On Tue, 2026-05-12 at 13:59 +0800, Kaitao cheng wrote: > From: Kaitao Cheng <[email protected]> > > KF_ARG_PTR_TO_LIST_NODE normally requires an owning reference > (PTR_TO_BTF_ID | MEM_ALLOC with ref_obj_id). Introduce and use > the __nonown_allowed annotation on selected list-node arguments > so non-owning references with ref_obj_id==0 are accepted as well. > > This enables passing bpf_list_front() / bpf_list_back() results to: > > bpf_list_add() as insertion point (prev) > bpf_list_del() as deletion target (node) > bpf_list_is_first/last() as query target (node) > > Verifier keeps existing owning-ref checks by default; only arguments > annotated with __nonown_allowed bypass MEM_ALLOC/ref_obj_id checks > and then follow the same list-node validation path. > > Signed-off-by: Kaitao Cheng <[email protected]> > ---
Reviewed-by: Eduard Zingerman <[email protected]> [...] > @@ -12017,6 +12022,13 @@ static int check_kfunc_args(struct bpf_verifier_env > *env, struct bpf_kfunc_call_ > return ret; > break; > case KF_ARG_PTR_TO_LIST_NODE: > + if (is_kfunc_arg_nonown_allowed(btf, &args[i]) && > + type_is_non_owning_ref(reg->type) && > !reg->ref_obj_id) { ^^^^^^^^^^^^^^^^ Nit: I think this check is redundant, type_is_non_owning_ref() should suffice. > + /* Allow bpf_list_front/back return value for > + * __nonown_allowed list-node arguments. > + */ > + goto check_ok; > + } > if (reg->type != (PTR_TO_BTF_ID | MEM_ALLOC)) { > verbose(env, "%s expected pointer to allocated > object\n", > reg_arg_name(env, argno)); [...]
