Re: [PATCH bpf v4 2/2] selftests/bpf: Add regression test for kfunc implicit arg injection

[Eduard Zingerman]

On Tue, 2026-06-02 at 17:38 +0800, chenyuan_fl@xxxxxxx wrote:
> From: Yuan Chen <chenyuan@xxxxxxxxxx>
> 
> The preceding patch fixes a silent fallthrough in check_kfunc_args()
> that could cause the verifier to skip bpf_prog_aux injection for
> KF_IMPLICIT_ARGS kfuncs when module BTF is inconsistent with vmlinux
> (e.g. pahole 1.30 breaking distilled base dedup).
> 
> Add a positive regression test that verifies the injection path works
> correctly under normal conditions (pahole 1.31+).  The test contaminates
> BPF R2 with a magic value 0xDEAD via inline assembly before calling a
> KF_IMPLICIT_ARGS kfunc associated with a struct_ops map.  The kfunc
> validates that the kernel overwrote R2 with the real bpf_prog_aux
> pointer rather than leaving the stale value.
> 
> The specific pahole 1.30 BTF mismatch scenario cannot be tested with
> CI (which uses pahole 1.31), but this test ensures the injection
> mechanism remains correct and does not regress.
> 
> Signed-off-by: Yuan Chen <chenyuan@xxxxxxxxxx>
> ---

I think that such test makes sense, it allows to verify if implicit
struct bpf_prog_aux parameter works as expected when kfunc is defined
in a module.

However, I'd suggest to hijack bpf_testmod.c:bpf_kfunc_implicit_arg()
and verify a field like aux->name. Hence making sure that bpf_prog_aux
is passed correctly. E.g.:

  int bpf_kfunc_implicit_arg(int a, struct bpf_prog_aux *aux)
  {
	if (strcmp(aux->name, "...expected name...") == 0 && a > 0)
		return a;
	return -EINVAL;
  }

Thus keeping the changes to a minimum.

[...]