Re: [PATCH bpf-next v3 08/17] mm: introduce bpf_oom_kill_process() bpf kfunc

Next message: Gregory Price: "Re: [PATCH v3 3/3] mm/vmscan: don't demote if there is not enough free memory in the lower memory tier"
Previous message: Cosmin Tanislav: "[PATCH v2 2/3] arm64: dts: renesas: r9a09g077: wire up DMA support for SPI"
In reply to: Roman Gushchin: "[PATCH bpf-next v3 08/17] mm: introduce bpf_oom_kill_process() bpf kfunc"
Next in thread: Roman Gushchin: "Re: [PATCH bpf-next v3 08/17] mm: introduce bpf_oom_kill_process() bpf kfunc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Martin KaFai Lau

Date: Tue Jan 27 2026 - 15:21:16 EST

On 1/26/26 6:44 PM, Roman Gushchin wrote:

+static int bpf_oom_kfunc_filter(const struct bpf_prog *prog, u32 kfunc_id)

The filter callback is registered for BPF_PROG_TYPE_STRUCT_OPS. It is checking if a kfunc_id is allowed for other struct_ops progs also, e.g. the bpf-tcp-cc struct_ops progs.

+{
+ if (prog->type != BPF_PROG_TYPE_STRUCT_OPS ||
+ prog->aux->attach_btf_id != bpf_oom_ops_ids[0])
+ return -EACCES;

The 'return -EACCES' should be the cause of the "calling kernel function XXX is not allowed" error reported by the CI. Take a look at btf_kfunc_is_allowed().

Take a look at bpf_qdisc_kfunc_filter(). I suspect it should be something like this, untested:

if (btf_id_set8_contains(&bpf_oom_kfuncs, kfunc_id) &&
prog->aux->st_ops != &bpf_oom_bpf_ops)
return -EACCES;

return 0;

+
+static const struct btf_kfunc_id_set bpf_oom_kfunc_set = {
+ .owner = THIS_MODULE,
+ .set = &bpf_oom_kfuncs,
+ .filter = bpf_oom_kfunc_filter,
+};
+
+static int __init bpf_oom_init(void)
+{
+ int err;
+
+ err = register_btf_kfunc_id_set(BPF_PROG_TYPE_STRUCT_OPS,
+ &bpf_oom_kfunc_set);