Received: by 2002:ab2:3350:0:b0:1f4:6588:b3a7 with SMTP id o16csp1868138lqe; Tue, 9 Apr 2024 02:51:05 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWhhA2dx7K1wnRtx7J3klowovq0hBJs2LkIGtRlmV4Cx8gmqExForJSxrJbplwbc1IEXT3kvwvUokw/OdEHJ2LLWBHK3zw/52AJg15ymA== X-Google-Smtp-Source: AGHT+IGzVZlDwHank1MS1CSwzWhMS6eM9jplTLjJ9WKPMVL88C41FfO0ny72ewvpPUrJDyXk6ts0 X-Received: by 2002:a05:6a21:150a:b0:1a7:a3ba:4252 with SMTP id nq10-20020a056a21150a00b001a7a3ba4252mr1798270pzb.31.1712656265681; Tue, 09 Apr 2024 02:51:05 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712656265; cv=pass; d=google.com; s=arc-20160816; b=corDANdBxRoxWY4Pu8xmJV5g6/Dy4nMpOILFXoH89Rj5jWEwh+scLfG1fDO9URMG8Z eEnJf+H7lXBj9L1NG6yJ4pbh/TAi6/c+47v8ia9mkqZbIkURVF0L8iMTWIqqTZcGnUDP dOfyLK5H8/qb2yVlptN2SM6TmW+y/SERLYz3niaTh9MIQvSmp0kb3eiPpRCY5J6ucwoh xC4YAt5+E9KQlWks7xmFoA274QlvzLDz62i+4qp71eH9eOBMhkc1ffu3LMlfpwKHSxO4 eMpd3lVD3MKhnzO0r8HT7pwtttADwTZb/MfI8Tr5vCMPAi4xbfZ69WZDOBR7Y8QPoee4 tTUw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=iKC9iUuRepnRrbvNXv8XB4E6hc0BbEBGlTc4so+R8aM=; fh=5QxwDu7n4fbKXDkbHoUV02dR3KmORMsego5lTA8cTm0=; b=nHFU6P3OtvI9hbre630bzcEqhoxyZ4+umnCcMapixgP6sSXHLdgiDjF3WriL7O5L/q uqZsJt15kmJwLpijyqKQtfI+BSiEkUgesKqiuNwdg2Eekw02LnM/0T2YUIkNrKdEnqK/ a8k4H++xUYu2/wbYzRdjspWrwiw5hrbsTlPvjJttXzf+ncqg2kg8M3EYv7ytPUrvZYiz ytdnQ+9aJ6DXV6e3A7oQkUabwP6n+0ORK/frRoupwpOvLBOgiVqQnTQrGaygkoR/8SBL 28q19sqGfBwlJDzcTfSmgnn6sX32YZ4Si6PxhyUJ7USI6aRYFfRJtPPqIHsdFb8deiFk ytxw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=d8aptbkz; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-136597-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-136597-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id q12-20020a170902dacc00b001e27ad324d4si8316337plx.155.2024.04.09.02.51.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 02:51:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-136597-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=d8aptbkz; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-136597-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-136597-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 3BBCA283DA4 for ; Tue, 9 Apr 2024 09:51:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E1FE88004B; Tue, 9 Apr 2024 09:50:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="d8aptbkz" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13D4280024; Tue, 9 Apr 2024 09:50:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712656258; cv=none; b=WzcLmnxXwR/yNFQfjWE10irYFtYRoPeXY3MCe2B3BBXm2kROJHwjoWVBDAtET9Tux41CZHafSv4aBHNdZPM20atrY9VjLAUe0Jt0CICyDI44MgzmB7CQeEMbxKwYYHF1AwX5eAmNjJD08WsTUm4DUWMMHeqkgQKQO8u1lbcE2GU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712656258; c=relaxed/simple; bh=Rbida/oaltsFG3OqFmrxLsFqLkt52ywYuO3hyKtFGgM=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=BSALIdq/FpVurdUnHRkLrLAnLdx72r+lFmrlLlNpCddiuF+Ai8i+eDqJxf4lCY7rDQ4XL6n0gLsBmebSmq1eUqPVwt3rDv3BWg5uQhjraH5v7lwQzSxaY+vWcqVzKQgAkHRdSe0JNfIiGtCOm93elyfwLiRBsPvcvRzqXbR9Js8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=d8aptbkz; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 