aboutsummaryrefslogtreecommitdiffstats
path: root/arch/arm64/net/bpf_jit_comp.c
diff options
context:
space:
mode:
authorXi Wang <xi.wang@gmail.com>2015-06-25 18:39:15 -0700
committerCatalin Marinas <catalin.marinas@arm.com>2015-06-26 14:15:39 +0100
commitd63903bbc30c7ccad040851dfdb4da12d9a17bcf (patch)
tree6ddc09f1a2289e833b51b373049649f416a586bf /arch/arm64/net/bpf_jit_comp.c
parentarm64: bpf: fix out-of-bounds read in bpf2a64_offset() (diff)
downloadlinux-dev-d63903bbc30c7ccad040851dfdb4da12d9a17bcf.tar.xz
linux-dev-d63903bbc30c7ccad040851dfdb4da12d9a17bcf.zip
arm64: bpf: fix endianness conversion bugs
Upper bits should be zeroed in endianness conversion: - even when there's no need to change endianness (i.e., BPF_FROM_BE on big endian or BPF_FROM_LE on little endian); - after rev16. This patch fixes such bugs by emitting extra instructions to clear upper bits. Cc: Zi Shen Lim <zlim.lnx@gmail.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Fixes: e54bcde3d69d ("arm64: eBPF JIT compiler") Cc: <stable@vger.kernel.org> # 3.18+ Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'arch/arm64/net/bpf_jit_comp.c')
-rw-r--r--arch/arm64/net/bpf_jit_comp.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index c81ddd4ff7f7..c047598b09e0 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -289,23 +289,41 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
case BPF_ALU | BPF_END | BPF_FROM_BE:
#ifdef CONFIG_CPU_BIG_ENDIAN
if (BPF_SRC(code) == BPF_FROM_BE)
- break;
+ goto emit_bswap_uxt;
#else /* !CONFIG_CPU_BIG_ENDIAN */
if (BPF_SRC(code) == BPF_FROM_LE)
- break;
+ goto emit_bswap_uxt;
#endif
switch (imm) {
case 16:
emit(A64_REV16(is64, dst, dst), ctx);
+ /* zero-extend 16 bits into 64 bits */
+ emit(A64_UXTH(is64, dst, dst), ctx);
break;
case 32:
emit(A64_REV32(is64, dst, dst), ctx);
+ /* upper 32 bits already cleared */
break;
case 64:
emit(A64_REV64(dst, dst), ctx);
break;
}
break;
+emit_bswap_uxt:
+ switch (imm) {
+ case 16:
+ /* zero-extend 16 bits into 64 bits */
+ emit(A64_UXTH(is64, dst, dst), ctx);
+ break;
+ case 32:
+ /* zero-extend 32 bits into 64 bits */
+ emit(A64_UXTW(is64, dst, dst), ctx);
+ break;
+ case 64:
+ /* nop */
+ break;
+ }
+ break;
/* dst = imm */
case BPF_ALU | BPF_MOV | BPF_K:
case BPF_ALU64 | BPF_MOV | BPF_K: