diff options
author | Martin KaFai Lau | 2024-02-15 13:12:18 -0800 |
---|---|---|
committer | Daniel Borkmann | 2024-02-19 12:26:46 +0100 |
commit | 3f00e4a9c96f4488a924aff4e35b77c8eced897e (patch) | |
tree | f715138a7e72079c5e8608da6113196f1ac19f5d /kernel/bpf | |
parent | 0281b919e175bb9c3128bd3872ac2903e9436e3f (diff) |
selftests/bpf: Test racing between bpf_timer_cancel_and_free and bpf_timer_cancel
This selftest is based on a Alexei's test adopted from an internal
user to troubleshoot another bug. During this exercise, a separate
racing bug was discovered between bpf_timer_cancel_and_free
and bpf_timer_cancel. The details can be found in the previous
patch.
This patch is to add a selftest that can trigger the bug.
I can trigger the UAF everytime in my qemu setup with KASAN. The idea
is to have multiple user space threads running in a tight loop to exercise
both bpf_map_update_elem (which calls into bpf_timer_cancel_and_free)
and bpf_timer_cancel.
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/bpf/20240215211218.990808-2-martin.lau@linux.dev
Diffstat (limited to 'kernel/bpf')
0 files changed, 0 insertions, 0 deletions