From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Luke Nelson <lukenels@cs.washington.edu>,
Luke Nelson <luke.r.nels@gmail.com>,
Alexei Starovoitov <ast@kernel.org>, Xi Wang <xi.wang@gmail.com>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org, bpf@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: [PATCH AUTOSEL 5.7 123/274] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT
Date: Mon, 8 Jun 2020 19:03:36 -0400 [thread overview]
Message-ID: <20200608230607.3361041-123-sashal@kernel.org> (raw)
In-Reply-To: <20200608230607.3361041-1-sashal@kernel.org>
From: Luke Nelson <lukenels@cs.washington.edu>
[ Upstream commit 745abfaa9eafa597d31fdf24a3249e5206a98768 ]
This patch fixes an off by one error in the RV32 JIT handling for BPF
tail call. Currently, the code decrements TCC before checking if it
is less than zero. This limits the maximum number of tail calls to 32
instead of 33 as in other JITs. The fix is to instead check the old
value of TCC before decrementing.
Fixes: 5f316b65e99f ("riscv, bpf: Add RV32G eBPF JIT")
Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Xi Wang <xi.wang@gmail.com>
Link: https://lore.kernel.org/bpf/20200421002804.5118-1-luke.r.nels@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/net/bpf_jit_comp32.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/riscv/net/bpf_jit_comp32.c b/arch/riscv/net/bpf_jit_comp32.c
index 302934177760..11083d4d5f2d 100644
--- a/arch/riscv/net/bpf_jit_comp32.c
+++ b/arch/riscv/net/bpf_jit_comp32.c
@@ -770,12 +770,13 @@ static int emit_bpf_tail_call(int insn, struct rv_jit_context *ctx)
emit_bcc(BPF_JGE, lo(idx_reg), RV_REG_T1, off, ctx);
/*
- * if ((temp_tcc = tcc - 1) < 0)
+ * temp_tcc = tcc - 1;
+ * if (tcc < 0)
* goto out;
*/
emit(rv_addi(RV_REG_T1, RV_REG_TCC, -1), ctx);
off = (tc_ninsn - (ctx->ninsns - start_insn)) << 2;
- emit_bcc(BPF_JSLT, RV_REG_T1, RV_REG_ZERO, off, ctx);
+ emit_bcc(BPF_JSLT, RV_REG_TCC, RV_REG_ZERO, off, ctx);
/*
* prog = array->ptrs[index];
--
2.25.1
next prev parent reply other threads:[~2020-06-09 0:57 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200608230607.3361041-1-sashal@kernel.org>
2020-06-08 23:01 ` [PATCH AUTOSEL 5.7 023/274] selftests/bpf: Copy runqslower to OUTPUT directory Sasha Levin
2020-06-08 23:01 ` [PATCH AUTOSEL 5.7 024/274] libbpf: Fix memory leak and possible double-free in hashmap__clear Sasha Levin
2020-06-08 23:02 ` [PATCH AUTOSEL 5.7 048/274] ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K Sasha Levin
2020-06-08 23:02 ` [PATCH AUTOSEL 5.7 075/274] ice: Change number of XDP TxQ to 0 when destroying rings Sasha Levin
2020-06-08 23:02 ` [PATCH AUTOSEL 5.7 084/274] tun: correct header offsets in napi frags mode Sasha Levin
2020-06-08 23:03 ` Sasha Levin [this message]
2020-06-08 23:03 ` [PATCH AUTOSEL 5.7 128/274] libbpf: Refactor map creation logic and fix cleanup leak Sasha Levin
2020-06-08 23:03 ` [PATCH AUTOSEL 5.7 129/274] selftests/bpf: Ensure test flavors use correct skeletons Sasha Levin
2020-06-08 23:03 ` [PATCH AUTOSEL 5.7 130/274] selftests/bpf: Fix memory leak in test selector Sasha Levin
2020-06-08 23:03 ` [PATCH AUTOSEL 5.7 131/274] selftests/bpf: Fix memory leak in extract_build_id() Sasha Levin
2020-06-08 23:03 ` [PATCH AUTOSEL 5.7 132/274] selftests/bpf: Fix invalid memory reads in core_relo selftest Sasha Levin
2020-06-08 23:03 ` [PATCH AUTOSEL 5.7 133/274] libbpf: Fix huge memory leak in libbpf_find_vmlinux_btf_id() Sasha Levin
2020-06-08 23:03 ` [PATCH AUTOSEL 5.7 134/274] selftests/bpf: Fix bpf_link leak in ns_current_pid_tgid selftest Sasha Levin
2020-06-08 23:03 ` [PATCH AUTOSEL 5.7 135/274] selftests/bpf: Add runqslower binary to .gitignore Sasha Levin
2020-06-08 23:04 ` [PATCH AUTOSEL 5.7 197/274] selftests/bpf: Install generated test progs Sasha Levin
2020-06-08 23:04 ` [PATCH AUTOSEL 5.7 204/274] veth: Adjust hard_start offset on redirect XDP frames Sasha Levin
2020-06-08 23:05 ` [PATCH AUTOSEL 5.7 208/274] selftests/bpf: Fix test_align verifier log patterns Sasha Levin
2020-06-08 23:05 ` [PATCH AUTOSEL 5.7 225/274] selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o Sasha Levin
2020-06-08 23:05 ` [PATCH AUTOSEL 5.7 226/274] selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh Sasha Levin
2020-06-08 23:05 ` [PATCH AUTOSEL 5.7 265/274] libbpf: Fix perf_buffer__free() API for sparse allocs Sasha Levin
2020-06-08 23:05 ` [PATCH AUTOSEL 5.7 266/274] bpf: Fix map permissions check Sasha Levin
2020-06-08 23:06 ` [PATCH AUTOSEL 5.7 267/274] bpf: Refactor sockmap redirect code so its easy to reuse Sasha Levin
2020-06-08 23:06 ` [PATCH AUTOSEL 5.7 268/274] bpf: Fix running sk_skb program types with ktls Sasha Levin
2020-06-08 23:06 ` [PATCH AUTOSEL 5.7 269/274] selftests/bpf, flow_dissector: Close TAP device FD after the test Sasha Levin
2020-06-08 23:06 ` [PATCH AUTOSEL 5.7 270/274] bpf: Fix up bpf_skb_adjust_room helper's skb csum setting Sasha Levin
2020-06-08 23:06 ` [PATCH AUTOSEL 5.7 271/274] s390/bpf: Maintain 8-byte stack alignment Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200608230607.3361041-123-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=luke.r.nels@gmail.com \
--cc=lukenels@cs.washington.edu \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=xi.wang@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).