A fix for an oversight in copy_map_value that leads to kernel crash. Also, a question for BPF developers: It seems in arraymap.c, we always do check_and_free_timer_in_array after we do copy_map_value in map_update_elem callback, but the same is not done for hashtab.c. Is there a specific reason for this difference in behavior, or did I miss that it happens for hashtab.c as well? Changlog: --------- v1 -> v2: v1: https://lore.kernel.org/bpf/20220209051113.870717-1-memxor@xxxxxxxxx * Fix build error for selftests patch due to missing SYS_PREFIX in bpf tree Kumar Kartikeya Dwivedi (2): bpf: Fix crash due to incorrect copy_map_value selftests/bpf: Add test for bpf_timer overwriting crash include/linux/bpf.h | 3 +- .../selftests/bpf/prog_tests/timer_crash.c | 32 +++++++++++ .../testing/selftests/bpf/progs/timer_crash.c | 54 +++++++++++++++++++ 3 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/timer_crash.c create mode 100644 tools/testing/selftests/bpf/progs/timer_crash.c -- 2.35.1
