[bpf-next,2/2] selftests/bpf: Add test for non-NULLable PTR_TO_BTF_IDs

Message ID 20230602150112.1494194-2-void@manifault.com
State New
Headers
Series [bpf-next,1/2] bpf: Teach verifier that trusted PTR_TO_BTF_ID pointers are non-NULL |

Commit Message

David Vernet June 2, 2023, 3:01 p.m. UTC
  In a recent patch, we taught the verifier that trusted PTR_TO_BTF_ID can
never be NULL. This prevents the verifier from incorrectly failing to
load certain programs where it gets confused and thinks a reference
isn't dropped because it incorrectly assumes that a branch exists in
which a NULL PTR_TO_BTF_ID pointer is never released.

This patch adds a testcase that verifies this cannot happen.

Signed-off-by: David Vernet <void@manifault.com>
---
 .../selftests/bpf/prog_tests/cpumask.c        |  1 +
 .../selftests/bpf/progs/cpumask_success.c     | 24 +++++++++++++++++++
 2 files changed, 25 insertions(+)
  

Comments

Stanislav Fomichev June 3, 2023, 1:26 a.m. UTC | #1
On 06/02, David Vernet wrote:
> In a recent patch, we taught the verifier that trusted PTR_TO_BTF_ID can
> never be NULL. This prevents the verifier from incorrectly failing to
> load certain programs where it gets confused and thinks a reference
> isn't dropped because it incorrectly assumes that a branch exists in
> which a NULL PTR_TO_BTF_ID pointer is never released.
> 
> This patch adds a testcase that verifies this cannot happen.
> 
> Signed-off-by: David Vernet <void@manifault.com>

Acked-by: Stanislav Fomichev <sdf@google.com>

I hope someone else can look at the actual change. It looks good to
me conceptually, but not sure what other parts it might affect.

> ---
>  .../selftests/bpf/prog_tests/cpumask.c        |  1 +
>  .../selftests/bpf/progs/cpumask_success.c     | 24 +++++++++++++++++++
>  2 files changed, 25 insertions(+)
> 
> diff --git a/tools/testing/selftests/bpf/prog_tests/cpumask.c b/tools/testing/selftests/bpf/prog_tests/cpumask.c
> index cdf4acc18e4c..d89191440fb1 100644
> --- a/tools/testing/selftests/bpf/prog_tests/cpumask.c
> +++ b/tools/testing/selftests/bpf/prog_tests/cpumask.c
> @@ -70,5 +70,6 @@ void test_cpumask(void)
>  		verify_success(cpumask_success_testcases[i]);
>  	}
>  
> +	RUN_TESTS(cpumask_success);
>  	RUN_TESTS(cpumask_failure);
>  }
> diff --git a/tools/testing/selftests/bpf/progs/cpumask_success.c b/tools/testing/selftests/bpf/progs/cpumask_success.c
> index 2fcdd7f68ac7..602a88b03dbc 100644
> --- a/tools/testing/selftests/bpf/progs/cpumask_success.c
> +++ b/tools/testing/selftests/bpf/progs/cpumask_success.c
> @@ -5,6 +5,7 @@
>  #include <bpf/bpf_tracing.h>
>  #include <bpf/bpf_helpers.h>
>  
> +#include "bpf_misc.h"
>  #include "cpumask_common.h"
>  
>  char _license[] SEC("license") = "GPL";
> @@ -426,3 +427,26 @@ int BPF_PROG(test_global_mask_rcu, struct task_struct *task, u64 clone_flags)
>  
>  	return 0;
>  }
> +
> +SEC("tp_btf/task_newtask")
> +__success
> +int BPF_PROG(test_refcount_null_tracking, struct task_struct *task, u64 clone_flags)
> +{
> +	struct bpf_cpumask *mask1, *mask2;
> +
> +	mask1 = bpf_cpumask_create();
> +	mask2 = bpf_cpumask_create();
> +
> +	if (!mask1 || !mask2)
> +		goto free_masks_return;
> +
> +	bpf_cpumask_test_cpu(0, (const struct cpumask *)mask1);
> +	bpf_cpumask_test_cpu(0, (const struct cpumask *)mask2);
> +
> +free_masks_return:
> +	if (mask1)
> +		bpf_cpumask_release(mask1);
> +	if (mask2)
> +		bpf_cpumask_release(mask2);
> +	return 0;
> +}
> -- 
> 2.40.1
>
  

Patch

diff --git a/tools/testing/selftests/bpf/prog_tests/cpumask.c b/tools/testing/selftests/bpf/prog_tests/cpumask.c
index cdf4acc18e4c..d89191440fb1 100644
--- a/tools/testing/selftests/bpf/prog_tests/cpumask.c
+++ b/tools/testing/selftests/bpf/prog_tests/cpumask.c
@@ -70,5 +70,6 @@  void test_cpumask(void)
 		verify_success(cpumask_success_testcases[i]);
 	}
 
+	RUN_TESTS(cpumask_success);
 	RUN_TESTS(cpumask_failure);
 }
diff --git a/tools/testing/selftests/bpf/progs/cpumask_success.c b/tools/testing/selftests/bpf/progs/cpumask_success.c
index 2fcdd7f68ac7..602a88b03dbc 100644
--- a/tools/testing/selftests/bpf/progs/cpumask_success.c
+++ b/tools/testing/selftests/bpf/progs/cpumask_success.c
@@ -5,6 +5,7 @@ 
 #include <bpf/bpf_tracing.h>
 #include <bpf/bpf_helpers.h>
 
+#include "bpf_misc.h"
 #include "cpumask_common.h"
 
 char _license[] SEC("license") = "GPL";
@@ -426,3 +427,26 @@  int BPF_PROG(test_global_mask_rcu, struct task_struct *task, u64 clone_flags)
 
 	return 0;
 }
+
+SEC("tp_btf/task_newtask")
+__success
+int BPF_PROG(test_refcount_null_tracking, struct task_struct *task, u64 clone_flags)
+{
+	struct bpf_cpumask *mask1, *mask2;
+
+	mask1 = bpf_cpumask_create();
+	mask2 = bpf_cpumask_create();
+
+	if (!mask1 || !mask2)
+		goto free_masks_return;
+
+	bpf_cpumask_test_cpu(0, (const struct cpumask *)mask1);
+	bpf_cpumask_test_cpu(0, (const struct cpumask *)mask2);
+
+free_masks_return:
+	if (mask1)
+		bpf_cpumask_release(mask1);
+	if (mask2)
+		bpf_cpumask_release(mask2);
+	return 0;
+}