Re: [PATCH bpf-next v2] selftests/bpf: Add arena direct-value one-past-end reject test

[bot+bpf-ci]

> commit fe93bf61d92a97b713eb292a1ccbae1cef5b23f1
> Author: Woojin Ji <random6.xyz@xxxxxxxxx>
> Date:   Fri Jun 5 00:23:42 2026 +0900
>
>     selftests/bpf: Add arena direct-value one-past-end reject test
>
>     BPF_MAP_TYPE_ARENA supports direct-value pseudo loads, but unlike array
>     maps its map value_size is zero and the valid direct-value range is the
>     arena mmap size, max_entries * PAGE_SIZE.
>
>     Commit 3ac1a467e376 ("bpf: Fix off-by-one boundary validation in arena
>     direct-value access") fixed arena_map_direct_value_addr() to reject an
>     offset exactly at the end of the arena mapping. Add a regression test
>     that loads a BPF_PSEUDO_MAP_VALUE with off == arena_size and verifies
>     that the verifier rejects it with the expected offset in the log.
>
>     This is awkward to express as a verifier_arena.c failure program. For
>     arena globals, libbpf handles the relocation as RELO_DATA and sets
>     BPF_PSEUDO_MAP_VALUE from that relocation. The second ldimm64 slot is
>     derived from the arena-relative symbol offset, so a C-level __arena
>     global cannot make that immediate equal to arena_size without placing a
>     global one past the end of the arena.
>
>     Use a userspace raw-instruction test instead, following the existing
>     selftests pattern used for direct map-value pseudo loads, so insns[1].imm
>     can be set to arena_size precisely.

Emil Tsalapatis suggested using inline assembly in the BPF C file
(verifier_arena.c) instead of creating a userspace raw-instruction test.
The commit message explains why the userspace approach was chosen, but
could inline assembly address the limitation with libbpf relocations?

Reference: https://lore.kernel.org/bpf/DJ0DRM980L8V.3MR51HBLAVAEP@xxxxxxxxxxxxxxx/
"Can't we still use inline assembly in the BPF C file to do so? I don't
see why not." - Emil Tsalapatis, Thu, 04 Jun 2026 11:46:39 -0400

>
>     Assisted-by: ChatGPT:gpt-5.5
>     Signed-off-by: Woojin Ji <random6.xyz@xxxxxxxxx>
>     Cc: Emil Tsalapatis <emil@xxxxxxxxxxxxxxx>
>     Cc: Junyoung Jang <graypanda.inzag@xxxxxxxxx>

[ ... ]


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/26962723906