Skip to content
Navigation Menu
Toggle navigation
Sign in
In this repository
All GitHub Enterprise
↵
Jump to
↵
No suggested jump to results
In this repository
All GitHub Enterprise
↵
Jump to
↵
In this organization
All GitHub Enterprise
↵
Jump to
↵
In this repository
All GitHub Enterprise
↵
Jump to
↵
Sign in
Reseting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
mariux64
/
linux
Public
Notifications
You must be signed in to change notification settings
Fork
0
Star
0
Code
Issues
2
Pull requests
0
Actions
Projects
0
Wiki
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights
Files
03b77e1
Breadcrumbs
linux
/
tools
/
testing
/
selftests
/
bpf
/
progs
/
cb_refs.c
Blame
Blame
Latest commit
History
History
116 lines (97 loc) · 2.36 KB
Breadcrumbs
linux
/
tools
/
testing
/
selftests
/
bpf
/
progs
/
cb_refs.c
Top
File metadata and controls
Code
Blame
116 lines (97 loc) · 2.36 KB
Raw
// SPDX-License-Identifier: GPL-2.0 #include <vmlinux.h> #include <bpf/bpf_tracing.h> #include <bpf/bpf_helpers.h> struct map_value { struct prog_test_ref_kfunc __kptr *ptr; }; struct { __uint(type, BPF_MAP_TYPE_ARRAY); __type(key, int); __type(value, struct map_value); __uint(max_entries, 16); } array_map SEC(".maps"); extern struct prog_test_ref_kfunc *bpf_kfunc_call_test_acquire(unsigned long *sp) __ksym; extern void bpf_kfunc_call_test_release(struct prog_test_ref_kfunc *p) __ksym; static __noinline int cb1(void *map, void *key, void *value, void *ctx) { void *p = *(void **)ctx; bpf_kfunc_call_test_release(p); /* Without the fix this would cause underflow */ return 0; } SEC("?tc") int underflow_prog(void *ctx) { struct prog_test_ref_kfunc *p; unsigned long sl = 0; p = bpf_kfunc_call_test_acquire(&sl); if (!p) return 0; bpf_for_each_map_elem(&array_map, cb1, &p, 0); return 0; } static __always_inline int cb2(void *map, void *key, void *value, void *ctx) { unsigned long sl = 0; *(void **)ctx = bpf_kfunc_call_test_acquire(&sl); /* Without the fix this would leak memory */ return 0; } SEC("?tc") int leak_prog(void *ctx) { struct prog_test_ref_kfunc *p; struct map_value *v; unsigned long sl; v = bpf_map_lookup_elem(&array_map, &(int){0}); if (!v) return 0; p = NULL; bpf_for_each_map_elem(&array_map, cb2, &p, 0); p = bpf_kptr_xchg(&v->ptr, p); if (p) bpf_kfunc_call_test_release(p); return 0; } static __always_inline int cb(void *map, void *key, void *value, void *ctx) { return 0; } static __always_inline int cb3(void *map, void *key, void *value, void *ctx) { unsigned long sl = 0; void *p; bpf_kfunc_call_test_acquire(&sl); bpf_for_each_map_elem(&array_map, cb, &p, 0); /* It should only complain here, not in cb. This is why we need * callback_ref to be set to frameno. */ return 0; } SEC("?tc") int nested_cb(void *ctx) { struct prog_test_ref_kfunc *p; unsigned long sl = 0; int sp = 0; p = bpf_kfunc_call_test_acquire(&sl); if (!p) return 0; bpf_for_each_map_elem(&array_map, cb3, &sp, 0); bpf_kfunc_call_test_release(p); return 0; } SEC("?tc") int non_cb_transfer_ref(void *ctx) { struct prog_test_ref_kfunc *p; unsigned long sl = 0; p = bpf_kfunc_call_test_acquire(&sl); if (!p) return 0; cb1(NULL, NULL, NULL, &p); bpf_kfunc_call_test_acquire(&sl); return 0; } char _license[] SEC("license") = "GPL";
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
You can’t perform that action at this time.