Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3713255pxv; Mon, 26 Jul 2021 10:02:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzZo2SCKemsHq15MZu7jpO1wFtDUFflV77V6YY5RaYIDyrdhb7pTDDWm6oMEaqeSUsGBu6g X-Received: by 2002:aa7:c792:: with SMTP id n18mr15205778eds.269.1627318959648; Mon, 26 Jul 2021 10:02:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627318959; cv=none; d=google.com; s=arc-20160816; b=tBWq1aDXNzpBnzz4ULn10MMjBP3UxuyX6Mensv90ucA1hGSJbMqnKICF09EIAGbzME NZfBYedqV8rDcuiP5oDMauMA8ibR2WLwoJb8H8q0XH6T5OpwawZwFjxHmK8MD8Kk/38s PpVnNGT2VsNDe14djsKLzEq2bcNprG7KSK483DIYLkcu5x0iQfSuFVx4cZ1LULGDUUjA MIrTfkKRNX+SW4evEbjq2wcsBVUak8Z8O+S5u+Os3ndy6i3Y4kvZHW4SWkQY/ASSHF+w RSQwJhoakPM306RB+2eAhfsqsfezLqRup7S/nOdANoXIGAf/jh91t2zZPwpVEAt7QV8c /NXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=gfBQe4XPZwqUiZXjrvVzwWHP4ctS0kOMmwcEqjIFNZQ=; b=p9tgMNtZQ6yghHOdud76HdcEIXW2lH3scrYF5X3OSCoXo7O0ZslE6NQXvC2rszMilq 83necdPn0gzrLPE1xX2P3bt+2fxNNNXPH246Dz0YUVb8CPCs7wN0OzhVb4Wuy+x7xEt6 QNZkrCwGcGoZ3rOke/71tOfxthZMh2CIl+/5GhMSfwkbLOItOAaKShltIhBoHbQXyuMl OzpZhgKWS4MG7H0hJQBOkBwy8YiAeOG9elH2QXxVq9BHdpUhvTgNPUs45aVPmdSqKOcq xvvLHyykTbK5JUbclbqof8mlCbFGWabSD7XHq276t6cZpYebPBxtcN4tyE0V2ilWPXW8 MI7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fricy6w0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h23si368586ejq.337.2021.07.26.10.02.08; Mon, 26 Jul 2021 10:02:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fricy6w0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237149AbhGZPiR (ORCPT + 99 others); Mon, 26 Jul 2021 11:38:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:36460 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237259AbhGZPWA (ORCPT ); Mon, 26 Jul 2021 11:22:00 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8457060EB2; Mon, 26 Jul 2021 16:02:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627315349; bh=czYXse3oMFtGw0mtmQntsuGW4opeK9xpofAjjkYT92Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fricy6w0eST3i1BnajK8qN/4ZbUFv7Z2uZpLWaZKa31VTjlbVxdDYqZXfonoOf7n1 GZhEbu40ogolPEWU6F7RvWqhF0DVfPFKkDHq4SwrMy526i4Ukzjzmk2XrzbIqUE8J0 h5abzwFUAOwGoNWzi/omVzYuhOhK7wpfhYxaVyUk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Colin Ian King , Daniel Borkmann , Ilya Leoshkevich , Sasha Levin Subject: [PATCH 5.10 060/167] s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] Date: Mon, 26 Jul 2021 17:38:13 +0200 Message-Id: <20210726153841.422272414@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210726153839.371771838@linuxfoundation.org> References: <20210726153839.371771838@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King [ Upstream commit 91091656252f5d6d8c476e0c92776ce9fae7b445 ] Currently array jit->seen_reg[r1] is being accessed before the range checking of index r1. The range changing on r1 should be performed first since it will avoid any potential out-of-range accesses on the array seen_reg[] and also it is more optimal to perform checks on r1 before fetching data from the array. Fix this by swapping the order of the checks before the array access. Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend") Signed-off-by: Colin Ian King Signed-off-by: Daniel Borkmann Tested-by: Ilya Leoshkevich Acked-by: Ilya Leoshkevich Link: https://lore.kernel.org/bpf/20210715125712.24690-1-colin.king@canonical.com Signed-off-by: Sasha Levin --- arch/s390/net/bpf_jit_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 0a4182792876..fc44dce59536 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -112,7 +112,7 @@ static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) { u32 r1 = reg2hex[b1]; - if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15) + if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1]) jit->seen_reg[r1] = 1; } -- 2.30.2