[PATCH] bpf: Fix refcount check in check_struct_ops_btf_id()

[PATCH] bpf: Fix refcount check in check_struct_ops_btf_id()

[Keisuke Nishimura]

The current implementation only checks whether the first argument is
refcounted. Fix this by iterating over all arguments.

Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr>
Fixes: 38f1e66abd184 ("bpf: Do not allow tail call in strcut_ops program with __ref argument")
---
 kernel/bpf/verifier.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 159b25f8269d..278443118a23 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -24853,7 +24853,7 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env)
 	}
 
 	for (i = 0; i < st_ops_desc->arg_info[member_idx].cnt; i++) {
-		if (st_ops_desc->arg_info[member_idx].info->refcounted) {
+		if (st_ops_desc->arg_info[member_idx].info[i].refcounted) {
 			has_refcounted_arg = true;
 			break;
 		}
-- 
2.34.1

Re: [PATCH] bpf: Fix refcount check in check_struct_ops_btf_id()

[sun jian]

On Fri, Mar 20, 2026 at 11:47 PM Keisuke Nishimura
<keisuke.nishimura@inria.fr> wrote:
>
> The current implementation only checks whether the first argument is
> refcounted. Fix this by iterating over all arguments.
>
> Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr>
> Fixes: 38f1e66abd184 ("bpf: Do not allow tail call in strcut_ops program with __ref argument")
> ---
>  kernel/bpf/verifier.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 159b25f8269d..278443118a23 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -24853,7 +24853,7 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env)
>         }
>
>         for (i = 0; i < st_ops_desc->arg_info[member_idx].cnt; i++) {
> -               if (st_ops_desc->arg_info[member_idx].info->refcounted) {
> +               if (st_ops_desc->arg_info[member_idx].info[i].refcounted) {
>                         has_refcounted_arg = true;
>                         break;
>                 }
The fix looks correct to me.

Maybe it's better to add a verifier test for the case where info[0] is
non-refcounted,
while __ref is stored in a later entry.

Reviewed-by Sun Jian sun.jian.kdev@gmail.com

Re: [PATCH] bpf: Fix refcount check in check_struct_ops_btf_id()

[Emil Tsalapatis]

On Fri Mar 20, 2026 at 9:02 AM EDT, Keisuke Nishimura wrote:
> The current implementation only checks whether the first argument is
> refcounted. Fix this by iterating over all arguments.
>
Second Sun's recommendation to add a selftest for this.

> Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr>
> Fixes: 38f1e66abd184 ("bpf: Do not allow tail call in strcut_ops program with __ref argument")
Nit: strcut_ops -> struct_ops

Once you add the selftest, feel free to add:

Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>
> ---
>  kernel/bpf/verifier.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 159b25f8269d..278443118a23 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -24853,7 +24853,7 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env)
>  	}
>  
>  	for (i = 0; i < st_ops_desc->arg_info[member_idx].cnt; i++) {
> -		if (st_ops_desc->arg_info[member_idx].info->refcounted) {
> +		if (st_ops_desc->arg_info[member_idx].info[i].refcounted) {
>  			has_refcounted_arg = true;
>  			break;
>  		}

Re: [PATCH] bpf: Fix refcount check in check_struct_ops_btf_id()

[Amery Hung]

On Fri, Mar 20, 2026 at 8:45 AM Keisuke Nishimura
<keisuke.nishimura@inria.fr> wrote:
>
> The current implementation only checks whether the first argument is
> refcounted. Fix this by iterating over all arguments.
>
> Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr>
> Fixes: 38f1e66abd184 ("bpf: Do not allow tail call in strcut_ops program with __ref argument")

Thanks for fixing this. If there is a respin, it will be good to
include what problem it could cause in the commit message. For
example, a reference acquiring struct_ops op could tail call if __ref
is used to annotate arguments other than the first one.

