a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
044470266a
android_kernel_samsung_univ.../lib
History
Daniel Borkmann 6003cc55c1 bpf, arm64: fix jit branch offset related to ldimm64 
[ Upstream commit ddc665a4bb4b728b4e6ecec8db1b64efa9184b9c ]

When the instruction right before the branch destination is
a 64 bit load immediate, we currently calculate the wrong
jump offset in the ctx->offset[] array as we only account
one instruction slot for the 64 bit load immediate although
it uses two BPF instructions. Fix it up by setting the offset
into the right slot after we incremented the index.

Before (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  54ffff82  b.cs 0x00000020
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

After (ldimm64 test 1):

  [...]
  00000020:  52800007  mov w7, #0x0 // #0
  00000024:  d2800060  mov x0, #0x3 // #3
  00000028:  d2800041  mov x1, #0x2 // #2
  0000002c:  eb01001f  cmp x0, x1
  00000030:  540000a2  b.cs 0x00000044
  00000034:  d29fffe7  mov x7, #0xffff // #65535
  00000038:  f2bfffe7  movk x7, #0xffff, lsl #16
  0000003c:  f2dfffe7  movk x7, #0xffff, lsl #32
  00000040:  f2ffffe7  movk x7, #0xffff, lsl #48
  00000044:  d29dddc7  mov x7, #0xeeee // #61166
  00000048:  f2bdddc7  movk x7, #0xeeee, lsl #16
  0000004c:  f2ddddc7  movk x7, #0xeeee, lsl #32
  00000050:  f2fdddc7  movk x7, #0xeeee, lsl #48
  [...]

Also, add a couple of test cases to make sure JITs pass
this test. Tested on Cavium ThunderX ARMv8. The added
test cases all pass after the fix.

