From: Eduard Zingerman <eddyz87@gmail.com>
To: bpf@vger.kernel.org, ast@kernel.org, andrii@kernel.org
Cc: daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com,
yonghong.song@linux.dev, eddyz87@gmail.com, ctao@meta.com
Subject: [PATCH bpf-next v2 2/2] selftests/bpf: verify kallsyms entries for token-loaded subprograms
Date: Tue, 14 Apr 2026 17:30:13 -0700 [thread overview]
Message-ID: <20260414-subprog-token-fix-v2-2-59146c31f6f1@gmail.com> (raw)
In-Reply-To: <20260414-subprog-token-fix-v2-0-59146c31f6f1@gmail.com>
Add a test that loads an XDP program with a global subprogram using a
BPF token from a user namespace, then verifies that both the main
program and the subprogram appear in /proc/kallsyms.
This exercises the bpf_prog_kallsyms_add() path for subprograms and
would have caught the missing aux->token copy in bpf_jit_subprogs().
load_kallsyms_local() filters out kallsyms with zero addresses.
For a process with limited capabilities to read kallsym addresses the
following sysctl variables have to be set to zero:
- /proc/sys/kernel/perf_event_paranoid
- /proc/sys/kernel/kptr_restrict
Set these variables using sysctl_set() utility function extracted from
unpriv_bpf_disabled.c to a separate c/header.
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
---
tools/testing/selftests/bpf/Makefile | 1 +
tools/testing/selftests/bpf/prog_tests/token.c | 81 +++++++++++++++++++++-
.../selftests/bpf/prog_tests/unpriv_bpf_disabled.c | 21 +-----
tools/testing/selftests/bpf/progs/token_kallsyms.c | 19 +++++
tools/testing/selftests/bpf/sysctl_helpers.c | 26 +++++++
tools/testing/selftests/bpf/sysctl_helpers.h | 7 ++
6 files changed, 133 insertions(+), 22 deletions(-)
diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile
index f75c4f52c028..da81a1853cfd 100644
--- a/tools/testing/selftests/bpf/Makefile
+++ b/tools/testing/selftests/bpf/Makefile
@@ -750,6 +750,7 @@ TRUNNER_EXTRA_SOURCES := test_progs.c \
btf_helpers.c \
cap_helpers.c \
unpriv_helpers.c \
+ sysctl_helpers.c \
netlink_helpers.c \
jit_disasm_helpers.c \
io_helpers.c \
diff --git a/tools/testing/selftests/bpf/prog_tests/token.c b/tools/testing/selftests/bpf/prog_tests/token.c
index b81dde283052..89da527ed930 100644
--- a/tools/testing/selftests/bpf/prog_tests/token.c
+++ b/tools/testing/selftests/bpf/prog_tests/token.c
@@ -1,9 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
#define _GNU_SOURCE
-#include <test_progs.h>
#include <bpf/btf.h>
-#include "cap_helpers.h"
#include <fcntl.h>
#include <sched.h>
#include <signal.h>
@@ -15,9 +13,17 @@
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/un.h>
+
+#include "bpf_util.h"
+#include "cap_helpers.h"
+#include "sysctl_helpers.h"
+#include "test_progs.h"
+#include "trace_helpers.h"
+
#include "priv_map.skel.h"
#include "priv_prog.skel.h"
#include "dummy_st_ops_success.skel.h"
+#include "token_kallsyms.skel.h"
#include "token_lsm.skel.h"
#include "priv_freplace_prog.skel.h"
@@ -1045,6 +1051,58 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l
return -EINVAL;
}
+static bool kallsyms_has_bpf_func(struct ksyms *ksyms, const char *func_name)
+{
+ char name[256];
+ int i;
+
+ for (i = 0; i < ksyms->sym_cnt; i++) {
+ if (sscanf(ksyms->syms[i].name, "bpf_prog_%*[^_]_%255s", name) == 1 &&
+ strcmp(name, func_name) == 0)
+ return true;
+ }
+ return false;
+}
+
+static int userns_obj_priv_prog_kallsyms(int mnt_fd, struct token_lsm *lsm_skel)
+{
+ const char *func_names[] = { "xdp_main", "token_ksym_subprog" };
+ LIBBPF_OPTS(bpf_object_open_opts, opts);
+ struct token_kallsyms *skel;
+ struct ksyms *ksyms = NULL;
+ char buf[256];
+ int i, err;
+
+ snprintf(buf, sizeof(buf), "/proc/self/fd/%d", mnt_fd);
+ opts.bpf_token_path = buf;
+ skel = token_kallsyms__open_opts(&opts);
+ if (!ASSERT_OK_PTR(skel, "token_kallsyms__open_opts"))
+ return -EINVAL;
+
+ err = token_kallsyms__load(skel);
+ if (!ASSERT_OK(err, "token_kallsyms__load"))
+ goto cleanup;
+
+ ksyms = load_kallsyms_local();
+ if (!ASSERT_OK_PTR(ksyms, "load_kallsyms_local")) {
+ err = -EINVAL;
+ goto cleanup;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(func_names); i++) {
+ if (!ASSERT_TRUE(kallsyms_has_bpf_func(ksyms, func_names[i]),
+ func_names[i])) {
+ err = -EINVAL;
+ break;
+ }
+ }
+
+cleanup:
+ free_kallsyms_local(ksyms);
+ token_kallsyms__destroy(skel);
+ return err;
+}
+
#define bit(n) (1ULL << (n))
static int userns_bpf_token_info(int mnt_fd, struct token_lsm *lsm_skel)
@@ -1194,4 +1252,23 @@ void test_token(void)
subtest_userns(&opts, userns_bpf_token_info);
}
