Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp4176357ybz;
        Mon, 20 Apr 2020 17:31:44 -0700 (PDT)
X-Google-Smtp-Source: APiQypLvh4MQZxYVz++Pf4VA/bBvxfE56/mNosgqxX5lb06WObT7aEdNnH8NO4KzruunsyhvUAIC
X-Received: by 2002:a05:6402:95e:: with SMTP id h30mr11956205edz.117.1587429103949;
        Mon, 20 Apr 2020 17:31:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587429103; cv=none;
        d=google.com; s=arc-20160816;
        b=JEB+7zQ/01vlnjFE/6M6ylwF7tp5ykjxCV9RFtfMV7xAATbRJnxEwAO0414+LR0EOs
         vT9+W1e9mGq/J8rCAKT817HlI49LwfNsS9UI8uayo3fMdQnef3imZoAWmxq7C5CJmfqe
         1joYfjeaLEfUPR4Sqv/HxdIuFwut0ZNtYIVYISaKgfO23i8VxstKCKK2tli+gSUL4A+J
         6rZtoQvn89jaWi1e7kXCebKwCW4EL7uobcSIpsfQB0QkoehH+S3kj0n5NPPI6quPXeut
         3hsnYgJ9l+viQXBueq8i18GesAsDue67Jbv1w4n9m5Ot0ckypRJcYt8nuCyD/B6I1RQ5
         4mbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=FMzj+KBAT9oKczxa74v3DQRv9Cfu8gbIxOZJWY/KwN4=;
        b=QfN9ZH7prp3thnVUdIgJ3KDyMSwZpLGZzB9L/9Ku1Q1x/ZAaC4FzzNWK127hU0aHpB
         B4nb0untNxtEBU6/g9UO5DE2nsFVDYcyt1ibJGbFS1iCV0LtgO+3E3OHYXT0gi5qyXei
         qJ22eyE3ah1cjpb097qDnfGRna5ndMUQwI94HQJUPlbJ4PZ9sC6scCjAmwXjOW/fCU/i
         i+bUEPgWBABZ1kgD/cXXF0Y9TqlAaUuG75F9P8NZ9d2FJeoyUkHRzzyMYD331N6w7qjD
         wN/Aq46sCzYbshMrjOebyA1hDNjep4uaikCDMOBZt4A6SqaaFxQ3+QVmq3q+eYDFK7wv
         U2/w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@cs.washington.edu header.s=goo201206 header.b=F5Ecnjii;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cs.washington.edu
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id f8si535023ejt.461.2020.04.20.17.31.20;
        Mon, 20 Apr 2020 17:31:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@cs.washington.edu header.s=goo201206 header.b=F5Ecnjii;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cs.washington.edu
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726791AbgDUA2Q (ORCPT <rfc822;1dalishi1@gmail.com> + 99 others);
        Mon, 20 Apr 2020 20:28:16 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59230 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL)
        by vger.kernel.org with ESMTP id S1726341AbgDUA2Q (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 20 Apr 2020 20:28:16 -0400
Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B472C061A0F
        for <linux-kernel@vger.kernel.org>; Mon, 20 Apr 2020 17:28:16 -0700 (PDT)
Received: by mail-pj1-x1043.google.com with SMTP id ng8so633806pjb.2
        for <linux-kernel@vger.kernel.org>; Mon, 20 Apr 2020 17:28:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cs.washington.edu; s=goo201206;
        h=from:to:cc:subject:date:message-id;
        bh=FMzj+KBAT9oKczxa74v3DQRv9Cfu8gbIxOZJWY/KwN4=;
        b=F5Ecnjii1wOD6Z8F6N/EQ+BJvmRcCDXykdLJXNecm3nPcHmSBK8LG/V4JXCAT7Cxqp
         2L9yQo5z9bM5Ftq6Sye8tV3ZsqCdsgQXBH3nSq0DSBdCoOXb9i8pPKoHRCmYHNiLy4T0
         E+RWpg//Wu7E6ucg7Vm0c4gvUqHngOsJU/um4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=FMzj+KBAT9oKczxa74v3DQRv9Cfu8gbIxOZJWY/KwN4=;
        b=TRCljUQAECffKbFAUdRNWFKXFMrJa4HaNhAnBlR22d1S2UWp9doWyHSk3Fs8IfpmTg
         KlAUlVAkagBIcOm0g4hrV7UefpEjPWwpb3fJhg+ynpgNQAwuft8SpiMg2ZK7MLwlmc9k
         3Hbbiyl8B+gK3HlC0tltW1ez4VgnIq/uoddwvTfMY7KwVzUXxXlCtpwDFL2TDYScg3jp
         QWIo3olaA9AVzePnYtQCudIapiJAVwXBan/4JamkuyWqzTDhmrRjKGEs/UIDSNZlYRKy
         boiQhVvcxhwqfGfmO4DG09EyZAWumFAgpaeqB8yptgde6LDH3f5LbzoczG+gsUeZquvS
         qhKQ==
X-Gm-Message-State: AGi0PuZrmcdIcamphxnPR3Vosnb3xYFtrk+0ZNRk4/PdD/woAety52p3
        uQVlQG0+uNKjJM1gIPXo0ogpuw==
X-Received: by 2002:a17:90b:19c1:: with SMTP id nm1mr2367164pjb.73.1587428895331;
        Mon, 20 Apr 2020 17:28:15 -0700 (PDT)
Received: from localhost.localdomain (c-73-53-94-119.hsd1.wa.comcast.net. [73.53.94.119])
        by smtp.gmail.com with ESMTPSA id f2sm547247pju.32.2020.04.20.17.28.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 20 Apr 2020 17:28:14 -0700 (PDT)
From:   Luke Nelson <lukenels@cs.washington.edu>
X-Google-Original-From: Luke Nelson <luke.r.nels@gmail.com>
To:     bpf@vger.kernel.org
Cc:     Luke Nelson <luke.r.nels@gmail.com>, Xi Wang <xi.wang@gmail.com>,
        Paul Walmsley <paul.walmsley@sifive.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Albert Ou <aou@eecs.berkeley.edu>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        Andrii Nakryiko <andriin@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@chromium.org>,
        =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= <bjorn.topel@gmail.com>,
        netdev@vger.kernel.org, linux-riscv@lists.infradead.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH bpf] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT
Date:   Mon, 20 Apr 2020 17:28:04 -0700
Message-Id: <20200421002804.5118-1-luke.r.nels@gmail.com>
X-Mailer: git-send-email 2.17.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patch fixes an off by one error in the RV32 JIT handling for BPF
tail call. Currently, the code decrements TCC before checking if it
is less than zero. This limits the maximum number of tail calls to 32
instead of 33 as in other JITs. The fix is to instead check the old
value of TCC before decrementing.

