Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp871547ybe; Wed, 4 Sep 2019 08:59:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqxS/BHyXeRDueCaMuE/i6YBJOgDeUjHfB9oHM8xZ69x6P6PKbnmippAA37m3NcJU8q20klo X-Received: by 2002:a17:90a:a610:: with SMTP id c16mr5904509pjq.34.1567612777308; Wed, 04 Sep 2019 08:59:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567612777; cv=none; d=google.com; s=arc-20160816; b=fwp+DTjgNXiVIuKDyz+STGdKSfk2NIBsz0lcMP4Mp3lmFYxysIYx7FY0ziwcBLeH+u GF8lo1PePeaYnijMpxZZ1XuwdtEQzq/f70DstIgPVV2NnRmczLq/TiSVYC2CduuVAO9e 2yoH9+zYZXz5qzNcKQhQAt0nVKuTGFfAUD9pUxIem/6XkALwRYMwUJzqE+fjAUM5Oui/ dkcZUzS+npWeI6xNPPTnaDA4iiW15it8Tozp+66Gbzfp+qdUZ3PTD3sri2ZRPat3Rfh2 o7aS2P5qjQpUeWwlkjVF8oOLC+L+Vdsr7PVmrr4TvF70Udcs7xa6jKFeelCnHDzNPkjQ HZLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=QFIeVBBfznxDspXpjQY5guVKBchwT7JrmzqgP50ku9U=; b=EfKa03wgrwU9t4kC0TNFfUjxnWeim9u/in32nokl5RdjbNwtGyZqGtrHl98YzF58Zc dHl9GOrqZoYcKO6ILed0YRyl6PReqcTS3pahBK2V9gAEW16O1oEVxbBoZglU18FNKZet xQXk4ojmzWZ6kBsgRURq8Yw1c4Bs6A0PUbPNesleSr6CdxEDTCxuCqx1+3udTc1A42+v tY7IDpVJuQ3fJ650pIzj+SdZLMWtgdz0XQPOiTo9k5K0HG11WwdWnvlu9SPQp9cZPPj2 y8Uxe21rNsfiKTpN8lufdDMT56POudvmW3ZRYE9nRPDaErYdVFjbOfPaEu4FlvappMLo j58Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mwXAhLA5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c5si2655779pjq.52.2019.09.04.08.59.21; Wed, 04 Sep 2019 08:59:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mwXAhLA5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731769AbfIDP6H (ORCPT + 99 others); Wed, 4 Sep 2019 11:58:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:60006 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731748AbfIDP6H (ORCPT ); Wed, 4 Sep 2019 11:58:07 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BF21522CED; Wed, 4 Sep 2019 15:58:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567612686; bh=jHeOX+JGSjeo8/ClvRymMzd+5AAANs5t135kcyVXqk8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mwXAhLA5hO9yKAXuZDoVRQjtwLtAT29B9hIigcw5w1t11bp0eln5INs/5XdA3jGeM veaUYVC8RjMxTxcVjziZHyAjPV+f7myHywejnD2JnNUAUCwYiPqNTEiPRw6Kjclfsk D15eoPE2eWmvzkgJWP3krn0Uag7OpgX2nG7ivQGU= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Ilya Leoshkevich , Yauheni Kaliuta , Vasily Gorbik , Daniel Borkmann , Sasha Levin , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-s390@vger.kernel.org Subject: [PATCH AUTOSEL 5.2 17/94] s390/bpf: use 32-bit index for tail calls Date: Wed, 4 Sep 2019 11:56:22 -0400 Message-Id: <20190904155739.2816-17-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190904155739.2816-1-sashal@kernel.org> References: <20190904155739.2816-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ilya Leoshkevich [ Upstream commit 91b4db5313a2c793aabc2143efb8ed0cf0fdd097 ] "p runtime/jit: pass > 32bit index to tail_call" fails when bpf_jit_enable=1, because the tail call is not executed. This in turn is because the generated code assumes index is 64-bit, while it must be 32-bit, and as a result prog array bounds check fails, while it should pass. Even if bounds check would have passed, the code that follows uses 64-bit index to compute prog array offset. Fix by using clrj instead of clgrj for comparing index with array size, and also by using llgfr for truncating index to 32 bits before using it to compute prog array offset. Fixes: 6651ee070b31 ("s390/bpf: implement bpf_tail_call() helper") Reported-by: Yauheni Kaliuta Acked-by: Vasily Gorbik Signed-off-by: Ilya Leoshkevich Signed-off-by: Daniel Borkmann Signed-off-by: Sasha Levin --- arch/s390/net/bpf_jit_comp.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 9a711472cbdc0..fd9844f947f79 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -1027,8 +1027,8 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i /* llgf %w1,map.max_entries(%b2) */ EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2, offsetof(struct bpf_array, map.max_entries)); - /* clgrj %b3,%w1,0xa,label0: if %b3 >= %w1 goto out */ - EMIT6_PCREL_LABEL(0xec000000, 0x0065, BPF_REG_3, + /* clrj %b3,%w1,0xa,label0: if (u32)%b3 >= (u32)%w1 goto out */ + EMIT6_PCREL_LABEL(0xec000000, 0x0077, BPF_REG_3, REG_W1, 0, 0xa); /* @@ -1054,8 +1054,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i * goto out; */ - /* sllg %r1,%b3,3: %r1 = index * 8 */ - EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, BPF_REG_3, REG_0, 3); + /* llgfr %r1,%b3: %r1 = (u32) index */ + EMIT4(0xb9160000, REG_1, BPF_REG_3); + /* sllg %r1,%r1,3: %r1 *= 8 */ + EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3); /* lg %r1,prog(%b2,%r1) */ EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, BPF_REG_2, REG_1, offsetof(struct bpf_array, ptrs)); -- 2.20.1