Commit eb71f5c4 authored Dec 31, 2025 by Hengqi Chen Committed by Huacai Chen Dec 31, 2025

LoongArch: BPF: Zero-extend bpf_tail_call() index

The bpf_tail_call() index should be treated as a u32 value. Let's
zero-extend it to avoid calling wrong BPF progs. See similar fixes
for x86 [1]) and arm64 ([2]) for more details.

  [1]: https://github.com/torvalds/linux/commit/90caccdd8cc0215705f18b92771b449b01e2474a
  [2]: https://github.com/torvalds/linux/commit/16338a9b3ac30740d49f5dfed81bac0ffa53b9c7



Cc: stable@vger.kernel.org
Fixes: 5dc61552 ("LoongArch: Add BPF JIT support")
Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>

parent 3f5a238f

arch/loongarch/net/bpf_jit.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -280,6 +280,8 @@ static int emit_bpf_tail_call(struct jit_ctx *ctx, int insn)
		* goto out;
		*/
		tc_ninsn = insn ? ctx->offset[insn+1] - ctx->offset[insn] : ctx->offset[0];
		emit_zext_32(ctx, a2, true);

		off = offsetof(struct bpf_array, map.max_entries);
		emit_insn(ctx, ldwu, t1, a1, off);
		/* bgeu $a2, $t1, jmp_offset */