Re: [PATCH bpf v2 1/2] bpf: Fix exception exit lock checking for subprogs

[Kumar Kartikeya Dwivedi]

On Fri, 20 Mar 2026 at 01:08, Ihor Solodrai <ihor.solodrai@xxxxxxxxx> wrote:
>
> process_bpf_exit_full() passes check_lock = !curframe to
> check_resource_leak(), which is false in cases when bpf_throw() is
> called from a static subprog. This makes check_resource_leak() to skip
> validation of active_rcu_locks, active_preempt_locks, and
> active_irq_id on exception exits from subprogs.
>
> At runtime bpf_throw() unwinds the stack via ORC without releasing any
> user-acquired locks, which may cause various issues as the result.
>
> Fix by setting check_lock = true for exception exits regardless of
> curframe, since exceptions bypass all intermediate frame
> cleanup. Update the error message prefix to "bpf_throw" for exception
> exits to distinguish them from normal BPF_EXIT.
>
> Fix reject_subprog_with_rcu_read_lock test which was previously
> passing for the wrong reason. Test program returned directly from the
> subprog call without closing the RCU section, so the error was
> triggered by the unclosed RCU lock on normal exit, not by
> bpf_throw. Update __msg annotations for affected tests to match the
> new "bpf_throw" error prefix.
>
> The spin_lock case is not affected because they are already checked [1]
> at the call site in do_check_insn() before bpf_throw can run.
>
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf/verifier.c?h=v7.0-rc4#n21098
>
> Assisted-by: Claude:claude-opus-4-6
> Fixes: f18b03fabaa9 ("bpf: Implement BPF exceptions")
> Signed-off-by: Ihor Solodrai <ihor.solodrai@xxxxxxxxx>
>
> ---

Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>

> [...]