Re: [PATCH bpf-next 1/2] bpf: Reject flexible-array allocation types

bot+bpf-ci Sun, 21 Jun 2026 22:45:27 -0700

> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 2abc79dbf281..c3a574cc0d09 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c


[ ... ]

> @@ -12749,6 +12773,10 @@ static int check_special_kfunc(struct 
> bpf_verifier_env *env, struct bpf_kfunc_ca
>                       verbose(env, "bpf_obj_new/bpf_percpu_obj_new type ID 
> argument must be of a struct\n");
>                       return -EINVAL;
>               }
> +             if (btf_type_has_trailing_flex_array(ret_btf, ret_t)) {
> +                     verbose(env, "bpf_obj_new type must not contain a 
> flexible array\n");
> +                     return -EINVAL;
> +             }

This isn't a bug, but this branch handles both is_bpf_obj_new_kfunc and
is_bpf_percpu_obj_new_kfunc, and the message just above uses the dual form
"bpf_obj_new/bpf_percpu_obj_new".

Should this new message also say "bpf_obj_new/bpf_percpu_obj_new" so it
reads correctly when it fires for a bpf_percpu_obj_new() call?

>
>               if (is_bpf_percpu_obj_new_kfunc(meta->func_id)) {
>                       if (ret_t->size > BPF_GLOBAL_PERCPU_MA_MAX_SIZE) {


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/27931273498

Re: [PATCH bpf-next 1/2] bpf: Reject flexible-array allocation types

Reply via email to