[PATCH bpf-next v3 0/4] bpf: Show precise rejected function when attaching to __noreturn and deny list functions
Show precise rejected function when attaching fexit/fmod_ret to __noreturn functions. Add log for attaching tracing programs to functions in deny list. Add selftest for attaching tracing programs to functions in deny list. Migrate fexit_noreturns case into tracing_failure test suite.
changes: v3: - add tracing_deny case into existing files (Alexei) - migrate fexit_noreturns into tracing_failure - change SOB
v2: - change verifier log message (Alexei) - add missing Suggested-by https://lore.kernel.org/bpf/20250714120408.1627128-1-mannkafai@gmail.com/
v1: https://lore.kernel.org/all/20250710162717.3808020-1-mannkafai@gmail.com/
--- KaFai Wan (4): bpf: Show precise rejected function when attaching fexit/fmod_ret to __noreturn functions bpf: Add log for attaching tracing programs to functions in deny list selftests/bpf: Add selftest for attaching tracing programs to functions in deny list selftests/bpf: Migrate fexit_noreturns case into tracing_failure test suite
kernel/bpf/verifier.c | 5 +- .../bpf/prog_tests/fexit_noreturns.c | 9 ---- .../bpf/prog_tests/tracing_failure.c | 52 +++++++++++++++++++ .../selftests/bpf/progs/fexit_noreturns.c | 15 ------ .../selftests/bpf/progs/tracing_failure.c | 12 +++++ 5 files changed, 68 insertions(+), 25 deletions(-) delete mode 100644 tools/testing/selftests/bpf/prog_tests/fexit_noreturns.c delete mode 100644 tools/testing/selftests/bpf/progs/fexit_noreturns.c
With this change, we know the precise rejected function name when attaching fexit/fmod_ret to __noreturn functions from log.
$ ./fexit libbpf: prog 'fexit': BPF program load failed: -EINVAL libbpf: prog 'fexit': -- BEGIN PROG LOAD LOG -- Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected.
Suggested-by: Leon Hwang leon.hwang@linux.dev Signed-off-by: KaFai Wan kafai.wan@linux.dev --- kernel/bpf/verifier.c | 3 ++- tools/testing/selftests/bpf/progs/fexit_noreturns.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e2fcea860755..00d287814f12 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -23946,7 +23946,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) } else if ((prog->expected_attach_type == BPF_TRACE_FEXIT || prog->expected_attach_type == BPF_MODIFY_RETURN) && btf_id_set_contains(&noreturn_deny, btf_id)) { - verbose(env, "Attaching fexit/fmod_ret to __noreturn functions is rejected.\n"); + verbose(env, "Attaching fexit/fmod_ret to __noreturn function '%s' is rejected.\n", + tgt_info.tgt_name); return -EINVAL; }
diff --git a/tools/testing/selftests/bpf/progs/fexit_noreturns.c b/tools/testing/selftests/bpf/progs/fexit_noreturns.c index 54654539f550..b1c33d958ae2 100644 --- a/tools/testing/selftests/bpf/progs/fexit_noreturns.c +++ b/tools/testing/selftests/bpf/progs/fexit_noreturns.c @@ -8,7 +8,7 @@ char _license[] SEC("license") = "GPL";
SEC("fexit/do_exit") -__failure __msg("Attaching fexit/fmod_ret to __noreturn functions is rejected.") +__failure __msg("Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected.") int BPF_PROG(noreturns) { return 0;
On Tue, Jul 22, 2025 at 11:35 PM KaFai Wan kafai.wan@linux.dev wrote:
With this change, we know the precise rejected function name when attaching fexit/fmod_ret to __noreturn functions from log.
$ ./fexit libbpf: prog 'fexit': BPF program load failed: -EINVAL libbpf: prog 'fexit': -- BEGIN PROG LOAD LOG -- Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected.
