Commit fbc5bc4c authored by Kumar Kartikeya Dwivedi's avatar Kumar Kartikeya Dwivedi Committed by Alexei Starovoitov
Browse files

selftests/bpf: Add test for bpf_obj_drop with bad reg->off 



Add a selftest for the fix provided in the previous commit. Without the
fix, the selftest passes the verifier while it should fail. The special
logic for detecting graph root or node for reg->off and bypassing
reg->off == 0 guarantee for release helpers/kfuncs has been dropped.

Signed-off-by: default avatarKumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20230822175140.1317749-3-memxor@gmail.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 6785b2ed

tools/testing/selftests/bpf/progs/local_kptr_stash_fail.c

+20 −0
Original line number Original line Diff line number Diff line
@@ -62,4 +62,24 @@ long stash_rb_nodes(void *ctx) 
	return 0;

	return 0;

}

}





SEC("tc")

__failure __msg("R1 must have zero offset when passed to release func")

long drop_rb_node_off(void *ctx)

{

	struct map_value *mapval;

	struct node_data *res;

	int idx = 0;



	mapval = bpf_map_lookup_elem(&some_nodes, &idx);

	if (!mapval)

		return 1;



	res = bpf_obj_new(typeof(*res));

	if (!res)

		return 1;

	/* Try releasing with graph node offset */

	bpf_obj_drop(&res->node);

	return 0;

}



char _license[] SEC("license") = "GPL";
 
char _license[] SEC("license") = "GPL";