> commit fe93bf61d92a97b713eb292a1ccbae1cef5b23f1 > Author: Woojin Ji <[email protected]> > Date: Fri Jun 5 00:23:42 2026 +0900 > > selftests/bpf: Add arena direct-value one-past-end reject test > > BPF_MAP_TYPE_ARENA supports direct-value pseudo loads, but unlike array > maps its map value_size is zero and the valid direct-value range is the > arena mmap size, max_entries * PAGE_SIZE. > > Commit 3ac1a467e376 ("bpf: Fix off-by-one boundary validation in arena > direct-value access") fixed arena_map_direct_value_addr() to reject an > offset exactly at the end of the arena mapping. Add a regression test > that loads a BPF_PSEUDO_MAP_VALUE with off == arena_size and verifies > that the verifier rejects it with the expected offset in the log. > > This is awkward to express as a verifier_arena.c failure program. For > arena globals, libbpf handles the relocation as RELO_DATA and sets > BPF_PSEUDO_MAP_VALUE from that relocation. The second ldimm64 slot is > derived from the arena-relative symbol offset, so a C-level __arena > global cannot make that immediate equal to arena_size without placing a > global one past the end of the arena. > > Use a userspace raw-instruction test instead, following the existing > selftests pattern used for direct map-value pseudo loads, so insns[1].imm > can be set to arena_size precisely.
Emil Tsalapatis suggested using inline assembly in the BPF C file (verifier_arena.c) instead of creating a userspace raw-instruction test. The commit message explains why the userspace approach was chosen, but could inline assembly address the limitation with libbpf relocations? Reference: https://lore.kernel.org/bpf/[email protected]/ "Can't we still use inline assembly in the BPF C file to do so? I don't see why not." - Emil Tsalapatis, Thu, 04 Jun 2026 11:46:39 -0400 > > Assisted-by: ChatGPT:gpt-5.5 > Signed-off-by: Woojin Ji <[email protected]> > Cc: Emil Tsalapatis <[email protected]> > Cc: Junyoung Jang <[email protected]> [ ... ] --- AI reviewed your patch. Please fix the bug or email reply why it's not a bug. See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md CI run summary: https://github.com/kernel-patches/bpf/actions/runs/26962723906
