From patchwork Thu Jul 15 12:57:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Colin King X-Patchwork-Id: 12380005 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD13BC07E96 for ; Thu, 15 Jul 2021 12:57:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8227F613BC for ; Thu, 15 Jul 2021 12:57:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229741AbhGONAH (ORCPT ); Thu, 15 Jul 2021 09:00:07 -0400 Received: from smtp-relay-canonical-1.canonical.com ([185.125.188.121]:60116 "EHLO smtp-relay-canonical-1.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229679AbhGONAH (ORCPT ); Thu, 15 Jul 2021 09:00:07 -0400 Received: from localhost (1.general.cking.uk.vpn [10.172.193.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id D87E3409F4; Thu, 15 Jul 2021 12:57:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1626353832; bh=XqK+vx8ysu2dR1xpNfi0uOpzCmJBmn4R/mwkNVGPQrY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type; b=KQq+r3AASoEClQVDGdeTH/Bua3fewcvARM7YLnlQw7dWvHB0nHgap+GrPmjK3BOQi fsrrhuR0CP9yy8Ykhi5UHXqlLWx5yIjMUrt5kyS6SC/wgBjBsh15tNjh+tJ3Wwyue7 LE9xQzChcZXyK5e23wcxIc7IznMpf5DeWH6qWt1OAhKKMzz61fYa+WAfBh7vefbtgb YUsOqItmsQkpFK+zBlgND6MJ4o8Kjd0K2xS8b8Snzu1Cc0OxryEeOpE0oUxsp+V9uX HDKg/izKaFHLFJU5gtKe6iD/rpjliOIodSiOQ7FaCGidVKS+8JyQxD/WoffA3N7TYa pCyiNp/JopPBw== From: Colin King To: Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Song Liu , Yonghong Song , John Fastabend , KP Singh , Michael Holzheu , Martin Schwidefsky , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-s390@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] s390/bpf: perform r1 range checking before accessing jit->seen_reg[r1] Date: Thu, 15 Jul 2021 13:57:12 +0100 Message-Id: <20210715125712.24690-1-colin.king@canonical.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net From: Colin Ian King Currently array jit->seen_reg[r1] is being accessed before the range checking of index r1. The range changing on r1 should be performed first since it will avoid any potential out-of-range accesses on the array seen_reg[] and also it is more optimal to perform checks on r1 before fetching data from the array. Fix this by swapping the order of the checks before the array access. Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend") Signed-off-by: Colin Ian King Acked-by: Ilya Leoshkevich Tested-by: Ilya Leoshkevich --- arch/s390/net/bpf_jit_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 63cae0476bb4..2ae419f5115a 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -112,7 +112,7 @@ static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) { u32 r1 = reg2hex[b1]; - if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15) + if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1]) jit->seen_reg[r1] = 1; }