From: Jakub Sitnicki <jakub@cloudflare.com>
To: "Daniel Borkmann" <daniel@iogearbox.net>,
"Jörn-Thorben Hinz" <jthinz@mailbox.tu-berlin.de>
Cc: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>
Subject: Re: [PATCH bpf-next] selftests/bpf: Fix rare segfault in sock_fields prog test
Date: Tue, 21 Jun 2022 19:09:06 +0200 [thread overview]
Message-ID: <87k09a3prl.fsf@cloudflare.com> (raw)
In-Reply-To: <6f2b2c24-22e8-9fbe-10d3-9347be3ac067@iogearbox.net>
On Tue, Jun 21, 2022 at 07:00 PM +02, Daniel Borkmann wrote:
> On 6/21/22 9:01 AM, Jörn-Thorben Hinz wrote:
>> test_sock_fields__detach() got called with a null pointer here when one
>> of the CHECKs or ASSERTs up to the test_sock_fields__open_and_load()
>> call resulted in a jump to the "done" label.
>> A skeletons *__detach() is not safe to call with a null pointer, though.
>> This led to a segfault.
>> Go the easy route and only call test_sock_fields__destroy() which is
>> null-pointer safe and includes detaching.
>> Came across this while looking[1] to introduce the usage of
>> bpf_tcp_helpers.h (included in progs/test_sock_fields.c) together with
>> vmlinux.h.
>> [1]
>> https://lore.kernel.org/bpf/629bc069dd807d7ac646f836e9dca28bbc1108e2.camel@mailbox.tu-berlin.de/
>> Fixes: 8f50f16ff39d ("selftests/bpf: Extend verifier and bpf_sock tests for
>> dst_port loads")
>> Signed-off-by: Jörn-Thorben Hinz <jthinz@mailbox.tu-berlin.de>
>> ---
>> tools/testing/selftests/bpf/prog_tests/sock_fields.c | 1 -
>> 1 file changed, 1 deletion(-)
>> diff --git a/tools/testing/selftests/bpf/prog_tests/sock_fields.c
>> b/tools/testing/selftests/bpf/prog_tests/sock_fields.c
>> index 9d211b5c22c4..7d23166c77af 100644
>> --- a/tools/testing/selftests/bpf/prog_tests/sock_fields.c
>> +++ b/tools/testing/selftests/bpf/prog_tests/sock_fields.c
>> @@ -394,7 +394,6 @@ void serial_test_sock_fields(void)
>> test();
>> done:
>> - test_sock_fields__detach(skel);
>> test_sock_fields__destroy(skel);
>> if (child_cg_fd >= 0)
>> close(child_cg_fd);
>>
>
> Great catch! I think we have similar detach & destroy pattern in a number
> of places in selftests.
>
> Should we rather just move the label, like:
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/sock_fields.c b/tools/testing/selftests/bpf/prog_tests/sock_fields.c
> index 9d211b5c22c4..e8a947241e37 100644
> --- a/tools/testing/selftests/bpf/prog_tests/sock_fields.c
> +++ b/tools/testing/selftests/bpf/prog_tests/sock_fields.c
> @@ -393,8 +393,8 @@ void serial_test_sock_fields(void)
>
> test();
>
> -done:
> test_sock_fields__detach(skel);
> +done:
> test_sock_fields__destroy(skel);
> if (child_cg_fd >= 0)
> close(child_cg_fd);
*__destroy() will call bpf_object__detach_skeleton(), so it LGTM.
Thanks for the fix.
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
next prev parent reply other threads:[~2022-06-21 17:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-21 7:01 [PATCH bpf-next] selftests/bpf: Fix rare segfault in sock_fields prog test Jörn-Thorben Hinz
2022-06-21 17:00 ` Daniel Borkmann
2022-06-21 17:09 ` Jakub Sitnicki [this message]
2022-06-21 18:20 ` [External] " Jörn-Thorben Hinz
2022-06-21 19:54 ` John Fastabend
2022-06-21 20:29 ` Jörn-Thorben Hinz
2022-06-23 3:29 ` John Fastabend
2022-06-23 16:11 ` Martin KaFai Lau
2022-06-23 18:00 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k09a3prl.fsf@cloudflare.com \
--to=jakub@cloudflare.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=jthinz@mailbox.tu-berlin.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.