Commit 5cdccadc authored by Kumar Kartikeya Dwivedi's avatar Kumar Kartikeya Dwivedi Committed by Alexei Starovoitov
Browse files

bpf: Prepare prog_test_struct kfuncs for runtime tests 



In an effort to actually test the refcounting logic at runtime, add a
refcount_t member to prog_test_ref_kfunc and use it in selftests to
verify and test the whole logic more exhaustively.

The kfunc calls for prog_test_member do not require runtime refcounting,
as they are only used for verifier selftests, not during runtime
execution. Hence, their implementation now has a WARN_ON_ONCE as it is
not meant to be reachable code at runtime. It is strictly used in tests
triggering failure cases in the verifier. bpf_kfunc_call_memb_release is
called from map free path, since prog_test_member is embedded in map
value for some verifier tests, so we skip WARN_ON_ONCE for it.

Signed-off-by: default avatarKumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220511194654.765705-3-memxor@gmail.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 5b74c690

net/bpf/test_run.c

+17 −6
Original line number Diff line number Diff line
@@ -564,31 +564,36 @@ struct prog_test_ref_kfunc { 
	int b;

	struct prog_test_member memb;

	struct prog_test_ref_kfunc *next;

	refcount_t cnt;

};



static struct prog_test_ref_kfunc prog_test_struct = {

	.a = 42,

	.b = 108,

	.next = &prog_test_struct,

	.cnt = REFCOUNT_INIT(1),

};



noinline struct prog_test_ref_kfunc *

bpf_kfunc_call_test_acquire(unsigned long *scalar_ptr)

{

	/* randomly return NULL */

	if (get_jiffies_64() % 2)

		return NULL;

	refcount_inc(&prog_test_struct.cnt);

	return &prog_test_struct;

}



noinline struct prog_test_member *

bpf_kfunc_call_memb_acquire(void)

{

	return &prog_test_struct.memb;

	WARN_ON_ONCE(1);

	return NULL;

}



noinline void bpf_kfunc_call_test_release(struct prog_test_ref_kfunc *p)

{

	if (!p)

		return;



	refcount_dec(&p->cnt);

}



noinline void bpf_kfunc_call_memb_release(struct prog_test_member *p)
@@ -597,12 +602,18 @@ noinline void bpf_kfunc_call_memb_release(struct prog_test_member *p) 


noinline void bpf_kfunc_call_memb1_release(struct prog_test_member1 *p)

{

	WARN_ON_ONCE(1);

}



noinline struct prog_test_ref_kfunc *

bpf_kfunc_call_test_kptr_get(struct prog_test_ref_kfunc **p, int a, int b)

bpf_kfunc_call_test_kptr_get(struct prog_test_ref_kfunc **pp, int a, int b)

{

	return &prog_test_struct;

	struct prog_test_ref_kfunc *p = READ_ONCE(*pp);



	if (!p)

		return NULL;

	refcount_inc(&p->cnt);

	return p;

}



struct prog_test_pass1 {

tools/testing/selftests/bpf/verifier/map_kptr.c

+2 −2
Original line number Diff line number Diff line
@@ -212,13 +212,13 @@ 
	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),

	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),

	BPF_EXIT_INSN(),

	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 24),

	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 32),

	BPF_EXIT_INSN(),

	},

	.prog_type = BPF_PROG_TYPE_SCHED_CLS,

	.fixup_map_kptr = { 1 },

	.result = REJECT,

	.errstr = "access beyond struct prog_test_ref_kfunc at off 24 size 8",

	.errstr = "access beyond struct prog_test_ref_kfunc at off 32 size 8",

},

{

	"map_kptr: unref: inherit PTR_UNTRUSTED on struct walk",