Suggested-by: Leon Hwang leon.hwang@linux.dev Signed-off-by: KaFai Wan kafai.wan@linux.dev
Acked-by: Yafang Shao laoar.shao@gmail.com
kernel/bpf/verifier.c | 3 ++- tools/testing/selftests/bpf/progs/fexit_noreturns.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e2fcea860755..00d287814f12 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -23946,7 +23946,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) } else if ((prog->expected_attach_type == BPF_TRACE_FEXIT || prog->expected_attach_type == BPF_MODIFY_RETURN) && btf_id_set_contains(&noreturn_deny, btf_id)) {
verbose(env, "Attaching fexit/fmod_ret to __noreturn functions is rejected.\n");
verbose(env, "Attaching fexit/fmod_ret to __noreturn function '%s' is rejected.\n",tgt_info.tgt_name); return -EINVAL; }diff --git a/tools/testing/selftests/bpf/progs/fexit_noreturns.c b/tools/testing/selftests/bpf/progs/fexit_noreturns.c index 54654539f550..b1c33d958ae2 100644 --- a/tools/testing/selftests/bpf/progs/fexit_noreturns.c +++ b/tools/testing/selftests/bpf/progs/fexit_noreturns.c @@ -8,7 +8,7 @@ char _license[] SEC("license") = "GPL";
SEC("fexit/do_exit") -__failure __msg("Attaching fexit/fmod_ret to __noreturn functions is rejected.") +__failure __msg("Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected.") int BPF_PROG(noreturns) { return 0; -- 2.43.0
On 7/22/25 8:34 AM, KaFai Wan wrote:
With this change, we know the precise rejected function name when attaching fexit/fmod_ret to __noreturn functions from log.
$ ./fexit libbpf: prog 'fexit': BPF program load failed: -EINVAL libbpf: prog 'fexit': -- BEGIN PROG LOAD LOG -- Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected.
Suggested-by: Leon Hwang leon.hwang@linux.dev Signed-off-by: KaFai Wan kafai.wan@linux.dev
Acked-by: Yonghong Song yonghong.song@linux.dev
Show the rejected function name when attaching tracing programs to functions in deny list.
With this change, we know why tracing programs can't attach to functions like migrate_disable() from log.
$ ./fentry libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG -- Attaching tracing programs to function 'migrate_disable' is rejected.
Suggested-by: Leon Hwang leon.hwang@linux.dev Signed-off-by: KaFai Wan kafai.wan@linux.dev --- kernel/bpf/verifier.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 00d287814f12..c24c0d57e595 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -23942,6 +23942,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) return ret; } else if (prog->type == BPF_PROG_TYPE_TRACING && btf_id_set_contains(&btf_id_deny, btf_id)) { + verbose(env, "Attaching tracing programs to function '%s' is rejected.\n", + tgt_info.tgt_name); return -EINVAL; } else if ((prog->expected_attach_type == BPF_TRACE_FEXIT || prog->expected_attach_type == BPF_MODIFY_RETURN) &&
On Tue, Jul 22, 2025 at 11:35 PM KaFai Wan kafai.wan@linux.dev wrote:
Show the rejected function name when attaching tracing programs to functions in deny list.
With this change, we know why tracing programs can't attach to functions like migrate_disable() from log.
$ ./fentry libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG -- Attaching tracing programs to function 'migrate_disable' is rejected.
Suggested-by: Leon Hwang leon.hwang@linux.dev Signed-off-by: KaFai Wan kafai.wan@linux.dev
Acked-by: Yafang Shao laoar.shao@gmail.com
kernel/bpf/verifier.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 00d287814f12..c24c0d57e595 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -23942,6 +23942,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) return ret; } else if (prog->type == BPF_PROG_TYPE_TRACING && btf_id_set_contains(&btf_id_deny, btf_id)) {
verbose(env, "Attaching tracing programs to function '%s' is rejected.\n",tgt_info.tgt_name); return -EINVAL; } else if ((prog->expected_attach_type == BPF_TRACE_FEXIT || prog->expected_attach_type == BPF_MODIFY_RETURN) &&-- 2.43.0
On 7/22/25 8:34 AM, KaFai Wan wrote:
Show the rejected function name when attaching tracing programs to functions in deny list.
With this change, we know why tracing programs can't attach to functions like migrate_disable() from log.
$ ./fentry libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG -- Attaching tracing programs to function 'migrate_disable' is rejected.
