selftests/bpf: ptr_to_btf_id struct walk ending with primitive pointer

Validate that reading a PTR_TO_BTF_ID field produces a value of type
PTR_TO_MEM|MEM_RDONLY|PTR_UNTRUSTED, if field is a pointer to a
primitive type.

Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250704230354.1323244-4-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/progs/mem_rdonly_untrusted.c b/tools/testing/selftests/bpf/progs/mem_rdonly_untrusted.c
index 8185130ede9570b3ebeb5cb4787bff887cfd2ad9..4f94c971ae8626a845024dd7b08878cec2ff82bc 100644 (file)
--- a/tools/testing/selftests/bpf/progs/mem_rdonly_untrusted.c
+++ b/tools/testing/selftests/bpf/progs/mem_rdonly_untrusted.c
@@ -5,6 +5,37 @@
 #include "bpf_misc.h"
 #include "../test_kmods/bpf_testmod_kfunc.h"
 
+SEC("tp_btf/sys_enter")
+__success
+__log_level(2)
+__msg("r8 = *(u64 *)(r7 +0)          ; R7_w=ptr_nameidata(off={{[0-9]+}}) R8_w=rdonly_untrusted_mem(sz=0)")
+__msg("r9 = *(u8 *)(r8 +0)           ; R8_w=rdonly_untrusted_mem(sz=0) R9_w=scalar")
+int btf_id_to_ptr_mem(void *ctx)
+{
+       struct task_struct *task;
+       struct nameidata *idata;
+       u64 ret, off;
+
+       task = bpf_get_current_task_btf();
+       idata = task->nameidata;
+       off = bpf_core_field_offset(struct nameidata, pathname);
+       /*
+        * asm block to have reliable match target for __msg, equivalent of:
+        *   ret = task->nameidata->pathname[0];
+        */
+       asm volatile (
+       "r7 = %[idata];"
+       "r7 += %[off];"
+       "r8 = *(u64 *)(r7 + 0);"
+       "r9 = *(u8 *)(r8 + 0);"
+       "%[ret] = r9;"
+       : [ret]"=r"(ret)
+       : [idata]"r"(idata),
+         [off]"r"(off)
+       : "r7", "r8", "r9");
+       return ret;
+}
+
 SEC("socket")
 __success
 __retval(0)