Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3673203pxv; Mon, 26 Jul 2021 09:08:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz0Cm3awZ19b0BNEPALyEmAM50BhD/9MWBEmByYd4bNmBY3zYsW0ZajZ0IPjic1axqlhj/m X-Received: by 2002:a05:6402:d5a:: with SMTP id ec26mr22729859edb.4.1627315720915; Mon, 26 Jul 2021 09:08:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627315720; cv=none; d=google.com; s=arc-20160816; b=qpx+GonVLt6VUUOb44ostOE0ZcmlKOYICigfJ3Wu3kzd6ALoLy0z4MmMbfA5lI2cXR PZYShGBQ/5g8m5H9mgT5yeZkvHrbltorY2oOOpuzeVC1bUbDpgP5fzhjpOm/RPNeMZQ5 GA3Pu3r8F7G7Up/TKVhr5093XOG1+msyiagjFvORPdI70z0zs11zIBqZOKMc10wJ3HY6 FJdQegp/rTzPFwDfCL3qugS8z2bijHCZBWUaA/dapwWEHzYYW4r/+NUJhTGi0x6cyd0h re9I1D0TDiC4ZqxZN3LYQFMvfRw6e/gp31r9fwujMFnMZZOPXyIoaQUyOqtbMashtrkF bvPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WtnRv43hq9R3HPkFQ+/1XRGoR6Jjcjs+aZhhZtG4dW0=; b=Zi9t1K2WYfoAJjbB1No9sF4BWxq2etaZ2qN4mZvaGfG38Q39OR7dIauJFYFQXY8sq/ iGr+l6rNb/nHY+gp3VwaA4isPDW0PHlOVYHMIGbIUzTm8ipdpJLdghBkECoOULHFcE7C aMWg+y9tquf9NfhIQfCrmeakmzb0kdxZdijPdlJ7IYC3SKwaPi2P1J+Rp7bg1e/rHOj9 97Q+w74aW8m6SdAN20i5KEoUKHiL/OlgYUvxZTyl1eVbSaYRslTHYWaEYOBOvQaBd/BH 1SIvLTe3suvk02I2XDpTp5xc7FgF+HNMTj+i3DV3txudmbMf1jMd5bMJWxPHIeC/1k9X McUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=RL2SLdL4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g21si311951edq.557.2021.07.26.09.08.16; Mon, 26 Jul 2021 09:08:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=RL2SLdL4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236648AbhGZPXy (ORCPT + 99 others); Mon, 26 Jul 2021 11:23:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:54388 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237452AbhGZPPr (ORCPT ); Mon, 26 Jul 2021 11:15:47 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9E01B610D1; Mon, 26 Jul 2021 15:56:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627314970; bh=EOXMgGQETPjYIG0uLO6/QqfGWPM9mVxdYrIx4iyihIk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RL2SLdL4u4RIr+90Xtzg5RoTcEyPKRzUGY82eo0B2xX70wXKIcc6gYWjqhaCHRiaY mf471PWPdDueyqfJc9FqwYgH/hD8yuq4LYJsKJ4Qq27LPo7Rm1oft+tj7XbF5tR3VC 5BAO3EdBwkr9lk0x01BCnR0MawbECIz0RU0UA0g0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Colin Ian King , Daniel Borkmann , Ilya Leoshkevich , Sasha Levin Subject: [PATCH 5.4 038/108] s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] Date: Mon, 26 Jul 2021 17:38:39 +0200 Message-Id: <20210726153832.914131799@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210726153831.696295003@linuxfoundation.org> References: <20210726153831.696295003@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King [ Upstream commit 91091656252f5d6d8c476e0c92776ce9fae7b445 ] Currently array jit->seen_reg[r1] is being accessed before the range checking of index r1. The range changing on r1 should be performed first since it will avoid any potential out-of-range accesses on the array seen_reg[] and also it is more optimal to perform checks on r1 before fetching data from the array. Fix this by swapping the order of the checks before the array access. Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend") Signed-off-by: Colin Ian King Signed-off-by: Daniel Borkmann Tested-by: Ilya Leoshkevich Acked-by: Ilya Leoshkevich Link: https://lore.kernel.org/bpf/20210715125712.24690-1-colin.king@canonical.com Signed-off-by: Sasha Levin --- arch/s390/net/bpf_jit_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index c8c16b5eed6b..e160f4650f8e 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -114,7 +114,7 @@ static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) { u32 r1 = reg2hex[b1]; - if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15) + if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1]) jit->seen_reg[r1] = 1; } -- 2.30.2