selftests/bpf: verify kallsyms entries for token-loaded subprograms

Add a test that loads an XDP program with a global subprogram using a
BPF token from a user namespace, then verifies that both the main
program and the subprogram appear in /proc/kallsyms.

This exercises the bpf_prog_kallsyms_add() path for subprograms and
would have caught the missing aux->token copy in bpf_jit_subprogs().

load_kallsyms_local() filters out kallsyms with zero addresses.
For a process with limited capabilities to read kallsym addresses the
following sysctl variables have to be set to zero:
- /proc/sys/kernel/perf_event_paranoid
- /proc/sys/kernel/kptr_restrict
Set these variables using sysctl_set() utility function extracted from
unpriv_bpf_disabled.c to a separate c/header.
Since the test modifies global system state, mark it as serial.

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20260415-subprog-token-fix-v4-2-9bd000e8b068@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile
index 78e60040811ea1bc8dc4f0c24ad64b5859113ce1..6ef6872adbc3e10f1c181c0a18dd5354d58da0f1 100644 (file)
--- a/tools/testing/selftests/bpf/Makefile
+++ b/tools/testing/selftests/bpf/Makefile
@@ -751,6 +751,7 @@ TRUNNER_EXTRA_SOURCES := test_progs.c               \
                         btf_helpers.c          \
                         cap_helpers.c          \
                         unpriv_helpers.c       \
+                        sysctl_helpers.c       \
                         netlink_helpers.c      \
                         jit_disasm_helpers.c   \
                         io_helpers.c           \

diff --git a/tools/testing/selftests/bpf/prog_tests/token.c b/tools/testing/selftests/bpf/prog_tests/token.c
index b81dde283052e5c81b9f11665b76065db0a888a9..f2f5d36ae00a44a6238ef641357c5b6135be4c1a 100644 (file)
--- a/tools/testing/selftests/bpf/prog_tests/token.c
+++ b/tools/testing/selftests/bpf/prog_tests/token.c
@@ -1,9 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0
 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
 #define _GNU_SOURCE
-#include <test_progs.h>
 #include <bpf/btf.h>
-#include "cap_helpers.h"
 #include <fcntl.h>
 #include <sched.h>
 #include <signal.h>
@@ -15,9 +13,17 @@
 #include <sys/stat.h>
 #include <sys/syscall.h>
 #include <sys/un.h>
+
+#include "bpf_util.h"
+#include "cap_helpers.h"
+#include "sysctl_helpers.h"
+#include "test_progs.h"
+#include "trace_helpers.h"
+
 #include "priv_map.skel.h"
 #include "priv_prog.skel.h"
 #include "dummy_st_ops_success.skel.h"
+#include "token_kallsyms.skel.h"
 #include "token_lsm.skel.h"
 #include "priv_freplace_prog.skel.h"
 
@@ -1045,6 +1051,58 @@ err_out:
        return -EINVAL;
 }
 
+static bool kallsyms_has_bpf_func(struct ksyms *ksyms, const char *func_name)
+{
+       char name[256];
+       int i;
+
+       for (i = 0; i < ksyms->sym_cnt; i++) {
+               if (sscanf(ksyms->syms[i].name, "bpf_prog_%*[^_]_%255s", name) == 1 &&
+                   strcmp(name, func_name) == 0)
+                       return true;
+       }
+       return false;
+}
+
+static int userns_obj_priv_prog_kallsyms(int mnt_fd, struct token_lsm *lsm_skel)
+{
+       const char *func_names[] = { "xdp_main", "token_ksym_subprog" };
+       LIBBPF_OPTS(bpf_object_open_opts, opts);
+       struct token_kallsyms *skel;
+       struct ksyms *ksyms = NULL;
+       char buf[256];
+       int i, err;
+
+       snprintf(buf, sizeof(buf), "/proc/self/fd/%d", mnt_fd);
+       opts.bpf_token_path = buf;
+       skel = token_kallsyms__open_opts(&opts);
+       if (!ASSERT_OK_PTR(skel, "token_kallsyms__open_opts"))
+               return -EINVAL;
+
+       err = token_kallsyms__load(skel);
+       if (!ASSERT_OK(err, "token_kallsyms__load"))
+               goto cleanup;
+
+       ksyms = load_kallsyms_local();
+       if (!ASSERT_OK_PTR(ksyms, "load_kallsyms_local")) {
+               err = -EINVAL;
+               goto cleanup;
+       }
+
+       for (i = 0; i < ARRAY_SIZE(func_names); i++) {
+               if (!ASSERT_TRUE(kallsyms_has_bpf_func(ksyms, func_names[i]),
+                                func_names[i])) {
+                       err = -EINVAL;
+                       break;
+               }
+       }
+
+cleanup:
+       free_kallsyms_local(ksyms);
+       token_kallsyms__destroy(skel);
+       return err;
+}
+
 #define bit(n) (1ULL << (n))
 
 static int userns_bpf_token_info(int mnt_fd, struct token_lsm *lsm_skel)
@@ -1082,7 +1140,7 @@ cleanup:
        return err;
 }
 
