selftests/bpf: add file dynptr tests

Introducing selftests for validating file-backed dynptr works as
expected.
 * validate implementation supports dynptr slice and read operations
 * validate destructors should be paired with initializers

Signed-off-by: Mykyta Yatsenko <[email protected]>

Author: mykyta5

tools/testing/selftests/bpf/prog_tests/file_reader.c

@@ -0,0 +1,68 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */
+
+#include <test_progs.h>
+#include <network_helpers.h>
+#include "file_reader.skel.h"
+#include "file_reader_fail.skel.h"
+
+__thread int tls_counter;
+const char *user_ptr = "hello world";
+char file_contents[256000];
+
+static int initialize_file_contents(void)
+{
+	int fd;
+	ssize_t n;
+	int err = 0;
+
+	fd = open("/proc/self/exe", O_RDONLY);
+	if (!ASSERT_GT(fd, 0, "Open /proc/self/exe\n"))
+		return 1;
+
+	n = read(fd, file_contents, sizeof(file_contents));
+	if (!ASSERT_EQ(n, sizeof(file_contents), "Read /proc/self/exe\n"))
+		err = 1;
+
+	close(fd);
+
+	return err;
+}
+
+static void run_tests(void)
+{
+	struct file_reader *skel;
+	int err;
+	char data[256];
+	LIBBPF_OPTS(bpf_test_run_opts, opts, .data_in = &data, .repeat = 1,
+		    .data_size_in = sizeof(data));
+
+	skel = file_reader__open_and_load();
+	if (!ASSERT_OK_PTR(skel, "file_reader__open_and_load"))
+		return;
+
+	err = initialize_file_contents();
+	if (!ASSERT_OK(err, "initialize file contents"))
+		goto cleanup;
+
+	skel->bss->user_ptr = (void *)user_ptr;
+	skel->bss->user_buf = file_contents;
+
+	err = file_reader__attach(skel);
+	if (!ASSERT_OK(err, "file_reader__attach"))
+		goto cleanup;
+
+	getpid();
+
+	ASSERT_EQ(skel->bss->err, 0, "err");
+cleanup:
+	file_reader__destroy(skel);
+}
+
+void test_file_reader(void)
+{
+	if (test__start_subtest("test_file_reader"))
+		run_tests();
+
+	RUN_TESTS(file_reader_fail);
+}

