> selftests/bpf: Cover refcount acquire node offsets
>
> Add regression coverage for bpf_refcount_acquire() on graph-node-derived
> pointers.
>
> The accepted case pops a list node and normalizes it with container_of()
> before acquiring a refcount. The rejected cases pass popped list and
> rbtree
> node pointers directly to bpf_refcount_acquire(), which must fail because
> those pointers carry non-zero fixed offsets.
>
> Signed-off-by: Yiyang Chen <[email protected]>
This adds coverage for a verifier bug where bpf_refcount_acquire() did not
require its argument to have a zero offset, so graph-node-derived pointers
from bpf_list_pop_front()/bpf_rbtree_remove() carrying a fixed node-field
offset could pass the type check. The companion kernel fix that rejects
those offset arguments tags the commit that introduced the kfunc. Should
this selftest commit carry the same tag?
Fixes: 7c50b1cb76aca ("bpf: Add bpf_refcount_acquire kfunc")
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/27814304568
