bpf: Allow refcounted bpf_rb_node used in bpf_rbtree_{remove,left,right} (2ddef178) · Commits · git / linux-net

kernel/bpf/verifier.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -13229,8 +13229,8 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
		return -EINVAL;
		}
		} else {
		if (!type_is_non_owning_ref(reg->type) \|\| reg->ref_obj_id) {
		verbose(env, "%s node input must be non-owning ref\n", func_name);
		if (!type_is_non_owning_ref(reg->type) && !reg->ref_obj_id) {
		verbose(env, "%s can only take non-owning or refcounted bpf_rb_node pointer\n", func_name);
		return -EINVAL;
		}
		if (in_rbtree_lock_required_cb(env)) {

tools/testing/selftests/bpf/progs/rbtree_fail.c

+15 −14

Original line number	Diff line number	Diff line
		@@ -69,11 +69,11 @@ long rbtree_api_nolock_first(void *ctx)
		}

		SEC("?tc")
		__failure __msg("rbtree_remove node input must be non-owning ref")
		__retval(0)
		long rbtree_api_remove_unadded_node(void *ctx)
		{
		struct node_data n, m;
		struct bpf_rb_node *res;
		struct bpf_rb_node res_n, res_m;

		n = bpf_obj_new(typeof(*n));
		if (!n)
		@@ -88,19 +88,20 @@ long rbtree_api_remove_unadded_node(void *ctx)
		bpf_spin_lock(&glock);
		bpf_rbtree_add(&groot, &n->node, less);

		/* This remove should pass verifier */
		res = bpf_rbtree_remove(&groot, &n->node);
		n = container_of(res, struct node_data, node);
		res_n = bpf_rbtree_remove(&groot, &n->node);

		/* This remove shouldn't, m isn't in an rbtree */
		res = bpf_rbtree_remove(&groot, &m->node);
		m = container_of(res, struct node_data, node);
		res_m = bpf_rbtree_remove(&groot, &m->node);
		bpf_spin_unlock(&glock);

		if (n)
		bpf_obj_drop(n);
		if (m)
		bpf_obj_drop(m);
		if (res_n)
		bpf_obj_drop(container_of(res_n, struct node_data, node));
		if (res_m) {
		bpf_obj_drop(container_of(res_m, struct node_data, node));
		/* m was not added to the rbtree */
		return 2;
		}

		return 0;
		}

		@@ -178,7 +179,7 @@ long rbtree_api_use_unchecked_remove_retval(void *ctx)
		}

		SEC("?tc")
		__failure __msg("rbtree_remove node input must be non-owning ref")
		__failure __msg("bpf_rbtree_remove can only take non-owning or refcounted bpf_rb_node pointer")
		long rbtree_api_add_release_unlock_escape(void *ctx)
		{
		struct node_data *n;
		@@ -202,7 +203,7 @@ long rbtree_api_add_release_unlock_escape(void *ctx)
		}

		SEC("?tc")
		__failure __msg("rbtree_remove node input must be non-owning ref")
		__failure __msg("bpf_rbtree_remove can only take non-owning or refcounted bpf_rb_node pointer")
		long rbtree_api_first_release_unlock_escape(void *ctx)
		{
		struct bpf_rb_node *res;