tools/testing/selftests/bpf/progs/file_reader.c

@@ -0,0 +1,229 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */
+
+#include <vmlinux.h>
+#include <string.h>
+#include <stdbool.h>
+#include <bpf/bpf_tracing.h>
+#include "bpf_misc.h"
+
+#define ELFMAG "\177ELF"
+#define SELFMAG 4
+#define ET_NONE 0
+#define ET_REL 1
+#define ET_EXEC 2
+#define ET_DYN 3
+#define ET_CORE 4
+#define ET_LOPROC 0xff00
+#define ET_HIPROC 0xffff
+#define EI_CLASS 4
+#define ELFCLASS32 1
+#define ELFCLASS64 2
+#define STT_TLS 6
+
+#define ELF_ST_BIND(x) ((x) >> 4)
+#define ELF_ST_TYPE(x) ((x) & 0xf)
+#define ELF32_ST_BIND(x) ELF_ST_BIND(x)
+#define ELF32_ST_TYPE(x) ELF_ST_TYPE(x)
+#define ELF64_ST_BIND(x) ELF_ST_BIND(x)
+#define ELF64_ST_TYPE(x) ELF_ST_TYPE(x)
+
+char _license[] SEC("license") = "GPL";
+
+struct {
+	__uint(type, BPF_MAP_TYPE_ARRAY);
+	__uint(max_entries, 1);
+	__type(key, int);
+	__type(value, struct elem);
+} arrmap SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_RINGBUF);
+	__uint(max_entries, 10000000);
+} ringbuf SEC(".maps");
+
+struct elem {
+	struct file *file;
+	struct bpf_task_work tw;
+};
+
+int err;
+void *user_ptr;
+char buf[1024];
+char *user_buf;
+const __u32 user_buf_sz = 256000;
+
+static int process_vma(struct task_struct *task, struct vm_area_struct *vma, void *data);
+static int search_elf(struct file *file);
+static int validate_large_file_read(struct file *file);
+static int task_work_callback(struct bpf_map *map, void *key, void *value);
+
+SEC("raw_tp/sys_enter")
+int on_getpid(void *ctx)
+{
+	struct task_struct *task = bpf_get_current_task_btf();
+	struct elem *work;
+	int key = 0;
+
+	work = bpf_map_lookup_elem(&arrmap, &key);
+	if (!work) {
+		err = 1;
+		return 0;
+	}
+	bpf_task_work_schedule_signal(task, &work->tw, &arrmap, task_work_callback, NULL);
+	return 0;
+}
+
+static int task_work_callback(struct bpf_map *map, void *key, void *value)
+{
+	struct task_struct *task = bpf_get_current_task_btf();
+
+	bpf_find_vma(task, (unsigned long)user_ptr, process_vma, NULL, 0);
+	return 0;
+}
+
+static int process_vma(struct task_struct *task, struct vm_area_struct *vma, void *data)
+{
+	err = validate_large_file_read(vma->vm_file);
+	if (err)
+		return err;
+
+	return search_elf(vma->vm_file);
+}
+
+static __noinline int validate_large_file_read(struct file *file)
+{
+	struct bpf_dynptr dynptr;
+	int err, i;
+	char *rbuf1 = NULL, *rbuf2 = NULL;
+
+	if (!file) {
+		err = 1;
+		return 1;
+	}
+
+	err = bpf_dynptr_from_file(file, 0, &dynptr);
+	if (err)
+		goto cleanup_file;
+
+	rbuf1 = bpf_ringbuf_reserve(&ringbuf, user_buf_sz, 0);
+	if (!rbuf1)
+		goto cleanup_file;
+
+	rbuf2 = bpf_ringbuf_reserve(&ringbuf, user_buf_sz, 0);
+	if (!rbuf2)
+		goto cleanup_all;
+
+	bpf_dynptr_read(rbuf1, user_buf_sz, &dynptr, 0, 0);
+	bpf_copy_from_user(rbuf2, user_buf_sz, user_buf);
+
+	bpf_for(i, 0, user_buf_sz) {
+		if (rbuf1[i] != rbuf2[i]) {
+			err = 1;
+			break;
+		}
+	}
+
+cleanup_all:
+	if (rbuf1)
+		bpf_ringbuf_discard(rbuf1, 0);
+	if (rbuf2)
+		bpf_ringbuf_discard(rbuf2, 0);
+cleanup_file:
+	bpf_dynptr_file_discard(&dynptr);
+	return err ? 1: 0;
+}
+
+/* Finds thread local variable `tls_counter` in this executable's ELF */
+static int search_elf(struct file *file)
+{
+	Elf64_Ehdr ehdr;
+	Elf64_Shdr shdrs;
+	Elf64_Shdr symtab, strtab, tmp;
+	const Elf64_Sym *symbol;
+	int count, off, i, e_shnum, e_shoff, e_shentsize, sections = 0;
+	const char *string;
+	struct bpf_dynptr dynptr;
+	const __u32 slen = 11;
+	static const char *needle = "tls_counter";
+
+	if (!file) {
+		err = 1;
+		return 1;
+	}
+
+	err = bpf_dynptr_from_file(file, 0, &dynptr);
+	if (err)
+		goto fail;
+
+	err = bpf_dynptr_read(&ehdr, sizeof(ehdr), &dynptr, 0, 0);
+	if (err)
+		goto fail;
+
+	if (memcmp(ehdr.e_ident, ELFMAG, SELFMAG) != 0)
+		goto fail;
+
+	if (ehdr.e_type != ET_EXEC && ehdr.e_type != ET_DYN)
+		goto fail;
+
+	if (ehdr.e_ident[EI_CLASS] != ELFCLASS64)
+		goto fail;
+
+	e_shnum = ehdr.e_shnum;
+	e_shoff = ehdr.e_shoff;
+	e_shentsize = ehdr.e_shentsize;
+
+	err = bpf_dynptr_read(&shdrs, sizeof(shdrs), &dynptr,
+			      e_shoff + e_shentsize * ehdr.e_shstrndx, 0);
+	if (err)
+		goto fail;
+
+	off = shdrs.sh_offset;
+
+	__builtin_memset(&symtab, 0, sizeof(symtab));
+	__builtin_memset(&strtab, 0, sizeof(strtab));
+	bpf_for(i, 0, e_shnum)
+	{
+		err = bpf_dynptr_read(&tmp, sizeof(Elf64_Shdr), &dynptr, e_shoff + e_shentsize * i,
+				      0);
+		if (err)
+			goto fail;
+
+		string = bpf_dynptr_slice(&dynptr, off + tmp.sh_name, buf, slen);
+		if (!string)
+			goto fail;
+
+		if (bpf_strncmp(string, slen, ".symtab") == 0) {
+			symtab = tmp;
+			++sections;
+		} else if (bpf_strncmp(string, slen, ".strtab") == 0) {
+			strtab = tmp;
+			++sections;
+		}
+		if (sections == 2)
+			break;
+	}
+	if (sections != 2)
+		goto fail;
+
+	count = symtab.sh_size / sizeof(Elf64_Sym);
+	bpf_for(i, 0, count)
+	{
+		symbol = bpf_dynptr_slice(&dynptr, symtab.sh_offset + sizeof(Elf64_Sym) * i, buf,
+					  sizeof(Elf64_Sym));
+		if (!symbol)
+			goto fail;
+		if (symbol->st_name == 0 || ELF64_ST_TYPE(symbol->st_info) != STT_TLS)
+			continue;
+		string = bpf_dynptr_slice(&dynptr, strtab.sh_offset + symbol->st_name, buf, slen);
+		if (!string)
+			goto fail;
+		if (bpf_strncmp(string, slen, needle) == 0)
+			goto success;
+	}
+fail:
+	err = 1;
+success:
+	bpf_dynptr_file_discard(&dynptr);
+	return err ? 1 : 0;
+}

tools/testing/selftests/bpf/progs/file_reader_fail.c

@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */
+
+#include <vmlinux.h>
+#include <string.h>
+#include <stdbool.h>
+#include <bpf/bpf_tracing.h>
+#include "bpf_misc.h"
+
+char _license[] SEC("license") = "GPL";
+
+int err;
+void *user_ptr;
+
+char buf[256];
+
+static long process_vma_unreleased_ref(struct task_struct *task, struct vm_area_struct *vma,
+				       void *data)
+{
+	struct bpf_dynptr dynptr;
+
+	if (!vma->vm_file)
+		return 1;
+
+	err = bpf_dynptr_from_file(vma->vm_file, 0, &dynptr);
+	return err ? 1 : 0;
+}
+
+SEC("fentry.s/" SYS_PREFIX "sys_nanosleep")
+__failure __msg("Unreleased reference id=") int on_nanosleep_unreleased_ref(void *ctx)
+{
+	struct task_struct *task = bpf_get_current_task_btf();
+
+	bpf_find_vma(task, (unsigned long)user_ptr, process_vma_unreleased_ref, NULL, 0);
+	return 0;
+}