Commit fcd11ff8 authored by Mykyta Yatsenko's avatar Mykyta Yatsenko Committed by Alexei Starovoitov
Browse files

selftests/bpf: Reject scalar store into kptr slot 



Verify that the verifier rejects a direct scalar write to a kptr map
value slot without crashing.

Signed-off-by: default avatarMykyta Yatsenko <yatsenko@meta.com>
Link: https://lore.kernel.org/r/20260416-kptr_crash-v1-2-5589356584b4@meta.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 4d0a3758

tools/testing/selftests/bpf/progs/map_kptr_fail.c

+15 −0
Original line number Diff line number Diff line
@@ -385,4 +385,19 @@ int kptr_xchg_possibly_null(struct __sk_buff *ctx) 
	return 0;

}



SEC("?tc")

__failure __msg("invalid kptr access, R")

int reject_scalar_store_to_kptr(struct __sk_buff *ctx)

{

	struct map_value *v;

	int key = 0;



	v = bpf_map_lookup_elem(&array_map, &key);

	if (!v)

		return 0;



	*(volatile u64 *)&v->unref_ptr = 0xBADC0DE;

	return 0;

}



char _license[] SEC("license") = "GPL";