Received: by 2002:a17:90a:88:0:0:0:0 with SMTP id a8csp24410pja; Fri, 22 Nov 2019 02:59:23 -0800 (PST) X-Google-Smtp-Source: APXvYqyt3Tf3Ih1BXFOoqUICGW+vn/iJLFDi/P5Zbn9PityFoflxMDuDVnfH5SUyEjzhPTogExlw X-Received: by 2002:a50:da43:: with SMTP id a3mr277234edk.229.1574420363616; Fri, 22 Nov 2019 02:59:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574420363; cv=none; d=google.com; s=arc-20160816; b=xkbmjBdbxPsnnsXSvohHEQWVF4L0VqyK2Mkcn82yZJPPf+LKoM3CY3fe1+DFvC9Q4C eAVBlDSMs11j8hTBCK1A/MyHSNYf/tmKODsS5ayYeIEEUuMbFoacIs9UzoIkOmrxeE/1 URjfhHiXbcsjgKyjsXS/J/QuVDW8WJEk9S8Spj5Buja/W5ewMbHCgCQvQR7KTDDLQ296 DWs/rwqVFnkkbFgR3bqx9axhumsi9EOks9Wn8SekQoL5FxygvTAsG5/H4EBmP0Qgf6As sHrUfvJ5AIw4L1a3l8m33E+TKjO1r1099B1llq7CbSBhv12KV064w1+ggBvQXj2VPTaa brjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=SneF++vbi0XFoToE6KG7lgYO7qqKtrrqEcXU0S32z3I=; b=OQztMJZshtt9KCNIGw1VNdn47g5OPg7RqhAxlxJAOfst2GthMwOhzoxVt4EiTupYCi vfLnXUGmK6YzLt9Bt6vogO+jk7jdJrgfdOV0uJn6U3AmLk/QP0/iK3WBEt+kw2Cc/GW8 ccnMTfchdApCT3yQP1OcLOU71DJ/v8TATOFq0jaT4K2aPjGSdOuImsSc/3kFwApjBhhe WMZYiLgj5OQaQ+JI99+73Mc8hNBqtT9x5wzZ7K2Sc01ga6afq71E8FAAxPpySa5BpDiT 6PMeFmGjbxi6u1A9ld0avbH4LzmLSdQaYR/sQLeJOskH3W5bkFoXFG2qm+YWzjpnN2EU Te2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jZUDVT8F; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b15si4908443eda.174.2019.11.22.02.59.00; Fri, 22 Nov 2019 02:59:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jZUDVT8F; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730537AbfKVKz7 (ORCPT + 99 others); Fri, 22 Nov 2019 05:55:59 -0500 Received: from mail.kernel.org ([198.145.29.99]:43326 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730529AbfKVKz5 (ORCPT ); Fri, 22 Nov 2019 05:55:57 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0B8ED20706; Fri, 22 Nov 2019 10:55:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574420156; bh=hoi0A6doKosz05TOcHyTBS65f5NrBZQ6y2IQFRS7R6w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jZUDVT8FIIlIw5QiU2ie0psjVe3Kxtb2swUEJ7wyOwSAA8vAYvS5aItcynGxF2HNu GkFW7tCZbTdRxWh2CPQDfkCTxzhgIkiXxm1zJrmE/8SncunCtWcQPCIkw8K7eO9qEL mWITSMasHXvnUeBmml+4YJTNpSfFh4V/1bafksME= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xi Wang , Luke Nelson , Daniel Borkmann , Wang YanQing Subject: [PATCH 4.19 013/220] bpf, x32: Fix bug with ALU64 {LSH, RSH, ARSH} BPF_K shift by 0 Date: Fri, 22 Nov 2019 11:26:18 +0100 Message-Id: <20191122100913.566226388@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191122100912.732983531@linuxfoundation.org> References: <20191122100912.732983531@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Luke Nelson commit 6fa632e719eec4d1b1ebf3ddc0b2d667997b057b upstream. The current x32 BPF JIT does not correctly compile shift operations when the immediate shift amount is 0. The expected behavior is for this to be a no-op. The following program demonstrates the bug. The expexceted result is 1, but the current JITed code returns 2. r0 = 1 r1 = 1 r1 <<= 0 if r1 == 1 goto end r0 = 2 end: exit This patch simplifies the code and fixes the