On Mon, Mar 2, 2026 at 11:19 PM Mykyta Yatsenko <[email protected]> wrote: > > Chengkaitao <[email protected]> writes: > > > From: Kaitao Cheng <[email protected]> > > > > If a user holds ownership of a node in the middle of a list, they > > can directly remove it from the list without strictly adhering to > > deletion rules from the head or tail. > > > > When a kfunc has only one bpf_list_node parameter, supplement the > > initialization of the corresponding btf_field. Add a new lock_rec > > member to struct bpf_reference_state for lock holding detection. > > > > This is typically paired with bpf_refcount. After calling > > bpf_list_del, it is generally necessary to drop the reference to > > the list node twice to prevent reference count leaks. > > > > Signed-off-by: Kaitao Cheng <[email protected]> > > --- > > include/linux/bpf_verifier.h | 4 +++ > > kernel/bpf/btf.c | 33 +++++++++++++++++++--- > > kernel/bpf/helpers.c | 17 ++++++++++++ > > kernel/bpf/verifier.c | 54 ++++++++++++++++++++++++++++++++++-- > > 4 files changed, 101 insertions(+), 7 deletions(-) > > > > diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h > > index ef8e45a362d9..e1358b62d6cc 100644 > > --- a/include/linux/bpf_verifier.h > > +++ b/include/linux/bpf_verifier.h > > @@ -261,6 +261,10 @@ struct bpf_reference_state { > > * it matches on unlock. > > */ > > void *ptr; > > + /* For REF_TYPE_LOCK_*: btf_record of the locked object, used for lock > > + * checking in kfuncs such as bpf_list_del. > > + */ > > + struct btf_record *lock_rec; > As far as I understand this patch introduces a weaker type of > verification: we only check that there is some lock held by the > object of the same type as this node's head, but there is no guarantee > it's the same instance. Please confirm if I'm right. > What would it take to implement instance validation instead of > type-based lock check?
Your understanding is correct. However, I haven’t come up with a better solution to obtain this node's head. Do you have any suggestions? Alternatively, shall we revert to version v1? https://lore.kernel.org/all/[email protected]/
