On Tue, Sep 11, 2018 at 05:36:37PM -0700, Joe Stringer wrote:
> reference tracking: leak potential reference
> reference tracking: leak potential reference on stack
> reference tracking: leak potential reference on stack 2
> reference tracking: zero potential reference
> reference tracking: copy and zero potential references
> reference tracking: release reference without check
> reference tracking: release reference
> reference tracking: release reference twice
> reference tracking: release reference twice inside branch
> reference tracking: alloc, check, free in one subbranch
> reference tracking: alloc, check, free in both subbranches
> reference tracking in call: free reference in subprog
> reference tracking in call: free reference in subprog and outside
> reference tracking in call: alloc & leak reference in subprog
> reference tracking in call: alloc in subprog, release outside
> reference tracking in call: sk_ptr leak into caller stack
> reference tracking in call: sk_ptr spill into caller stack
>
> Signed-off-by: Joe Stringer <j...@wand.net.nz>
...
> + "reference tracking in call: alloc in subprog, release outside",
> + .insns = {
> + BPF_MOV64_REG(BPF_REG_4, BPF_REG_10),
> + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 5),
> + BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
> + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
> + BPF_MOV64_IMM(BPF_REG_2, 0),
> + BPF_EMIT_CALL(BPF_FUNC_sk_release),
> + BPF_EXIT_INSN(),
> +
> + /* subprog 1 */
> + BPF_SK_LOOKUP,
> + BPF_EXIT_INSN(), /* return sk */
> + },
Thanks a lot for adding subprog tests and checking that return to the caller
and spill works too.
Awesome stuff!
Acked-by: Alexei Starovoitov <a...@kernel.org>
