Re: [PATCH bpf-next] selftests/bpf: Add test for struct_ops __ref argument in any position

[Varun R Mallya]

On Sat, Mar 21, 2026 at 10:13:45PM +0000, bot+bpf-ci@xxxxxxxxxx wrote:
> 
> Will this test pass without Keisuke's fix [0] being applied first?

No, it needs to be applied first. 

> The stub function has task__nullable as the second argument and
> task__ref as the third.  prepare_arg_info() populates the arg_info
> array in order, so info[0] corresponds to the __nullable arg
> (refcounted = false) and info[1] to the __ref arg (refcounted = true).
> 
> In check_struct_ops_btf_id(), the loop that sets has_refcounted_arg
> currently reads:
> 
>     for (i = 0; i < st_ops_desc->arg_info[member_idx].cnt; i++) {
>         if (st_ops_desc->arg_info[member_idx].info->refcounted) {
> This always checks info[0].refcounted (the __nullable entry, which is
> false), never info[i].refcounted.  The __ref argument at info[1] is
> never examined, so has_refcounted_arg stays false and the tail call
> is permitted.
> 
> Since the test expects __failure, but the program loads successfully
> without the fix, the test will always fail when run on a tree that
> does not include the companion verifier fix.
> 
> This patch may need to be folded into (or applied after) Keisuke's
> fix so the two land together.

Yes, that is the intention.

> > +	/* ctx[2] is used because the refcounted variable is the third argument */
> > +	struct task_struct *refcounted_task = (struct task_struct *)ctx[2];
> > +
> > +	bpf_task_release(refcounted_task);
> > +	bpf_tail_call(ctx, &prog_array, 0);
> > +
> > +	return 0;
> > +}
> 
> [ ... ]
> 
> 
> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
> 
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/23389590355