git.baikalelectronics.ru Git - kernel.git/commit

author	Luke Nelson <lukenels@cs.washington.edu>
	Sat, 29 Jun 2019 05:57:49 +0000 (22:57 -0700)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Wed, 3 Jul 2019 09:14:28 +0000 (11:14 +0200)
commit	b08289c7b2e97c756439864a4bc27fd874c66e0e
tree	2a00d404a186fdc829f496f988df13b7fefc7a6b	tree \| snapshot
parent	256b729e9ab51ee2d99baae0f974b1fe48a64ed1	commit \| diff

bpf, x32: Fix bug with ALU64 {LSH, RSH, ARSH} BPF_X shift by 0

The current x32 BPF JIT for shift operations is not correct when the
shift amount in a register is 0. The expected behavior is a no-op, whereas
the current implementation changes bits in the destination register.

The following example demonstrates the bug. The expected result of this
program is 1, but the current JITed code returns 2.

  r0 = 1
  r1 = 1
  r2 = 0
  r1 <<= r2
  if r1 == 1 goto end
  r0 = 2
end:
  exit

The bug is caused by an incorrect assumption by the JIT that a shift by
32 clear the register. On x32 however, shifts use the lower 5 bits of
the source, making a shift by 32 equivalent to a shift by 0.

This patch fixes the bug using double-precision shifts, which also
simplifies the code.

Fixes: 7d34d6cfde1f ("bpf, x86_32: add eBPF JIT compiler for ia32")
Co-developed-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>