selftests/bpf: Add a testcase for deadlock avoidance

Add a testcase that checks that deadlock avoidance is working
as expected.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20260204055147.54960-3-alexei.starovoitov@gmail.com

diff --git a/tools/testing/selftests/bpf/prog_tests/timer_start_deadlock.c b/tools/testing/selftests/bpf/prog_tests/timer_start_deadlock.c
new file mode 100644 (file)
index 0000000..9f1f9ae
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/timer_start_deadlock.c
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2026 Meta Platforms, Inc. and affiliates. */
+#include <test_progs.h>
+#include "timer_start_deadlock.skel.h"
+
+void test_timer_start_deadlock(void)
+{
+       struct timer_start_deadlock *skel;
+       int err, prog_fd;
+       LIBBPF_OPTS(bpf_test_run_opts, opts);
+
+       skel = timer_start_deadlock__open_and_load();
+       if (!ASSERT_OK_PTR(skel, "skel_open_and_load"))
+               return;
+
+       err = timer_start_deadlock__attach(skel);
+       if (!ASSERT_OK(err, "skel_attach"))
+               goto cleanup;
+
+       prog_fd = bpf_program__fd(skel->progs.start_timer);
+
+       /*
+        * Run the syscall program that attempts to deadlock.
+        * If the kernel deadlocks, this call will never return.
+        */
+       err = bpf_prog_test_run_opts(prog_fd, &opts);
+       ASSERT_OK(err, "prog_test_run");
+       ASSERT_EQ(opts.retval, 0, "prog_retval");
+
+       ASSERT_EQ(skel->bss->tp_called, 1, "tp_called");
+cleanup:
+       timer_start_deadlock__destroy(skel);
+}

diff --git a/tools/testing/selftests/bpf/progs/timer_start_deadlock.c b/tools/testing/selftests/bpf/progs/timer_start_deadlock.c
new file mode 100644 (file)
index 0000000..3685637
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/timer_start_deadlock.c
@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2026 Meta Platforms, Inc. and affiliates. */
+#include <vmlinux.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+#define CLOCK_MONOTONIC 1
+
+char _license[] SEC("license") = "GPL";
+
+struct elem {
+       struct bpf_timer timer;
+};
+
+struct {
+       __uint(type, BPF_MAP_TYPE_ARRAY);
+       __uint(max_entries, 1);
+       __type(key, int);
+       __type(value, struct elem);
+} timer_map SEC(".maps");
+
+volatile int in_timer_start;
+volatile int tp_called;
+
+static int timer_cb(void *map, int *key, struct elem *value)
+{
+       return 0;
+}
+
+SEC("tp_btf/hrtimer_cancel")
+int BPF_PROG(tp_hrtimer_cancel, struct hrtimer *hrtimer)
+{
+       struct bpf_timer *timer;
+       static bool called = false;
+       int key = 0;
+
+       if (!in_timer_start)
+               return 0;
+
+       tp_called = 1;
+       timer = bpf_map_lookup_elem(&timer_map, &key);
+
+       /*
+        * Call bpf_timer_start() from the tracepoint within hrtimer logic
+        * on the same timer to make sure it doesn't deadlock,
+        * and do it once.
+        */
+       if (!called) {
+               called = true;
+               bpf_timer_start(timer, 1000000000, 0);
+       }
+       return 0;
+}
+
+SEC("syscall")
+int start_timer(void *ctx)
+{
+       struct bpf_timer *timer;
+       int key = 0;
+
+       timer = bpf_map_lookup_elem(&timer_map, &key);
+       /* claude may complain here that there is no NULL check. Ignoring it. */
+       bpf_timer_init(timer, &timer_map, CLOCK_MONOTONIC);
+       bpf_timer_set_callback(timer, timer_cb);
+
+       /*
+        * call hrtimer_start() twice, so that 2nd call does
+        * remove_hrtimer() and trace_hrtimer_cancel() tracepoint.
+        */
+       in_timer_start = 1;
+       bpf_timer_start(timer, 1000000000, 0);
+       bpf_timer_start(timer, 1000000000, 0);
+       in_timer_start = 0;
+       return 0;
+}