Re: [PATCH v5 3/6] bpf: add bpf_list_add_impl to insert node after a given list node

Tue, 03 Mar 2026 19:51:01 -0800 

> Add a new kfunc bpf_list_add_impl(head, new, prev, meta, off) that
> inserts 'new' after 'prev' in the BPF linked list. Both must be in
> the same list; 'prev' must already be in the list.

"Both must be in the same list" reads as though new and prev are
both already present in the list, but the code requires new to have
owner == NULL (via the cmpxchg check), meaning new must not be in
any list.  Would something like "prev must already be in the list
headed by head" be clearer here?

> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c

[ ... ]

> @@ -23195,13 +23200,15 @@ struct bpf_insn addr[2] = { BPF_LD_IMM64(BPF_REG_2, 
> (long)kptr_struct_meta) };
>               *cnt = 3;
>       } else if (desc->func_id == 
> special_kfunc_list[KF_bpf_list_push_back_impl] ||
>                  desc->func_id == 
> special_kfunc_list[KF_bpf_list_push_front_impl] ||
> +                desc->func_id == special_kfunc_list[KF_bpf_list_add_impl] ||
>                  desc->func_id == special_kfunc_list[KF_bpf_rbtree_add_impl]) 
> {
>               struct btf_struct_meta *kptr_struct_meta = 
> env->insn_aux_data[insn_idx].kptr_struct_meta;
>               int struct_meta_reg = BPF_REG_3;
>               int node_offset_reg = BPF_REG_4;
>
> -             /* rbtree_add has extra 'less' arg, so args-to-fixup are in 
> diff regs */
> -             if (desc->func_id == 
> special_kfunc_list[KF_bpf_rbtree_add_impl]) {
> +             /* They has extra arg, so args-to-fixup are in diff regs */
                   ^^^^^^^^

"They has" should be "They have" or "These have".

The original comment also explained why the extra arg exists
(rbtree_add has a 'less' callback).  Could this be updated to
mention both cases, e.g. "list_add_impl and rbtree_add_impl have
an extra arg (prev / less), so args-to-fixup are in different
regs"?

> +             if (desc->func_id == special_kfunc_list[KF_bpf_list_add_impl] ||
> +                 desc->func_id == 
> special_kfunc_list[KF_bpf_rbtree_add_impl]) {
>                       struct_meta_reg = BPF_REG_4;
>                       node_offset_reg = BPF_REG_5;
>               }


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/22653666378

Reply via email to