[RFC PATCH bpf-next v2 04/11] bpf: Assign reg->id when getting referenced... | netdev

[RFC PATCH bpf-next v2 00/11] Dynptr cleanup and bugfixes · Amery Hung <hidden> · 2026-03-07
[RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Amery Hung <hidden> · 2026-03-07
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Mykyta Yatsenko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Andrii Nakryiko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Andrii Nakryiko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Andrii Nakryiko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Amery Hung <hidden> · 2026-03-12
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Andrii Nakryiko <hidden> · 2026-03-12
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Alexei Starovoitov <hidden> · 2026-03-13
Re: [RFC PATCH bpf-next v2 01/11] bpf: Set kfunc dynptr arg type flag based on prototype · Eduard Zingerman <eddyz87@gmail.com> · 2026-03-16
[RFC PATCH bpf-next v2 02/11] selftests/bpf: Test passing CONST_PTR_TO_DYNPTR to kfunc that may mutate dynptr · Amery Hung <hidden> · 2026-03-07
Re: [RFC PATCH bpf-next v2 02/11] selftests/bpf: Test passing CONST_PTR_TO_DYNPTR to kfunc that may mutate dynptr · Mykyta Yatsenko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 02/11] selftests/bpf: Test passing CONST_PTR_TO_DYNPTR to kfunc that may mutate dynptr · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 02/11] selftests/bpf: Test passing CONST_PTR_TO_DYNPTR to kfunc that may mutate dynptr · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 02/11] selftests/bpf: Test passing CONST_PTR_TO_DYNPTR to kfunc that may mutate dynptr · Eduard Zingerman <eddyz87@gmail.com> · 2026-03-16
[RFC PATCH bpf-next v2 03/11] bpf: Unify dynptr handling in the verifier · Amery Hung <hidden> · 2026-03-07
Re: [RFC PATCH bpf-next v2 03/11] bpf: Unify dynptr handling in the verifier · Mykyta Yatsenko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 03/11] bpf: Unify dynptr handling in the verifier · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 03/11] bpf: Unify dynptr handling in the verifier · Mykyta Yatsenko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 03/11] bpf: Unify dynptr handling in the verifier · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 03/11] bpf: Unify dynptr handling in the verifier · Andrii Nakryiko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 03/11] bpf: Unify dynptr handling in the verifier · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 03/11] bpf: Unify dynptr handling in the verifier · Eduard Zingerman <eddyz87@gmail.com> · 2026-03-16
[RFC PATCH bpf-next v2 04/11] bpf: Assign reg->id when getting referenced kptr from ctx · Amery Hung <hidden> · 2026-03-07
[RFC PATCH bpf-next v2 05/11] bpf: Preserve reg->id of pointer objects after null-check · Amery Hung <hidden> · 2026-03-07
Re: [RFC PATCH bpf-next v2 05/11] bpf: Preserve reg->id of pointer objects after null-check · Andrii Nakryiko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 05/11] bpf: Preserve reg->id of pointer objects after null-check · Alexei Starovoitov <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 05/11] bpf: Preserve reg->id of pointer objects after null-check · Alexei Starovoitov <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 05/11] bpf: Preserve reg->id of pointer objects after null-check · Amery Hung <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 05/11] bpf: Preserve reg->id of pointer objects after null-check · Eduard Zingerman <eddyz87@gmail.com> · 2026-03-17
[RFC PATCH bpf-next v2 06/11] bpf: Refactor object relationship tracking and fix dynptr UAF bug · Amery Hung <hidden> · 2026-03-07
Re: [RFC PATCH bpf-next v2 06/11] bpf: Refactor object relationship tracking and fix dynptr UAF bug · Andrii Nakryiko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 06/11] bpf: Refactor object relationship tracking and fix dynptr UAF bug · Amery Hung <hidden> · 2026-03-13
Re: [RFC PATCH bpf-next v2 06/11] bpf: Refactor object relationship tracking and fix dynptr UAF bug · Mykyta Yatsenko <hidden> · 2026-03-12
Re: [RFC PATCH bpf-next v2 06/11] bpf: Refactor object relationship tracking and fix dynptr UAF bug · Amery Hung <hidden> · 2026-03-13
[RFC PATCH bpf-next v2 07/11] bpf: Remove redundant dynptr arg check for helper · Amery Hung <hidden> · 2026-03-07
[RFC PATCH bpf-next v2 08/11] selftests/bpf: Test creating dynptr from dynptr data and slice · Amery Hung <hidden> · 2026-03-07
[RFC PATCH bpf-next v2 09/11] selftests/bpf: Test using dynptr after freeing the underlying object · Amery Hung <hidden> · 2026-03-07
Re: [RFC PATCH bpf-next v2 09/11] selftests/bpf: Test using dynptr after freeing the underlying object · Eduard Zingerman <eddyz87@gmail.com> · 2026-03-16
[RFC PATCH bpf-next v2 10/11] selftests/bpf: Test using slice after invalidating dynptr clone · Amery Hung <hidden> · 2026-03-07
[RFC PATCH bpf-next v2 11/11] selftests/bpf: Test using file dynptr after the reference on file is dropped · Amery Hung <hidden> · 2026-03-07
Re: [RFC PATCH bpf-next v2 00/11] Dynptr cleanup and bugfixes · Andrii Nakryiko <hidden> · 2026-03-11
Re: [RFC PATCH bpf-next v2 00/11] Dynptr cleanup and bugfixes · Amery Hung <hidden> · 2026-03-13

STALE88d

[RFC PATCH bpf-next v2 04/11] bpf: Assign reg->id when getting referenced kptr from ctx

From: Amery Hung <hidden>
Date: 2026-03-07 06:44:46
Also in: bpf
Subsystem: bpf [core], bpf [general] (safe dynamic programs and tools), the rest · Maintainers: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, Eduard Zingerman, Kumar Kartikeya Dwivedi, Linus Torvalds

Assign reg->id when getting referenced kptr from read program context
to be consistent with R0 of KF_ACQUIRE kfunc. skb dynptr will track the
referenced skb in qdisc programs using a new field reg->parent_id in
a later patch.

Signed-off-by: Amery Hung <redacted>
---
 kernel/bpf/verifier.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index d52780962adb..ea10dd611df2 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c

@@ -7754,8 +7754,6 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
 			} else {
 				mark_reg_known_zero(env, regs,
 						    value_regno);
-				if (type_may_be_null(info.reg_type))
-					regs[value_regno].id = ++env->id_gen;
 				/* A load of ctx field could have different
 				 * actual load size with the one encoded in the
 				 * insn. When the dst is PTR, it is for sure not

@@ -7765,8 +7763,11 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
 				if (base_type(info.reg_type) == PTR_TO_BTF_ID) {
 					regs[value_regno].btf = info.btf;
 					regs[value_regno].btf_id = info.btf_id;
+					regs[value_regno].id = info.ref_obj_id;
 					regs[value_regno].ref_obj_id = info.ref_obj_id;
 				}
+				if (type_may_be_null(info.reg_type) && !regs[value_regno].id)
+					regs[value_regno].id = ++env->id_gen;
 			}
 			regs[value_regno].type = info.reg_type;
 		}

-- 
2.47.3

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help