[PATCH 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset

Next message: Song Chen: "[PATCH 0/2] Enable module kfuncs to override vmlinux kfuncs"
Previous message: kernel test robot: "[gustavoars:testing/wfamnae-next20260408 8/20] ./usr/include/asm/setup_data.h:35:30: error: declaration does not declare anything"
Next in thread: bot+bpf-ci: "Re: [PATCH 2/2] kernel/bpf/verifier: Support module kfunc resolution via instruction offset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Song Chen

Date: Thu Apr 30 2026 - 01:48:45 EST

Use the instruction's 'off' field to indicate the source of a kfunc.
When libbpf resolves a kfunc, it sets insn->off to 0 for vmlinux
kfuncs or a non-zero module ID for module kfuncs.

The verifier now checks insn->off to determine where to look up the
kfunc address: off == 0 searches in vmlinux, while off > 0 searches
in the corresponding module BTF. This enables proper resolution of
module kfuncs that may override vmlinux kfuncs with the same name.

This works in conjunction with the libbpf change that prioritizes
module kfuncs during BTF resolution.

Suggested-by: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
Signed-off-by: Song Chen <chensong_2000@xxxxxxx>
---
kernel/bpf/verifier.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 159b25f8269d..93f275e3c1e5 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3498,7 +3498,10 @@ static int add_kfunc_call(struct bpf_verifier_env *env, u32 func_id, s16 offset)
if (err)
return err;

- addr = kallsyms_lookup_name(kfunc.name);
+ if (offset)
+ addr = module_kallsyms_lookup_name(kfunc.name);
+ else
+ addr = kallsyms_lookup_name(kfunc.name);
if (!addr) {
verbose(env, "cannot find address for kernel function %s\n", kfunc.name);
return -EINVAL;
--
2.43.0