Fixes: 8eee539dde ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-14 13:32:58 +02:00
..
842
fonts
lz4 lib: lz4: fixed zram with lz4 on big endian machines 2016-05-04 14:48:41 -07:00
lzo
mpi mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] 2016-12-02 09:09:01 +01:00
raid6
reed_solomon
xz
zlib_deflate
zlib_inflate
.gitignore
argv_split.c
asn1_decoder.c KEYS: Fix ASN.1 indefinite length object parsing 2016-09-15 08:27:50 +02:00
assoc_array.c assoc_array: don't call compare_object() on a node 2016-05-04 14:48:40 -07:00
atomic64_test.c
atomic64.c
audit.c
bcd.c
bch.c
bitmap.c
bitrev.c
bsearch.c
btree.c treewide: Remove old email address 2015-11-23 09:44:58 +01:00
bug.c
build_OID_registry
bust_spinlocks.c
check_signature.c
checksum.c
clz_ctz.c
clz_tab.c
cmdline.c
compat_audit.c
cordic.c
cpu_rmap.c
cpu-notifier-error-inject.c
cpumask.c
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
crc7.c
crc8.c
crc16.c
crc32.c
crc32defs.h
ctype.c
debug_info.c
debug_locks.c
debugobjects.c
dec_and_lock.c
decompress_bunzip2.c
decompress_inflate.c
decompress_unlz4.c
decompress_unlzma.c
decompress_unlzo.c
decompress_unxz.c
decompress.c
devres.c
digsig.c
div64.c remove abs64() 2015-11-09 15:11:24 -08:00
dma-debug.c dma-debug: avoid spinlock recursion when disabling dma-debug 2016-06-07 18:14:37 -07:00
dump_stack.c dump_stack: avoid potential deadlocks 2016-02-25 12:01:23 -08:00
dynamic_debug.c lib/dynamic_debug.c: use kstrdup_const 2015-11-06 17:50:42 -08:00
dynamic_queue_limits.c
earlycpio.c
extable.c
fault-inject.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
fdt.c
find_bit.c
flex_array.c
flex_proportions.c
gcd.c
gen_crc32table.c
genalloc.c lib/genalloc.c: start search from start of chunk 2016-11-18 10:48:36 +01:00
glob.c
halfmd4.c lib/halfmd4.c: use rol32 inline function in the ROUND macro 2015-11-06 17:50:42 -08:00
hexdump.c lib/hexdump.c: truncate output in case of overflow 2015-11-06 17:50:42 -08:00
hweight.c
idr.c mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
inflate.c
int_sqrt.c
interval_tree_test.c
interval_tree.c
iomap_copy.c
iomap.c
iommu-common.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2015-11-05 16:34:48 -08:00
iommu-helper.c
ioremap.c
iov_iter.c fix iov_iter_fault_in_readable() 2016-09-24 10:07:43 +02:00
irq_regs.c
is_single_threaded.c lib/is_single_threaded.c: change current_is_single_threaded() to use for_each_thread() 2015-11-06 17:50:42 -08:00
jedec_ddr_data.c
kasprintf.c lib/kasprintf.c: introduce kvasprintf_const 2015-11-06 17:50:42 -08:00
Kconfig lib: sw842: select crc32 2016-03-03 15:07:24 -08:00
Kconfig.debug Nothing exciting, minor tweaks and cleanups. 2015-11-09 15:53:39 -08:00
Kconfig.kasan mm, slub, kasan: enable user tracking by default with KASAN=y 2015-11-05 19:34:48 -08:00
Kconfig.kgdb
Kconfig.kmemcheck
kfifo.c
klist.c klist: fix starting point removed bug in klist iterators 2016-02-25 12:01:16 -08:00
kobject_uevent.c
kobject.c lib/kobject.c: use kvasprintf_const for formatting ->name 2015-11-06 17:50:42 -08:00
kstrtox.c lib: add "on"/"off" support to kstrtobool 2016-10-28 03:01:31 -04:00
kstrtox.h
lcm.c
libcrc32c.c crypto: crc32c - Fix crc32c soft dependency 2016-02-17 12:31:04 -08:00
list_debug.c
list_sort.c
llist.c lib/llist.c: fix data race in llist_del_first 2015-11-06 17:50:42 -08:00
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c
lockref.c
lru_cache.c
Makefile test_printf: test printf family at runtime 2015-11-06 17:50:42 -08:00
md5.c
memory-notifier-error-inject.c
memweight.c
net_utils.c
nlattr.c
nmi_backtrace.c
notifier-error-inject.c
notifier-error-inject.h
of-reconfig-notifier-error-inject.c
oid_registry.c
once.c
parser.c
pci_iomap.c
percpu_counter.c
percpu_ida.c mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM 2015-11-06 17:50:42 -08:00
percpu_test.c
percpu-refcount.c
plist.c
pm-notifier-error-inject.c
proportions.c treewide: Remove old email address 2015-11-23 09:44:58 +01:00
radix-tree.c radix-tree: fix race in gang lookup 2016-02-25 12:01:23 -08:00
random32.c
ratelimit.c
rational.c
rbtree_test.c
rbtree.c
reciprocal_div.c
rhashtable.c rhashtable: Kill harmless RCU warning in rhashtable_walk_init 2015-12-18 23:44:18 -05:00
scatterlist.c
seq_buf.c
sg_split.c
sha1.c
show_mem.c
smp_processor_id.c
sort.c
stmp_device.c
string_helpers.c string_helpers: fix precision loss for some inputs 2016-02-25 12:01:21 -08:00
string.c lib: move strtobool() to kstrtobool() 2016-10-28 03:01:30 -04:00
strncpy_from_user.c
strnlen_user.c
swiotlb.c
syscall.c
test_bpf.c bpf, arm64: fix jit branch offset related to ldimm64 2017-05-14 13:32:58 +02:00
test_firmware.c
test_kasan.c lib: test_kasan: add some testcases 2015-11-05 19:34:48 -08:00
test_module.c
test_printf.c test_printf: test printf family at runtime 2015-11-06 17:50:42 -08:00
test_rhashtable.c
test_static_key_base.c
test_static_keys.c
test_user_copy.c
test-hexdump.c
test-kstrtox.c
test-string_helpers.c lib/test-string_helpers.c: fix and improve string_get_size() tests 2016-05-11 11:21:26 +02:00
textsearch.c
timerqueue.c
ts_bm.c
ts_fsm.c
ts_kmp.c
ucs2_string.c lib/ucs2_string: Correct ucs2 -> utf8 conversion 2016-03-03 15:07:09 -08:00
usercopy.c
uuid.c
vsprintf.c lib/vsprintf.c: update documentation 2015-11-06 17:50:42 -08:00