Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp855406ybt; Fri, 19 Jun 2020 15:58:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7Ue3vk6nTfuf7jmm7Mr+enaxC0skS9O4lttxR5c5wizg7IbPF48o3uU2PI4RVJkK09UNg X-Received: by 2002:a17:906:5e07:: with SMTP id n7mr5608709eju.48.1592607486901; Fri, 19 Jun 2020 15:58:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592607486; cv=none; d=google.com; s=arc-20160816; b=uDiSTU1pfQOZWmAi00sYEzohv9KsWqSfzyzHKowZA8Ip2nvpO4/Mk/E1+AiVM6XPVZ FcbFHXCbxF5TelhKFrFP0hLgAU1QpEwrk6/B1ZnvbUwYxdgPDkKAoV8wyMV47A+zxLoC bVtWgZY/+3zhGfGb7lasISqYoqpVEJF/OQstUaaU/2Ei8P8xneIy3z8f3Ham1IRpFdd5 Vhs7b/VwXP3HJfv3Pfj8puDFETRTBJsJsSynhf8GUFOhjxI+Sbqdz5Wv0ToU1+CohVHy WYrFYro5aWBfZZjdiyTUHjtOeQC1VSdBPj97n3ROSNVdpua3Cn5CfBBx4+YVNNsIselp oElg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=EkKGUJi847ZVYRroIctEfxsrydJW/qvSQCFgRykvjC8=; b=mm7NTikNpfluj8dosbZvyU4aUYcYKvsEBiBC86lVDt7Qbg6qr8ffxYOyFF6s5ULMrG gdQHXFBcUWf2h4mXOBSipBBxHmCy90Io6Iu6bqL5uhO58HrZwcPp4gRBaj1QutJTZ9Y4 5/qBLemjARi38zmdY4qWblSJsoylxp4C+zRAatRhYnKhMpbFJprnwXR8HksNAMrPAlAB yrn5qOszexaHzpV477m1zMKwlqO3HbZKeqmVT1CfZhCucEaCim210KWg+fCHig7tsuYY CPzM73A/N79spHmi1o7a7JBmD7AUSxWCKSBth15J6c8KyJ6F7VvsbbAJh92guReAN/Uu 21Ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ymUUSl98; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v3si5280100edy.518.2020.06.19.15.57.44; Fri, 19 Jun 2020 15:58:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ymUUSl98; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391087AbgFSPZe (ORCPT + 99 others); Fri, 19 Jun 2020 11:25:34 -0400 Received: from mail.kernel.org ([198.145.29.99]:54176 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2393044AbgFSPWm (ORCPT ); Fri, 19 Jun 2020 11:22:42 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2708A2158C; Fri, 19 Jun 2020 15:22:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592580161; bh=fK82cI40GO1yH3Ip1kLba1zXWfkLTxYg+MFpEbXh69w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ymUUSl98qY5c/StJ3YtNAM7VctWsuQuOBXIfFn2QzQaOK/qGnY2rCbN/KEny7EB6j EhyE8mdao804h0WpoRwk5K9qf21jxVXrN9ohWyNLhvQLF0tF4g2CRF/FWvfK24fp6s NXzsWbTAwywf3RoN1cwAvUrefdYhPmET3yreoLRI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Luke Nelson , Alexei Starovoitov , Xi Wang , Sasha Levin Subject: [PATCH 5.7 115/376] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT Date: Fri, 19 Jun 2020 16:30:33 +0200 Message-Id: <20200619141715.790006142@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200619141710.350494719@linuxfoundation.org> References: <20200619141710.350494719@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Luke Nelson [ Upstream commit 745abfaa9eafa597d31fdf24a3249e5206a98768 ] This patch fixes an off by one error in the RV32 JIT handling for BPF tail call. Currently, the code decrements TCC before checking if it is less than zero. This limits the maximum number of tail calls to 32 instead of 33 as in other JITs. The fix is to instead check the old value of TCC before decrementing. Fixes: 5f316b65e99f ("riscv, bpf: Add RV32G eBPF JIT") Signed-off-by: Luke Nelson Signed-off-by: Alexei Starovoitov Acked-by: Xi Wang Link: https://lore.kernel.org/bpf/20200421002804.5118-1-luke.r.nels@gmail.com Signed-off-by: Sasha Levin --- arch/riscv/net/bpf_jit_comp32.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/riscv/net/bpf_jit_comp32.c b/arch/riscv/net/bpf_jit_comp32.c index 302934177760..11083d4d5f2d 100644 --- a/arch/riscv/net/bpf_jit_comp32.c +++ b/arch/riscv/net/bpf_jit_comp32.c @@ -770,12 +770,13 @@ static int emit_bpf_tail_call(int insn, struct rv_jit_context *ctx) emit_bcc(BPF_JGE, lo(idx_reg), RV_REG_T1, off, ctx); /* - * if ((temp_tcc = tcc - 1) < 0) + * temp_tcc = tcc - 1; + * if (tcc < 0) * goto out; */ emit(rv_addi(RV_REG_T1, RV_REG_TCC, -1), ctx); off = (tc_ninsn - (ctx->ninsns - start_insn)) << 2; - emit_bcc(BPF_JSLT, RV_REG_T1, RV_REG_ZERO, off, ctx); + emit_bcc(BPF_JSLT, RV_REG_TCC, RV_REG_ZERO, off, ctx); /* * prog = array->ptrs[index]; -- 2.25.1