Acked-by: Amery Hung <ameryhung@gmail.com>

> ---
>  kernel/bpf/verifier.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 159b25f8269d..278443118a23 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -24853,7 +24853,7 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env)
>         }
>
>         for (i = 0; i < st_ops_desc->arg_info[member_idx].cnt; i++) {
> -               if (st_ops_desc->arg_info[member_idx].info->refcounted) {
> +               if (st_ops_desc->arg_info[member_idx].info[i].refcounted) {
>                         has_refcounted_arg = true;
>                         break;
>                 }
> --
> 2.34.1
>

Re: [PATCH] bpf: Fix refcount check in check_struct_ops_btf_id()

[Kumar Kartikeya Dwivedi]

On Fri, 20 Mar 2026 at 16:47, Keisuke Nishimura
<keisuke.nishimura@inria.fr> wrote:
>
> The current implementation only checks whether the first argument is
> refcounted. Fix this by iterating over all arguments.
>
> Signed-off-by: Keisuke Nishimura <keisuke.nishimura@inria.fr>
> Fixes: 38f1e66abd184 ("bpf: Do not allow tail call in strcut_ops program with __ref argument")
> ---

LGTM, but please respin with a selftest.
The expectation is that it should fail when the fix is missing, and
pass when it is applied.

pw-bot: cr

[PATCH bpf-next] selftests/bpf: Add test for struct_ops __ref argument in any position

[Varun R Mallya]

Add a selftest to verify that the verifier correctly identifies refcounted
arguments in struct_ops programs, even when they are not the first
argument. This ensures that the restriction on tail calls for programs
with __ref arguments is properly enforced regardless of which argument
they appear in.

This test verifies the fix for check_struct_ops_btf_id() proposed by
Keisuke Nishimura [0], which corrected a bug where only the first
argument was checked for the refcounted flag.
The test includes:
- An update to bpf_testmod to add 'test_refcounted_multi', an operator with
  three arguments where the third is tagged with "__ref".
- A BPF program 'test_refcounted_multi' that attempts a tail call.
- A test runner that asserts the verifier rejects the program with
  "program with __ref argument cannot tail call".

[0]: https://lore.kernel.org/bpf/20260320130219.63711-1-keisuke.nishimura@inria.fr/

Signed-off-by: Varun R Mallya <varunrmallya@gmail.com>
---
 .../prog_tests/test_struct_ops_multi_args.c   |  9 +++++
 .../bpf/progs/struct_ops_multi_args.c         | 35 +++++++++++++++++++
 .../selftests/bpf/test_kmods/bpf_testmod.c    |  7 ++++
 .../selftests/bpf/test_kmods/bpf_testmod.h    |  3 ++
 4 files changed, 54 insertions(+)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/test_struct_ops_multi_args.c
 create mode 100644 tools/testing/selftests/bpf/progs/struct_ops_multi_args.c

diff --git a/tools/testing/selftests/bpf/prog_tests/test_struct_ops_multi_args.c b/tools/testing/selftests/bpf/prog_tests/test_struct_ops_multi_args.c
new file mode 100644
index 000000000000..0f321e889862
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/test_struct_ops_multi_args.c
@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <test_progs.h>
+#include "struct_ops_multi_args.skel.h"
+
+void test_struct_ops_multi_args(void)
+{
+	RUN_TESTS(struct_ops_multi_args);
+}
diff --git a/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c b/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c
new file mode 100644
index 000000000000..c62be15757f0
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2026 Varun R Mallya */
+
+#include <vmlinux.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include "../test_kmods/bpf_testmod.h"
+#include "bpf_misc.h"
+
+char _license[] SEC("license") = "GPL";
+
+struct {
+	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
+	__uint(max_entries, 1);
+	__uint(key_size, sizeof(__u32));
+	__uint(value_size, sizeof(__u32));
+} prog_array SEC(".maps");
+
+SEC("struct_ops/test_refcounted_multi")
+__failure __msg("program with __ref argument cannot tail call")
+int test_refcounted_multi(unsigned long long *ctx)
+{
+	/* ctx[2] is used because the refcounted variable is the third argument */
+	struct task_struct *refcounted_task = (struct task_struct *)ctx[2];
+
+	bpf_task_release(refcounted_task);
+	bpf_tail_call(ctx, &prog_array, 0);
+
+	return 0;
+}
+
+SEC(".struct_ops.link")
+struct bpf_testmod_ops testmod_ref_acquire = {
+	.test_refcounted_multi = (void *)test_refcounted_multi,
+};
diff --git a/tools/testing/selftests/bpf/test_kmods/bpf_testmod.c b/tools/testing/selftests/bpf/test_kmods/bpf_testmod.c
index 94edbd2afa67..297b02372fa6 100644
--- a/tools/testing/selftests/bpf/test_kmods/bpf_testmod.c
+++ b/tools/testing/selftests/bpf/test_kmods/bpf_testmod.c
@@ -1411,6 +1411,12 @@ static int bpf_testmod_ops__test_refcounted(int dummy,
 	return 0;
 }
 
