fix(ebpf): prevent file descriptor leak in resource retrieval

shivansh-gohem · shivansh-gohem · commit 293563096fa3 · 2026-03-28T17:37:01.000Z
Signed-off-by: Shivansh Sahu &lt;sahushivansh142@gmail.com&gt;
diff --git a/pkg/utils/ebpf.go b/pkg/utils/ebpf.go
@@ -34,23 +34,23 @@ func GetProgramByName(name string) (*ebpf.Program, error) {
 
 	for {
 		if progID, err = ebpf.ProgramGetNextID(progID); err != nil {
-			err = fmt.Errorf("failed to get system next program id, err is %v\n", err)
-			return nil, err
+			return nil, fmt.Errorf("failed to get system next program id: %w", err)
 		}
 
 		if targetProg, err = ebpf.NewProgramFromID(progID); err != nil {
-			err = fmt.Errorf("failed to get new program from id:%v, err is %v\n", progID, err)
-			return nil, err
+			return nil, fmt.Errorf("failed to get new program from id:%v: %w", progID, err)
 		}
 
 		if targetProgInfo, err = targetProg.Info(); err != nil {
-			err = fmt.Errorf("failed to get new program info from fd:%v, err is %v\n", targetProg, err)
-			return nil, err
+			targetProg.Close()
+			return nil, fmt.Errorf("failed to get new program info from fd:%v: %w", targetProg, err)
 		}
 
 		if strings.Compare(targetProgInfo.Name, name) == 0 {
 			return targetProg, nil
 		}
+
+		targetProg.Close()
 	}
 }
 
@@ -66,22 +66,22 @@ func GetMapByName(name string) (*ebpf.Map, error) {
 
 	for {
 		if mapID, err = ebpf.MapGetNextID(mapID); err != nil {
-			err = fmt.Errorf("failed to get system next map id, err is %v\n", err)
-			return nil, err
+			return nil, fmt.Errorf("failed to get system next map id: %w", err)
 		}
 
 		if targetMap, err = ebpf.NewMapFromID(mapID); err != nil {
-			err = fmt.Errorf("failed to get new map from id:%v, err is %v\n", mapID, err)
-			return nil, err
+			return nil, fmt.Errorf("failed to get new map from id:%v: %w", mapID, err)
 		}
 
 		if targetMapInfo, err = targetMap.Info(); err != nil {
-			err = fmt.Errorf("failed to get new map info from fd:%v, err is %v\n", targetMap, err)
-			return nil, err
+			targetMap.Close()
+			return nil, fmt.Errorf("failed to get new map info from fd:%v: %w", targetMap, err)
 		}
 
 		if strings.Compare(targetMapInfo.Name, name) == 0 {
 			return targetMap, nil
 		}
+
+		targetMap.Close()
 	}
 }
diff --git a/pkg/utils/ebpf_test.go b/pkg/utils/ebpf_test.go
@@ -0,0 +1,68 @@
+//go:build linux
+// +build linux
+
+package utils
+
+import (
+	"fmt"
+	"os"
+	"testing"
+)
+
+// countOpenFDs returns the number of open file descriptors for the current process.
+// It returns an error if /proc is not available (e.g., non-Linux environments).
+func countOpenFDs(t *testing.T) int {
+	t.Helper()
+	pid := os.Getpid()
+	fds, err := os.ReadDir(fmt.Sprintf("/proc/%d/fd", pid))
+	if err != nil {
+		t.Fatalf("failed to read /proc/%d/fd: %v", pid, err)
+	}
+	return len(fds)
+}
+
+func TestGetProgramByName_FDLeak(t *testing.T) {
+	initialFDs := countOpenFDs(t)
+	t.Logf("Initial open File Descriptors: %d", initialFDs)
+
+	// Call the function in a loop.
+	// Searching for a non-existent program forces it to iterate through ALL
+	// loaded BPF programs, which would previously leak an FD for every single one.
+	for i := 0; i < 100; i++ {
+		_, err := GetProgramByName("non_existent_fake_prog_12345")
+		if err == nil {
+			t.Fatal("expected error for non-existent program, got nil")
+		}
+	}
+
+	finalFDs := countOpenFDs(t)
+	t.Logf("Final open File Descriptors: %d", finalFDs)
+
+	if finalFDs > initialFDs+10 {
+		t.Fatalf("FD LEAK DETECTED! Started with %d FDs, ended with %d FDs.", initialFDs, finalFDs)
+	}
+	t.Log("No leak detected.")
+}
+
+func TestGetMapByName_FDLeak(t *testing.T) {
+	initialFDs := countOpenFDs(t)
+	t.Logf("Initial open File Descriptors: %d", initialFDs)
+
+	// Call the function in a loop.
+	// Searching for a non-existent map forces it to iterate through ALL
+	// loaded BPF maps, which would previously leak an FD for every single one.
+	for i := 0; i < 100; i++ {
+		_, err := GetMapByName("non_existent_fake_map_12345")
+		if err == nil {
+			t.Fatal("expected error for non-existent map, got nil")
+		}
+	}
+
+	finalFDs := countOpenFDs(t)
+	t.Logf("Final open File Descriptors: %d", finalFDs)
+
+	if finalFDs > initialFDs+10 {
+		t.Fatalf("FD LEAK DETECTED! Started with %d FDs, ended with %d FDs.", initialFDs, finalFDs)
+	}
+	t.Log("No leak detected.")
+}

