LoongArch: BPF: Zero-extend bpf_tail_call() index

The bpf_tail_call() index should be treated as a u32 value. Let's zero-extend it to avoid calling wrong BPF progs. See similar fixes for x86 [1]) and arm64 ([2]) for more details. [1]: https://github.com/torvalds/linux/commit/90caccdd8cc0215705f18b92771b449b01e2474a [2]: https://github.com/torvalds/linux/commit/16338a9b3ac30740d49f5dfed81bac0ffa53b9c7 Cc: stable@vger.kernel.org Fixes: 5dc615520c4d ("LoongArch: Add BPF JIT support") Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
author: Hengqi Chen <hengqi.chen@gmail.com> 2025-12-31 15:19:20 +0800
committer: Huacai Chen <chenhuacai@loongson.cn> 2025-12-31 15:19:20 +0800
commit: eb71f5c433e1c6dff089b315881dec40a88a7baf (patch)
tree: 40167af18ea209b7b4f2cde5af587c52220b42bf /arch
parent: 3f5a238f24d7b75f9efe324d3539ad388f58536e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c
index 5352d0c30fb2..766ded335fd8 100644
--- a/arch/loongarch/net/bpf_jit.c
+++ b/arch/loongarch/net/bpf_jit.c
@@ -280,6 +280,8 @@ static int emit_bpf_tail_call(struct jit_ctx *ctx, int insn)
 	 *	 goto out;
 	 */
 	tc_ninsn = insn ? ctx->offset[insn+1] - ctx->offset[insn] : ctx->offset[0];
+	emit_zext_32(ctx, a2, true);
+
 	off = offsetof(struct bpf_array, map.max_entries);
 	emit_insn(ctx, ldwu, t1, a1, off);
 	/* bgeu $a2, $t1, jmp_offset */
author	Hengqi Chen <hengqi.chen@gmail.com>	2025-12-31 15:19:20 +0800
committer	Huacai Chen <chenhuacai@loongson.cn>	2025-12-31 15:19:20 +0800
commit	eb71f5c433e1c6dff089b315881dec40a88a7baf (patch)
tree	40167af18ea209b7b4f2cde5af587c52220b42bf /arch
parent	3f5a238f24d7b75f9efe324d3539ad388f58536e (diff)