> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_attr_size.c > b/tools/testing/selftests/bpf/prog_tests/bpf_attr_size.c > new file mode 100644 > index 000000000000..4fbe56cb29d4 > --- /dev/null > +++ b/tools/testing/selftests/bpf/prog_tests/bpf_attr_size.c > @@ -0,0 +1,65 @@
[ ... ] > + err = syscall(__NR_bpf, BPF_PROG_QUERY, &attr, OLD_QUERY_SIZE); > + ASSERT_EQ(err, -1, "query_old_size_fails"); > + ASSERT_EQ(errno, EFAULT, "query_old_size_efault"); This test asserts errno == EFAULT for a short query size. A v2 review comment on the companion kernel patch (bpf: reject BPF_PROG_QUERY with short uattr size) questioned whether -EFAULT is the right error code for a structure size mismatch, noting that -EINVAL or -E2BIG is the more conventional return code and that -EFAULT usually indicates an invalid memory address during a copy. That comment was not answered on the v2 thread. If the kernel patch's error code changes to -EINVAL or -E2BIG, would this assertion need to change too? https://lore.kernel.org/all/[email protected]/ [ ... ] This selftest verifies the fix for an out-of-bounds write to userspace in BPF_PROG_QUERY, where __cgroup_bpf_query() unconditionally wrote uattr->query.revision even when userspace passed a smaller bpf_attr. The companion kernel fix carries a Fixes: tag, but this selftest commit does not. Should this include: Fixes: 120933984460 ("bpf: Implement mprog API on top of existing cgroup progs") --- AI reviewed your patch. Please fix the bug or email reply why it's not a bug. See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md CI run summary: https://github.com/kernel-patches/bpf/actions/runs/26699503418