+ if (test__start_subtest("obj_priv_prog_kallsyms")) {
+ char perf_paranoid_orig[32] = {};
+ char kptr_restrict_orig[32] = {};
+ struct bpffs_opts opts = {
+ .cmds = bit(BPF_BTF_LOAD) | bit(BPF_PROG_LOAD),
+ .progs = bit(BPF_PROG_TYPE_XDP),
+ .attachs = ~0ULL,
+ };
+
+ sysctl_set("/proc/sys/kernel/perf_event_paranoid", perf_paranoid_orig, "0");
+ sysctl_set("/proc/sys/kernel/kptr_restrict", kptr_restrict_orig, "0");
+
+ subtest_userns(&opts, userns_obj_priv_prog_kallsyms);
+
+ if (perf_paranoid_orig[0])
+ sysctl_set("/proc/sys/kernel/perf_event_paranoid", NULL, perf_paranoid_orig);
+ if (kptr_restrict_orig[0])
+ sysctl_set("/proc/sys/kernel/kptr_restrict", NULL, kptr_restrict_orig);
+ }
}
diff --git a/tools/testing/selftests/bpf/prog_tests/unpriv_bpf_disabled.c b/tools/testing/selftests/bpf/prog_tests/unpriv_bpf_disabled.c
index 472f4f9fa95f..64404602b9ab 100644
--- a/tools/testing/selftests/bpf/prog_tests/unpriv_bpf_disabled.c
+++ b/tools/testing/selftests/bpf/prog_tests/unpriv_bpf_disabled.c
@@ -8,6 +8,7 @@
#include "cap_helpers.h"
#include "bpf_util.h"
+#include "sysctl_helpers.h"
/* Using CAP_LAST_CAP is risky here, since it can get pulled in from
* an old /usr/include/linux/capability.h and be < CAP_BPF; as a result
@@ -36,26 +37,6 @@ static void process_perfbuf(void *ctx, int cpu, void *data, __u32 len)
got_perfbuf_val = *(__u32 *)data;
}
-static int sysctl_set(const char *sysctl_path, char *old_val, const char *new_val)
-{
- int ret = 0;
- FILE *fp;
-
- fp = fopen(sysctl_path, "r+");
- if (!fp)
- return -errno;
- if (old_val && fscanf(fp, "%s", old_val) <= 0) {
- ret = -ENOENT;
- } else if (!old_val || strcmp(old_val, new_val) != 0) {
- fseek(fp, 0, SEEK_SET);
- if (fprintf(fp, "%s", new_val) < 0)
- ret = -errno;
- }
- fclose(fp);
-
- return ret;
-}
-
static void test_unpriv_bpf_disabled_positive(struct test_unpriv_bpf_disabled *skel,
__u32 prog_id, int prog_fd, int perf_fd,
char **map_paths, int *map_fds)
diff --git a/tools/testing/selftests/bpf/progs/token_kallsyms.c b/tools/testing/selftests/bpf/progs/token_kallsyms.c
new file mode 100644
index 000000000000..c9f9344f3eb2
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/token_kallsyms.c
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2026 Meta Platforms, Inc. and affiliates. */
+
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+
+char _license[] SEC("license") = "GPL";
+
+__weak
+int token_ksym_subprog(void)
+{
+ return 0;
+}
+
+SEC("xdp")
+int xdp_main(struct xdp_md *xdp)
+{
+ return token_ksym_subprog();
+}
diff --git a/tools/testing/selftests/bpf/sysctl_helpers.c b/tools/testing/selftests/bpf/sysctl_helpers.c
new file mode 100644
index 000000000000..e58c23adaa3e
--- /dev/null
+++ b/tools/testing/selftests/bpf/sysctl_helpers.c
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+
+#include "sysctl_helpers.h"
+
+int sysctl_set(const char *sysctl_path, char *old_val, const char *new_val)
+{
+ int ret = 0;
+ FILE *fp;
+
+ fp = fopen(sysctl_path, "r+");
+ if (!fp)
+ return -errno;
+ if (old_val && fscanf(fp, "%s", old_val) <= 0) {
+ ret = -ENOENT;
+ } else if (!old_val || strcmp(old_val, new_val) != 0) {
+ fseek(fp, 0, SEEK_SET);
+ if (fprintf(fp, "%s", new_val) < 0)
+ ret = -errno;
+ }
+ fclose(fp);
+
+ return ret;
+}
diff --git a/tools/testing/selftests/bpf/sysctl_helpers.h b/tools/testing/selftests/bpf/sysctl_helpers.h
new file mode 100644
index 000000000000..28d7e209df72
--- /dev/null
+++ b/tools/testing/selftests/bpf/sysctl_helpers.h
@@ -0,0 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __SYSCTL_HELPERS_H
+#define __SYSCTL_HELPERS_H
+
+int sysctl_set(const char *sysctl_path, char *old_val, const char *new_val);
+
+#endif
--
2.53.0
next prev parent reply other threads:[~2026-04-15 0:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-15 0:30 [PATCH bpf-next v2 0/2] bpf: copy BPF token from main program to subprograms Eduard Zingerman
2026-04-15 0:30 ` [PATCH bpf-next v2 1/2] " Eduard Zingerman
2026-04-15 1:08 ` sashiko-bot
2026-04-15 18:30 ` Eduard Zingerman
2026-04-15 0:30 ` Eduard Zingerman [this message]
2026-04-15 1:21 ` [PATCH bpf-next v2 2/2] selftests/bpf: verify kallsyms entries for token-loaded subprograms sashiko-bot
2026-04-15 5:55 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260414-subprog-token-fix-v2-2-59146c31f6f1@gmail.com \
--to=eddyz87@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=ctao@meta.com \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
--cc=martin.lau@linux.dev \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox