Commit 511a5db3 authored by Kumar Kartikeya Dwivedi's avatar Kumar Kartikeya Dwivedi Committed by Alexei Starovoitov
Browse files

selftests/bpf: Cover global subprog exception leaks 



Add a verifier failure case where the caller holds a reference across a
global subprog call that may throw. The program must be rejected because
the exceptional path would skip the caller's reference release.

Signed-off-by: default avatarKumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20260517075530.3461166-3-memxor@gmail.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 3d562d35

tools/testing/selftests/bpf/progs/exceptions_fail.c

+22 −0
Original line number Diff line number Diff line
@@ -208,6 +208,28 @@ int reject_with_reference(void *ctx) 
	return 0;

}



__noinline int global_subprog_may_throw(struct __sk_buff *ctx)

{

	if (ctx->len)

		bpf_throw(0);

	return 0;

}



SEC("?tc")

__failure __msg("Unreleased reference")

int reject_global_subprog_throw_with_reference(struct __sk_buff *ctx)

{

	struct foo *f;



	f = bpf_obj_new(typeof(*f));

	if (!f)

		return 0;

	if (ctx->protocol)

		global_subprog_may_throw(ctx);

	bpf_obj_drop(f);

	return 0;

}



__noinline static int subprog_ref(struct __sk_buff *ctx)

{

	struct foo *f;