On 2/16/2024 5:12 AM, Martin KaFai Lau wrote: > From: Martin KaFai Lau <martin.lau@xxxxxxxxxx> > > This selftest is based on a Alexei's test adopted from an internal > user to troubleshoot another bug. During this exercise, a separate > racing bug was discovered between bpf_timer_cancel_and_free > and bpf_timer_cancel. The details can be found in the previous > patch. > > This patch is to add a selftest that can trigger the bug. > I can trigger the UAF everytime in my qemu setup with KASAN. The idea > is to have multiple user space threads running in a tight loop to exercise > both bpf_map_update_elem (which calls into bpf_timer_cancel_and_free) > and bpf_timer_cancel. > > Signed-off-by: Martin KaFai Lau <martin.lau@xxxxxxxxxx> Acked-by: Hou Tao <houtao1@xxxxxxxxxx>
