LoongArch: BPF: Fix off-by-one error in tail call

author Tiezhu Yang <yangtiezhu@loongson.cn>

Thu, 25 Jun 2026 05:03:53 +0000 (13:03 +0800)

committer Huacai Chen <chenhuacai@loongson.cn>

Thu, 25 Jun 2026 05:03:53 +0000 (13:03 +0800)
author Tiezhu Yang <yangtiezhu@loongson.cn>
Thu, 25 Jun 2026 05:03:53 +0000 (13:03 +0800)
committer Huacai Chen <chenhuacai@loongson.cn>
Thu, 25 Jun 2026 05:03:53 +0000 (13:03 +0800)
diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c

index a2a42c0a0f9d533572d073c60f4b39dc97054637..99294f93091489d67657b212f03b444282a206a3 100644 (file)
--- a/arch/loongarch/net/bpf_jit.c
+++ b/arch/loongarch/net/bpf_jit.c
@@ -324,12 +324,12 @@ static int emit_bpf_tail_call(struct jit_ctx *ctx, int insn)
          */
         emit_insn(ctx, ldd, REG_TCC, LOONGARCH_GPR_SP, tcc_ptr_off);
         emit_insn(ctx, ldd, t3, REG_TCC, 0);
-       emit_insn(ctx, addid, t3, t3, 1);
-       emit_insn(ctx, std, t3, REG_TCC, 0);
         emit_insn(ctx, addid, t2, LOONGARCH_GPR_ZERO, MAX_TAIL_CALL_CNT);
-       if (emit_tailcall_jmp(ctx, BPF_JSGT, t3, t2, jmp_offset) < 0)
+       if (emit_tailcall_jmp(ctx, BPF_JSGE, t3, t2, jmp_offset) < 0)
                 goto toofar;
  
+       emit_insn(ctx, addid, t3, t3, 1);
+
         /*
          * prog = array->ptrs[index];
          * if (!prog)
@@ -342,6 +342,8 @@ static int emit_bpf_tail_call(struct jit_ctx *ctx, int insn)
         if (emit_tailcall_jmp(ctx, BPF_JEQ, t2, LOONGARCH_GPR_ZERO, jmp_offset) < 0)
                 goto toofar;
  
+       emit_insn(ctx, std, t3, REG_TCC, 0);
+
         /* goto *(prog->bpf_func + 4); */
         off = offsetof(struct bpf_prog, bpf_func);
         emit_insn(ctx, ldd, t3, t2, off);
author	Tiezhu Yang <yangtiezhu@loongson.cn>
	Thu, 25 Jun 2026 05:03:53 +0000 (13:03 +0800)
committer	Huacai Chen <chenhuacai@loongson.cn>
	Thu, 25 Jun 2026 05:03:53 +0000 (13:03 +0800)