1 | // SPDX-License-Identifier: GPL-2.0 |
2 | #include <vmlinux.h> |
3 | #include <bpf/bpf_tracing.h> |
4 | #include <bpf/bpf_helpers.h> |
5 | #include <bpf/bpf_core_read.h> |
6 | #include "bpf_experimental.h" |
7 | #include "bpf_misc.h" |
8 | |
9 | struct node_acquire { |
10 | long key; |
11 | long data; |
12 | struct bpf_rb_node node; |
13 | struct bpf_refcount refcount; |
14 | }; |
15 | |
16 | extern void bpf_rcu_read_lock(void) __ksym; |
17 | extern void bpf_rcu_read_unlock(void) __ksym; |
18 | |
19 | #define private(name) SEC(".data." #name) __hidden __attribute__((aligned(8))) |
20 | private(A) struct bpf_spin_lock glock; |
21 | private(A) struct bpf_rb_root groot __contains(node_acquire, node); |
22 | |
23 | static bool less(struct bpf_rb_node *a, const struct bpf_rb_node *b) |
24 | { |
25 | struct node_acquire *node_a; |
26 | struct node_acquire *node_b; |
27 | |
28 | node_a = container_of(a, struct node_acquire, node); |
29 | node_b = container_of(b, struct node_acquire, node); |
30 | |
31 | return node_a->key < node_b->key; |
32 | } |
33 | |
34 | SEC("?tc" ) |
35 | __failure __msg("Unreleased reference id=4 alloc_insn=21" ) |
36 | long rbtree_refcounted_node_ref_escapes(void *ctx) |
37 | { |
38 | struct node_acquire *n, *m; |
39 | |
40 | n = bpf_obj_new(typeof(*n)); |
41 | if (!n) |
42 | return 1; |
43 | |
44 | bpf_spin_lock(&glock); |
45 | bpf_rbtree_add(&groot, &n->node, less); |
46 | /* m becomes an owning ref but is never drop'd or added to a tree */ |
47 | m = bpf_refcount_acquire(n); |
48 | bpf_spin_unlock(&glock); |
49 | if (!m) |
50 | return 2; |
51 | |
52 | m->key = 2; |
53 | return 0; |
54 | } |
55 | |
56 | SEC("?tc" ) |
57 | __failure __msg("Possibly NULL pointer passed to trusted arg0" ) |
58 | long refcount_acquire_maybe_null(void *ctx) |
59 | { |
60 | struct node_acquire *n, *m; |
61 | |
62 | n = bpf_obj_new(typeof(*n)); |
63 | /* Intentionally not testing !n |
64 | * it's MAYBE_NULL for refcount_acquire |
65 | */ |
66 | m = bpf_refcount_acquire(n); |
67 | if (m) |
68 | bpf_obj_drop(m); |
69 | if (n) |
70 | bpf_obj_drop(n); |
71 | |
72 | return 0; |
73 | } |
74 | |
75 | SEC("?tc" ) |
76 | __failure __msg("Unreleased reference id=3 alloc_insn=9" ) |
77 | long rbtree_refcounted_node_ref_escapes_owning_input(void *ctx) |
78 | { |
79 | struct node_acquire *n, *m; |
80 | |
81 | n = bpf_obj_new(typeof(*n)); |
82 | if (!n) |
83 | return 1; |
84 | |
85 | /* m becomes an owning ref but is never drop'd or added to a tree */ |
86 | m = bpf_refcount_acquire(n); |
87 | m->key = 2; |
88 | |
89 | bpf_spin_lock(&glock); |
90 | bpf_rbtree_add(&groot, &n->node, less); |
91 | bpf_spin_unlock(&glock); |
92 | |
93 | return 0; |
94 | } |
95 | |
96 | SEC("?fentry.s/bpf_testmod_test_read" ) |
97 | __failure __msg("function calls are not allowed while holding a lock" ) |
98 | int BPF_PROG(rbtree_fail_sleepable_lock_across_rcu, |
99 | struct file *file, struct kobject *kobj, |
100 | struct bin_attribute *bin_attr, char *buf, loff_t off, size_t len) |
101 | { |
102 | struct node_acquire *n; |
103 | |
104 | n = bpf_obj_new(typeof(*n)); |
105 | if (!n) |
106 | return 0; |
107 | |
108 | /* spin_{lock,unlock} are in different RCU CS */ |
109 | bpf_rcu_read_lock(); |
110 | bpf_spin_lock(&glock); |
111 | bpf_rbtree_add(&groot, &n->node, less); |
112 | bpf_rcu_read_unlock(); |
113 | |
114 | bpf_rcu_read_lock(); |
115 | bpf_spin_unlock(&glock); |
116 | bpf_rcu_read_unlock(); |
117 | |
118 | return 0; |
119 | } |
120 | |
121 | char _license[] SEC("license" ) = "GPL" ; |
122 | |