diff options
| author | Ilya Leoshkevich <iii@linux.ibm.com> | 2025-08-13 15:06:30 +0300 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2025-08-18 16:08:29 +0300 |
| commit | bc3905a71f02511607d3ccf732360580209cac4c (patch) | |
| tree | e1279e04e558cc355d4f87757f313c40fdfd16b9 | |
| parent | c861a6b147137d10b5ff88a2c492ba376cd1b8b0 (diff) | |
| download | linux-bc3905a71f02511607d3ccf732360580209cac4c.tar.xz | |
s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG
The tailcall_bpf2bpf_hierarchy_fentry test hangs on s390. Its call
graph is as follows:
entry()
subprog_tail()
trampoline()
fentry()
the rest of subprog_tail() # via BPF_TRAMP_F_CALL_ORIG
return to entry()
The problem is that the rest of subprog_tail() increments the tail call
counter, but the trampoline discards the incremented value. This
results in an astronomically large number of tail calls.
Fix by making the trampoline write the incremented tail call counter
back.
Fixes: 528eb2cb87bc ("s390/bpf: Implement arch_prepare_bpf_trampoline()")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20250813121016.163375-4-iii@linux.ibm.com
| -rw-r--r-- | arch/s390/net/bpf_jit_comp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index ccb83ac3e6f3..b2b8eb62b82e 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -2839,6 +2839,9 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, /* stg %r2,retval_off(%r15) */ EMIT6_DISP_LH(0xe3000000, 0x0024, REG_2, REG_0, REG_15, tjit->retval_off); + /* mvc tccnt_off(%r15),tail_call_cnt(4,%r15) */ + _EMIT6(0xd203f000 | tjit->tccnt_off, + 0xf000 | offsetof(struct prog_frame, tail_call_cnt)); im->ip_after_call = jit->prg_buf + jit->prg; |