Fixes: 5f316b65e99f ("riscv, bpf: Add RV32G eBPF JIT")
Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
---
 arch/riscv/net/bpf_jit_comp32.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/riscv/net/bpf_jit_comp32.c b/arch/riscv/net/bpf_jit_comp32.c
index 302934177760..11083d4d5f2d 100644
--- a/arch/riscv/net/bpf_jit_comp32.c
+++ b/arch/riscv/net/bpf_jit_comp32.c
@@ -770,12 +770,13 @@ static int emit_bpf_tail_call(int insn, struct rv_jit_context *ctx)
 	emit_bcc(BPF_JGE, lo(idx_reg), RV_REG_T1, off, ctx);
 
 	/*
-	 * if ((temp_tcc = tcc - 1) < 0)
+	 * temp_tcc = tcc - 1;
+	 * if (tcc < 0)
 	 *   goto out;
 	 */
 	emit(rv_addi(RV_REG_T1, RV_REG_TCC, -1), ctx);
 	off = (tc_ninsn - (ctx->ninsns - start_insn)) << 2;
-	emit_bcc(BPF_JSLT, RV_REG_T1, RV_REG_ZERO, off, ctx);
+	emit_bcc(BPF_JSLT, RV_REG_TCC, RV_REG_ZERO, off, ctx);
 
 	/*
 	 * prog = array->ptrs[index];
-- 
2.17.1