kernel/bpf/btf.c | 7 +++++++ kernel/bpf/crypto.c | 8 +++++++- net/sched/bpf_qdisc.c | 8 +++++++- tools/testing/selftests/bpf/test_kmods/bpf_testmod.c | 8 +++++++- 4 files changed, 28 insertions(+), 3 deletions(-)
Hi folks, While running BPF self-tests with CONFIG_CFI (Control Flow Integrity) enabled, I ran into a couple of failures in bpf_obj_free_fields() caused by type mismatches between the btf_dtor_kfunc_t function pointer type and the registered destructor functions. It looks like we can't change the argument type for these functions to match btf_dtor_kfunc_t because the verifier doesn't like void pointer arguments for functions used in BPF programs, so this series fixes the issue by adding stubs with correct types to use as destructors for each instance of this I found in the kernel tree. The last patch changes btf_check_dtor_kfuncs() to enforce the function type when CFI is enabled, so we don't end up registering destructors that panic the kernel. Sami --- v4: - Rebased on bpf-next/master. - Renamed CONFIG_CFI_CLANG to CONFIG_CFI. - Picked up Acked/Tested-by tags. v3: https://lore.kernel.org/bpf/20250728202656.559071-6-samitolvanen@google.com/ - Renamed the functions and went back to __bpf_kfunc based on review feedback. v2: https://lore.kernel.org/bpf/20250725214401.1475224-6-samitolvanen@google.com/ - Annotated the stubs with CFI_NOSEAL to fix issues with IBT sealing on x86. - Changed __bpf_kfunc to explicit __used __retain. v1: https://lore.kernel.org/bpf/20250724223225.1481960-6-samitolvanen@google.com/ --- Sami Tolvanen (4): bpf: crypto: Use the correct destructor kfunc type bpf: net_sched: Use the correct destructor kfunc type selftests/bpf: Use the correct destructor kfunc type bpf, btf: Enforce destructor kfunc type with CFI kernel/bpf/btf.c | 7 +++++++ kernel/bpf/crypto.c | 8 +++++++- net/sched/bpf_qdisc.c | 8 +++++++- tools/testing/selftests/bpf/test_kmods/bpf_testmod.c | 8 +++++++- 4 files changed, 28 insertions(+), 3 deletions(-) base-commit: 688b745401ab16e2e1a3b504863f0a45fd345638 -- 2.52.0.487.g5c8c507ade-goog
On 11/26/25 23:17, Sami Tolvanen wrote: > Hi folks, > > While running BPF self-tests with CONFIG_CFI (Control Flow > Integrity) enabled, I ran into a couple of failures in > bpf_obj_free_fields() caused by type mismatches between the > btf_dtor_kfunc_t function pointer type and the registered > destructor functions. > > It looks like we can't change the argument type for these > functions to match btf_dtor_kfunc_t because the verifier doesn't > like void pointer arguments for functions used in BPF programs, > so this series fixes the issue by adding stubs with correct types > to use as destructors for each instance of this I found in the > kernel tree. > > The last patch changes btf_check_dtor_kfuncs() to enforce the > function type when CFI is enabled, so we don't end up registering > destructors that panic the kernel. Hi, this seems to have slipped through the cracks so I'm bumping the thread. It would be nice if we could merge this. Thanks. Viktor > > Sami > > --- > v4: > - Rebased on bpf-next/master. > - Renamed CONFIG_CFI_CLANG to CONFIG_CFI. > - Picked up Acked/Tested-by tags. > > v3: https://lore.kernel.org/bpf/20250728202656.559071-6-samitolvanen@google.com/ > - Renamed the functions and went back to __bpf_kfunc based > on review feedback. > > v2: https://lore.kernel.org/bpf/20250725214401.1475224-6-samitolvanen@google.com/ > - Annotated the stubs with CFI_NOSEAL to fix issues with IBT > sealing on x86. > - Changed __bpf_kfunc to explicit __used __retain. > > v1: https://lore.kernel.org/bpf/20250724223225.1481960-6-samitolvanen@google.com/ > > --- > Sami Tolvanen (4): > bpf: crypto: Use the correct destructor kfunc type > bpf: net_sched: Use the correct destructor kfunc type > selftests/bpf: Use the correct destructor kfunc type > bpf, btf: Enforce destructor kfunc type with CFI > > kernel/bpf/btf.c | 7 +++++++ > kernel/bpf/crypto.c | 8 +++++++- > net/sched/bpf_qdisc.c | 8 +++++++- > tools/testing/selftests/bpf/test_kmods/bpf_testmod.c | 8 +++++++- > 4 files changed, 28 insertions(+), 3 deletions(-) > > > base-commit: 688b745401ab16e2e1a3b504863f0a45fd345638
On Mon, Jan 5, 2026 at 5:56 AM Viktor Malik <vmalik@redhat.com> wrote: > > On 11/26/25 23:17, Sami Tolvanen wrote: > > Hi folks, > > > > While running BPF self-tests with CONFIG_CFI (Control Flow > > Integrity) enabled, I ran into a couple of failures in > > bpf_obj_free_fields() caused by type mismatches between the > > btf_dtor_kfunc_t function pointer type and the registered > > destructor functions. > > > > It looks like we can't change the argument type for these > > functions to match btf_dtor_kfunc_t because the verifier doesn't > > like void pointer arguments for functions used in BPF programs, > > so this series fixes the issue by adding stubs with correct types > > to use as destructors for each instance of this I found in the > > kernel tree. > > > > The last patch changes btf_check_dtor_kfuncs() to enforce the > > function type when CFI is enabled, so we don't end up registering > > destructors that panic the kernel. > > Hi, > > this seems to have slipped through the cracks so I'm bumping the thread. > It would be nice if we could merge this. It did. Please rebase, resend.
On 1/5/26 17:16, Alexei Starovoitov wrote: > On Mon, Jan 5, 2026 at 5:56 AM Viktor Malik <vmalik@redhat.com> wrote: >> >> On 11/26/25 23:17, Sami Tolvanen wrote: >>> Hi folks, >>> >>> While running BPF self-tests with CONFIG_CFI (Control Flow >>> Integrity) enabled, I ran into a couple of failures in >>> bpf_obj_free_fields() caused by type mismatches between the >>> btf_dtor_kfunc_t function pointer type and the registered >>> destructor functions. >>> >>> It looks like we can't change the argument type for these >>> functions to match btf_dtor_kfunc_t because the verifier doesn't >>> like void pointer arguments for functions used in BPF programs, >>> so this series fixes the issue by adding stubs with correct types >>> to use as destructors for each instance of this I found in the >>> kernel tree. >>> >>> The last patch changes btf_check_dtor_kfuncs() to enforce the >>> function type when CFI is enabled, so we don't end up registering >>> destructors that panic the kernel. >> >> Hi, >> >> this seems to have slipped through the cracks so I'm bumping the thread. >> It would be nice if we could merge this. > > It did. Please rebase, resend. @Sami, could you please rebase and resend? Thanks! >
© 2016 - 2026 Red Hat, Inc.