From: Greg KH <greg@kroah.com>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Wang YanQing <udknight@gmail.com>,
stable@vger.kernel.org, stephen@networkplumber.org,
ast@kernel.org, songliubraving@fb.com, yhs@fb.com,
itugrok@yahoo.com, bpf@vger.kernel.org
Subject: Re: [PATCH] bpf, x32: Fix bug for BPF_JMP | {BPF_JSGT, BPF_JSLE, BPF_JSLT, BPF_JSGE}
Date: Thu, 21 Nov 2019 23:37:38 +0100 [thread overview]
Message-ID: <20191121223738.GA1170586@kroah.com> (raw)
In-Reply-To: <be634e7c-98f4-cd7d-6967-485dc0bd2ebc@iogearbox.net>
On Thu, Nov 21, 2019 at 10:43:28AM +0100, Daniel Borkmann wrote:
> On 11/21/19 8:43 AM, Wang YanQing wrote:
> > commit 711aef1bbf88212a21f7103e88f397b47a528805 upstream.
> >
> > The current method to compare 64-bit numbers for conditional jump is:
> >
> > 1) Compare the high 32-bit first.
> >
> > 2) If the high 32-bit isn't the same, then goto step 4.
> >
> > 3) Compare the low 32-bit.
> >
> > 4) Check the desired condition.
> >
> > This method is right for unsigned comparison, but it is buggy for signed
> > comparison, because it does signed comparison for low 32-bit too.
> >
> > There is only one sign bit in 64-bit number, that is the MSB in the 64-bit
> > number, it is wrong to treat low 32-bit as signed number and do the signed
> > comparison for it.
> >
> > This patch fixes the bug.
> >
> > Note:
> > The original commit adds a testcase in selftests/bpf for such bug, this
> > backport patch doesn't include the testcase, because the testcase needs
> > another upstream commit.
> >
> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=205469
> > Reported-by: Tony Ambardar <itugrok@yahoo.com>
> > Cc: Tony Ambardar <itugrok@yahoo.com>
> > Cc: stable@vger.kernel.org #v4.19
> > Signed-off-by: Wang YanQing <udknight@gmail.com>
> > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
>
> Thanks a lot for backporting & testing, Wang, much appreciated! Greg, if you get a
> chance, please queue this & the other stable requests from Wang up.
All now queued up, thanks.
greg k-h
next prev parent reply other threads:[~2019-11-21 22:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-21 7:43 [PATCH] bpf, x32: Fix bug for BPF_JMP | {BPF_JSGT, BPF_JSLE, BPF_JSLT, BPF_JSGE} Wang YanQing
2019-11-21 9:43 ` Daniel Borkmann
2019-11-21 22:37 ` Greg KH [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-04-26 10:56 Wang YanQing
2019-04-26 12:08 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191121223738.GA1170586@kroah.com \
--to=greg@kroah.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=itugrok@yahoo.com \
--cc=songliubraving@fb.com \
--cc=stable@vger.kernel.org \
--cc=stephen@networkplumber.org \
--cc=udknight@gmail.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.