On 7/24/25 3:32 PM, Sami Tolvanen wrote:
> With CONFIG_CFI_CLANG enabled, the kernel strictly enforces that
> indirect function calls use a function pointer type that matches the
> target function. I ran into the following type mismatch when running
> BPF self-tests:
>
> CFI failure at bpf_obj_free_fields+0x190/0x238 (target:
> bpf_crypto_ctx_release+0x0/0x94; expected type: 0xa488ebfc)
> Internal error: Oops - CFI: 00000000f2008228 [#1] SMP
> ...
>
> As bpf_crypto_ctx_release() is also used in BPF programs and using
> a void pointer as the argument would make the verifier unhappy, add
> a simple stub function with the correct type and register it as the
> destructor kfunc instead.
>
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> ---
> kernel/bpf/crypto.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c
> index 94854cd9c4cc..b703b1d1c282 100644
> --- a/kernel/bpf/crypto.c
> +++ b/kernel/bpf/crypto.c
> @@ -261,6 +261,11 @@ __bpf_kfunc void bpf_crypto_ctx_release(struct bpf_crypto_ctx *ctx)
> call_rcu(&ctx->rcu, crypto_free_cb);
> }
>
> +__bpf_kfunc void __bpf_crypto_ctx_release(void *ctx)
We are not really creating a kfunc here. The function is merely
to be used for destructor. So you can replace '__bpf_kfunc' with
'__used __retain'.
> +{
> + bpf_crypto_ctx_release(ctx);
> +}
> +
> static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx,
> const struct bpf_dynptr_kern *src,
> const struct bpf_dynptr_kern *dst,
> @@ -368,7 +373,7 @@ static const struct btf_kfunc_id_set crypt_kfunc_set = {
>
> BTF_ID_LIST(bpf_crypto_dtor_ids)
> BTF_ID(struct, bpf_crypto_ctx)
> -BTF_ID(func, bpf_crypto_ctx_release)
> +BTF_ID(func, __bpf_crypto_ctx_release)
>
> static int __init crypto_kfunc_init(void)
> {