417AEC433C7; Tue, 9 Apr 2024 09:50:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712656257; bh=Rbida/oaltsFG3OqFmrxLsFqLkt52ywYuO3hyKtFGgM=; h=From:To:Cc:Subject:Date:From; b=d8aptbkz2gcqP8K4pcd5Mzyi9KWRZNJSmkyd6/LZtZtpb+l8VyhEhyPLxXXViQgPt 2iY8/hpJvdSzN46KmIIpiSPOScQR/Xzp7z1pBp/yHnekqeqXFgBBzLrcIIrO2hvKYa AQUoVUqKuFJWYXw/hvHquwF6j0Kje6a4+ytD5QDJTt+9tvLCbI93VpM0q8GYmk9did fgZt80+Y64vcy5fJH9pVSLCRQE/cBKBAGztEDLPcTUHdtm35Bjdd4Ccub2b65X2Tld aGY3v2Ma2LDBRtgaNlFtPQwih1I8XAeLYbIEtosZnqN3/5iEOAYvB6QNB7lS9y3Q58 HaW0SF+W3mYVg== From: Puranjay Mohan To: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Russell King , "Russell King (Oracle)" , bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: puranjay12@gmail.com Subject: [PATCH bpf] arm32, bpf: Fix sign-extension mov instruction Date: Tue, 9 Apr 2024 09:50:38 +0000 Message-ID: <20240409095038.26356-1-puranjay@kernel.org> X-Mailer: git-send-email 2.42.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The current implementation of the mov instruction with sign extension clobbers the source register because it sign extends the source and then moves it to the destination. Fix this by moving the src to a temporary register before doing the sign extension only if src is not an emulated register (on the scratch stack). Also fix the emit_a32_movsx_r64() to put the register back on scratch stack if that register is emulated on stack. Fixes: fc832653fa0d ("arm32, bpf: add support for sign-extension mov instruction") Reported-by: syzbot+186522670e6722692d86@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000e9a8d80615163f2a@google.com/ Signed-off-by: Puranjay Mohan --- arch/arm/net/bpf_jit_32.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c index 1d672457d02f..8fde6ab66cb4 100644 --- a/arch/arm/net/bpf_jit_32.c +++ b/arch/arm/net/bpf_jit_32.c @@ -878,6 +878,13 @@ static inline void emit_a32_mov_r(const s8 dst, const s8 src, const u8 off, rt = arm_bpf_get_reg32(src, tmp[0], ctx); if (off && off != 32) { + /* If rt is not a stacked register, move it to tmp, so it doesn't get clobbered by + * the shift operations. + */ + if (rt == src) { + emit(ARM_MOV_R(tmp[0], rt), ctx); + rt = tmp[0]; + } emit(ARM_LSL_I(rt, rt, 32 - off), ctx); emit(ARM_ASR_I(rt, rt, 32 - off), ctx); } @@ -919,15 +926,15 @@ static inline void emit_a32_movsx_r64(const bool is64, const u8 off, const s8 ds const s8 *tmp = bpf2a32[TMP_REG_1]; const s8 *rt; - rt = arm_bpf_get_reg64(dst, tmp, ctx); - emit_a32_mov_r(dst_lo, src_lo, off, ctx); if (!is64) { if (!ctx->prog->aux->verifier_zext) /* Zero out high 4 bytes */ emit_a32_mov_i(dst_hi, 0, ctx); } else { + rt = arm_bpf_get_reg64(dst, tmp, ctx); emit(ARM_ASR_I(rt[0], rt[1], 31), ctx); + arm_bpf_put_reg64(dst, rt, ctx); } } -- 2.40.1