--- /dev/null
+From b69d4413aa1961930fbf9ffad8376d577378daf9 Mon Sep 17 00:00:00 2001
+From: Martin KaFai Lau <martin.lau@kernel.org>
+Date: Wed, 7 May 2025 13:32:32 -0700
+Subject: bpftool: Fix cgroup command to only show cgroup bpf programs
+
+From: Martin KaFai Lau <martin.lau@kernel.org>
+
+commit b69d4413aa1961930fbf9ffad8376d577378daf9 upstream.
+
+The netkit program is not a cgroup bpf program and should not be shown
+in the output of the "bpftool cgroup show" command.
+
+However, if the netkit device happens to have ifindex 3,
+the "bpftool cgroup show" command will output the netkit
+bpf program as well:
+
+> ip -d link show dev nk1
+3: nk1@if2: ...
+ link/ether ...
+ netkit mode ...
+
+> bpftool net show
+tc:
+nk1(3) netkit/peer tw_ns_nk2phy prog_id 469447
+
+> bpftool cgroup show /sys/fs/cgroup/...
+ID AttachType AttachFlags Name
+... ... ...
+469447 netkit_peer tw_ns_nk2phy
+
+The reason is that the target_fd (which is the cgroup_fd here) and
+the target_ifindex are in a union in the uapi/linux/bpf.h. The bpftool
+iterates all values in "enum bpf_attach_type" which includes
+non cgroup attach types like netkit. The cgroup_fd is usually 3 here,
+so the bug is triggered when the netkit ifindex just happens
+to be 3 as well.
+
+The bpftool's cgroup.c already has a list of cgroup-only attach type
+defined in "cgroup_attach_types[]". This patch fixes it by iterating
+over "cgroup_attach_types[]" instead of "__MAX_BPF_ATTACH_TYPE".
+
+Cc: Quentin Monnet <qmo@kernel.org>
+Reported-by: Takshak Chahande <ctakshak@meta.com>
+Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
+Acked-by: Daniel Borkmann <daniel@iogearbox.net>
+Reviewed-by: Quentin Monnet <qmo@kernel.org>
+Link: https://lore.kernel.org/r/20250507203232.1420762-1-martin.lau@linux.dev
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/bpf/bpftool/cgroup.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/tools/bpf/bpftool/cgroup.c
++++ b/tools/bpf/bpftool/cgroup.c
+@@ -318,11 +318,11 @@ static int show_bpf_progs(int cgroup_fd,
+
+ static int do_show(int argc, char **argv)
+ {
+- enum bpf_attach_type type;
+ int has_attached_progs;
+ const char *path;
+ int cgroup_fd;
+ int ret = -1;
++ unsigned int i;
+
+ query_flags = 0;
+
+@@ -370,14 +370,14 @@ static int do_show(int argc, char **argv
+ "AttachFlags", "Name");
+
+ btf_vmlinux = libbpf_find_kernel_btf();
+- for (type = 0; type < __MAX_BPF_ATTACH_TYPE; type++) {
++ for (i = 0; i < ARRAY_SIZE(cgroup_attach_types); i++) {
+ /*
+ * Not all attach types may be supported, so it's expected,
+ * that some requests will fail.
+ * If we were able to get the show for at least one
+ * attach type, let's return 0.
+ */
+- if (show_bpf_progs(cgroup_fd, type, 0) == 0)
++ if (show_bpf_progs(cgroup_fd, cgroup_attach_types[i], 0) == 0)
+ ret = 0;
+ }
+
+@@ -400,9 +400,9 @@ exit:
+ static int do_show_tree_fn(const char *fpath, const struct stat *sb,
+ int typeflag, struct FTW *ftw)
+ {
+- enum bpf_attach_type type;
+ int has_attached_progs;
+ int cgroup_fd;
++ unsigned int i;
+
+ if (typeflag != FTW_D)
+ return 0;
+@@ -434,8 +434,8 @@ static int do_show_tree_fn(const char *f
+ }
+
+ btf_vmlinux = libbpf_find_kernel_btf();
+- for (type = 0; type < __MAX_BPF_ATTACH_TYPE; type++)
+- show_bpf_progs(cgroup_fd, type, ftw->level);
++ for (i = 0; i < ARRAY_SIZE(cgroup_attach_types); i++)
++ show_bpf_progs(cgroup_fd, cgroup_attach_types[i], ftw->level);
+
+ if (errno == EINVAL)
+ /* Last attach type does not support query.
projects / thirdparty / kernel / stable-queue.git / commitdiff
