From e38269e70cbeee1aad6ed0da54987beebbdb8f59 Mon Sep 17 00:00:00 2001 From: Leon Hwang Date: Mon, 28 Oct 2024 21:46:00 +0800 Subject: [PATCH] bpf, verifier: Check trampoline target is tail_call_reachable subprog In the x86_64 JIT, tailcall info is propagated through the trampoline when the target program is tail_call_reachable. However, this propagation is unnecessary if the target is a main prog, or a subprog that is not tail_call_reachable. Since the verifier can determine if a subprog is tail_call_reachable, it should only propagate tailcall info when the target is subprog and the subprog is actually tail_call_reachable. Acked-by: Yonghong Song Signed-off-by: Leon Hwang --- include/linux/bpf.h | 1 + kernel/bpf/verifier.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index c3ba4d475174..0c3b147c84af 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1253,6 +1253,7 @@ struct bpf_attach_target_info { struct module *tgt_mod; const char *tgt_name; const struct btf_type *tgt_type; + bool tgt_tail_call_reachable; }; #define BPF_DISPATCHER_MAX 48 /* Fits in 2048B */ diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 797cf3ed32e0..2e2f027b8637 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -21946,6 +21946,8 @@ int bpf_check_attach_target(struct bpf_verifier_log *log, bpf_log(log, "Subprog %s doesn't exist\n", tname); return -EINVAL; } + tgt_info->tgt_tail_call_reachable = subprog && + aux->func[subprog]->aux->tail_call_reachable; if (aux->func && aux->func[subprog]->aux->exception_cb) { bpf_log(log, "%s programs cannot attach to exception callback\n", @@ -22315,7 +22317,7 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) if (!tr) return -ENOMEM; - if (tgt_prog && tgt_prog->aux->tail_call_reachable) + if (tgt_prog && tgt_info.tgt_tail_call_reachable) tr->flags = BPF_TRAMP_F_TAIL_CALL_CTX; prog->aux->dst_trampoline = tr;