bpf: Check for helper calls in check_subprogs()

The condition src_reg != BPF_PSEUDO_CALL && imm == BPF_FUNC_tail_call
may be satisfied by a kfunc call. This would lead to unnecessarily
setting has_tail_call. Use src_reg == 0 instead.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Acked-by: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/r/20230220163756.753713-1-iii@linux.ibm.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 741cb5107536dba8638fda6f5c547f8dd937c2cf..5cb8b623f6397063e605c3d85250d2c953f8f079 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2479,8 +2479,8 @@ static int check_subprogs(struct bpf_verifier_env *env)
                u8 code = insn[i].code;
 
                if (code == (BPF_JMP | BPF_CALL) &&
-                   insn[i].imm == BPF_FUNC_tail_call &&
-                   insn[i].src_reg != BPF_PSEUDO_CALL)
+                   insn[i].src_reg == 0 &&
+                   insn[i].imm == BPF_FUNC_tail_call)
                        subprog[cur_subprog].has_tail_call = true;
                if (BPF_CLASS(code) == BPF_LD &&
                    (BPF_MODE(code) == BPF_ABS || BPF_MODE(code) == BPF_IND))