1 // SPDX-License-Identifier: GPL-2.0
2 #include <vmlinux.h>
3 #include <bpf/bpf_tracing.h>
4 #include <bpf/bpf_helpers.h>
5
6 struct map_value {
7 struct prog_test_ref_kfunc __kptr_ref *ptr;
8 };
9
10 struct {
11 __uint(type, BPF_MAP_TYPE_ARRAY);
12 __type(key, int);
13 __type(value, struct map_value);
14 __uint(max_entries, 16);
15 } array_map SEC(".maps");
16
17 extern struct prog_test_ref_kfunc *bpf_kfunc_call_test_acquire(unsigned long *sp) __ksym;
18 extern void bpf_kfunc_call_test_release(struct prog_test_ref_kfunc *p) __ksym;
19
cb1(void * map,void * key,void * value,void * ctx)20 static __noinline int cb1(void *map, void *key, void *value, void *ctx)
21 {
22 void *p = *(void **)ctx;
23 bpf_kfunc_call_test_release(p);
24 /* Without the fix this would cause underflow */
25 return 0;
26 }
27
28 SEC("?tc")
underflow_prog(void * ctx)29 int underflow_prog(void *ctx)
30 {
31 struct prog_test_ref_kfunc *p;
32 unsigned long sl = 0;
33
34 p = bpf_kfunc_call_test_acquire(&sl);
35 if (!p)
36 return 0;
37 bpf_for_each_map_elem(&array_map, cb1, &p, 0);
38 return 0;
39 }
40
cb2(void * map,void * key,void * value,void * ctx)41 static __always_inline int cb2(void *map, void *key, void *value, void *ctx)
42 {
43 unsigned long sl = 0;
44
45 *(void **)ctx = bpf_kfunc_call_test_acquire(&sl);
46 /* Without the fix this would leak memory */
47 return 0;
48 }
49
50 SEC("?tc")
leak_prog(void * ctx)51 int leak_prog(void *ctx)
52 {
53 struct prog_test_ref_kfunc *p;
54 struct map_value *v;
55 unsigned long sl;
56
57 v = bpf_map_lookup_elem(&array_map, &(int){0});
58 if (!v)
59 return 0;
60
61 p = NULL;
62 bpf_for_each_map_elem(&array_map, cb2, &p, 0);
63 p = bpf_kptr_xchg(&v->ptr, p);
64 if (p)
65 bpf_kfunc_call_test_release(p);
66 return 0;
67 }
68
cb(void * map,void * key,void * value,void * ctx)69 static __always_inline int cb(void *map, void *key, void *value, void *ctx)
70 {
71 return 0;
72 }
73
cb3(void * map,void * key,void * value,void * ctx)74 static __always_inline int cb3(void *map, void *key, void *value, void *ctx)
75 {
76 unsigned long sl = 0;
77 void *p;
78
79 bpf_kfunc_call_test_acquire(&sl);
80 bpf_for_each_map_elem(&array_map, cb, &p, 0);
81 /* It should only complain here, not in cb. This is why we need
82 * callback_ref to be set to frameno.
83 */
84 return 0;
85 }
86
87 SEC("?tc")
nested_cb(void * ctx)88 int nested_cb(void *ctx)
89 {
90 struct prog_test_ref_kfunc *p;
91 unsigned long sl = 0;
92 int sp = 0;
93
94 p = bpf_kfunc_call_test_acquire(&sl);
95 if (!p)
96 return 0;
97 bpf_for_each_map_elem(&array_map, cb3, &sp, 0);
98 bpf_kfunc_call_test_release(p);
99 return 0;
100 }
101
102 SEC("?tc")
non_cb_transfer_ref(void * ctx)103 int non_cb_transfer_ref(void *ctx)
104 {
105 struct prog_test_ref_kfunc *p;
106 unsigned long sl = 0;
107
108 p = bpf_kfunc_call_test_acquire(&sl);
109 if (!p)
110 return 0;
111 cb1(NULL, NULL, NULL, &p);
112 bpf_kfunc_call_test_acquire(&sl);
113 return 0;
114 }
115
116 char _license[] SEC("license") = "GPL";
117