* Re: Patch "bpf: Fix off-by-one in tail call count limiting" has been added to the 5.14-stable tree
[not found] <20210916113154.692945-1-sashal@kernel.org>
@ 2021-09-16 11:36 ` Daniel Borkmann
0 siblings, 0 replies; only message in thread
From: Daniel Borkmann @ 2021-09-16 11:36 UTC (permalink / raw)
To: Sasha Levin, stable-commits, johan.almbladh
Cc: Alexei Starovoitov, Andrii Nakryiko, Martin KaFai Lau, Song Liu,
Yonghong Song, John Fastabend, KP Singh, bpf
Hi Sasha,
On 9/16/21 1:31 PM, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
>
> bpf: Fix off-by-one in tail call count limiting
>
> to the 5.14-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> bpf-fix-off-by-one-in-tail-call-count-limiting.patch
> and it can be found in the queue-5.14 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@vger.kernel.org> know about it.
>
> commit 0af0fa0371eb376731a350bfdd8687e7ec206bb9
> Author: Johan Almbladh <johan.almbladh@anyfinetworks.com>
> Date: Wed Jul 28 18:47:41 2021 +0200
>
> bpf: Fix off-by-one in tail call count limiting
>
> [ Upstream commit b61a28cf11d61f512172e673b8f8c4a6c789b425 ]
Please either drop this commit from stable queues, or also queue its revert as
well (in case you don't have a filter in place, and there's a chance this could
get re-queued again in future by accident):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dabe016b63c9629e152bf876c126c29de223cb
> Before, the interpreter allowed up to MAX_TAIL_CALL_CNT + 1 tail calls.
> Now precisely MAX_TAIL_CALL_CNT is allowed, which is in line with the
> behavior of the x86 JITs.
>
> Signed-off-by: Johan Almbladh <johan.almbladh@anyfinetworks.com>
> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> Acked-by: Yonghong Song <yhs@fb.com>
> Link: https://lore.kernel.org/bpf/20210728164741.350370-1-johan.almbladh@anyfinetworks.com
> Signed-off-by: Sasha Levin <sashal@kernel.org>
>
> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> index 0a28a8095d3e..82af6279992d 100644
> --- a/kernel/bpf/core.c
> +++ b/kernel/bpf/core.c
> @@ -1564,7 +1564,7 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn)
>
> if (unlikely(index >= array->map.max_entries))
> goto out;
> - if (unlikely(tail_call_cnt > MAX_TAIL_CALL_CNT))
> + if (unlikely(tail_call_cnt >= MAX_TAIL_CALL_CNT))
> goto out;
>
> tail_call_cnt++;
>
Thanks,
Daniel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-16 11:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20210916113154.692945-1-sashal@kernel.org>
2021-09-16 11:36 ` Patch "bpf: Fix off-by-one in tail call count limiting" has been added to the 5.14-stable tree Daniel Borkmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.