From: Yuan Chen <chenyuan@kylinos.cn>

v1: https://lore.kernel.org/bpf/20260407080900.551797-1-chenyuan_fl@163.com/

v1 took the approach of making btf_types_are_same() cross-BTF aware by
comparing kind, size and name.  This was correctly rejected by reviewers
(Alan Maguire, sashiko) because:
  - Two different structs can have the same name and size but different
    members, making this too permissive
  - The real root cause is that pahole 1.30 generated BTF that broke
    the distilled base deduplication for modules, causing the module to
    retain its own copy of struct bpf_prog_aux instead of resolving to
    the vmlinux definition

v2 takes a different approach: instead of weakening btf_types_are_same(),
it introduces a two-layer detection in the verifier's check_kfunc_args()
that cleanly handles the mismatch case.  A selftest is added (patch 2) as
requested by Leon and Alan.

Yuan Chen (2):
  bpf: Fix kfunc implicit arg inject type detection to prevent invalid
    pointer deref
  selftests/bpf: Add regression test for kfunc implicit arg injection
    with stale register

 kernel/bpf/verifier.c                         | 48 ++++++++++++++++++-
 .../bpf/prog_tests/test_struct_ops_assoc.c    |  5 ++
 .../selftests/bpf/progs/struct_ops_assoc.c    | 40 ++++++++++++++++
 .../selftests/bpf/test_kmods/bpf_testmod.c    |  9 ++++
 .../bpf/test_kmods/bpf_testmod_kfunc.h        |  1 +
 5 files changed, 101 insertions(+), 2 deletions(-)

-- 
2.54.0