diff --git a/tools/testing/selftests/bpf/prog_tests/htab_update.c b/tools/testing/selftests/bpf/prog_tests/htab_update.c index 2bc85f481..96b65c1a3 100644 --- a/tools/testing/selftests/bpf/prog_tests/htab_update.c +++ b/tools/testing/selftests/bpf/prog_tests/htab_update.c @@ -15,17 +15,17 @@ struct htab_update_ctx { static void test_reenter_update(void) { struct htab_update *skel;
- unsigned int key, value;
- void *value = NULL;
- unsigned int key, value_size;
^^^
Is key supposed to be initialized? The old code had 'unsigned int key = 0, value = 0;' but the new code drops the initialization. Later uses of key at the bpf_map_update_elem() calls will pass uninitialized stack memory.
int err;
skel = htab_update__open(); if (!ASSERT_OK_PTR(skel, "htab_update__open")) return;
[ ... ]
@@ -33,14 +33,32 @@ static void test_reenter_update(void) if (!ASSERT_OK(err, "htab_update__attach")) goto out;
- /* Will trigger the reentrancy of bpf_map_update_elem() */
- key = 0;
- value = 0;
- err = bpf_map_update_elem(bpf_map__fd(skel->maps.htab), &key, &value, 0);
- if (!ASSERT_OK(err, "add element"))
- value_size = bpf_map__value_size(skel->maps.htab);
- value = calloc(1, value_size);
- if (!ASSERT_OK_PTR(value, "calloc value"))
goto out;- /*
* First update: plain insert. This should NOT trigger the re-entrancy* path, because there is no old element to free yet.*/- err = bpf_map_update_elem(bpf_map__fd(skel->maps.htab), &key, &value, BPF_ANY);
- if (!ASSERT_OK(err, "first update (insert)"))
goto out;- /*
* Second update: replace existing element with same key and trigger* the reentrancy of bpf_map_update_elem().* check_and_free_fields() calls bpf_obj_free_fields() on the old* value, which is where fentry program runs and performs a nested* bpf_map_update_elem(), triggering -EDEADLK.*/- memset(&value, 0, sizeof(value));
^^^^^^^
Does this memset zero the allocated memory? It looks like this zeros the pointer variable itself (8 bytes) rather than the memory it points to. Should this be 'memset(value, 0, value_size)' instead?
- err = bpf_map_update_elem(bpf_map__fd(skel->maps.htab), &key, &value, BPF_ANY);
- if (!ASSERT_OK(err, "second update (replace)")) goto out;
- ASSERT_EQ(skel->bss->update_err, -EBUSY, "no reentrancy");
- ASSERT_EQ(skel->bss->update_err, -EDEADLK, "no reentrancy");
out: htab_update__destroy(skel); }
--- AI reviewed your patch. Please fix the bug or email reply why it's not a bug. See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/19369517166