dfd, const char __user *filename,
> const char __user *const __user *argv,
> const char __user *const __user *envp, int flags);
[ ... ]
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index 677be9a47347..16ff0968fc21 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -994,6 +994,7 @@ enum bpf_cmd {
> BPF_PROG_STREAM_READ_BY_FD,
> BPF_PROG_ASSOC_STRUCT_OPS,
> __MAX_BPF_CMD,
> + BPF_COMMON_ATTRS = 1 << 16, /* Indicate carrying syscall common attrs.
> */
> };
[ ... ]
> @@ -1500,6 +1501,13 @@ struct bpf_stack_build_id {
> };
> };
>
> +struct bpf_common_attr {
> + __u64 log_buf;
> + __u32 log_size;
> + __u32 log_level;
> + __u32 log_true_size;
> +};
> +
Should log_buf use __aligned_u64 instead of plain __u64?
Looking at other pointer-bearing fields in the BPF UAPI, they consistently
use __aligned_u64. For example, the existing BPF_PROG_LOAD log_buf in union
bpf_attr is declared as:
__aligned_u64 log_buf; /* user supplied buffer */
The __aligned_u64 attribute forces 8-byte alignment on all architectures,
including 32-bit systems where native unsigned long long alignment is only
4 bytes. Without this attribute, struct bpf_common_attr will have different
layouts between 32-bit and 64-bit ABIs:
- 32-bit: 20 bytes, 4-byte aligned
- 64-bit: 24 bytes (4 bytes of tail padding), 8-byte aligned
While the current __sys_bpf() implementation with bpf_check_uarg_tail_zero()
and min_t() capped copying handles this gracefully, deviating from the
established BPF UAPI convention could create problems for future extensions.
If another __u64 field is added later, the inter-field offsets would diverge
between ABIs.
Would it be better to use __aligned_u64 log_buf to match union bpf_attr and
preserve identical struct layouts across 32/64-bit ABIs?
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/25680759838
