Re: [PATCH bpf-next v2 0/4] Use correct destructor kfunc types

From: Yonghong Song
Date: Fri Jul 25 2025 - 19:42:55 EST

Next message: Reinette Chatre: "Re: [PATCH v7 20/31] x86,fs/resctrl: Fill in details of events for guid 0x26696143 and 0x26557651"
Previous message: Reinette Chatre: "Re: [PATCH v7 19/31] x86/resctrl: Complete telemetry event enumeration"
In reply to: Sami Tolvanen: "[PATCH bpf-next v2 3/4] selftests/bpf: Use the correct destructor kfunc type"
Next in thread: Sami Tolvanen: "Re: [PATCH bpf-next v2 0/4] Use correct destructor kfunc types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/25/25 2:44 PM, Sami Tolvanen wrote:

Hi folks,

While running BPF self-tests with CONFIG_CFI_CLANG (Clang Control
Flow Integrity) enabled, I ran into a couple of CFI failures
in bpf_obj_free_fields() caused by type mismatches between
the btf_dtor_kfunc_t function pointer type and the registered
destructor functions.

It looks like we can't change the argument type for these
functions to match btf_dtor_kfunc_t because the verifier doesn't
like void pointer arguments for functions used in BPF programs,
so this series fixes the issue by adding stubs with correct types
to use as destructors for each instance of this I found in the
kernel tree.

The last patch changes btf_check_dtor_kfuncs() to enforce the
function type when CFI is enabled, so we don't end up registering
destructors that panic the kernel. Perhaps this is something we
could enforce even without CONFIG_CFI_CLANG?

Sami

---
v2:
- Annotated the stubs with CFI_NOSEAL to fix issues with IBT
sealing on x86.
- Changed __bpf_kfunc to explicit __used __retain.

v1: https://lore.kernel.org/bpf/20250724223225.1481960-6-samitolvanen@xxxxxxxxxx/

---
Sami Tolvanen (4):
bpf: crypto: Use the correct destructor kfunc type
bpf: net_sched: Use the correct destructor kfunc type
selftests/bpf: Use the correct destructor kfunc type
bpf, btf: Enforce destructor kfunc type with CFI

kernel/bpf/btf.c | 7 +++++++
kernel/bpf/crypto.c | 9 ++++++++-
net/sched/bpf_qdisc.c | 9 ++++++++-
tools/testing/selftests/bpf/test_kmods/bpf_testmod.c | 9 ++++++++-
4 files changed, 31 insertions(+), 3 deletions(-)

base-commit: 95993dc3039e29dabb9a50d074145d4cb757b08b

With this patch set and no CONFIG_CFI_CLANG in .config,
the bpf selftests work okay. In bpf ci, CONFIG_CFI_CLANG
is not enabled.

But if enabling CONFIG_CFI_CLANG, this patch set fixed
./test_progs run issue, but there are some test failures
like

===
test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000d581 - ffffffffa000d558 > 39
processed 4 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
#32/186 btf/line_info (No subprog):FAIL

test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000dee5 - ffffffffa000debc > 39
processed 4 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
#32/189 btf/line_info (No subprog. zero tailing line_info:FAIL

...

test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000e069 - ffffffffa000e040 > 38
processed 9 insns (limit 1000000) max_states_per_insn 0 total_states 1 peak_states 1 mark_read 0
#32/202 btf/line_info (dead subprog + dead start w/ move):FAIL
#32 btf:FAIL
===

The failure probably not related to this patch, but rather related
to CONFIG_CFI_CLANG itself. I will debug this separately.

Next message: Reinette Chatre: "Re: [PATCH v7 20/31] x86,fs/resctrl: Fill in details of events for guid 0x26696143 and 0x26557651"
Previous message: Reinette Chatre: "Re: [PATCH v7 19/31] x86/resctrl: Complete telemetry event enumeration"
In reply to: Sami Tolvanen: "[PATCH bpf-next v2 3/4] selftests/bpf: Use the correct destructor kfunc type"
Next in thread: Sami Tolvanen: "Re: [PATCH bpf-next v2 0/4] Use correct destructor kfunc types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]