Re: [PATCH bpf-next v2 1/6] bpf: Introduce 64-bit bitops kfuncs

From: Leon Hwang

Date: Sat Feb 21 2026 - 07:51:11 EST

On 2026/2/21 17:58, Dan Carpenter wrote:
> Hi Leon,
>
> kernel test robot noticed the following build warnings:
>
> url: https://github.com/intel-lab-lkp/linux/commits/Leon-Hwang/bpf-Introduce-64-bit-bitops-kfuncs/20260219-223550
> base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
> patch link: https://lore.kernel.org/r/20260219142933.13904-2-leon.hwang%40linux.dev
> patch subject: [PATCH bpf-next v2 1/6] bpf: Introduce 64-bit bitops kfuncs
> config: i386-randconfig-141-20260220 (https://download.01.org/0day-ci/archive/20260221/202602210241.E7Q88vvq-lkp@xxxxxxxxx/config)
> compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
> smatch version: v0.5.0-8994-gd50c5a4c
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@xxxxxxxxx>
> | Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> | Closes: https://lore.kernel.org/r/202602210241.E7Q88vvq-lkp@xxxxxxxxx/
>
> smatch warnings:
> kernel/bpf/verifier.c:18245 bpf_kfunc_is_fastcall() error: buffer overflow 'special_kfunc_list' 64 <= 64
>
> vim +/special_kfunc_list +18245 kernel/bpf/verifier.c
>
> 966e89879bbea4 Leon Hwang 2026-02-19 18223 static bool bpf_kfunc_is_fastcall(struct bpf_verifier_env *env, u32 func_id, u32 flags)
> 966e89879bbea4 Leon Hwang 2026-02-19 18224 {
> 966e89879bbea4 Leon Hwang 2026-02-19 18225 if (!(flags & KF_FASTCALL))
> 966e89879bbea4 Leon Hwang 2026-02-19 18226 return false;
> 966e89879bbea4 Leon Hwang 2026-02-19 18227
> 966e89879bbea4 Leon Hwang 2026-02-19 18228 if (!env->prog->jit_requested)
> 966e89879bbea4 Leon Hwang 2026-02-19 18229 return true;
> 966e89879bbea4 Leon Hwang 2026-02-19 18230
> 966e89879bbea4 Leon Hwang 2026-02-19 18231 if (func_id == special_kfunc_list[KF_bpf_clz64])
> 966e89879bbea4 Leon Hwang 2026-02-19 18232 return bpf_jit_inlines_kfunc_call(bpf_clz64);
> 966e89879bbea4 Leon Hwang 2026-02-19 18233 if (func_id == special_kfunc_list[KF_bpf_ctz64])
> 966e89879bbea4 Leon Hwang 2026-02-19 18234 return bpf_jit_inlines_kfunc_call(bpf_ctz64);
> 966e89879bbea4 Leon Hwang 2026-02-19 18235 if (func_id == special_kfunc_list[KF_bpf_ffs64])
> 966e89879bbea4 Leon Hwang 2026-02-19 18236 return bpf_jit_inlines_kfunc_call(bpf_ffs64);
> 966e89879bbea4 Leon Hwang 2026-02-19 18237 if (func_id == special_kfunc_list[KF_bpf_fls64])
> 966e89879bbea4 Leon Hwang 2026-02-19 18238 return bpf_jit_inlines_kfunc_call(bpf_fls64);
> 966e89879bbea4 Leon Hwang 2026-02-19 18239 if (func_id == special_kfunc_list[KF_bpf_bitrev64])
> 966e89879bbea4 Leon Hwang 2026-02-19 18240 return bpf_jit_inlines_kfunc_call(bpf_bitrev64);
> 966e89879bbea4 Leon Hwang 2026-02-19 18241 if (func_id == special_kfunc_list[KF_bpf_popcnt64])
> 966e89879bbea4 Leon Hwang 2026-02-19 18242 return bpf_jit_inlines_kfunc_call(bpf_popcnt64);
> 966e89879bbea4 Leon Hwang 2026-02-19 18243 if (func_id == special_kfunc_list[KF_bpf_rol64])
> 966e89879bbea4 Leon Hwang 2026-02-19 18244 return bpf_jit_inlines_kfunc_call(bpf_rol64);
> 966e89879bbea4 Leon Hwang 2026-02-19 @18245 if (func_id == special_kfunc_list[KF_bpf_ror64])
> ^^^^^^^^^^^^
> special_kfunc_list[] has 64 elements and KF_bpf_ror64 is 64 so
> this is out of bounds.
>

Ack.

I'll try a new way using KF_JIT_MAY_INLINE flag in the next revision,
which will avoid adding these kfuncs to special_kfunc_list btw.

Thanks,
Leon

> 966e89879bbea4 Leon Hwang 2026-02-19 18246 return bpf_jit_inlines_kfunc_call(bpf_ror64);
> 966e89879bbea4 Leon Hwang 2026-02-19 18247
> 966e89879bbea4 Leon Hwang 2026-02-19 18248 return true;
> 966e89879bbea4 Leon Hwang 2026-02-19 18249 }
>