+static int bpf_testmod_ops__test_refcounted_multi(int dummy, struct task_struct *task__nullable,
+						  struct task_struct *task__ref)
+{
+	return 0;
+}
+
 static struct task_struct *
 bpf_testmod_ops__test_return_ref_kptr(int dummy, struct task_struct *task__ref,
 				      struct cgroup *cgrp)
@@ -1423,6 +1429,7 @@ static struct bpf_testmod_ops __bpf_testmod_ops = {
 	.test_2 = bpf_testmod_test_2,
 	.test_maybe_null = bpf_testmod_ops__test_maybe_null,
 	.test_refcounted = bpf_testmod_ops__test_refcounted,
+	.test_refcounted_multi = bpf_testmod_ops__test_refcounted_multi,
 	.test_return_ref_kptr = bpf_testmod_ops__test_return_ref_kptr,
 };
 
diff --git a/tools/testing/selftests/bpf/test_kmods/bpf_testmod.h b/tools/testing/selftests/bpf/test_kmods/bpf_testmod.h
index f6e492f9d042..863fd10f1619 100644
--- a/tools/testing/selftests/bpf/test_kmods/bpf_testmod.h
+++ b/tools/testing/selftests/bpf/test_kmods/bpf_testmod.h
@@ -39,6 +39,9 @@ struct bpf_testmod_ops {
 	int (*unsupported_ops)(void);
 	/* Used to test ref_acquired arguments. */
 	int (*test_refcounted)(int dummy, struct task_struct *task);
+	/* Used to test checking of __ref arguments when it not the first argument. */
+	int (*test_refcounted_multi)(int dummy, struct task_struct *task,
+				     struct task_struct *task2);
 	/* Used to test returning referenced kptr. */
 	struct task_struct *(*test_return_ref_kptr)(int dummy, struct task_struct *task,
 						    struct cgroup *cgrp);
-- 
2.53.0

Re: [PATCH bpf-next] selftests/bpf: Add test for struct_ops __ref argument in any position

[bot+bpf-ci]

[-- Attachment #1: Type: text/plain, Size: 1954 bytes --]

> diff --git a/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c b/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c

[ ... ]

> +SEC("struct_ops/test_refcounted_multi")
> +__failure __msg("program with __ref argument cannot tail call")
> +int test_refcounted_multi(unsigned long long *ctx)
> +{

Will this test pass without Keisuke's fix [0] being applied first?

The stub function has task__nullable as the second argument and
task__ref as the third.  prepare_arg_info() populates the arg_info
array in order, so info[0] corresponds to the __nullable arg
(refcounted = false) and info[1] to the __ref arg (refcounted = true).

In check_struct_ops_btf_id(), the loop that sets has_refcounted_arg
currently reads:

    for (i = 0; i < st_ops_desc->arg_info[member_idx].cnt; i++) {
        if (st_ops_desc->arg_info[member_idx].info->refcounted) {

This always checks info[0].refcounted (the __nullable entry, which is
false), never info[i].refcounted.  The __ref argument at info[1] is
never examined, so has_refcounted_arg stays false and the tail call
is permitted.

Since the test expects __failure, but the program loads successfully
without the fix, the test will always fail when run on a tree that
does not include the companion verifier fix.

This patch may need to be folded into (or applied after) Keisuke's
fix so the two land together.

> +	/* ctx[2] is used because the refcounted variable is the third argument */
> +	struct task_struct *refcounted_task = (struct task_struct *)ctx[2];
> +
> +	bpf_task_release(refcounted_task);
> +	bpf_tail_call(ctx, &prog_array, 0);
> +
> +	return 0;
> +}

[ ... ]


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/23389590355

Re: [PATCH bpf-next] selftests/bpf: Add test for struct_ops __ref argument in any position

[Varun R Mallya]

On Sat, Mar 21, 2026 at 10:13:45PM +0000, bot+bpf-ci@kernel.org wrote:
> 
> Will this test pass without Keisuke's fix [0] being applied first?

No, it needs to be applied first. 

