Re: [PATCH bpf v3 1/2] bpf: Fix kfunc implicit arg inject type detection to prevent invalid pointer deref
From: Alan Maguire
Date: Thu Jun 04 2026 - 06:26:28 EST
On 04/06/2026 10:14, chenyuan wrote:
> Hi Ihor:
>> Could you please elaborate on the "incorrect type information" generated
> by pahole 1.30?
> I extracted the .BTF and .BTF.base sections from the same
> bpf_testmod.ko built with pahole 1.30 vs 1.31 to compare:
>
> # pahole 1.30 — bpf_prog_aux in split BTF, NOT in base
> $ bpftool btf dump file btf_1_30_base.bin | grep bpf_prog_aux
> (empty)
> $ bpftool btf dump -B btf_1_30_base.bin file btf_1_30.bin | grep aux
> [3172] STRUCT 'bpf_prog_aux' size=2016 vlen=87
>
> # pahole 1.31 — bpf_prog_aux in base BTF, NOT in split
> $ bpftool btf dump file btf_1_31_base.bin | grep bpf_prog_aux
> [10] STRUCT 'bpf_prog_aux' size=2016 vlen=0
> $ bpftool btf dump -B btf_1_31_base.bin file btf_1_31.bin | grep aux
> (empty)
>
> pahole 1.30 places struct bpf_prog_aux in the module's split BTF
> (instead of the distilled base). pahole 1.31 correctly moves it to
> the base BTF.
Would be worth digging a bit more here I think. To confirm is this
the v1.31 release where it is fixed or the post-1.31 pahole (i.e.
do you know the top commit for the fixed pahole version)?
pahole uses the libbpf machinery to do BTF distillation in .BTF.base
so if we know which libbpf sync has the fix that will be helpful.
The most recent pahole HEAD is synced with libbpf v1.8, but I
suspect the previous sync that occured just after v1.30 (so v1.31
had the fix but v1.30 didn't):
042d73962d35 ("pahole: Sync with libbpf mainline")
is the one. From the commit log:
"To pull in dedup fix in
commit 8e64c387c942 ("libbpf: Add identical pointer detection to btf_dedup_is_equiv()")
sync with latest libbpf."
My suspicion is that since v1.30 didn't have that fix, dedup failed for
struct bpf_prog_aux on pahole v1.30 so it wound up in split BTF and base.
v1.31 had the fix so the module bpf_prog_aux was correctly flagged as a
dup of the kernel one, therefore we did the distillation into .BTF.base
correctly.
Does this fit with your observations?
Thanks!
Alan