Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp2282422imb; Mon, 4 Mar 2019 00:42:46 -0800 (PST) X-Google-Smtp-Source: APXvYqydJOUtty7vkw5ZRYcWZFueT7B5LK1KEczIF9AL5vDgm3m3xgzbJrrlzrAix6wbhKgLsPYa X-Received: by 2002:a17:902:2aab:: with SMTP id j40mr19286800plb.271.1551688966438; Mon, 04 Mar 2019 00:42:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551688966; cv=none; d=google.com; s=arc-20160816; b=a8Ei+eRImZWLjiHH0ZuuW08mC0CjhJvo1b8aLiPD4IOtXX76ELTZPcCcDMJTRIcnuC uen102ZC7sTcLZMPk1B/EOOxiT+NEU9BmGRzBtLsr8L/xfbAKeZRum0nQU/EXMY4NWvY iTC9xxmDVcAGk/VonmJmojIwTZ4MLI96ltrp+/UZkwLaVoDz0YDBlHK1YgcXkHua8iGE iMc6d3+AUu4BVa3Zw2/w7ZbkTPLSWNn89oU+eMFeGKYSMtC20aP4WJecrd0FlmxEiMRC QdPbPQUMS3MzGwe8J6J5XNy5INaUflBhi+HgsBsAKxyaQOo9FyHfg3PiipmM7vCD7z9o olzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=z3EcTShZdiU+IEAyQC9fY8lRi0XTaH0HqxeeUzl1zLY=; b=uuU9i/KUjsJi4NiHWukBLIBAmjnZFokKNxTnMfwnIl8WFmf0fdwNeuEiKomYAXk9oP 9MTGK3NV9iApymUTDuGzqIkiFj5bOfHnnwNg7Cl2pco1Zg8OpbAU/Y8vFyz7q/J1gWkm BjaxPB2PPvaJzjLpGzV26DCDSu9W6xj5Hmapnu9Dwbk27lLMPF8Q+Hgp1MAFzaxPfTSH faGYeCn6mf3J/8fkG68LJ7+EyVwt5ldIo+qSyqiMOHwWExfAfUhq+rA1pIQnyVRtHCKB 8448p2Wf9U6+NP4VE2+awYEoGEMUSkg1pwKDZ869T+aY6vn5+PrPQO2DW1kXDeM+UHM3 1L9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mJFhHv5k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u77si5185651pfj.139.2019.03.04.00.42.31; Mon, 04 Mar 2019 00:42:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mJFhHv5k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727957AbfCDIbe (ORCPT + 99 others); Mon, 4 Mar 2019 03:31:34 -0500 Received: from mail.kernel.org ([198.145.29.99]:33618 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727941AbfCDIbc (ORCPT ); Mon, 4 Mar 2019 03:31:32 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A415820836; Mon, 4 Mar 2019 08:31:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1551688292; bh=nOHZIZxlFgkstYyXw3LWOWmyz97E/eqa8M6Fzue3v0M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mJFhHv5kYgL81/Bc1YD2FC+DNj9EoPdQhioTQWdzt5ZoeV2dFqqq2VjVB1h9xsAhs 6NT+SlVfhCS79YzGumXqqrHuUMXfVLqAoDIWxbfxqqdFtsguGq4cxx2eB4dNOkCTvK SlWEw7t+mJon9mgHxtSFo/2jfavbefbR+AS8wCPo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Paul Burton , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mips@vger.kernel.org Subject: [PATCH 4.19 77/78] MIPS: eBPF: Fix icache flush end address Date: Mon, 4 Mar 2019 09:23:00 +0100 Message-Id: <20190304081629.043690167@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190304081625.508788074@linuxfoundation.org> References: <20190304081625.508788074@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Paul Burton commit d1a2930d8a992fb6ac2529449f81a0056e1b98d1 upstream. The MIPS eBPF JIT calls flush_icache_range() in order to ensure the icache observes the code that we just wrote. Unfortunately it gets the end address calculation wrong due to some bad pointer arithmetic. The struct jit_ctx target field is of type pointer to u32, and as such adding one to it will increment the address being pointed to by 4 bytes. Therefore in order to find the address of the end of the code we simply need to add the number of 4 byte instructions emitted, but we mistakenly add the number of instructions multiplied by 4. This results in the call to flush_icache_range() operating on a memory region 4x larger than intended, which is always wasteful and can cause crashes if we overrun into an unmapped page. Fix this by correcting the pointer arithmetic to remove the bogus multiplication, and use braces to remove the need for a set of brackets whilst also making it obvious that the target field is a pointer. Signed-off-by: Paul Burton Fixes: b6bd53f9c4e8 ("MIPS: Add missing file for eBPF JIT.") Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Martin KaFai Lau Cc: Song Liu Cc: Yonghong Song Cc: netdev@vger.kernel.org Cc: bpf@vger.kernel.org Cc: linux-mips@vger.kernel.org Cc: stable@vger.kernel.org # v4.13+ Signed-off-by: Daniel Borkmann Signed-off-by: Greg Kroah-Hartman --- arch/mips/net/ebpf_jit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/mips/net/ebpf_jit.c +++ b/arch/mips/net/ebpf_jit.c @@ -1818,7 +1818,7 @@ struct bpf_prog *bpf_int_jit_compile(str /* Update the icache */ flush_icache_range((unsigned long)ctx.target, - (unsigned long)(ctx.target + ctx.idx * sizeof(u32))); + (unsigned long)&ctx.target[ctx.idx]); if (bpf_jit_enable > 1) /* Dump JIT code */