Re: [PATCH bpf-next v10 6/6] selftests/bpf: Add tests for sleepable tracepoint programs

public inbox for bpf@vger.kernel.org
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Mykyta Yatsenko" <mykyta.yatsenko5@gmail.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v10 6/6] selftests/bpf: Add tests for sleepable tracepoint programs
Date: Wed, 15 Apr 2026 20:32:37 +0000	[thread overview]
Message-ID: <20260415203237.92500C2BCB4@smtp.kernel.org> (raw)
In-Reply-To: <20260415-sleepable_tracepoints-v10-6-161f40b33dd7@meta.com>

Sashiko AI review found 2 potential issue(s):
- [Medium] The test uses libc's `struct timespec` and `__NR_nanosleep`, causing out-of-bounds reads in the BPF program and test failures on 32-bit architectures.
- [Medium] Resource leak in `test_attach_reject()` when program attachment unexpectedly succeeds.
--

commit 464b100e0185655df5851c1f5731b7cd7fb84bb1
Author: Mykyta Yatsenko <yatsenko@meta.com>

selftests/bpf: Add tests for sleepable tracepoint programs

This commit adds tests for sleepable tracepoint programs covering various
attachment types. It verifies functionality using bpf_copy_from_user()
on nanosleep and checks attachment rejection for non-faultable tracepoints.

> diff --git a/tools/testing/selftests/bpf/prog_tests/sleepable_tracepoints.c b/tools/testing/selftests/bpf/prog_tests/sleepable_tracepoints.c
> new file mode 100644
> index 0000000000000..bdc7fe294e7c9
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/sleepable_tracepoints.c
[ ... ]
> +static void run_test(struct test_sleepable_tracepoints *skel)
> +{
> +	skel->bss->target_pid = getpid();
> +	skel->bss->prog_triggered = 0;
> +	skel->bss->err = 0;
> +	skel->bss->copied_tv_nsec = 0;
> +
> +	syscall(__NR_nanosleep, &(struct timespec){ .tv_nsec = 555 }, NULL);

Could this cause out-of-bounds reads in the BPF program and test failures on
32-bit architectures? On 32-bit systems, __NR_nanosleep invokes the legacy
32-bit syscall which expects an 8-byte struct old_timespec32 argument.

Because the BPF program in test_sleepable_tracepoints.c casts this to
struct __kernel_timespec * and reads from it:

static int copy_nanosleep_arg(struct __kernel_timespec *ts)
{
	long tv_nsec;

	err = bpf_copy_from_user(&tv_nsec, sizeof(tv_nsec), &ts->tv_nsec);
	...

it would read uninitialized stack memory past the end of the provided 8-byte
struct, potentially resulting in garbage data or an -EFAULT.

[ ... ]
> +static void test_attach_reject(struct bpf_program *prog)
> +{
> +	struct bpf_link *link;
> +
> +	link = bpf_program__attach(prog);
> +	ASSERT_ERR_PTR(link, "attach_should_fail");
> +}

Does this leak the bpf_link if the attachment unexpectedly succeeds?

If bpf_program__attach() succeeds when it shouldn't, ASSERT_ERR_PTR() will mark
the test as failed, but execution will continue. Since test_progs is a long-lived
process, the unreleased file descriptor would keep the sleepable BPF program
attached to global tracepoints (like sched_switch) for the remainder of the
test suite execution, potentially causing cascading failures or side effects.

Should this link be destroyed if ASSERT_ERR_PTR() fails?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260415-sleepable_tracepoints-v10-0-161f40b33dd7@meta.com?part=6

     prev parent reply	other threads:[~2026-04-15 20:32 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-15 14:49 [PATCH bpf-next v10 0/6] bpf: Add support for sleepable tracepoint programs Mykyta Yatsenko
2026-04-15 14:49 ` [PATCH bpf-next v10 1/6] bpf: Add sleepable support for raw " Mykyta Yatsenko
2026-04-15 14:49 ` [PATCH bpf-next v10 2/6] bpf: Add bpf_prog_run_array_sleepable() Mykyta Yatsenko
2026-04-16  1:41   ` Alexei Starovoitov
2026-04-16 14:40     ` Alexei Starovoitov
2026-04-17 17:22       ` Mykyta Yatsenko
2026-04-20 15:46         ` Alexei Starovoitov
2026-04-15 14:49 ` [PATCH bpf-next v10 3/6] bpf: Add sleepable support for classic tracepoint programs Mykyta Yatsenko
2026-04-15 14:49 ` [PATCH bpf-next v10 4/6] bpf: Verifier support for sleepable " Mykyta Yatsenko
2026-04-15 14:49 ` [PATCH bpf-next v10 5/6] libbpf: Add section handlers for sleepable tracepoints Mykyta Yatsenko
2026-04-15 14:49 ` [PATCH bpf-next v10 6/6] selftests/bpf: Add tests for sleepable tracepoint programs Mykyta Yatsenko
2026-04-15 20:32   ` sashiko-bot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260415203237.92500C2BCB4@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=mykyta.yatsenko5@gmail.com \
    --cc=sashiko@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox