[PATCH V2 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset

BPF List
 help / color / mirror / Atom feed

* [PATCH V2 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset
@ 2026-05-10  3:01 Song Chen
  2026-05-10  3:37 ` bot+bpf-ci
  2026-05-12  3:56 ` Kaitao Cheng
  0 siblings, 2 replies; 3+ messages in thread
From: Song Chen @ 2026-05-10  3:01 UTC (permalink / raw)
  To: andrii, eddyz87, ast, daniel, martin.lau, song, yonghong.song,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, alexei.starovoitov
  Cc: bpf, linux-kernel, Song Chen

Use the instruction's 'off' field to indicate the source of a kfunc.
When libbpf resolves a kfunc, it sets insn->off to 0 for vmlinux
kfuncs or a non-zero module ID for module kfuncs.

The verifier now checks insn->off to determine where to look up the
kfunc address: off == 0 searches in vmlinux, while off > 0 searches
in the corresponding module BTF. This enables proper resolution of
module kfuncs that may override vmlinux kfuncs with the same name.

This works in conjunction with the libbpf change that prioritizes
module kfuncs during BTF resolution.

Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Signed-off-by: Song Chen <chensong_2000@126.com>

---
changelog:
v1 --- v2:
libbpf has already specified which module this kfunc belongs to as
ebpf code onwer's expectation, then verifier uses
find_kallsyms_symbol_value to search kfunc's addr.
---
 kernel/bpf/verifier.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 kernel/bpf/verifier.c

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
old mode 100644
new mode 100755
index 159b25f8269d..3b2e4552a3d4
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3303,6 +3303,7 @@ static struct btf *__find_kfunc_desc_btf(struct bpf_verifier_env *env,
 		 */
 		sort(tab->descs, tab->nr_descs, sizeof(tab->descs[0]),
 		     kfunc_btf_cmp_by_off, NULL);
+
 	} else {
 		btf = b->btf;
 	}
@@ -3498,7 +3499,16 @@ static int add_kfunc_call(struct bpf_verifier_env *env, u32 func_id, s16 offset)
 	if (err)
 		return err;
 
-	addr = kallsyms_lookup_name(kfunc.name);
+	if (offset) {
+		struct bpf_kfunc_btf kf_btf = { .offset = offset };
+		struct module *mod;
+		struct bpf_kfunc_btf *b;
+		b = bsearch(&kf_btf, btf_tab->descs, btf_tab->nr_descs,
+            sizeof(btf_tab->descs[0]), kfunc_btf_cmp_by_off);
+		mod = b->module;
+		addr = find_kallsyms_symbol_value(mod, kfunc.name);
+	} else
+		addr = kallsyms_lookup_name(kfunc.name);
 	if (!addr) {
 		verbose(env, "cannot find address for kernel function %s\n", kfunc.name);
 		return -EINVAL;
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH V2 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset
  2026-05-10  3:01 [PATCH V2 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset Song Chen
@ 2026-05-10  3:37 ` bot+bpf-ci
  2026-05-12  3:56 ` Kaitao Cheng
  1 sibling, 0 replies; 3+ messages in thread
From: bot+bpf-ci @ 2026-05-10  3:37 UTC (permalink / raw)
  To: chensong_2000, andrii, eddyz87, ast, daniel, martin.lau, song,
	yonghong.song, john.fastabend, kpsingh, sdf, haoluo, jolsa,
	alexei.starovoitov
  Cc: bpf, linux-kernel, chensong_2000, ast, andrii, daniel, martin.lau,
	eddyz87, yonghong.song, clm, ihor.solodrai

[-- Attachment #1: Type: text/plain, Size: 1665 bytes --]

> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> old mode 100644
> new mode 100755

Should this file really be made executable? Kernel source files should
not have the executable bit set. This appears to be an accidental
file mode change.

> index 11054ad89c14..7c7441cc3c2e
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c

[ ... ]

> @@ -2734,7 +2735,16 @@ int bpf_add_kfunc_call(struct bpf_verifier_env *env, u32 func_id, u16 offset)
>  	if (err)
>  		return err;
>
> -	addr = kallsyms_lookup_name(kfunc.name);
> +	if (offset) {
> +		struct bpf_kfunc_btf kf_btf = { .offset = offset };
> +		struct module *mod;
> +		struct bpf_kfunc_btf *b;
> +		b = bsearch(&kf_btf, btf_tab->descs, btf_tab->nr_descs,
> +            sizeof(btf_tab->descs[0]), kfunc_btf_cmp_by_off);
             ^^^^

The continuation line here uses spaces instead of tabs. Should this be
indented with tabs to match the kernel coding style?

