selftests/bpf: Test racing between bpf_timer_cancel_and_free and bpf_timer_cancel - lwn.git - Linux kernel documentation tree maintained by Jonathan Corbet

diff options

author	Martin KaFai Lau <martin.lau@kernel.org>	2024-02-15 13:12:18 -0800
committer	Daniel Borkmann <daniel@iogearbox.net>	2024-02-19 12:26:46 +0100
commit	3f00e4a9c96f4488a924aff4e35b77c8eced897e (patch)
tree	f715138a7e72079c5e8608da6113196f1ac19f5d /kernel
parent	0281b919e175bb9c3128bd3872ac2903e9436e3f (diff)
download	lwn-3f00e4a9c96f4488a924aff4e35b77c8eced897e.tar.gz lwn-3f00e4a9c96f4488a924aff4e35b77c8eced897e.zip

selftests/bpf: Test racing between bpf_timer_cancel_and_free and bpf_timer_cancel

This selftest is based on a Alexei's test adopted from an internal user to troubleshoot another bug. During this exercise, a separate racing bug was discovered between bpf_timer_cancel_and_free and bpf_timer_cancel. The details can be found in the previous patch. This patch is to add a selftest that can trigger the bug. I can trigger the UAF everytime in my qemu setup with KASAN. The idea is to have multiple user space threads running in a tight loop to exercise both bpf_map_update_elem (which calls into bpf_timer_cancel_and_free) and bpf_timer_cancel. Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Hou Tao <houtao1@huawei.com> Link: https://lore.kernel.org/bpf/20240215211218.990808-2-martin.lau@linux.dev

Diffstat (limited to 'kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: