From: Hari Bathini <hbathini@linux.ibm.com>
Date: Fri, 20 Feb 2026 06:29:58 +0000 (+0530)
Subject: bpf: Do not increment tailcall count when prog is NULL
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3733f4be287029dad963534da3d91ac806df233d;p=thirdparty%2Flinux.git

bpf: Do not increment tailcall count when prog is NULL

Currently, tailcall count is incremented in the interpreter even when
tailcall fails due to non-existent prog. Fix this by holding off on
the tailcall count increment until after NULL check on the prog.

Suggested-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Link: https://lore.kernel.org/r/20260220062959.195101-1-hbathini@linux.ibm.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
---

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 3ece2da55625c..229c74f3d6ae7 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2060,12 +2060,12 @@ select_insn:
 		if (unlikely(tail_call_cnt >= MAX_TAIL_CALL_CNT))
 			goto out;
 
-		tail_call_cnt++;
-
 		prog = READ_ONCE(array->ptrs[index]);
 		if (!prog)
 			goto out;
 
+		tail_call_cnt++;
+
 		/* ARG1 at this point is guaranteed to point to CTX from
 		 * the verifier side due to the fact that the tail call is
 		 * handled like a helper, that is, bpf_tail_call_proto,