Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3672428pxv;
        Mon, 26 Jul 2021 09:07:54 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxx1yJpdPviVXsJOrWGr/WRzzcVSR6S+pAuls7i2e2G9m6eQm/K0z4IYjOS2qc1R06wygpg
X-Received: by 2002:a05:6402:487:: with SMTP id k7mr21870638edv.315.1627315673812;
        Mon, 26 Jul 2021 09:07:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1627315673; cv=none;
        d=google.com; s=arc-20160816;
        b=dBFzTs02CoJNncVNrRRU6F7VKKk8Pi8sSEadn+F2xDA72a3FgTpvYvRxxWMErtcbt5
         s27c1fnnKgIxvgzGDzlaBc0x9zG5wfyhmU0Lj0slKrTtVMJdv3AJcxZZ0EYAyWxgqSx9
         UoJ+tMsdKemvjZX8hIUoLtQqWp2ImPo/TaNvBA664gFC+TYG/4mUA8GmGRj0HONNw9h4
         Z3PQWDGySDXk0eM3cAg5Hzy/hTfyvL7JncxKoWq4aJeiJS3/gQ3bBikb99vqiBXu/QsC
         t2dkvt+D1dR98KV0qbiZZPoTffpuwuIkng/A9FfzC4qFg/8Z6LF9nGF5juJ6vvdMLATy
         du6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=LaVXQPSsKsVLeYwcBNOZvWe2o7GDPvoWALlQMoC7p6s=;
        b=ZAa6IiIOSDwesGTOJcEWOnS7WpM7sXLJWeWuZUmuuCoF9YuTlwYhSvVcvQDrdWSQFy
         e5MfkGMO6m8iQMnXlhnirIg2XYi8hHls3SxkQ/mEVzXVr0JuE+KZzQK1Hr/JMl6Go/BC
         hjJrrb/kGYQ/Dlb/ztrK3f1FfFTmR59i7m0oZdCPqFZ9M2q0yHzyAKxdAFfqm8RKdoAv
         S2gqezKLrktAO9JTZtSdQcaewZ6eVUnztjrB+EXZfTMZ9KM+Zd04yNQDcqNeOH2g+ooK
         CVXRXUaKaFfGlUgzg7NbPqo/+UaiCZYh5x2/TFxBaju2EUwZlV27pPxp99byONc+0e2I
         vWrA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DeFZqRmw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id la2si303718ejc.153.2021.07.26.09.07.30;
        Mon, 26 Jul 2021 09:07:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DeFZqRmw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237883AbhGZPYU (ORCPT <rfc822;linux.sihyeon@gmail.com>
        + 99 others); Mon, 26 Jul 2021 11:24:20 -0400
Received: from mail.kernel.org ([198.145.29.99]:53270 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S236865AbhGZPPm (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Jul 2021 11:15:42 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id D7C1C60FEE;
        Mon, 26 Jul 2021 15:53:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1627314834;
        bh=kiCwj/eaP/By5s5uuKuSufARKwNtWr/QwUGAT1BSjy4=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=DeFZqRmwsccgGmoZ/lhqef2YCPify6eFn6UscTvEoWQDwpMpkCxyfxBqhhCzmLMH9
         qWiiZGamaQoUmkGwmhlyt4bnI0Lv+UOfOJpabkIUZC6EZTwgmUAN908GmLNgHT9Dg2
         Rb84+ih54NNmjfWgpjHbhgRMzDVyo9X1DoCSvc8E=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Colin Ian King <colin.king@canonical.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Ilya Leoshkevich <iii@linux.ibm.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 073/120] s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
Date:   Mon, 26 Jul 2021 17:38:45 +0200
Message-Id: <20210726153834.728280682@linuxfoundation.org>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20210726153832.339431936@linuxfoundation.org>
References: <20210726153832.339431936@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Colin Ian King <colin.king@canonical.com>

[ Upstream commit 91091656252f5d6d8c476e0c92776ce9fae7b445 ]

Currently array jit->seen_reg[r1] is being accessed before the range
checking of index r1. The range changing on r1 should be performed
first since it will avoid any potential out-of-range accesses on the
array seen_reg[] and also it is more optimal to perform checks on r1
before fetching data from the array. Fix this by swapping the order
of the checks before the array access.

Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Ilya Leoshkevich <iii@linux.ibm.com>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Link: https://lore.kernel.org/bpf/20210715125712.24690-1-colin.king@canonical.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/s390/net/bpf_jit_comp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index 2617e426c792..e42354b15e0b 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -113,7 +113,7 @@ static inline void reg_set_seen(struct bpf_jit *jit, u32 b1)
 {
 	u32 r1 = reg2hex[b1];
 
-	if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15)
+	if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1])
 		jit->seen_reg[r1] = 1;
 }
 
-- 
2.30.2