Re: [PATCH RFC bpf-next 6/8] selftests/bpf: do not run verifier JIT tests when BPF_JIT_KASAN is enabled

[sashiko-bot@kernel.org]

Sashiko AI review found 3 potential issue(s):
- [High] get_kasan_jit_enabled() unconditionally returns true, incorrectly skipping JIT verifier tests on all kernels.
- [Medium] Repeated, uncached parsing of the compressed kernel config file for every JIT test drastically degrades test execution performance.
- [Medium] Aborting the entire subtest when KASAN JIT is enabled unnecessarily drops unrelated test coverage.
--

commit a6c1eb256b8f5c1306ecd153f22c3c278b50ae23
Author: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>

selftests/bpf: do not run verifier JIT tests when BPF_JIT_KASAN is enabled

This commit aims to skip BPF verifier tests that check exact JIT instructions
when the kernel is built with KASAN and JIT enabled, since the inserted KASAN
instrumentation breaks exact instruction matching.

> diff --git a/tools/testing/selftests/bpf/test_loader.c b/tools/testing/selftests/bpf/test_loader.c
> --- a/tools/testing/selftests/bpf/test_loader.c
> +++ b/tools/testing/selftests/bpf/test_loader.c
[ ... ]
> @@ -1175,6 +1175,11 @@ void run_subtest(struct test_loader *tester,
>  		return;
>  	}
>  
> +	if (is_jit_enabled() && subspec->jited.cnt && get_kasan_jit_enabled()) {
> +		test__skip();
> +		return;
> +	}
> +

By returning early here, does this code unnecessarily skip other valuable
validations? While KASAN breaks the exact JIT instruction check, skipping
the entire subtest drops coverage for program loading, verifier log checks,
and translated instruction validations. Could the skip logic bypass only the
later JIT verification block instead of aborting the whole subtest?

Also, does this repeated execution degrade test suite performance?
get_kasan_jit_enabled() is called here for every subtest with JIT assertions,
which will repeatedly open, decompress, and parse the kernel config file.
Could the config check result be cached in a static variable instead?

> diff --git a/tools/testing/selftests/bpf/unpriv_helpers.c b/tools/testing/selftests/bpf/unpriv_helpers.c
> --- a/tools/testing/selftests/bpf/unpriv_helpers.c
> +++ b/tools/testing/selftests/bpf/unpriv_helpers.c
[ ... ]
> @@ -142,3 +142,8 @@ bool get_unpriv_disabled(void)
>  	}
>  	return mitigations_off;
>  }
> +
> +bool get_kasan_jit_enabled(void)
> +{
> +	return config_contains("CONFIG_BPF_JIT_KASAN=y");
> +}

Does this code unconditionally evaluate to true on all kernels?

The config_contains() function returns 1 if the target string is found, and
-1 if the end of the file is reached without finding it. Since both non-zero
integer values evaluate to true when cast to bool, it appears this will
cause the framework to skip the tests even when KASAN is disabled.

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260413-kasan-v1-0-1a5831230821@bootlin.com?part=6