> The stub function has task__nullable as the second argument and
> task__ref as the third.  prepare_arg_info() populates the arg_info
> array in order, so info[0] corresponds to the __nullable arg
> (refcounted = false) and info[1] to the __ref arg (refcounted = true).
> 
> In check_struct_ops_btf_id(), the loop that sets has_refcounted_arg
> currently reads:
> 
>     for (i = 0; i < st_ops_desc->arg_info[member_idx].cnt; i++) {
>         if (st_ops_desc->arg_info[member_idx].info->refcounted) {
> This always checks info[0].refcounted (the __nullable entry, which is
> false), never info[i].refcounted.  The __ref argument at info[1] is
> never examined, so has_refcounted_arg stays false and the tail call
> is permitted.
> 
> Since the test expects __failure, but the program loads successfully
> without the fix, the test will always fail when run on a tree that
> does not include the companion verifier fix.
> 
> This patch may need to be folded into (or applied after) Keisuke's
> fix so the two land together.

Yes, that is the intention.

> > +	/* ctx[2] is used because the refcounted variable is the third argument */
> > +	struct task_struct *refcounted_task = (struct task_struct *)ctx[2];
> > +
> > +	bpf_task_release(refcounted_task);
> > +	bpf_tail_call(ctx, &prog_array, 0);
> > +
> > +	return 0;
> > +}
> 
> [ ... ]
> 
> 
> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
> 
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/23389590355

Re: [PATCH bpf-next] selftests/bpf: Add test for struct_ops __ref argument in any position

[Keisuke Nishimura]

Hello,

Thank you for adding the test. If there is nothing further for me to 
address, I think we can proceed as-is without a v2? Let me know if 
anything still needs fixing.

