Re: [PATCH bpf-next v3 08/17] mm: introduce bpf_oom_kill_process() bpf kfunc

Next message: Ben Horgan: "Re: [RFC PATCH 5/5] kselftests/resctrl: Add support for CAT test on ARM"
Previous message: Helge Deller: "Re: [PATCH] fbdev: fix fb_pad_unaligned_buffer mask"
In reply to: Martin KaFai Lau: "Re: [PATCH bpf-next v3 08/17] mm: introduce bpf_oom_kill_process() bpf kfunc"
Next in thread: Roman Gushchin: "[PATCH bpf-next v3 05/17] bpf: mark struct oom_control's memcg field as TRUSTED_OR_NULL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Roman Gushchin

Date: Tue Jan 27 2026 - 15:47:59 EST

Martin KaFai Lau <martin.lau@xxxxxxxxx> writes:

> On 1/26/26 6:44 PM, Roman Gushchin wrote:
>> +static int bpf_oom_kfunc_filter(const struct bpf_prog *prog, u32 kfunc_id)
>
> The filter callback is registered for BPF_PROG_TYPE_STRUCT_OPS. It is
> checking if a kfunc_id is allowed for other struct_ops progs also,
> e.g. the bpf-tcp-cc struct_ops progs.
>
>
>> +{
>> + if (prog->type != BPF_PROG_TYPE_STRUCT_OPS ||
>> + prog->aux->attach_btf_id != bpf_oom_ops_ids[0])
>> + return -EACCES;
>
> The 'return -EACCES' should be the cause of the "calling kernel
> function XXX is not allowed" error reported by the CI. Take a look at
> btf_kfunc_is_allowed().
>
> Take a look at bpf_qdisc_kfunc_filter(). I suspect it should be
> something like this, untested:
>
> if (btf_id_set8_contains(&bpf_oom_kfuncs, kfunc_id) &&
> prog->aux->st_ops != &bpf_oom_bpf_ops)
> return -EACCES;
>
> return 0;

Oh, I see.. It's a bit surprising that these .filter() functions
have non-local effects...

Will fix in v4.

Thank you, Martin!