On Mon, Mar 2, 2026 at 5:15 PM Chengkaitao <[email protected]> wrote: > > On Mon, Mar 2, 2026 at 11:19 PM Mykyta Yatsenko > <[email protected]> wrote: > > > > Chengkaitao <[email protected]> writes: > > > > > From: Kaitao Cheng <[email protected]> > > > > > > If a user holds ownership of a node in the middle of a list, they > > > can directly remove it from the list without strictly adhering to > > > deletion rules from the head or tail. > > > > > > When a kfunc has only one bpf_list_node parameter, supplement the > > > initialization of the corresponding btf_field. Add a new lock_rec > > > member to struct bpf_reference_state for lock holding detection. > > > > > > This is typically paired with bpf_refcount. After calling > > > bpf_list_del, it is generally necessary to drop the reference to > > > the list node twice to prevent reference count leaks. > > > > > > Signed-off-by: Kaitao Cheng <[email protected]> > > > --- > > > include/linux/bpf_verifier.h | 4 +++ > > > kernel/bpf/btf.c | 33 +++++++++++++++++++--- > > > kernel/bpf/helpers.c | 17 ++++++++++++ > > > kernel/bpf/verifier.c | 54 ++++++++++++++++++++++++++++++++++-- > > > 4 files changed, 101 insertions(+), 7 deletions(-) > > > > > > diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h > > > index ef8e45a362d9..e1358b62d6cc 100644 > > > --- a/include/linux/bpf_verifier.h > > > +++ b/include/linux/bpf_verifier.h > > > @@ -261,6 +261,10 @@ struct bpf_reference_state { > > > * it matches on unlock. > > > */ > > > void *ptr; > > > + /* For REF_TYPE_LOCK_*: btf_record of the locked object, used for > > > lock > > > + * checking in kfuncs such as bpf_list_del. > > > + */ > > > + struct btf_record *lock_rec; > > As far as I understand this patch introduces a weaker type of > > verification: we only check that there is some lock held by the > > object of the same type as this node's head, but there is no guarantee > > it's the same instance. Please confirm if I'm right. > > What would it take to implement instance validation instead of > > type-based lock check? > > Your understanding is correct. However, I haven’t come up > with a better solution to obtain this node's head. Do you have > any suggestions? Alternatively, shall we revert to version v1? > > https://lore.kernel.org/all/[email protected]/
Let's revert to v1. Passing head just to avoid messing wit the verifier is an ok trade off.
