tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

bpf: Check for helper calls in check_subprogs()

The condition src_reg != BPF_PSEUDO_CALL && imm == BPF_FUNC_tail_call
may be satisfied by a kfunc call. This would lead to unnecessarily
setting has_tail_call. Use src_reg == 0 instead.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Acked-by: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/r/20230220163756.753713-1-iii@linux.ibm.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Ilya Leoshkevich and committed by
Alexei Starovoitov df2ccc18 bb035ef0

+2 -2
+2 -2
kernel/bpf/verifier.c
··· 2479 2479 u8 code = insn[i].code; 2480 2480 2481 2481 if (code == (BPF_JMP | BPF_CALL) && 2482 - insn[i].imm == BPF_FUNC_tail_call && 2483 - insn[i].src_reg != BPF_PSEUDO_CALL) 2482 + insn[i].src_reg == 0 && 2483 + insn[i].imm == BPF_FUNC_tail_call) 2484 2484 subprog[cur_subprog].has_tail_call = true; 2485 2485 if (BPF_CLASS(code) == BPF_LD && 2486 2486 (BPF_MODE(code) == BPF_ABS || BPF_MODE(code) == BPF_IND))