Skip to content

s390/bpf: Write back tail call counter #9465

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: bpf-next_base
Choose a base branch
from
Open

s390/bpf: Write back tail call counter #9465

wants to merge 4 commits into from
+61 −11

Conversation

kernel-patches-daemon-bpf[bot]
Copy link

Pull request for series with
subject: s390/bpf: Write back tail call counter
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=990991

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: bf0c2a8
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=990991
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 2caa6b8
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=990991
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 0786654
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=990991
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: dc0fe95
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=990991
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: c80d797
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=990991
version: 2

iii-i added 4 commits August 15, 2025 16:57
@iii-i
s390/bpf: Do not write tail call counter into helper and kfunc frames
98eaa74 
Only BPF functions make use of the tail call counter; helpers and
kfuncs ignore and most likely also clobber it. Writing it into these
functions' frames is pointless and misleading, so do not do it.

Fixes: dd691e8 ("s390/bpf: Implement bpf_jit_supports_subprog_tailcalls()")
Signed-off-by: Ilya Leoshkevich <[email protected]>
@iii-i
s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL
ed2c2f0 
The tailcall_bpf2bpf_hierarchy_1 test hangs on s390. Its call graph is
as follows:

  entry()
    subprog_tail()
      bpf_tail_call_static(0) -> entry + tail_call_start
    subprog_tail()
      bpf_tail_call_static(0) -> entry + tail_call_start

entry() copies its tail call counter to the subprog_tail()'s frame,
which then increments it. However, the incremented result is discarded,
leading to an astronomically large number of tail calls.

Fix by writing the incremented counter back to the entry()'s frame.

Fixes: dd691e8 ("s390/bpf: Implement bpf_jit_supports_subprog_tailcalls()")
Signed-off-by: Ilya Leoshkevich <[email protected]>
@iii-i
s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG
427e883 
The tailcall_bpf2bpf_hierarchy_fentry test hangs on s390. Its call
graph is as follows:

  entry()
    subprog_tail()
      trampoline()
        fentry()
        the rest of subprog_tail()  # via BPF_TRAMP_F_CALL_ORIG
        return to entry()

The problem is that the rest of subprog_tail() increments the tail call
counter, but the trampoline discards the incremented value. This
results in an astronomically large number of tail calls.

Fix by making the trampoline write the incremented tail call counter
back.

Fixes: 528eb2c ("s390/bpf: Implement arch_prepare_bpf_trampoline()")
Signed-off-by: Ilya Leoshkevich <[email protected]>
@iii-i
selftests/bpf: Clobber a lot of registers in tailcall_bpf2bpf_hierarc…
e26b94b 
…hy tests

Clobbering a lot of registers and stack slots helps exposing tail call
counter overwrite bugs in JITs.

Signed-off-by: Ilya Leoshkevich <[email protected]>
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 3ec8560
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=990991
version: 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bpf-next new V2-ci-pass V2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@iii-i