ARM: net: bpf: fix zero right shift

Message ID	1452015244-1230-1-git-send-email-rabin@rab.in (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org> From: Rabin Vincent <rabin@rab.in> To: davem@davemloft.net Subject: [PATCH] ARM: net: bpf: fix zero right shift Date: Tue, 5 Jan 2016 18:34:04 +0100 Message-Id: <1452015244-1230-1-git-send-email-rabin@rab.in> Precedence: list Cc: Rabin Vincent <rabin@rab.in>, netdev@vger.kernel.org, linux@arm.linux.org.uk, linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Message ID

1452015244-1230-1-git-send-email-rabin@rab.in (mailing list archive)

State

New, archived

Headers

From: Rabin Vincent <rabin@rab.in>
To: davem@davemloft.net
Subject: [PATCH] ARM: net: bpf: fix zero right shift
Date: Tue,  5 Jan 2016 18:34:04 +0100
Message-Id: <1452015244-1230-1-git-send-email-rabin@rab.in>
Precedence: list
Cc: Rabin Vincent <rabin@rab.in>, netdev@vger.kernel.org,
	linux@arm.linux.org.uk, linux-arm-kernel@lists.infradead.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Commit Message

Rabin Vincent Jan. 5, 2016, 5:34 p.m. UTC

The LSR instruction cannot be used to perform a zero right shift since a
0 as the immediate value (imm5) in the LSR instruction encoding means
that a shift of 32 is perfomed.  See DecodeIMMShift() in the ARM ARM.

Make the JIT skip generation of the LSR if a zero-shift is requested.

This was found using american fuzzy lop.

Signed-off-by: Rabin Vincent <rabin@rab.in>
---
 arch/arm/net/bpf_jit_32.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Alexei Starovoitov Jan. 5, 2016, 5:50 p.m. UTC | #1

On Tue, Jan 05, 2016 at 06:34:04PM +0100, Rabin Vincent wrote:
> The LSR instruction cannot be used to perform a zero right shift since a
> 0 as the immediate value (imm5) in the LSR instruction encoding means
> that a shift of 32 is perfomed.  See DecodeIMMShift() in the ARM ARM.
> 
> Make the JIT skip generation of the LSR if a zero-shift is requested.
> 
> This was found using american fuzzy lop.
> 
> Signed-off-by: Rabin Vincent <rabin@rab.in>

Looks good as a fix for classic jit. For eBPF we would want to check
this in verifier.

Acked-by: Alexei Starovoitov <ast@kernel.org>

David Miller Jan. 6, 2016, 6:32 a.m. UTC | #2

From: Rabin Vincent <rabin@rab.in>
Date: Tue,  5 Jan 2016 18:34:04 +0100

> The LSR instruction cannot be used to perform a zero right shift since a
> 0 as the immediate value (imm5) in the LSR instruction encoding means
> that a shift of 32 is perfomed.  See DecodeIMMShift() in the ARM ARM.
> 
> Make the JIT skip generation of the LSR if a zero-shift is requested.
> 
> This was found using american fuzzy lop.
> 
> Signed-off-by: Rabin Vincent <rabin@rab.in>

Applied, thanks.

diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
index e153eb065fe4..93d0b6d0b63e 100644
--- a/arch/arm/net/bpf_jit_32.c
+++ b/arch/arm/net/bpf_jit_32.c
@@ -756,7 +756,8 @@  load_ind:
 		case BPF_ALU | BPF_RSH | BPF_K:
 			if (unlikely(k > 31))
 				return -1;
-			emit(ARM_LSR_I(r_A, r_A, k), ctx);
+			if (k)
+				emit(ARM_LSR_I(r_A, r_A, k), ctx);
 			break;
 		case BPF_ALU | BPF_RSH | BPF_X:
 			update_on_xread(ctx);

ARM: net: bpf: fix zero right shift

Commit Message

Comments

Patch