bug. Fixes: 03f5781be2c7 ("bpf, x86_32: add eBPF JIT compiler for ia32") Co-developed-by: Xi Wang Signed-off-by: Xi Wang Signed-off-by: Luke Nelson Signed-off-by: Daniel Borkmann Signed-off-by: Wang YanQing Signed-off-by: Greg Kroah-Hartman --- arch/x86/net/bpf_jit_comp32.c | 63 ++++-------------------------------------- 1 file changed, 6 insertions(+), 57 deletions(-) --- a/arch/x86/net/bpf_jit_comp32.c +++ b/arch/x86/net/bpf_jit_comp32.c @@ -892,27 +892,10 @@ static inline void emit_ia32_lsh_i64(con } /* Do LSH operation */ if (val < 32) { - /* shl dreg_hi,imm8 */ - EMIT3(0xC1, add_1reg(0xE0, dreg_hi), val); - /* mov ebx,dreg_lo */ - EMIT2(0x8B, add_2reg(0xC0, dreg_lo, IA32_EBX)); + /* shld dreg_hi,dreg_lo,imm8 */ + EMIT4(0x0F, 0xA4, add_2reg(0xC0, dreg_hi, dreg_lo), val); /* shl dreg_lo,imm8 */ EMIT3(0xC1, add_1reg(0xE0, dreg_lo), val); - - /* IA32_ECX = 32 - val */ - /* mov ecx,val */ - EMIT2(0xB1, val); - /* movzx ecx,ecx */ - EMIT3(0x0F, 0xB6, add_2reg(0xC0, IA32_ECX, IA32_ECX)); - /* neg ecx */ - EMIT2(0xF7, add_1reg(0xD8, IA32_ECX)); - /* add ecx,32 */ - EMIT3(0x83, add_1reg(0xC0, IA32_ECX), 32); - - /* shr ebx,cl */ - EMIT2(0xD3, add_1reg(0xE8, IA32_EBX)); - /* or dreg_hi,ebx */ - EMIT2(0x09, add_2reg(0xC0, dreg_hi, IA32_EBX)); } else if (val >= 32 && val < 64) { u32 value = val - 32; @@ -958,27 +941,10 @@ static inline void emit_ia32_rsh_i64(con /* Do RSH operation */ if (val < 32) { - /* shr dreg_lo,imm8 */ - EMIT3(0xC1, add_1reg(0xE8, dreg_lo), val); - /* mov ebx,dreg_hi */ - EMIT2(0x8B, add_2reg(0xC0, dreg_hi, IA32_EBX)); + /* shrd dreg_lo,dreg_hi,imm8 */ + EMIT4(0x0F, 0xAC, add_2reg(0xC0, dreg_lo, dreg_hi), val); /* shr dreg_hi,imm8 */ EMIT3(0xC1, add_1reg(0xE8, dreg_hi), val); - - /* IA32_ECX = 32 - val */ - /* mov ecx,val */ - EMIT2(0xB1, val); - /* movzx ecx,ecx */ - EMIT3(0x0F, 0xB6, add_2reg(0xC0, IA32_ECX, IA32_ECX)); - /* neg ecx */ - EMIT2(0xF7, add_1reg(0xD8, IA32_ECX)); - /* add ecx,32 */ - EMIT3(0x83, add_1reg(0xC0, IA32_ECX), 32); - - /* shl ebx,cl */ - EMIT2(0xD3, add_1reg(0xE0, IA32_EBX)); - /* or dreg_lo,ebx */ - EMIT2(0x09, add_2reg(0xC0, dreg_lo, IA32_EBX)); } else if (val >= 32 && val < 64) { u32 value = val - 32; @@ -1023,27 +989,10 @@ static inline void emit_ia32_arsh_i64(co } /* Do RSH operation */ if (val < 32) { - /* shr dreg_lo,imm8 */ - EMIT3(0xC1, add_1reg(0xE8, dreg_lo), val); - /* mov ebx,dreg_hi */ - EMIT2(0x8B, add_2reg(0xC0, dreg_hi, IA32_EBX)); + /* shrd dreg_lo,dreg_hi,imm8 */ + EMIT4(0x0F, 0xAC, add_2reg(0xC0, dreg_lo, dreg_hi), val); /* ashr dreg_hi,imm8 */ EMIT3(0xC1, add_1reg(0xF8, dreg_hi), val); - - /* IA32_ECX = 32 - val */ - /* mov ecx,val */ - EMIT2(0xB1, val); - /* movzx ecx,ecx */ - EMIT3(0x0F, 0xB6, add_2reg(0xC0, IA32_ECX, IA32_ECX)); - /* neg ecx */ - EMIT2(0xF7, add_1reg(0xD8, IA32_ECX)); - /* add ecx,32 */ - EMIT3(0x83, add_1reg(0xC0, IA32_ECX), 32); - - /* shl ebx,cl */ - EMIT2(0xD3, add_1reg(0xE0, IA32_EBX)); - /* or dreg_lo,ebx */ - EMIT2(0x09, add_2reg(0xC0, dreg_lo, IA32_EBX)); } else if (val >= 32 && val < 64) { u32 value = val - 32;