On 7/25/25 2:44 PM, Sami Tolvanen wrote:
Hi folks, While running BPF self-tests with CONFIG_CFI_CLANG (Clang Control Flow Integrity) enabled, I ran into a couple of CFI failures in bpf_obj_free_fields() caused by type mismatches between the btf_dtor_kfunc_t function pointer type and the registered destructor functions. It looks like we can't change the argument type for these functions to match btf_dtor_kfunc_t because the verifier doesn't like void pointer arguments for functions used in BPF programs, so this series fixes the issue by adding stubs with correct types to use as destructors for each instance of this I found in the kernel tree. The last patch changes btf_check_dtor_kfuncs() to enforce the function type when CFI is enabled, so we don't end up registering destructors that panic the kernel. Perhaps this is something we could enforce even without CONFIG_CFI_CLANG? Sami --- v2: - Annotated the stubs with CFI_NOSEAL to fix issues with IBT sealing on x86. - Changed __bpf_kfunc to explicit __used __retain. v1: https://lore.kernel.org/bpf/20250724223225.1481960-6-samitolvanen@xxxxxxxxxx/ --- Sami Tolvanen (4): bpf: crypto: Use the correct destructor kfunc type bpf: net_sched: Use the correct destructor kfunc type selftests/bpf: Use the correct destructor kfunc type bpf, btf: Enforce destructor kfunc type with CFI kernel/bpf/btf.c | 7 +++++++ kernel/bpf/crypto.c | 9 ++++++++- net/sched/bpf_qdisc.c | 9 ++++++++- tools/testing/selftests/bpf/test_kmods/bpf_testmod.c | 9 ++++++++- 4 files changed, 31 insertions(+), 3 deletions(-) base-commit: 95993dc3039e29dabb9a50d074145d4cb757b08b
With this patch set and no CONFIG_CFI_CLANG in .config, the bpf selftests work okay. In bpf ci, CONFIG_CFI_CLANG is not enabled. But if enabling CONFIG_CFI_CLANG, this patch set fixed ./test_progs run issue, but there are some test failures like === test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000d581 - ffffffffa000d558 > 39 processed 4 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 #32/186 btf/line_info (No subprog):FAIL test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000dee5 - ffffffffa000debc > 39 processed 4 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 #32/189 btf/line_info (No subprog. zero tailing line_info:FAIL ... test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000e069 - ffffffffa000e040 > 38 processed 9 insns (limit 1000000) max_states_per_insn 0 total_states 1 peak_states 1 mark_read 0 #32/202 btf/line_info (dead subprog + dead start w/ move):FAIL #32 btf:FAIL === The failure probably not related to this patch, but rather related to CONFIG_CFI_CLANG itself. I will debug this separately.
