| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <3b15cc4d71bfa87ffcd49f69c1453d88c6457ef0c9c312c11b8a550f862e8f2b@mail.kernel.org>
Date: Fri, 14 Nov 2025 15:50:44 +0000 (UTC)
From: bot+bpf-ci@...nel.org
To: skb99@...ux.ibm.com,bpf@...r.kernel.org,linux-kselftest@...r.kernel.org,linux-kernel@...r.kernel.org
Cc: hbathini@...ux.ibm.com,sachinpb@...ux.ibm.com,venkat88@...ux.ibm.com,andrii@...nel.org,eddyz87@...il.com,ast@...nel.org,daniel@...earbox.net,martin.lau@...ux.dev,song@...nel.org,yonghong.song@...ux.dev,john.fastabend@...il.com,kpsingh@...nel.org,sdf@...ichev.me,haoluo@...gle.com,jolsa@...nel.org,shuah@...nel.org,ast@...nel.org,andrii@...nel.org,daniel@...earbox.net,martin.lau@...nel.org,eddyz87@...il.com,yonghong.song@...ux.dev,clm@...a.com,ihor.solodrai@...ux.dev
Subject: Re: [PATCH bpf-next v2] selftests/bpf: Fix htab_update/reenter_update selftest failure
> diff --git a/tools/testing/selftests/bpf/prog_tests/htab_update.c b/tools/testing/selftests/bpf/prog_tests/htab_update.c
> index 2bc85f481..96b65c1a3 100644
> --- a/tools/testing/selftests/bpf/prog_tests/htab_update.c
> +++ b/tools/testing/selftests/bpf/prog_tests/htab_update.c
> @@ -15,17 +15,17 @@ struct htab_update_ctx {
> static void test_reenter_update(void)
> {
> struct htab_update *skel;
> - unsigned int key, value;
> + void *value = NULL;
> + unsigned int key, value_size;
^^^
Is key supposed to be initialized? The old code had 'unsigned int key = 0,
value = 0;' but the new code drops the initialization. Later uses of key
at the bpf_map_update_elem() calls will pass uninitialized stack memory.
> int err;
>
> skel = htab_update__open();
> if (!ASSERT_OK_PTR(skel, "htab_update__open"))
> return;
[ ... ]
> @@ -33,14 +33,32 @@ static void test_reenter_update(void)
> if (!ASSERT_OK(err, "htab_update__attach"))
> goto out;
>
> - /* Will trigger the reentrancy of bpf_map_update_elem() */
> - key = 0;
> - value = 0;
> - err = bpf_map_update_elem(bpf_map__fd(skel->maps.htab), &key, &value, 0);
> - if (!ASSERT_OK(err, "add element"))
> + value_size = bpf_map__value_size(skel->maps.htab);
> +
> + value = calloc(1, value_size);
> + if (!ASSERT_OK_PTR(value, "calloc value"))
> + goto out;
> + /*
> + * First update: plain insert. This should NOT trigger the re-entrancy
> + * path, because there is no old element to free yet.
> + */
> + err = bpf_map_update_elem(bpf_map__fd(skel->maps.htab), &key, &value, BPF_ANY);
> + if (!ASSERT_OK(err, "first update (insert)"))
> + goto out;
> +
> + /*
> + * Second update: replace existing element with same key and trigger
> + * the reentrancy of bpf_map_update_elem().
> + * check_and_free_fields() calls bpf_obj_free_fields() on the old
> + * value, which is where fentry program runs and performs a nested
> + * bpf_map_update_elem(), triggering -EDEADLK.
> + */
> + memset(&value, 0, sizeof(value));
^^^^^^^
Does this memset zero the allocated memory? It looks like this zeros the
pointer variable itself (8 bytes) rather than the memory it points to.
Should this be 'memset(value, 0, value_size)' instead?
> + err = bpf_map_update_elem(bpf_map__fd(skel->maps.htab), &key, &value, BPF_ANY);
> + if (!ASSERT_OK(err, "second update (replace)"))
> goto out;
>
> - ASSERT_EQ(skel->bss->update_err, -EBUSY, "no reentrancy");
> + ASSERT_EQ(skel->bss->update_err, -EDEADLK, "no reentrancy");
> out:
> htab_update__destroy(skel);
> }
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/19369517166
Powered by blists - more mailing lists