Suggested-by: Leon Hwang leon.hwang@linux.dev Signed-off-by: KaFai Wan kafai.wan@linux.dev
Acked-by: Yonghong Song yonghong.song@linux.dev
The result:
$ tools/testing/selftests/bpf/test_progs -t tracing_failure/tracing_deny #468/3 tracing_failure/tracing_deny:OK #468 tracing_failure:OK Summary: 1/1 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: KaFai Wan kafai.wan@linux.dev --- .../bpf/prog_tests/tracing_failure.c | 33 +++++++++++++++++++ .../selftests/bpf/progs/tracing_failure.c | 6 ++++ 2 files changed, 39 insertions(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/tracing_failure.c b/tools/testing/selftests/bpf/prog_tests/tracing_failure.c index a222df765bc3..140fb0d175cf 100644 --- a/tools/testing/selftests/bpf/prog_tests/tracing_failure.c +++ b/tools/testing/selftests/bpf/prog_tests/tracing_failure.c @@ -28,10 +28,43 @@ static void test_bpf_spin_lock(bool is_spin_lock) tracing_failure__destroy(skel); }
+static void test_tracing_deny(void) +{ + struct tracing_failure *skel; + char log_buf[256]; + int btf_id, err; + + /* migrate_disable depends on CONFIG_SMP */ + btf_id = libbpf_find_vmlinux_btf_id("migrate_disable", BPF_TRACE_FENTRY); + if (btf_id <= 0) { + test__skip(); + return; + } + + skel = tracing_failure__open(); + if (!ASSERT_OK_PTR(skel, "tracing_failure__open")) + return; + + bpf_program__set_autoload(skel->progs.tracing_deny, true); + bpf_program__set_log_buf(skel->progs.tracing_deny, log_buf, sizeof(log_buf)); + + err = tracing_failure__load(skel); + if (!ASSERT_ERR(err, "tracing_failure__load")) + goto out; + + ASSERT_HAS_SUBSTR(log_buf, + "Attaching tracing programs to function 'migrate_disable' is rejected.", + "log_buf"); +out: + tracing_failure__destroy(skel); +} + void test_tracing_failure(void) { if (test__start_subtest("bpf_spin_lock")) test_bpf_spin_lock(true); if (test__start_subtest("bpf_spin_unlock")) test_bpf_spin_lock(false); + if (test__start_subtest("tracing_deny")) + test_tracing_deny(); } diff --git a/tools/testing/selftests/bpf/progs/tracing_failure.c b/tools/testing/selftests/bpf/progs/tracing_failure.c index d41665d2ec8c..dfa152e8194e 100644 --- a/tools/testing/selftests/bpf/progs/tracing_failure.c +++ b/tools/testing/selftests/bpf/progs/tracing_failure.c @@ -18,3 +18,9 @@ int BPF_PROG(test_spin_unlock, struct bpf_spin_lock *lock) { return 0; } + +SEC("?fentry/migrate_disable") +int BPF_PROG(tracing_deny) +{ + return 0; +}
On 7/22/25 8:34 AM, KaFai Wan wrote:
The result:
$ tools/testing/selftests/bpf/test_progs -t tracing_failure/tracing_deny #468/3 tracing_failure/tracing_deny:OK #468 tracing_failure:OK Summary: 1/1 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: KaFai Wan kafai.wan@linux.dev
LGTM but see a nit below.
Acked-by: Yonghong Song yonghong.song@linux.dev
.../bpf/prog_tests/tracing_failure.c | 33 +++++++++++++++++++ .../selftests/bpf/progs/tracing_failure.c | 6 ++++ 2 files changed, 39 insertions(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/tracing_failure.c b/tools/testing/selftests/bpf/prog_tests/tracing_failure.c index a222df765bc3..140fb0d175cf 100644 --- a/tools/testing/selftests/bpf/prog_tests/tracing_failure.c +++ b/tools/testing/selftests/bpf/prog_tests/tracing_failure.c @@ -28,10 +28,43 @@ static void test_bpf_spin_lock(bool is_spin_lock) tracing_failure__destroy(skel); } +static void test_tracing_deny(void) +{
- struct tracing_failure *skel;
- char log_buf[256];
- int btf_id, err;
- /* migrate_disable depends on CONFIG_SMP */
- btf_id = libbpf_find_vmlinux_btf_id("migrate_disable", BPF_TRACE_FENTRY);
- if (btf_id <= 0) {
test__skip();return;- }
There is a discussion about inlining migrate_disable(). See https://lore.kernel.org/bpf/CAADnVQ+Afov4E=9t=3M=zZmO9z4ZqT6imWD5xijDHshTf3J...