Thanks,
Keisuke

On 2026/03/21 22:40, Varun R Mallya wrote:
> Add a selftest to verify that the verifier correctly identifies refcounted
> arguments in struct_ops programs, even when they are not the first
> argument. This ensures that the restriction on tail calls for programs
> with __ref arguments is properly enforced regardless of which argument
> they appear in.
> 
> This test verifies the fix for check_struct_ops_btf_id() proposed by
> Keisuke Nishimura [0], which corrected a bug where only the first
> argument was checked for the refcounted flag.
> The test includes:
> - An update to bpf_testmod to add 'test_refcounted_multi', an operator with
>    three arguments where the third is tagged with "__ref".
> - A BPF program 'test_refcounted_multi' that attempts a tail call.
> - A test runner that asserts the verifier rejects the program with
>    "program with __ref argument cannot tail call".
> 
> [0]: https://lore.kernel.org/bpf/20260320130219.63711-1-keisuke.nishimura@inria.fr/
> 
> Signed-off-by: Varun R Mallya <varunrmallya@gmail.com>
> ---
>   .../prog_tests/test_struct_ops_multi_args.c   |  9 +++++
>   .../bpf/progs/struct_ops_multi_args.c         | 35 +++++++++++++++++++
>   .../selftests/bpf/test_kmods/bpf_testmod.c    |  7 ++++
>   .../selftests/bpf/test_kmods/bpf_testmod.h    |  3 ++
>   4 files changed, 54 insertions(+)
>   create mode 100644 tools/testing/selftests/bpf/prog_tests/test_struct_ops_multi_args.c
>   create mode 100644 tools/testing/selftests/bpf/progs/struct_ops_multi_args.c
> 
> diff --git a/tools/testing/selftests/bpf/prog_tests/test_struct_ops_multi_args.c b/tools/testing/selftests/bpf/prog_tests/test_struct_ops_multi_args.c
> new file mode 100644
> index 000000000000..0f321e889862
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/test_struct_ops_multi_args.c
> @@ -0,0 +1,9 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +#include <test_progs.h>
> +#include "struct_ops_multi_args.skel.h"
> +
> +void test_struct_ops_multi_args(void)
> +{
> +	RUN_TESTS(struct_ops_multi_args);
> +}
> diff --git a/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c b/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c
> new file mode 100644
> index 000000000000..c62be15757f0
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/struct_ops_multi_args.c
> @@ -0,0 +1,35 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2026 Varun R Mallya */
> +
> +#include <vmlinux.h>
> +#include <bpf/bpf_helpers.h>
> +#include <bpf/bpf_tracing.h>
> +#include "../test_kmods/bpf_testmod.h"
> +#include "bpf_misc.h"
> +
> +char _license[] SEC("license") = "GPL";
> +
> +struct {
> +	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
> +	__uint(max_entries, 1);
> +	__uint(key_size, sizeof(__u32));
> +	__uint(value_size, sizeof(__u32));
> +} prog_array SEC(".maps");
> +
> +SEC("struct_ops/test_refcounted_multi")
> +__failure __msg("program with __ref argument cannot tail call")
> +int test_refcounted_multi(unsigned long long *ctx)
> +{
> +	/* ctx[2] is used because the refcounted variable is the third argument */
> +	struct task_struct *refcounted_task = (struct task_struct *)ctx[2];
> +
> +	bpf_task_release(refcounted_task);
> +	bpf_tail_call(ctx, &prog_array, 0);
> +
> +	return 0;
> +}
> +
> +SEC(".struct_ops.link")
> +struct bpf_testmod_ops testmod_ref_acquire = {
> +	.test_refcounted_multi = (void *)test_refcounted_multi,
> +};
> diff --git a/tools/testing/selftests/bpf/test_kmods/bpf_testmod.c b/tools/testing/selftests/bpf/test_kmods/bpf_testmod.c
> index 94edbd2afa67..297b02372fa6 100644
> --- a/tools/testing/selftests/bpf/test_kmods/bpf_testmod.c
> +++ b/tools/testing/selftests/bpf/test_kmods/bpf_testmod.c
> @@ -1411,6 +1411,12 @@ static int bpf_testmod_ops__test_refcounted(int dummy,
>   	return 0;
>   }
>   
> +static int bpf_testmod_ops__test_refcounted_multi(int dummy, struct task_struct *task__nullable,
> +						  struct task_struct *task__ref)
> +{
> +	return 0;
> +}
> +
>   static struct task_struct *
>   bpf_testmod_ops__test_return_ref_kptr(int dummy, struct task_struct *task__ref,
>   				      struct cgroup *cgrp)
> @@ -1423,6 +1429,7 @@ static struct bpf_testmod_ops __bpf_testmod_ops = {
>   	.test_2 = bpf_testmod_test_2,
>   	.test_maybe_null = bpf_testmod_ops__test_maybe_null,
>   	.test_refcounted = bpf_testmod_ops__test_refcounted,
> +	.test_refcounted_multi = bpf_testmod_ops__test_refcounted_multi,
>   	.test_return_ref_kptr = bpf_testmod_ops__test_return_ref_kptr,
>   };
>   
> diff --git a/tools/testing/selftests/bpf/test_kmods/bpf_testmod.h b/tools/testing/selftests/bpf/test_kmods/bpf_testmod.h
> index f6e492f9d042..863fd10f1619 100644
> --- a/tools/testing/selftests/bpf/test_kmods/bpf_testmod.h
> +++ b/tools/testing/selftests/bpf/test_kmods/bpf_testmod.h
> @@ -39,6 +39,9 @@ struct bpf_testmod_ops {
>   	int (*unsupported_ops)(void);
>   	/* Used to test ref_acquired arguments. */
>   	int (*test_refcounted)(int dummy, struct task_struct *task);
> +	/* Used to test checking of __ref arguments when it not the first argument. */
> +	int (*test_refcounted_multi)(int dummy, struct task_struct *task,
> +				     struct task_struct *task2);
>   	/* Used to test returning referenced kptr. */
>   	struct task_struct *(*test_return_ref_kptr)(int dummy, struct task_struct *task,
>   						    struct cgroup *cgrp);

Re: [PATCH bpf-next] selftests/bpf: Add test for struct_ops __ref argument in any position

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Sun, 22 Mar 2026 03:10:38 +0530 you wrote:
> Add a selftest to verify that the verifier correctly identifies refcounted
> arguments in struct_ops programs, even when they are not the first
> argument. This ensures that the restriction on tail calls for programs
> with __ref arguments is properly enforced regardless of which argument
> they appear in.
> 
> This test verifies the fix for check_struct_ops_btf_id() proposed by
> Keisuke Nishimura [0], which corrected a bug where only the first
> argument was checked for the refcounted flag.
> The test includes:
> - An update to bpf_testmod to add 'test_refcounted_multi', an operator with
>   three arguments where the third is tagged with "__ref".
> - A BPF program 'test_refcounted_multi' that attempts a tail call.
> - A test runner that asserts the verifier rejects the program with
>   "program with __ref argument cannot tail call".
> 
> [...]

Here is the summary with links:
  - [bpf-next] selftests/bpf: Add test for struct_ops __ref argument in any position
    https://git.kernel.org/bpf/bpf-next/c/b43d574c0032

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html