From: sashiko-bot@kernel.org
To: "Pu Lehui" <pulehui@huaweicloud.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next 1/2] bpf: Reject callback subprogs invoke tailcall
Date: Sat, 11 Jul 2026 10:57:26 +0000 [thread overview]
Message-ID: <20260711105726.A80321F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260711104727.4023420-2-pulehui@huaweicloud.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [High] Security / Logic Bypass: Direct tail calls in async and exception callbacks bypass the verifier restrictions.
- [Medium] Spurious Verifier Rejection (False Positive): Valid BPF programs combining tail calls and sync callbacks are incorrectly rejected.
--
--- Patch [1]: [PATCH bpf-next 1/2] bpf: Reject callback subprogs invoke tailcall ---
commit 0cf6a6c653bf111f813aea810bb3fffbfc857ff7
Author: Pu Lehui <pulehui@huawei.com>
bpf: Reject callback subprogs invoke tailcall
The commit rejects tailcalls inside all subprograms of sync callbacks to
prevent infinite tailcalls caused by register clobbering. It also cleanly
consolidates the existing async and exception callback checks into a single
unified validation.
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 03e2202cca13d..3f6c8b8fc04d0 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -5258,10 +5258,6 @@ static int check_max_stack_depth_subprog(struct bpf_verifier_env *env, int idx,
> if (verifier_bug_if(sidx < 0, env, "callee not found at insn %d", next_insn))
> return -EFAULT;
> if (subprog[sidx].is_async_cb) {
> - if (subprog[sidx].has_tail_call) {
> - verifier_bug(env, "subprog has tail_call and async cb");
> - return -EFAULT;
> - }
[Severity: High]
Does removing this check allow async and exception callbacks with direct
tail calls to bypass verifier restrictions?
Because tail_call_reachable is initialized to false at the start of
check_max_stack_depth_subprog(), a direct tail call inside an async
callback (when evaluated as a root subprog) does not trigger the logic
to set tail_call_reachable to true.
By removing this explicit check, the new validation block below is entirely
bypassed. This seems to allow unprivileged users to bypass the Tail Call
Counter (TCC) limits, potentially leading to runaway infinite tail calls and
kernel hangs.
> /* async callbacks don't increase bpf prog stack size unless called directly */
> if (!bpf_pseudo_call(insn + i))
> continue;
[ ... ]
> @@ -5302,8 +5298,8 @@ static int check_max_stack_depth_subprog(struct bpf_verifier_env *env, int idx,
> */
> if (tail_call_reachable) {
> for (tmp = idx; tmp >= 0; tmp = dinfo[tmp].caller) {
> - if (subprog[tmp].is_exception_cb) {
> - verbose(env, "cannot tail call within exception cb\n");
> + if (subprog[tmp].is_cb) {
> + verbose(env, "cannot tail call within callback\n");
> return -EINVAL;
> }
[Severity: Medium]
Could this unified check spuriously reject valid BPF programs combining
tail calls and sync callbacks?
When the verifier descends into a new subprogram (like a sync callback):
idx = sidx;
if (!priv_stack_supported)
subprog[idx].priv_stack_mode = NO_PRIV_STACK;
if (subprog[idx].has_tail_call)
tail_call_reachable = true;
It appears the tail_call_reachable state is not reset to false. If a BPF
program sequentially calls a tail-call-reachable subprogram, and subsequently
passes a synchronous callback to a helper (like bpf_loop), the
tail_call_reachable boolean state from the first call leaks into the
callback's DFS evaluation.
The verifier might then wrongly assume the callback itself is
tail-call-reachable, incorrectly rejecting legitimate programs with -EINVAL.
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260711104727.4023420-1-pulehui@huaweicloud.com?part=1
next prev parent reply other threads:[~2026-07-11 10:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-11 10:47 [PATCH bpf-next 0/2] Reject callback subprogs invoke tailcall Pu Lehui
2026-07-11 10:47 ` [PATCH bpf-next 1/2] bpf: " Pu Lehui
2026-07-11 10:57 ` sashiko-bot [this message]
2026-07-11 11:33 ` bot+bpf-ci
2026-07-11 10:47 ` [PATCH bpf-next 2/2] selftests/bpf: Add testcases for callback with tailcall Pu Lehui
2026-07-11 10:54 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260711105726.A80321F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=pulehui@huaweicloud.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox