bpf, btf: Enforce destructor kfunc type with CFI

Ensure that registered destructor kfuncs have the same type
as btf_dtor_kfunc_t to avoid a kernel panic on systems with
CONFIG_CFI enabled.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20260110082548.113748-10-samitolvanen@google.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 539c9fdea41d9f24dfed297c8ad2a573a9a327b9..2c6076fc29b9478a9347d7d57aaca748ed033e39 100644 (file)
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -8846,6 +8846,13 @@ static int btf_check_dtor_kfuncs(struct btf *btf, const struct btf_id_dtor_kfunc
                 */
                if (!t || !btf_type_is_ptr(t))
                        return -EINVAL;
+
+               if (IS_ENABLED(CONFIG_CFI_CLANG)) {
+                       /* Ensure the destructor kfunc type matches btf_dtor_kfunc_t */
+                       t = btf_type_by_id(btf, t->type);
+                       if (!btf_type_is_void(t))
+                               return -EINVAL;
+               }
        }
        return 0;
 }