Original file line number	Diff line number	Diff line change
`@@ -34,23 +34,23 @@ func GetProgramByName(name string) (*ebpf.Program, error) {`
`34`	`34`
`35`	`35`	`for {`
`36`	`36`	`if progID, err = ebpf.ProgramGetNextID(progID); err != nil {`
`37`		`- err = fmt.Errorf("failed to get system next program id, err is %v\n", err)`
`38`		`- return nil, err`
	`37`	`+ return nil, fmt.Errorf("failed to get system next program id: %w", err)`
`39`	`38`	`}`
`40`	`39`
`41`	`40`	`if targetProg, err = ebpf.NewProgramFromID(progID); err != nil {`
`42`		`- err = fmt.Errorf("failed to get new program from id:%v, err is %v\n", progID, err)`
`43`		`- return nil, err`
	`41`	`+ return nil, fmt.Errorf("failed to get new program from id:%v: %w", progID, err)`
`44`	`42`	`}`
`45`	`43`
`46`	`44`	`if targetProgInfo, err = targetProg.Info(); err != nil {`
`47`		`- err = fmt.Errorf("failed to get new program info from fd:%v, err is %v\n", targetProg, err)`
`48`		`- return nil, err`
	`45`	`+ targetProg.Close()`
	`46`	`+ return nil, fmt.Errorf("failed to get new program info from fd:%v: %w", targetProg, err)`
`49`	`47`	`}`
`50`	`48`
`51`	`49`	`if strings.Compare(targetProgInfo.Name, name) == 0 {`
`52`	`50`	`return targetProg, nil`
`53`	`51`	`}`
	`52`	`+`
	`53`	`+ targetProg.Close()`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`
`@@ -66,22 +66,22 @@ func GetMapByName(name string) (*ebpf.Map, error) {`
`66`	`66`
`67`	`67`	`for {`
`68`	`68`	`if mapID, err = ebpf.MapGetNextID(mapID); err != nil {`
`69`		`- err = fmt.Errorf("failed to get system next map id, err is %v\n", err)`
`70`		`- return nil, err`
	`69`	`+ return nil, fmt.Errorf("failed to get system next map id: %w", err)`
`71`	`70`	`}`
`72`	`71`
`73`	`72`	`if targetMap, err = ebpf.NewMapFromID(mapID); err != nil {`
`74`		`- err = fmt.Errorf("failed to get new map from id:%v, err is %v\n", mapID, err)`
`75`		`- return nil, err`
	`73`	`+ return nil, fmt.Errorf("failed to get new map from id:%v: %w", mapID, err)`
`76`	`74`	`}`
`77`	`75`
`78`	`76`	`if targetMapInfo, err = targetMap.Info(); err != nil {`
`79`		`- err = fmt.Errorf("failed to get new map info from fd:%v, err is %v\n", targetMap, err)`
`80`		`- return nil, err`
	`77`	`+ targetMap.Close()`
	`78`	`+ return nil, fmt.Errorf("failed to get new map info from fd:%v: %w", targetMap, err)`
`81`	`79`	`}`
`82`	`80`
`83`	`81`	`if strings.Compare(targetMapInfo.Name, name) == 0 {`
`84`	`82`	`return targetMap, nil`
`85`	`83`	`}`
	`84`	`+`
	`85`	`+ targetMap.Close()`
`86`	`86`	`}`
`87`	`87`	`}`