From patchwork Tue Jun 21 07:01:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?J=C3=B6rn-Thorben_Hinz?= X-Patchwork-Id: 12888724 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 217DBC43334 for ; Tue, 21 Jun 2022 07:01:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346401AbiFUHBl (ORCPT ); Tue, 21 Jun 2022 03:01:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38490 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346388AbiFUHBl (ORCPT ); Tue, 21 Jun 2022 03:01:41 -0400 Received: from mailrelay.tu-berlin.de (mailrelay.tu-berlin.de [130.149.7.70]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 430F01EAD8 for ; Tue, 21 Jun 2022 00:01:39 -0700 (PDT) Received: from SPMA-04.tubit.win.tu-berlin.de (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 3A295974829_2B16CD1B; Tue, 21 Jun 2022 07:01:37 +0000 (GMT) Received: from mail.tu-berlin.de (mail.tu-berlin.de [141.23.12.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "exchange.tu-berlin.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by SPMA-04.tubit.win.tu-berlin.de (Sophos Email Appliance) with ESMTPS id CCB2596FB20_2B16CD0F; Tue, 21 Jun 2022 07:01:36 +0000 (GMT) Received: from jt.fritz.box (89.12.46.118) by ex-05.svc.tu-berlin.de (10.150.18.9) with Microsoft SMTP Server id 15.2.986.22; Tue, 21 Jun 2022 09:01:35 +0200 From: =?utf-8?q?J=C3=B6rn-Thorben_Hinz?= To: CC: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Jakub Sitnicki , =?utf-8?q?J=C3=B6rn-Thorben_Hinz?= Subject: [PATCH bpf-next] selftests/bpf: Fix rare segfault in sock_fields prog test Date: Tue, 21 Jun 2022 09:01:16 +0200 Message-ID: <20220621070116.307221-1-jthinz@mailbox.tu-berlin.de> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-SASI-RCODE: 200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=campus.tu-berlin.de; h=from:to:cc:subject:date:message-id:mime-version:content-type:content-transfer-encoding; s=dkim-tub; bh=dVbbLyYghPA/YfYwgDI+fWvUDlZTth8U5vXGVOpBL6E=; b=EgFaPVsaO7/03oXrkcYnvZRbUJErNkJjUjFtC9+g/Pv6FZfU972fjrzQV3A3Y9qY3eS3R9mTXT7xTJO2vHbXm5wR93YtYIxl3/zeQ3hDahKSGJe6kf242CLhbEUDP5xUN7hnsl5AYOyLo7hP5wGeHVPFbKRZjhuO4eoOUChwFS8= Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net test_sock_fields__detach() got called with a null pointer here when one of the CHECKs or ASSERTs up to the test_sock_fields__open_and_load() call resulted in a jump to the "done" label. A skeletons *__detach() is not safe to call with a null pointer, though. This led to a segfault. Go the easy route and only call test_sock_fields__destroy() which is null-pointer safe and includes detaching. Came across this while looking[1] to introduce the usage of bpf_tcp_helpers.h (included in progs/test_sock_fields.c) together with vmlinux.h. [1] https://lore.kernel.org/bpf/629bc069dd807d7ac646f836e9dca28bbc1108e2.camel@mailbox.tu-berlin.de/ Fixes: 8f50f16ff39d ("selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads") Signed-off-by: Jörn-Thorben Hinz Reviewed-by: Jakub Sitnicki Acked-by: John Fastabend Reviewed-by: Martin KaFai Lau --- tools/testing/selftests/bpf/prog_tests/sock_fields.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_fields.c b/tools/testing/selftests/bpf/prog_tests/sock_fields.c index 9d211b5c22c4..7d23166c77af 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_fields.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_fields.c @@ -394,7 +394,6 @@ void serial_test_sock_fields(void) test(); done: - test_sock_fields__detach(skel); test_sock_fields__destroy(skel); if (child_cg_fd >= 0) close(child_cg_fd);