Re: [PATCH v5] btf: reject to register duplicated kfunc

From: bot+bpf-ci

Date: Wed Jun 03 2026 - 06:04:53 EST

> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 68921d9172b5..03fca4902cbd 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -8757,6 +8757,39 @@ static int btf_check_iter_kfuncs(struct btf *btf, const char *func_name,
> return 0;
> }
>
> +static int btf_check_kfunc_name(struct btf *btf, const char *func_name, u32 kind)
> +{
> +#ifdef CONFIG_DEBUG_INFO_BTF_MODULES
> + struct btf_module *btf_mod, *tmp;
> +#endif
> + s32 id;
> +
> + if (!btf_is_module(btf))
> + return 0;
> +
> + id = btf_find_by_name_kind(bpf_get_btf_vmlinux(), func_name, kind);
> + if (id >= 0) {
> + pr_err("kfunc %s (id: %d) is already present in vmlinux.\n",
> + func_name, id);
> + return -EINVAL;
> + }

Since btf_find_by_name_kind() matches any BTF_KIND_FUNC entry, can this
falsely reject a kfunc registration whose name happens to match an
unrelated internal or static function in vmlinux rather than a function
that was actually registered as a kfunc?

With CONFIG_DEBUG_INFO_BTF, the vmlinux BTF contains all global and
static functions, not only registered kfuncs.

> +
> +#ifdef CONFIG_DEBUG_INFO_BTF_MODULES
> + guard(mutex)(&btf_module_mutex);
> + list_for_each_entry_safe(btf_mod, tmp, &btf_modules, list) {
> + if (btf_mod->btf == btf)
> + continue;
> + id = btf_find_by_name_kind(btf_mod->btf, func_name, kind);
> + if (id >= 0) {
> + pr_err("kfunc %s (id: %d) is already present in module %s.\n",
> + func_name, id, btf_mod->module->name);
> + return -EINVAL;
> + }
> + }

The same question applies to the per-module scan, which walks btf_modules
and matches against every function in each module's BTF.

Could this introduce a load-order dependency between unrelated modules?
For example, if module A has a static function 'foo' and module B
registers a kfunc named 'foo', module B's registration would fail when A
is loaded first, but succeed if B is loaded first.

A module's BTF is also added to btf_modules at MODULE_STATE_COMING,
before module init calls register_btf_kfunc_id_set, so could concurrent
module loading expose raw BTF early enough to cause spurious failures
here?

Would it be more robust to check against the actually registered kfunc
sets rather than against all BTF_KIND_FUNC entries in vmlinux and every
module?

This was raised by an automated review on both the v4 and v5 postings
but does not appear to have been responded to:

https://lore.kernel.org/bpf/20260603093823.B11CE1F00893@xxxxxxxxxxxxxxx/

> +#endif
> + return 0;
> +}
> +


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/26876238212