-void test_token(void)
+void serial_test_token(void)
 {
        if (test__start_subtest("map_token")) {
                struct bpffs_opts opts = {
@@ -1194,4 +1252,26 @@ void test_token(void)
 
                subtest_userns(&opts, userns_bpf_token_info);
        }
+       if (test__start_subtest("obj_priv_prog_kallsyms")) {
+               char perf_paranoid_orig[32] = {};
+               char kptr_restrict_orig[32] = {};
+               struct bpffs_opts opts = {
+                       .cmds = bit(BPF_BTF_LOAD) | bit(BPF_PROG_LOAD),
+                       .progs = bit(BPF_PROG_TYPE_XDP),
+                       .attachs = ~0ULL,
+               };
+
+               if (sysctl_set_or_fail("/proc/sys/kernel/perf_event_paranoid", perf_paranoid_orig, "0"))
+                       goto cleanup;
+               if (sysctl_set_or_fail("/proc/sys/kernel/kptr_restrict", kptr_restrict_orig, "0"))
+                       goto cleanup;
+
+               subtest_userns(&opts, userns_obj_priv_prog_kallsyms);
+
+cleanup:
+               if (perf_paranoid_orig[0])
+                       sysctl_set_or_fail("/proc/sys/kernel/perf_event_paranoid", NULL, perf_paranoid_orig);
+               if (kptr_restrict_orig[0])
+                       sysctl_set_or_fail("/proc/sys/kernel/kptr_restrict", NULL, kptr_restrict_orig);
+       }
 }

diff --git a/tools/testing/selftests/bpf/prog_tests/unpriv_bpf_disabled.c b/tools/testing/selftests/bpf/prog_tests/unpriv_bpf_disabled.c
index 472f4f9fa95fe202b41a7d377574a92aa0b10544..64404602b9ab8976f6682df0de4a9d971518e01f 100644 (file)
--- a/tools/testing/selftests/bpf/prog_tests/unpriv_bpf_disabled.c
+++ b/tools/testing/selftests/bpf/prog_tests/unpriv_bpf_disabled.c
@@ -8,6 +8,7 @@
 
 #include "cap_helpers.h"
 #include "bpf_util.h"
+#include "sysctl_helpers.h"
 
 /* Using CAP_LAST_CAP is risky here, since it can get pulled in from
  * an old /usr/include/linux/capability.h and be < CAP_BPF; as a result
@@ -36,26 +37,6 @@ static void process_perfbuf(void *ctx, int cpu, void *data, __u32 len)
                got_perfbuf_val = *(__u32 *)data;
 }
 
-static int sysctl_set(const char *sysctl_path, char *old_val, const char *new_val)
-{
-       int ret = 0;
-       FILE *fp;
-
-       fp = fopen(sysctl_path, "r+");
-       if (!fp)
-               return -errno;
-       if (old_val && fscanf(fp, "%s", old_val) <= 0) {
-               ret = -ENOENT;
-       } else if (!old_val || strcmp(old_val, new_val) != 0) {
-               fseek(fp, 0, SEEK_SET);
-               if (fprintf(fp, "%s", new_val) < 0)
-                       ret = -errno;
-       }
-       fclose(fp);
-
-       return ret;
-}
-
 static void test_unpriv_bpf_disabled_positive(struct test_unpriv_bpf_disabled *skel,
                                              __u32 prog_id, int prog_fd, int perf_fd,
                                              char **map_paths, int *map_fds)

diff --git a/tools/testing/selftests/bpf/progs/token_kallsyms.c b/tools/testing/selftests/bpf/progs/token_kallsyms.c
new file mode 100644 (file)
index 0000000..c9f9344
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/token_kallsyms.c
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2026 Meta Platforms, Inc. and affiliates. */
+
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+
+char _license[] SEC("license") = "GPL";
+
+__weak
+int token_ksym_subprog(void)
+{
+       return 0;
+}
+
+SEC("xdp")
+int xdp_main(struct xdp_md *xdp)
+{
+       return token_ksym_subprog();
+}

diff --git a/tools/testing/selftests/bpf/sysctl_helpers.c b/tools/testing/selftests/bpf/sysctl_helpers.c
new file mode 100644 (file)
index 0000000..e2bd824
--- /dev/null
+++ b/tools/testing/selftests/bpf/sysctl_helpers.c
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+
+#include "sysctl_helpers.h"
+#include "test_progs.h"
+
+int sysctl_set(const char *sysctl_path, char *old_val, const char *new_val)
+{
+       int ret = 0;
+       FILE *fp;
+
+       fp = fopen(sysctl_path, "r+");
+       if (!fp)
+               return -errno;
+       if (old_val && fscanf(fp, "%s", old_val) <= 0) {
+               ret = -ENOENT;
+       } else if (!old_val || strcmp(old_val, new_val) != 0) {
+               fseek(fp, 0, SEEK_SET);
+               if (fprintf(fp, "%s", new_val) < 0)
+                       ret = -errno;
+       }
+       fclose(fp);
+
+       return ret;
+}
+
+int sysctl_set_or_fail(const char *sysctl_path, char *old_val, const char *new_val)
+{
+       int err;
+
+       err = sysctl_set(sysctl_path, old_val, new_val);
+       if (err)
+               PRINT_FAIL("failed to set %s to %s: %s\n", sysctl_path, new_val, strerror(-err));
+       return err;
+}

diff --git a/tools/testing/selftests/bpf/sysctl_helpers.h b/tools/testing/selftests/bpf/sysctl_helpers.h
new file mode 100644 (file)
index 0000000..35e37bf
--- /dev/null
+++ b/tools/testing/selftests/bpf/sysctl_helpers.h
@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __SYSCTL_HELPERS_H
+#define __SYSCTL_HELPERS_H
+
+int sysctl_set(const char *sysctl_path, char *old_val, const char *new_val);
+int sysctl_set_or_fail(const char *sysctl_path, char *old_val, const char *new_val);
+
+#endif