> +		mod = b->module;
> +		addr = find_kallsyms_symbol_value(mod, kfunc.name);
> +	} else
> +		addr = kallsyms_lookup_name(kfunc.name);

The if branch uses braces for multiple statements, but the else branch
omits them. Does this match the expected style for the rest of the
file? The coding style guide suggests using braces on both branches
when one requires them.

>  	if (!addr) {
>  		verbose(env, "cannot find address for kernel function %s\n", kfunc.name);
>  		return -EINVAL;


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/25618517155

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH V2 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset
  2026-05-10  3:01 [PATCH V2 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset Song Chen
  2026-05-10  3:37 ` bot+bpf-ci
@ 2026-05-12  3:56 ` Kaitao Cheng
  1 sibling, 0 replies; 3+ messages in thread
From: Kaitao Cheng @ 2026-05-12  3:56 UTC (permalink / raw)
  To: Song Chen
  Cc: bpf, linux-kernel, andrii, ast, eddyz87, daniel, martin.lau, song,
	yonghong.song, john.fastabend, kpsingh, sdf, haoluo, jolsa,
	alexei.starovoitov

在 2026/5/10 11:01, Song Chen 写道:
> Use the instruction's 'off' field to indicate the source of a kfunc.
> When libbpf resolves a kfunc, it sets insn->off to 0 for vmlinux
> kfuncs or a non-zero module ID for module kfuncs.
> 
> The verifier now checks insn->off to determine where to look up the
> kfunc address: off == 0 searches in vmlinux, while off > 0 searches
> in the corresponding module BTF. This enables proper resolution of
> module kfuncs that may override vmlinux kfuncs with the same name.
> 
> This works in conjunction with the libbpf change that prioritizes
> module kfuncs during BTF resolution.
> 
> Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
> Signed-off-by: Song Chen <chensong_2000@126.com>
> 
> ---
> changelog:
> v1 --- v2:
> libbpf has already specified which module this kfunc belongs to as
> ebpf code onwer's expectation, then verifier uses
> find_kallsyms_symbol_value to search kfunc's addr.
> ---
>  kernel/bpf/verifier.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
>  mode change 100644 => 100755 kernel/bpf/verifier.c

In general, the second and following parts of a multi-part patch should be
sent as a reply to the first part so that they all thread together at the
receiving end.  Tools like git and quilt have commands to mail out a set of
patches with the proper threading. 

> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> old mode 100644
> new mode 100755
> index 159b25f8269d..3b2e4552a3d4
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -3303,6 +3303,7 @@ static struct btf *__find_kfunc_desc_btf(struct bpf_verifier_env *env,
>  		 */
>  		sort(tab->descs, tab->nr_descs, sizeof(tab->descs[0]),
>  		     kfunc_btf_cmp_by_off, NULL);
> +

Unnecessary change.

>  	} else {
>  		btf = b->btf;
>  	}
> @@ -3498,7 +3499,16 @@ static int add_kfunc_call(struct bpf_verifier_env *env, u32 func_id, s16 offset)
>  	if (err)
>  		return err;
>  
> -	addr = kallsyms_lookup_name(kfunc.name);
> +	if (offset) {
> +		struct bpf_kfunc_btf kf_btf = { .offset = offset };
> +		struct module *mod;
> +		struct bpf_kfunc_btf *b;
> +		b = bsearch(&kf_btf, btf_tab->descs, btf_tab->nr_descs,
> +            sizeof(btf_tab->descs[0]), kfunc_btf_cmp_by_off);

Tip: before submission, you can run scripts/checkpatch.pl to check for formatting issues.

> +		mod = b->module;
> +		addr = find_kallsyms_symbol_value(mod, kfunc.name);

struct bpf_kfunc_btf b, kf_btf = { .offset = offset };
    ......
addr = find_kallsyms_symbol_value(b->module, kfunc.name);

> +	} else
> +		addr = kallsyms_lookup_name(kfunc.name);
>  	if (!addr) {
>  		verbose(env, "cannot find address for kernel function %s\n", kfunc.name);
>  		return -EINVAL;

-- 
Thanks
Kaitao Cheng


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-05-12  3:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-10  3:01 [PATCH V2 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset Song Chen
2026-05-10  3:37 ` bot+bpf-ci
2026-05-12  3:56 ` Kaitao Cheng

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox