On Wed, Sep 9, 2020 at 4:22 PM Ilya Leoshkevich <iii@xxxxxxxxxxxxx> wrote:
>
> In order to branch around tail calls (due to out-of-bounds index,
> exceeding tail call count or missing tail call target), JIT uses
> label[0] field, which contains the address of the instruction following
> the tail call. When there are multiple tail calls, label[0] value comes
> from handling of a previous tail call, which is incorrect.
>
> Fix by getting rid of label array and resolving the label address
> locally: for all 3 branches that jump to it, emit 0 offsets at the
> beginning, and then backpatch them with the correct value.
>
> Also, do not use the long jump infrastructure: the tail call sequence
> is known to be short, so make all 3 jumps short.
>
> Fixes: 6651ee070b31 ("s390/bpf: implement bpf_tail_call() helper")
> Signed-off-by: Ilya Leoshkevich <iii@xxxxxxxxxxxxx>
Applied. Thanks
