bpf: Do not increment tailcall count when prog is NULL

Currently, tailcall count is incremented in the interpreter even when tailcall fails due to non-existent prog. Fix this by holding off on the tailcall count increment until after NULL check on the prog. Suggested-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Hari Bathini <hbathini@linux.ibm.com> Link: https://lore.kernel.org/r/20260220062959.195101-1-hbathini@linux.ibm.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Hari Bathini <hbathini@linux.ibm.com> 2026-02-20 11:59:58 +0530
committer: Alexei Starovoitov <ast@kernel.org> 2026-02-24 10:34:16 -0800
commit: 3733f4be287029dad963534da3d91ac806df233d (patch)
tree: 728240c0a1c72416211157d0c482aa91797590fd /kernel
parent: 055d8dd55302927e5b12d7ad4406730aba9f3f75 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 3ece2da55625..229c74f3d6ae 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2060,12 +2060,12 @@ select_insn:
 		if (unlikely(tail_call_cnt >= MAX_TAIL_CALL_CNT))
 			goto out;
 
-		tail_call_cnt++;
-
 		prog = READ_ONCE(array->ptrs[index]);
 		if (!prog)
 			goto out;
 
+		tail_call_cnt++;
+
 		/* ARG1 at this point is guaranteed to point to CTX from
 		 * the verifier side due to the fact that the tail call is
 		 * handled like a helper, that is, bpf_tail_call_proto,
author	Hari Bathini <hbathini@linux.ibm.com>	2026-02-20 11:59:58 +0530
committer	Alexei Starovoitov <ast@kernel.org>	2026-02-24 10:34:16 -0800
commit	3733f4be287029dad963534da3d91ac806df233d (patch)
tree	728240c0a1c72416211157d0c482aa91797590fd /kernel
parent	055d8dd55302927e5b12d7ad4406730aba9f3f75 (diff)