[PATCH bpf 1/2] bpf: Mark bpf_get_kmem_cache() as nullable

Next message: Nuoqi Gui: "[PATCH bpf 2/2] selftests/bpf: Cover bpf_get_kmem_cache() null return"
Previous message: Nuoqi Gui: "[PATCH bpf 0/2] bpf: Mark bpf_get_kmem_cache() as nullable"
In reply to: Nuoqi Gui: "[PATCH bpf 0/2] bpf: Mark bpf_get_kmem_cache() as nullable"
Next in thread: Alexei Starovoitov: "Re: [PATCH bpf 1/2] bpf: Mark bpf_get_kmem_cache() as nullable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Nuoqi Gui

Date: Sat Jun 20 2026 - 11:48:03 EST

bpf_get_kmem_cache() returns NULL when virt_addr_valid() rejects the
address or when virt_to_slab() does not find a slab. The verifier uses
KF_RET_NULL to add PTR_MAYBE_NULL to kfunc return registers, but the
registration currently lacks that flag.

Add KF_RET_NULL so callers have to prove that the returned kmem_cache
pointer is non-NULL before dereferencing fields.

Fixes: a992d7a397912 ("mm/bpf: Add bpf_get_kmem_cache() kfunc")
Signed-off-by: Nuoqi Gui <gnq25@xxxxxxxxxxxxxxxxxxxxx>
---
kernel/bpf/helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index b5314c9fed3cf..57a6ab72ae3cc 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -4817,7 +4817,7 @@ BTF_ID_FLAGS(func, bpf_iter_bits_next, KF_ITER_NEXT | KF_RET_NULL)
BTF_ID_FLAGS(func, bpf_iter_bits_destroy, KF_ITER_DESTROY)
BTF_ID_FLAGS(func, bpf_copy_from_user_str, KF_SLEEPABLE)
BTF_ID_FLAGS(func, bpf_copy_from_user_task_str, KF_SLEEPABLE)
-BTF_ID_FLAGS(func, bpf_get_kmem_cache)
+BTF_ID_FLAGS(func, bpf_get_kmem_cache, KF_RET_NULL)
BTF_ID_FLAGS(func, bpf_iter_kmem_cache_new, KF_ITER_NEW | KF_SLEEPABLE)
BTF_ID_FLAGS(func, bpf_iter_kmem_cache_next, KF_ITER_NEXT | KF_RET_NULL | KF_SLEEPABLE)
BTF_ID_FLAGS(func, bpf_iter_kmem_cache_destroy, KF_ITER_DESTROY | KF_SLEEPABLE)

--
2.34.1