Maybe trying to find a different function? Otherwise, if migrate_disable is inlined and this test will become useless.
- skel = tracing_failure__open();
- if (!ASSERT_OK_PTR(skel, "tracing_failure__open"))
return;- bpf_program__set_autoload(skel->progs.tracing_deny, true);
- bpf_program__set_log_buf(skel->progs.tracing_deny, log_buf, sizeof(log_buf));
- err = tracing_failure__load(skel);
- if (!ASSERT_ERR(err, "tracing_failure__load"))
goto out;- ASSERT_HAS_SUBSTR(log_buf,
"Attaching tracing programs to function 'migrate_disable' is rejected.","log_buf");+out:
- tracing_failure__destroy(skel);
+}
- void test_tracing_failure(void) { if (test__start_subtest("bpf_spin_lock")) test_bpf_spin_lock(true); if (test__start_subtest("bpf_spin_unlock")) test_bpf_spin_lock(false);
- if (test__start_subtest("tracing_deny"))
test_tracing_deny();diff --git a/tools/testing/selftests/bpf/progs/tracing_failure.c b/tools/testing/selftests/bpf/progs/tracing_failure.c index d41665d2ec8c..dfa152e8194e 100644 --- a/tools/testing/selftests/bpf/progs/tracing_failure.c +++ b/tools/testing/selftests/bpf/progs/tracing_failure.c @@ -18,3 +18,9 @@ int BPF_PROG(test_spin_unlock, struct bpf_spin_lock *lock) { return 0; }
+SEC("?fentry/migrate_disable") +int BPF_PROG(tracing_deny) +{
- return 0;
+}
Delete fexit_noreturns.c files and migrate the cases into tracing_failure.c files.
The result:
$ tools/testing/selftests/bpf/test_progs -t tracing_failure/fexit_noreturns #467/4 tracing_failure/fexit_noreturns:OK #467 tracing_failure:OK Summary: 1/1 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: KaFai Wan kafai.wan@linux.dev --- .../bpf/prog_tests/fexit_noreturns.c | 9 ---- .../bpf/prog_tests/tracing_failure.c | 47 +++++++++++++------ .../selftests/bpf/progs/fexit_noreturns.c | 15 ------ .../selftests/bpf/progs/tracing_failure.c | 6 +++ 4 files changed, 39 insertions(+), 38 deletions(-) delete mode 100644 tools/testing/selftests/bpf/prog_tests/fexit_noreturns.c delete mode 100644 tools/testing/selftests/bpf/progs/fexit_noreturns.c
diff --git a/tools/testing/selftests/bpf/prog_tests/fexit_noreturns.c b/tools/testing/selftests/bpf/prog_tests/fexit_noreturns.c deleted file mode 100644 index 568d3aa48a78..000000000000 --- a/tools/testing/selftests/bpf/prog_tests/fexit_noreturns.c +++ /dev/null @@ -1,9 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 - -#include <test_progs.h> -#include "fexit_noreturns.skel.h" - -void test_fexit_noreturns(void) -{ - RUN_TESTS(fexit_noreturns); -} diff --git a/tools/testing/selftests/bpf/prog_tests/tracing_failure.c b/tools/testing/selftests/bpf/prog_tests/tracing_failure.c index 140fb0d175cf..01c1997b705f 100644 --- a/tools/testing/selftests/bpf/prog_tests/tracing_failure.c +++ b/tools/testing/selftests/bpf/prog_tests/tracing_failure.c @@ -28,37 +28,54 @@ static void test_bpf_spin_lock(bool is_spin_lock) tracing_failure__destroy(skel); }
-static void test_tracing_deny(void) +static void test_tracing_fail_prog(const char *prog_name, const char *exp_msg) { struct tracing_failure *skel; + struct bpf_program *prog; char log_buf[256]; - int btf_id, err; - - /* migrate_disable depends on CONFIG_SMP */ - btf_id = libbpf_find_vmlinux_btf_id("migrate_disable", BPF_TRACE_FENTRY); - if (btf_id <= 0) { - test__skip(); - return; - } + int err;
skel = tracing_failure__open(); if (!ASSERT_OK_PTR(skel, "tracing_failure__open")) return;
- bpf_program__set_autoload(skel->progs.tracing_deny, true); - bpf_program__set_log_buf(skel->progs.tracing_deny, log_buf, sizeof(log_buf)); + prog = bpf_object__find_program_by_name(skel->obj, prog_name); + if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name")) + goto out; + + bpf_program__set_autoload(prog, true); + bpf_program__set_log_buf(prog, log_buf, sizeof(log_buf));
err = tracing_failure__load(skel); if (!ASSERT_ERR(err, "tracing_failure__load")) goto out;
- ASSERT_HAS_SUBSTR(log_buf, - "Attaching tracing programs to function 'migrate_disable' is rejected.", - "log_buf"); + ASSERT_HAS_SUBSTR(log_buf, exp_msg, "log_buf"); out: tracing_failure__destroy(skel); }
+static void test_tracing_deny(void) +{ + int btf_id; + + /* migrate_disable depends on CONFIG_SMP */ + btf_id = libbpf_find_vmlinux_btf_id("migrate_disable", BPF_TRACE_FENTRY); + if (btf_id <= 0) { + test__skip(); + return; + } + + test_tracing_fail_prog("tracing_deny", + "Attaching tracing programs to function 'migrate_disable' is rejected."); +} + +static void test_fexit_noreturns(void) +{ + test_tracing_fail_prog("fexit_noreturns", + "Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected."); +} + void test_tracing_failure(void) { if (test__start_subtest("bpf_spin_lock")) @@ -67,4 +84,6 @@ void test_tracing_failure(void) test_bpf_spin_lock(false); if (test__start_subtest("tracing_deny")) test_tracing_deny(); + if (test__start_subtest("fexit_noreturns")) + test_fexit_noreturns(); } diff --git a/tools/testing/selftests/bpf/progs/fexit_noreturns.c b/tools/testing/selftests/bpf/progs/fexit_noreturns.c deleted file mode 100644 index b1c33d958ae2..000000000000 --- a/tools/testing/selftests/bpf/progs/fexit_noreturns.c +++ /dev/null @@ -1,15 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 - -#include <linux/bpf.h> -#include <bpf/bpf_helpers.h> -#include <bpf/bpf_tracing.h> -#include "bpf_misc.h" - -char _license[] SEC("license") = "GPL"; - -SEC("fexit/do_exit") -__failure __msg("Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected.") -int BPF_PROG(noreturns) -{ - return 0; -} diff --git a/tools/testing/selftests/bpf/progs/tracing_failure.c b/tools/testing/selftests/bpf/progs/tracing_failure.c index dfa152e8194e..70a123e8fe9c 100644 --- a/tools/testing/selftests/bpf/progs/tracing_failure.c +++ b/tools/testing/selftests/bpf/progs/tracing_failure.c @@ -24,3 +24,9 @@ int BPF_PROG(tracing_deny) { return 0; } + +SEC("?fexit/do_exit") +int BPF_PROG(fexit_noreturns) +{ + return 0; +}
On 7/22/25 8:34 AM, KaFai Wan wrote:
Delete fexit_noreturns.c files and migrate the cases into tracing_failure.c files.
The result:
$ tools/testing/selftests/bpf/test_progs -t tracing_failure/fexit_noreturns #467/4 tracing_failure/fexit_noreturns:OK #467 tracing_failure:OK Summary: 1/1 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: KaFai Wan kafai.wan@linux.dev
Acked-by: Yonghong Song yonghong.song@linux.dev
linux-kselftest-mirror@lists.linaro.org
-
KaFai Wan -
Yafang Shao -
Yonghong Song