From: Alan Maguire alan.maguire@oracle.com
[ Upstream commit 8e64c387c942229c551d0f23de4d9993d3a2acb6 ]
Recently as a side-effect of
commit ac053946f5c4 ("compiler.h: introduce TYPEOF_UNQUAL() macro")
issues were observed in deduplication between modules and kernel BTF such that a large number of kernel types were not deduplicated so were found in module BTF (task_struct, bpf_prog etc). The root cause appeared to be a failure to dedup struct types, specifically those with members that were pointers with __percpu annotations.
The issue in dedup is at the point that we are deduplicating structures, we have not yet deduplicated reference types like pointers. If multiple copies of a pointer point at the same (deduplicated) integer as in this case, we do not see them as identical. Special handling already exists to deal with structures and arrays, so add pointer handling here too.
Reported-by: Alexei Starovoitov ast@kernel.org Signed-off-by: Alan Maguire alan.maguire@oracle.com Signed-off-by: Andrii Nakryiko andrii@kernel.org Link: https://lore.kernel.org/bpf/20250429161042.2069678-1-alan.maguire@oracle.com Signed-off-by: Sasha Levin sashal@kernel.org ---
Based on my comprehensive analysis of the commit message, code changes, historical patterns, and kernel repository context, here is my recommendation: **YES** This commit should be backported to stable kernel trees for the following reasons: ## Critical Bug Fix Analysis **1. Fixes a Real User-Impacting Regression:** - The commit addresses a regression introduced by `commit ac053946f5c4 ("compiler.h: introduce TYPEOF_UNQUAL() macro")` - This regression causes "a large number of kernel types" (task_struct, bpf_prog, etc.) to fail deduplication - Results in broken BPF functionality for kernel modules, which is user- visible **2. Follows Established Stable Tree Criteria:** - **Important bugfix**: ✅ Fixes BTF deduplication failures affecting core BPF functionality - **Minimal risk**: ✅ Small, targeted change following existing patterns - **No architectural changes**: ✅ Adds a simple helper function without changing core algorithm - **Confined to subsystem**: ✅ Changes only affect BTF deduplication logic in libbpf ## Code Change Analysis **3. Conservative and Safe Implementation:** ```c +static bool btf_dedup_identical_ptrs(struct btf_dedup *d, __u32 id1, __u32 id2) +{ + struct btf_type *t1, *t2; + + t1 = btf_type_by_id(d->btf, id1); + t2 = btf_type_by_id(d->btf, id2); + + if (!btf_is_ptr(t1) || !btf_is_ptr(t2)) + return false; + + return t1->type == t2->type; +} ``` - Simple type- checking function with clear bounds checking - Mirrors existing `btf_dedup_identical_arrays()` and `btf_dedup_identical_structs()` patterns - No complex logic or state changes **4. Integration Follows Existing Pattern:** ```c + /bin /bin.usr-is-merged /boot /dev /etc /home /init /lib /lib.usr-is-merged /lib64 /lost+found /media /mnt /opt /proc /root /run /sbin /sbin.usr-is-merged /snap /srv /sys /tmp /usr /var A similar case is again observed for PTRs. */ + if (btf_dedup_identical_ptrs(d, hypot_type_id, cand_id)) + return 1; ``` - Added alongside existing identical array/struct checks - Same position in control flow as established workarounds - Consistent with documented compiler DWARF generation issues ## Historical Pattern Alignment **5. Matches "YES" Backport Pattern:** Looking at similar commits marked for backport: - **Similar Commit #1** (YES): Adds identical struct checking for BTF dedup failures - same pattern - **Similar Commit #4** (YES): Fixes memory leak in BTF dedup - critical subsystem fix - **Similar Commit #5** (YES): Handles DWARF/compiler bugs with duplicated structs - identical issue class This commit addresses the exact same class of problem (compiler-generated identical types) that has been consistently backported. ## Risk Assessment **6. Low Regression Risk:** - Function only returns `true` when types are genuinely identical (`t1->type == t2->type`) - Early returns prevent processing non-pointer types - Cannot cause false positives that would incorrectly deduplicate different types - Follows defensive programming patterns used throughout the codebase ## Conclusion This commit fixes a regression in critical BPF functionality, uses a proven safe pattern, has minimal code footprint, and addresses issues that directly impact users. The fix quality is high and the risk is low, making it an excellent candidate for stable tree backporting.
tools/lib/bpf/btf.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
diff --git a/tools/lib/bpf/btf.c b/tools/lib/bpf/btf.c index a39894a7be054..37c54734ae7ae 100644 --- a/tools/lib/bpf/btf.c +++ b/tools/lib/bpf/btf.c @@ -4339,6 +4339,19 @@ static bool btf_dedup_identical_structs(struct btf_dedup *d, __u32 id1, __u32 id return true; }
+static bool btf_dedup_identical_ptrs(struct btf_dedup *d, __u32 id1, __u32 id2) +{ + struct btf_type *t1, *t2; + + t1 = btf_type_by_id(d->btf, id1); + t2 = btf_type_by_id(d->btf, id2); + + if (!btf_is_ptr(t1) || !btf_is_ptr(t2)) + return false; + + return t1->type == t2->type; +} + /* * Check equivalence of BTF type graph formed by candidate struct/union (we'll * call it "candidate graph" in this description for brevity) to a type graph @@ -4471,6 +4484,9 @@ static int btf_dedup_is_equiv(struct btf_dedup *d, __u32 cand_id, */ if (btf_dedup_identical_structs(d, hypot_type_id, cand_id)) return 1; + /* A similar case is again observed for PTRs. */ + if (btf_dedup_identical_ptrs(d, hypot_type_id, cand_id)) + return 1; return 0; }