[v1] selftests/bpf: Fixes for userspace ASAN

[PATCH bpf-next v1 13/14] selftests/bpf: Fix out-of-bounds array access bugs reported by ASAN

Posted by Ihor Solodrai 1 month, 2 weeks ago

- kmem_cache_iter: remove unnecessary debug output
- lwt_seg6local: change the type of foobar to char[]
  - the sizeof(foobar) returned the pointer size and not a string
    length as intended
- verifier_log: increase prog_name buffer size in verif_log_subtest()
  - compiler has a conservative estimate of fixed_log_sz value, making
    ASAN complain on snprint() call

Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
---
 tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c | 7 ++-----
 tools/testing/selftests/bpf/prog_tests/lwt_seg6local.c   | 2 +-
 tools/testing/selftests/bpf/prog_tests/verifier_log.c    | 2 +-
 3 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c b/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
index 6e35e13c2022..399fe9103f83 100644
--- a/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
+++ b/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
@@ -104,11 +104,8 @@ void test_kmem_cache_iter(void)
 	if (!ASSERT_GE(iter_fd, 0, "iter_create"))
 		goto destroy;
 
-	memset(buf, 0, sizeof(buf));
-	while (read(iter_fd, buf, sizeof(buf)) > 0) {
-		/* Read out all contents */
-		printf("%s", buf);
-	}
+	while (read(iter_fd, buf, sizeof(buf)) > 0)
+		; /* Read out all contents */
 
 	/* Next reads should return 0 */
 	ASSERT_EQ(read(iter_fd, buf, sizeof(buf)), 0, "read");
diff --git a/tools/testing/selftests/bpf/prog_tests/lwt_seg6local.c b/tools/testing/selftests/bpf/prog_tests/lwt_seg6local.c
index 3bc730b7c7fa..1b25d5c5f8fb 100644
--- a/tools/testing/selftests/bpf/prog_tests/lwt_seg6local.c
+++ b/tools/testing/selftests/bpf/prog_tests/lwt_seg6local.c
@@ -117,7 +117,7 @@ void test_lwt_seg6local(void)
 	const char *ns1 = NETNS_BASE "1";
 	const char *ns6 = NETNS_BASE "6";
 	struct nstoken *nstoken = NULL;
-	const char *foobar = "foobar";
+	const char foobar[] = "foobar";
 	ssize_t bytes;
 	int sfd, cfd;
 	char buf[7];
diff --git a/tools/testing/selftests/bpf/prog_tests/verifier_log.c b/tools/testing/selftests/bpf/prog_tests/verifier_log.c
index 8337c6bc5b95..aaa2854974c0 100644
--- a/tools/testing/selftests/bpf/prog_tests/verifier_log.c
+++ b/tools/testing/selftests/bpf/prog_tests/verifier_log.c
@@ -47,7 +47,7 @@ static int load_prog(struct bpf_prog_load_opts *opts, bool expect_load_error)
 static void verif_log_subtest(const char *name, bool expect_load_error, int log_level)
 {
 	LIBBPF_OPTS(bpf_prog_load_opts, opts);
-	char *exp_log, prog_name[16], op_name[32];
+	char *exp_log, prog_name[24], op_name[32];
 	struct test_log_buf *skel;
 	struct bpf_program *prog;
 	size_t fixed_log_sz;
-- 
2.53.0

Re: [PATCH bpf-next v1 13/14] selftests/bpf: Fix out-of-bounds array access bugs reported by ASAN

Posted by Eduard Zingerman 1 month, 2 weeks ago

On Wed, 2026-02-11 at 17:13 -0800, Ihor Solodrai wrote:
> - kmem_cache_iter: remove unnecessary debug output
> - lwt_seg6local: change the type of foobar to char[]
>   - the sizeof(foobar) returned the pointer size and not a string
>     length as intended
> - verifier_log: increase prog_name buffer size in verif_log_subtest()
>   - compiler has a conservative estimate of fixed_log_sz value, making
>     ASAN complain on snprint() call
> 
> Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
> ---

Acked-by: Eduard Zingerman <eddyz87@gmail.com>

[...]

> diff --git a/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
> b/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
> index 6e35e13c2022..399fe9103f83 100644
> --- a/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
> +++ b/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
> @@ -104,11 +104,8 @@ void test_kmem_cache_iter(void)
>  	if (!ASSERT_GE(iter_fd, 0, "iter_create"))
>  		goto destroy;
>  
> -	memset(buf, 0, sizeof(buf));
> -	while (read(iter_fd, buf, sizeof(buf)) > 0) {
> -		/* Read out all contents */
> -		printf("%s", buf);
> -	}
> +	while (read(iter_fd, buf, sizeof(buf)) > 0)
> +		; /* Read out all contents */

Nit:
  -       while (read(iter_fd, buf, sizeof(buf)) > 0) {
  +       while (read(iter_fd, buf, sizeof(buf) - 1) > 0) {

  And keep the log?

[...]

Re: [PATCH bpf-next v1 13/14] selftests/bpf: Fix out-of-bounds array access bugs reported by ASAN

Posted by Ihor Solodrai 1 month, 1 week ago

On 2/12/26 5:11 PM, Eduard Zingerman wrote:
> On Wed, 2026-02-11 at 17:13 -0800, Ihor Solodrai wrote:
>> - kmem_cache_iter: remove unnecessary debug output
>> - lwt_seg6local: change the type of foobar to char[]
>>   - the sizeof(foobar) returned the pointer size and not a string
>>     length as intended
>> - verifier_log: increase prog_name buffer size in verif_log_subtest()
>>   - compiler has a conservative estimate of fixed_log_sz value, making
>>     ASAN complain on snprint() call
>>
>> Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
>> ---
> 
> Acked-by: Eduard Zingerman <eddyz87@gmail.com>
> 
> [...]
> 
>> diff --git a/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
>> b/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
>> index 6e35e13c2022..399fe9103f83 100644
>> --- a/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
>> +++ b/tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c
>> @@ -104,11 +104,8 @@ void test_kmem_cache_iter(void)
>>  	if (!ASSERT_GE(iter_fd, 0, "iter_create"))
>>  		goto destroy;
>>  
>> -	memset(buf, 0, sizeof(buf));
>> -	while (read(iter_fd, buf, sizeof(buf)) > 0) {
>> -		/* Read out all contents */
>> -		printf("%s", buf);
>> -	}
>> +	while (read(iter_fd, buf, sizeof(buf)) > 0)
>> +		; /* Read out all contents */
> 
> Nit:
>   -       while (read(iter_fd, buf, sizeof(buf)) > 0) {
>   +       while (read(iter_fd, buf, sizeof(buf) - 1) > 0) {
> 
>   And keep the log?

AFAIU it's not necessary for the test, it seems to be a debug print.

There is an exact copy of this loop without printf in dmabuf_iter.c.

> 
> [...]