From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 248533081CE; Mon, 13 Oct 2025 14:57:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760367457; cv=none; b=BZ6QYnvV3r44oenZsNSHNKdEda2krNff+FAD+KFzsYpIeSh2U8r7b80PopaAwkJNbjV/6GsLnRRUhf8Doswphsz19XzqL/LdTI7y4NVQjL2IRV8Ep7eqiuYjnhQZPs4QWnVWNxaJCkK3Dh2mqlbpl4+CYwHugow+B8Yfwq/S1NM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760367457; c=relaxed/simple; bh=ARqsYD1o3WrFji041nkJIdJoEtdUmMjE7miSnROBb+g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DxUgN74KnJ8IYVTp8tI1PLF1dm6LRtXLWDEiYBjA7tawup6Yosxy9PcRzDmBmzEx6zxNZOup8lewsEozWWqsmqC/+UVXBrjeyAmnHUs45lTTFpBleJJCCjEEcmExwlaDK/0aP6p5bkeeSs0QH4//yazXUiMou1BYdh4rq52TAYc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=R4dAetI9; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="R4dAetI9" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9EF46C4CEE7; Mon, 13 Oct 2025 14:57:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1760367457; bh=ARqsYD1o3WrFji041nkJIdJoEtdUmMjE7miSnROBb+g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=R4dAetI9F3DDPnhGMYBtspp93WVOAhBbzbAqjzDGEvxTalz84ys/g7icnUpHp0ibP rtVT6TmMCHl2z5GB4zQDhCnBudHTknRgmwFdPIE2y5NjprEb9HhzgG8G6Tt4JjuC7R aSOveyGHc1cbH/oNhMBKs1mJ1Bd5q640C5Wipb2Y= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Ilya Leoshkevich , Daniel Borkmann , Sasha Levin Subject: [PATCH 6.6 019/196] s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG Date: Mon, 13 Oct 2025 16:43:30 +0200 Message-ID: <20251013144315.891872462@linuxfoundation.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251013144315.184275491@linuxfoundation.org> References: <20251013144315.184275491@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ilya Leoshkevich [ Upstream commit bc3905a71f02511607d3ccf732360580209cac4c ] The tailcall_bpf2bpf_hierarchy_fentry test hangs on s390. Its call graph is as follows: entry() subprog_tail() trampoline() fentry() the rest of subprog_tail() # via BPF_TRAMP_F_CALL_ORIG return to entry() The problem is that the rest of subprog_tail() increments the tail call counter, but the trampoline discards the incremented value. This results in an astronomically large number of tail calls. Fix by making the trampoline write the incremented tail call counter back. Fixes: 528eb2cb87bc ("s390/bpf: Implement arch_prepare_bpf_trampoline()") Signed-off-by: Ilya Leoshkevich Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20250813121016.163375-4-iii@linux.ibm.com Signed-off-by: Sasha Levin --- arch/s390/net/bpf_jit_comp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 31a4bbd2e7dc4..fe0354ad3bb96 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -2442,6 +2442,9 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, /* stg %r2,retval_off(%r15) */ EMIT6_DISP_LH(0xe3000000, 0x0024, REG_2, REG_0, REG_15, tjit->retval_off); + /* mvc tccnt_off(%r15),tail_call_cnt(4,%r15) */ + _EMIT6(0xd203f000 | tjit->tccnt_off, + 0xf000 | offsetof(struct prog_frame, tail_call_cnt)); im->ip_after_call = jit->prg_buf + jit->prg; -- 2.51.0