lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <f5d7058d44d03e21fecfdeb4c6b7d0329ff4f764fe24aa6f86d5c5da9ccfa3ad@mail.kernel.org>
Date: Wed, 21 Jan 2026 02:16:04 +0000 (UTC)
From: bot+bpf-ci@...nel.org
To: chensong_2000@....cn,martin.lau@...ux.dev,ast@...nel.org,daniel@...earbox.net,andrii@...nel.org,eddyz87@...il.com,song@...nel.org,yonghong.song@...ux.dev,john.fastabend@...il.com,kpsingh@...nel.org,sdf@...ichev.me,haoluo@...gle.com,jolsa@...nel.org
Cc: bpf@...r.kernel.org,linux-kernel@...r.kernel.org,chensong_2000@....cn,ast@...nel.org,andrii@...nel.org,daniel@...earbox.net,martin.lau@...nel.org,eddyz87@...il.com,yonghong.song@...ux.dev,clm@...a.com,ihor.solodrai@...ux.dev
Subject: Re: [PATCH] kernel/bpf/btf.c: reject to register duplicated kfunc

> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index d10b3404260f..b4ded7669642 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -8615,12 +8615,23 @@ static int btf_check_iter_kfuncs(struct btf *btf, const char *func_name,
>  	return 0;
>  }
>
> -static int btf_check_kfunc_protos(struct btf *btf, u32 func_id, u32 func_flags)
> +static int btf_check_kfunc_protos(struct btf *btf, u32 func_id, u32 func_flags,
> +			const struct module *module)
>  {
>  	const struct btf_type *func;
>  	const char *func_name;
>  	int err;
>
> +	/* check if there is any duplicated kfunc in vmlinux */
> +	if (module) {
> +		func = btf_type_by_id(btf_vmlinux, func_id);

The func_id parameter comes from the module's BTF (via btf_relocate_id),
but this code looks it up in btf_vmlinux. BTF type IDs are specific to
each BTF - vmlinux and modules have independent ID namespaces.

Is this lookup correct? btf_type_by_id(btf_vmlinux, func_id) will return
whatever type happens to be at that numeric ID in vmlinux, not the type
with the same name as the module's kfunc. For example, if the module's
kfunc has BTF ID 100, this returns vmlinux type ID 100, which is likely
an unrelated struct or typedef.

This seems like it would cause false positives - any module kfunc
registration would fail if its BTF ID happens to fall within vmlinux's
BTF ID range (vmlinux typically has tens of thousands of types).

To detect duplicate names, shouldn't this use btf_find_by_name_kind()
to search by the function name instead of btf_type_by_id()?

> +		if (func) {
> +			pr_err("kfunc %s is already present in vmlinux\n",
> +						btf_name_by_offset(btf_vmlinux, func->name_off));

Since func is an unrelated vmlinux type (not the module's kfunc), this
error message prints the wrong function name - it shows whatever random
vmlinux type was found at that ID, not the module's kfunc name.

> +			return -EINVAL;
> +		}
> +	}

[ ... ]

> @@ -8911,7 +8922,7 @@ static int __register_btf_kfunc_id_set(enum btf_kfunc_hook hook,
>
>  	for (i = 0; i < kset->set->cnt; i++) {
>  		ret = btf_check_kfunc_protos(btf, btf_relocate_id(btf, kset->set->pairs[i].id),
> -					     kset->set->pairs[i].flags);
> +					     kset->set->pairs[i].flags, kset->owner);

This shows that func_id passed to btf_check_kfunc_protos is from the
module's BTF (btf_relocate_id operates on the module's btf), confirming
the namespace mismatch when it gets looked up in btf_vmlinux above.

>  		if (ret)
>  			goto err_out;
>  	}


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21194595610

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