Add verifier coverage for bpf_get_kmem_cache(0). A direct read from the
returned kmem_cache pointer must reject because the kfunc can return NULL,
while the same read after an explicit null check remains accepted.

Signed-off-by: Nuoqi Gui <gnq25@mails.tsinghua.edu.cn>
---
 .../bpf/progs/verifier_kfunc_prog_types.c          | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/verifier_kfunc_prog_types.c b/tools/testing/selftests/bpf/progs/verifier_kfunc_prog_types.c
index 1fce7a7e8d030..a062f3b7bc756 100644
--- a/tools/testing/selftests/bpf/progs/verifier_kfunc_prog_types.c
+++ b/tools/testing/selftests/bpf/progs/verifier_kfunc_prog_types.c
@@ -168,3 +168,32 @@ int BPF_PROG(cpumask_kfunc_perf_event)
 	cpumask_kfunc_load_test();
 	return 0;
 }
+
+/*********************
+ * kmem_cache kfunc *
+ *********************/
+
+extern struct kmem_cache *bpf_get_kmem_cache(u64 addr) __ksym;
+
+SEC("raw_tp")
+__failure __msg("R0 invalid mem access 'untrusted_ptr_or_null_'")
+int bpf_get_kmem_cache_no_null_check(void *ctx)
+{
+	struct kmem_cache *s;
+
+	s = bpf_get_kmem_cache(0);
+	return s->size;
+}
+
+SEC("raw_tp")
+__success
+int bpf_get_kmem_cache_null_check(void *ctx)
+{
+	struct kmem_cache *s;
+
+	s = bpf_get_kmem_cache(0);
+	if (!s)
+		return 0;
+
+	return s->size;
+}

-- 
2.34.1