From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-sn1nam02on0126.outbound.protection.outlook.com ([104.47.36.126]:27641
        "EHLO NAM02-SN1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1032302AbeCAPcP (ORCPT <rfc822;stable@vger.kernel.org>);
        Thu, 1 Mar 2018 10:32:15 -0500
From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
        "stable-commits@vger.kernel.org" <stable-commits@vger.kernel.org>
CC: Eric Dumazet <edumazet@google.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [added to the 4.1 stable tree] bpf: fix divides by zero
Date: Thu, 1 Mar 2018 15:25:16 +0000
Message-ID: <20180301152116.1486-253-alexander.levin@microsoft.com>
References: <20180301152116.1486-1-alexander.levin@microsoft.com>
In-Reply-To: <20180301152116.1486-1-alexander.levin@microsoft.com>
Content-Language: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

From: Eric Dumazet <edumazet@google.com>

This patch has been added to the 4.1 stable tree. If you have any
objections, please let us know.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[ Upstream commit c366287ebd698ef5e3de300d90cd62ee9ee7373e ]

Divides by zero are not nice, lets avoid them if possible.

Also do_div() seems not needed when dealing with 32bit operands,
but this seems a minor detail.

Fixes: bd4cf0ed331a ("net: filter: rework/optimize internal BPF interpreter=
's instruction set")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 kernel/bpf/core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 54f0e7fcd0e2..199b54e75359 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -361,7 +361,7 @@ static unsigned int __bpf_prog_run(void *ctx, const str=
uct bpf_insn *insn)
 		DST =3D tmp;
 		CONT;
 	ALU_MOD_X:
-		if (unlikely(SRC =3D=3D 0))
+		if (unlikely((u32)SRC =3D=3D 0))
 			return 0;
 		tmp =3D (u32) DST;
 		DST =3D do_div(tmp, (u32) SRC);
@@ -380,7 +380,7 @@ static unsigned int __bpf_prog_run(void *ctx, const str=
uct bpf_insn *insn)
 		DST =3D div64_u64(DST, SRC);
 		CONT;
 	ALU_DIV_X:
-		if (unlikely(SRC =3D=3D 0))
+		if (unlikely((u32)SRC =3D=3D 0))
 			return 0;
 		tmp =3D (u32) DST;
 		do_div(tmp, (u32) SRC);
--=20
2.14.1