* [PATCH stable 5.15 1/1] Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
2022-07-07 9:42 [PATCH stable 5.15 0/1] Revert "selftests/bpf: Add test for bpf_timer overwriting crash" Po-Hsu Lin
@ 2022-07-07 9:42 ` Po-Hsu Lin
2022-07-07 18:05 ` [PATCH stable 5.15 0/1] " Greg KH
1 sibling, 0 replies; 3+ messages in thread
From: Po-Hsu Lin @ 2022-07-07 9:42 UTC (permalink / raw)
To: stable, gregkh
Cc: memxor, linux-kernel, ast, daniel, andrii, kafai, songliubraving,
yhs, john.fastabend, kpsingh, shuah, bpf, po-hsu.lin
This reverts commit b0028e1cc1faf2e5d88ad4065590aca90d650182 which is
commit a7e75016a0753c24d6c995bc02501ae35368e333 upstream.
It will break the bpf self-tests build with:
progs/timer_crash.c:8:19: error: field has incomplete type 'struct bpf_timer'
struct bpf_timer timer;
^
/home/ubuntu/linux/tools/testing/selftests/bpf/tools/include/bpf/bpf_helper_defs.h:39:8:
note: forward declaration of 'struct bpf_timer'
struct bpf_timer;
^
1 error generated.
This test can only be built with 5.17 and newer kernels.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
---
.../testing/selftests/bpf/prog_tests/timer_crash.c | 32 -------------
tools/testing/selftests/bpf/progs/timer_crash.c | 54 ----------------------
2 files changed, 86 deletions(-)
delete mode 100644 tools/testing/selftests/bpf/prog_tests/timer_crash.c
delete mode 100644 tools/testing/selftests/bpf/progs/timer_crash.c
diff --git a/tools/testing/selftests/bpf/prog_tests/timer_crash.c b/tools/testing/selftests/bpf/prog_tests/timer_crash.c
deleted file mode 100644
index f74b823..00000000
--- a/tools/testing/selftests/bpf/prog_tests/timer_crash.c
+++ /dev/null
@@ -1,32 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-#include <test_progs.h>
-#include "timer_crash.skel.h"
-
-enum {
- MODE_ARRAY,
- MODE_HASH,
-};
-
-static void test_timer_crash_mode(int mode)
-{
- struct timer_crash *skel;
-
- skel = timer_crash__open_and_load();
- if (!ASSERT_OK_PTR(skel, "timer_crash__open_and_load"))
- return;
- skel->bss->pid = getpid();
- skel->bss->crash_map = mode;
- if (!ASSERT_OK(timer_crash__attach(skel), "timer_crash__attach"))
- goto end;
- usleep(1);
-end:
- timer_crash__destroy(skel);
-}
-
-void test_timer_crash(void)
-{
- if (test__start_subtest("array"))
- test_timer_crash_mode(MODE_ARRAY);
- if (test__start_subtest("hash"))
- test_timer_crash_mode(MODE_HASH);
-}
diff --git a/tools/testing/selftests/bpf/progs/timer_crash.c b/tools/testing/selftests/bpf/progs/timer_crash.c
deleted file mode 100644
index f8f7944..00000000
--- a/tools/testing/selftests/bpf/progs/timer_crash.c
+++ /dev/null
@@ -1,54 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-
-#include <vmlinux.h>
-#include <bpf/bpf_tracing.h>
-#include <bpf/bpf_helpers.h>
-
-struct map_elem {
- struct bpf_timer timer;
- struct bpf_spin_lock lock;
-};
-
-struct {
- __uint(type, BPF_MAP_TYPE_ARRAY);
- __uint(max_entries, 1);
- __type(key, int);
- __type(value, struct map_elem);
-} amap SEC(".maps");
-
-struct {
- __uint(type, BPF_MAP_TYPE_HASH);
- __uint(max_entries, 1);
- __type(key, int);
- __type(value, struct map_elem);
-} hmap SEC(".maps");
-
-int pid = 0;
-int crash_map = 0; /* 0 for amap, 1 for hmap */
-
-SEC("fentry/do_nanosleep")
-int sys_enter(void *ctx)
-{
- struct map_elem *e, value = {};
- void *map = crash_map ? (void *)&hmap : (void *)&amap;
-
- if (bpf_get_current_task_btf()->tgid != pid)
- return 0;
-
- *(void **)&value = (void *)0xdeadcaf3;
-
- bpf_map_update_elem(map, &(int){0}, &value, 0);
- /* For array map, doing bpf_map_update_elem will do a
- * check_and_free_timer_in_array, which will trigger the crash if timer
- * pointer was overwritten, for hmap we need to use bpf_timer_cancel.
- */
- if (crash_map == 1) {
- e = bpf_map_lookup_elem(map, &(int){0});
- if (!e)
- return 0;
- bpf_timer_cancel(&e->timer);
- }
- return 0;
-}
-
-char _license[] SEC("license") = "GPL";
--
2.7.4
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH stable 5.15 0/1] Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
2022-07-07 9:42 [PATCH stable 5.15 0/1] Revert "selftests/bpf: Add test for bpf_timer overwriting crash" Po-Hsu Lin
2022-07-07 9:42 ` [PATCH stable 5.15 1/1] " Po-Hsu Lin
@ 2022-07-07 18:05 ` Greg KH
1 sibling, 0 replies; 3+ messages in thread
From: Greg KH @ 2022-07-07 18:05 UTC (permalink / raw)
To: Po-Hsu Lin
Cc: stable, memxor, linux-kernel, ast, daniel, andrii, kafai,
songliubraving, yhs, john.fastabend, kpsingh, shuah, bpf
On Thu, Jul 07, 2022 at 05:42:06PM +0800, Po-Hsu Lin wrote:
> The bpf_timer overwriting crash test will cause bpf selftest build
> fail on the stable 5.15 tree with:
>
> progs/timer_crash.c:8:19: error: field has incomplete type 'struct bpf_timer'
> struct bpf_timer timer;
> ^
> /home/ubuntu/linux/tools/testing/selftests/bpf/tools/include/bpf/bpf_helper_defs.h:39:8:
> note: forward declaration of 'struct bpf_timer'
> struct bpf_timer;
> ^
> 1 error generated.
>
> Test shows this can only be built with 5.17 and newer kernels. Let's
> revert it for the 5.15 tree.
>
> Po-Hsu Lin (1):
> Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
>
> .../testing/selftests/bpf/prog_tests/timer_crash.c | 32 -------------
> tools/testing/selftests/bpf/progs/timer_crash.c | 54 ----------------------
> 2 files changed, 86 deletions(-)
> delete mode 100644 tools/testing/selftests/bpf/prog_tests/timer_crash.c
> delete mode 100644 tools/testing/selftests/bpf/progs/timer_crash.c
>
> --
> 2.7.4
>
Now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 3+ messages in thread