[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 9 Sep 2021 07:54:05 -0400
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Johan Almbladh <johan.almbladh@...finetworks.com>,
Andrii Nakryiko <andrii@...nel.org>,
Yonghong Song <yhs@...com>, Sasha Levin <sashal@...nel.org>,
netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: [PATCH AUTOSEL 5.4 048/109] bpf: Fix off-by-one in tail call count limiting
From: Johan Almbladh <johan.almbladh@...finetworks.com>
[ Upstream commit b61a28cf11d61f512172e673b8f8c4a6c789b425 ]
Before, the interpreter allowed up to MAX_TAIL_CALL_CNT + 1 tail calls.
Now precisely MAX_TAIL_CALL_CNT is allowed, which is in line with the
behavior of the x86 JITs.
Signed-off-by: Johan Almbladh <johan.almbladh@...finetworks.com>
Signed-off-by: Andrii Nakryiko <andrii@...nel.org>
Acked-by: Yonghong Song <yhs@...com>
Link: https://lore.kernel.org/bpf/20210728164741.350370-1-johan.almbladh@anyfinetworks.com
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
kernel/bpf/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 323913ba13b3..dff08ff03278 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -1488,7 +1488,7 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, u64 *stack)
if (unlikely(index >= array->map.max_entries))
goto out;
- if (unlikely(tail_call_cnt > MAX_TAIL_CALL_CNT))
+ if (unlikely(tail_call_cnt >= MAX_TAIL_CALL_CNT))
goto out;
tail_call_cnt++;
--
2.30.2
Powered by blists - more mailing lists