| Message ID | 20230602150112.1494194-2-void@manifault.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f904c67876c42c14a108d7f80459ef59d900b8fc |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf-next,1/2] bpf: Teach verifier that trusted PTR_TO_BTF_ID pointers are non-NULL | expand |
On 06/02, David Vernet wrote: > In a recent patch, we taught the verifier that trusted PTR_TO_BTF_ID can > never be NULL. This prevents the verifier from incorrectly failing to > load certain programs where it gets confused and thinks a reference > isn't dropped because it incorrectly assumes that a branch exists in > which a NULL PTR_TO_BTF_ID pointer is never released. > > This patch adds a testcase that verifies this cannot happen. > > Signed-off-by: David Vernet <void@manifault.com> Acked-by: Stanislav Fomichev <sdf@google.com> I hope someone else can look at the actual change. It looks good to me conceptually, but not sure what other parts it might affect. > --- > .../selftests/bpf/prog_tests/cpumask.c | 1 + > .../selftests/bpf/progs/cpumask_success.c | 24 +++++++++++++++++++ > 2 files changed, 25 insertions(+) > > diff --git a/tools/testing/selftests/bpf/prog_tests/cpumask.c b/tools/testing/selftests/bpf/prog_tests/cpumask.c > index cdf4acc18e4c..d89191440fb1 100644 > --- a/tools/testing/selftests/bpf/prog_tests/cpumask.c > +++ b/tools/testing/selftests/bpf/prog_tests/cpumask.c > @@ -70,5 +70,6 @@ void test_cpumask(void) > verify_success(cpumask_success_testcases[i]); > } > > + RUN_TESTS(cpumask_success); > RUN_TESTS(cpumask_failure); > } > diff --git a/tools/testing/selftests/bpf/progs/cpumask_success.c b/tools/testing/selftests/bpf/progs/cpumask_success.c > index 2fcdd7f68ac7..602a88b03dbc 100644 > --- a/tools/testing/selftests/bpf/progs/cpumask_success.c > +++ b/tools/testing/selftests/bpf/progs/cpumask_success.c > @@ -5,6 +5,7 @@ > #include <bpf/bpf_tracing.h> > #include <bpf/bpf_helpers.h> > > +#include "bpf_misc.h" > #include "cpumask_common.h" > > char _license[] SEC("license") = "GPL"; > @@ -426,3 +427,26 @@ int BPF_PROG(test_global_mask_rcu, struct task_struct *task, u64 clone_flags) > > return 0; > } > + > +SEC("tp_btf/task_newtask") > +__success > +int BPF_PROG(test_refcount_null_tracking, struct task_struct *task, u64 clone_flags) > +{ > + struct bpf_cpumask *mask1, *mask2; > + > + mask1 = bpf_cpumask_create(); > + mask2 = bpf_cpumask_create(); > + > + if (!mask1 || !mask2) > + goto free_masks_return; > + > + bpf_cpumask_test_cpu(0, (const struct cpumask *)mask1); > + bpf_cpumask_test_cpu(0, (const struct cpumask *)mask2); > + > +free_masks_return: > + if (mask1) > + bpf_cpumask_release(mask1); > + if (mask2) > + bpf_cpumask_release(mask2); > + return 0; > +} > -- > 2.40.1 >
diff --git a/tools/testing/selftests/bpf/prog_tests/cpumask.c b/tools/testing/selftests/bpf/prog_tests/cpumask.c index cdf4acc18e4c..d89191440fb1 100644 --- a/tools/testing/selftests/bpf/prog_tests/cpumask.c +++ b/tools/testing/selftests/bpf/prog_tests/cpumask.c @@ -70,5 +70,6 @@ void test_cpumask(void) verify_success(cpumask_success_testcases[i]); } + RUN_TESTS(cpumask_success); RUN_TESTS(cpumask_failure); } diff --git a/tools/testing/selftests/bpf/progs/cpumask_success.c b/tools/testing/selftests/bpf/progs/cpumask_success.c index 2fcdd7f68ac7..602a88b03dbc 100644 --- a/tools/testing/selftests/bpf/progs/cpumask_success.c +++ b/tools/testing/selftests/bpf/progs/cpumask_success.c @@ -5,6 +5,7 @@ #include <bpf/bpf_tracing.h> #include <bpf/bpf_helpers.h> +#include "bpf_misc.h" #include "cpumask_common.h" char _license[] SEC("license") = "GPL"; @@ -426,3 +427,26 @@ int BPF_PROG(test_global_mask_rcu, struct task_struct *task, u64 clone_flags) return 0; } + +SEC("tp_btf/task_newtask") +__success +int BPF_PROG(test_refcount_null_tracking, struct task_struct *task, u64 clone_flags) +{ + struct bpf_cpumask *mask1, *mask2; + + mask1 = bpf_cpumask_create(); + mask2 = bpf_cpumask_create(); + + if (!mask1 || !mask2) + goto free_masks_return; + + bpf_cpumask_test_cpu(0, (const struct cpumask *)mask1); + bpf_cpumask_test_cpu(0, (const struct cpumask *)mask2); + +free_masks_return: + if (mask1) + bpf_cpumask_release(mask1); + if (mask2) + bpf_cpumask_release(mask2); + return 0; +}
In a recent patch, we taught the verifier that trusted PTR_TO_BTF_ID can never be NULL. This prevents the verifier from incorrectly failing to load certain programs where it gets confused and thinks a reference isn't dropped because it incorrectly assumes that a branch exists in which a NULL PTR_TO_BTF_ID pointer is never released. This patch adds a testcase that verifies this cannot happen. Signed-off-by: David Vernet <void@manifault.com> --- .../selftests/bpf/prog_tests/cpumask.c | 1 + .../selftests/bpf/progs/cpumask_success.c | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+)