Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3692139pxv; Mon, 26 Jul 2021 09:30:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy+M+Nn4mh+1CPNB6Ca8QZMeSRNOKZwTKlZE3Eg5A1K987PJnqLW5Z8Xzqbg9HZNUgIMnbG X-Received: by 2002:a5d:9e03:: with SMTP id h3mr2473299ioh.7.1627317034663; Mon, 26 Jul 2021 09:30:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627317034; cv=none; d=google.com; s=arc-20160816; b=jROhvBYnNJvEdw+JblAOjXV6ralZsNGNHmL7AnND1rcp/uafp4/hwD7ZwyaIglwbbk oeJx9ak6Q+GYnF7Ahe+Axyy8hfhAqaKhFQtqmTc10ltLNmH97MF+APB989tT4eTqApUw ufseEKC4EhFUhB+SgMMH/J4rnSE3BwUAl3ko52jnMIevN4X3InVxFzvZSrOUx0D3Mqwp 6pVQ4FXOk6RQNIH8J70ypMTO2JFLaPjuG33BGFaOg3eGSLa+Cz8hEqYD8oGIb/AmoQ65 SeDz9y/0pxGopeZLGUdJU9e/fU6RWUHS7o/MVtqykExmLHk928AC/JJCL/AJOiFN+Diz Z/OA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=OlkrlB95MokN9EAd9fx1NnIEHcjOhj1yVxoUwlm1tU4=; b=0Uopwo1zqq5DrhUAxjG131ZV+28EfQw+vYLHWRQILuC8MnLPgeColR8UP+yAqfELYO hn5aUZs2BUOUSYq2X8RT3Bhs1IGAPlIcypmW0oNKiQFMMN8bkL6AauGg0TaJXhKFJMZD LJYMehD+nFdy0ru1ZH4Po0snuBl0w6LOVyxdCVPjJKZ0d+6jiK1zILEvC7/e7rIDPdld MYeKsr74pEo08G4juM17pVhqgy054JjEmxAn/W7pKArk1S0D3bRbl4ncf4mtxhrjaPKB KdcT4QTbPOYZk902QZC0Db89jYkDw0T7vTf0/YYCBfqRUMFCrcY8nucMskCxjDYuA5Mq ZC2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=OiJsqvrO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v5si362556jan.37.2021.07.26.09.30.19; Mon, 26 Jul 2021 09:30:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=OiJsqvrO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237820AbhGZPso (ORCPT + 99 others); Mon, 26 Jul 2021 11:48:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:45070 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238148AbhGZP3x (ORCPT ); Mon, 26 Jul 2021 11:29:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D0E3D60EB2; Mon, 26 Jul 2021 16:10:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627315821; bh=3IPmvvfJmZkvqjZH6EokLbri7EZBI6+V7aGYRWssNb8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OiJsqvrO2bvGYO/JOmy/Tl8Ap8HuSldFeaRyFTMS6tXZecSlLK79JzfWeN8bNuH0M ALfummyLJIcH8A3UKgvy+7qCSI+mPKKaUKHiZiZmL0KI1CPzpNL9hCgUntxsIwh0WW dDTbu5N2se22+R6rag4w/BD+7ZAshNWfe77ZTkUE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Colin Ian King , Daniel Borkmann , Ilya Leoshkevich , Sasha Levin Subject: [PATCH 5.13 081/223] s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] Date: Mon, 26 Jul 2021 17:37:53 +0200 Message-Id: <20210726153848.896034868@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210726153846.245305071@linuxfoundation.org> References: <20210726153846.245305071@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King [ Upstream commit 91091656252f5d6d8c476e0c92776ce9fae7b445 ] Currently array jit->seen_reg[r1] is being accessed before the range checking of index r1. The range changing on r1 should be performed first since it will avoid any potential out-of-range accesses on the array seen_reg[] and also it is more optimal to perform checks on r1 before fetching data from the array. Fix this by swapping the order of the checks before the array access. Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend") Signed-off-by: Colin Ian King Signed-off-by: Daniel Borkmann Tested-by: Ilya Leoshkevich Acked-by: Ilya Leoshkevich Link: https://lore.kernel.org/bpf/20210715125712.24690-1-colin.king@canonical.com Signed-off-by: Sasha Levin --- arch/s390/net/bpf_jit_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 63cae0476bb4..2ae419f5115a 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -112,7 +112,7 @@ static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) { u32 r1 = reg2hex[b1]; - if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15) + if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1]) jit->seen_reg[r1] = 1; } -- 2.30.2