From: Wang YanQing <udknight@gmail.com>
To: stable@vger.kernel.org
Cc: gregkh@linuxfoundation.org, lukenels@cs.washington.edu,
ast@kernel.org, luke.r.nels@gmail.com, xi.wang@gmail.com,
daniel@iogearbox.net, bpf@vger.kernel.org
Subject: Re: [PATCH] bpf, x86_32: Fix clobbering of dst for BPF_JSET
Date: Fri, 1 May 2020 11:42:28 +0800 [thread overview]
Message-ID: <20200501034228.GA4956@udknight> (raw)
In-Reply-To: <20200501031950.GA4782@udknight>
On Fri, May 01, 2020 at 11:19:50AM +0800, Wang YanQing wrote:
> commit 50fe7ebb6475711c15b3397467e6424e20026d94 upstream.
>
> The current JIT clobbers the destination register for BPF_JSET BPF_X
> and BPF_K by using "and" and "or" instructions. This is fine when the
> destination register is a temporary loaded from a register stored on
> the stack but not otherwise.
>
> This patch fixes the problem (for both BPF_K and BPF_X) by always loading
> the destination register into temporaries since BPF_JSET should not
> modify the destination register.
>
> This bug may not be currently triggerable as BPF_REG_AX is the only
> register not stored on the stack and the verifier uses it in a limited
> way.
>
> Fixes: 03f5781be2c7b ("bpf, x86_32: add eBPF JIT compiler for ia32")
> Signed-off-by: Xi Wang <xi.wang@gmail.com>
> Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
> Acked-by: Wang YanQing <udknight@gmail.com>
> Link: https://lore.kernel.org/bpf/20200422173630.8351-2-luke.r.nels@gmail.com
> Signed-off-by: Wang YanQing <udknight@gmail.com>
Cc: stable@vger.kernel.org #v4.19
next prev parent reply other threads:[~2020-05-01 3:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-01 3:19 [PATCH] bpf, x86_32: Fix clobbering of dst for BPF_JSET Wang YanQing
2020-05-01 3:42 ` Wang YanQing [this message]
2020-05-01 6:53 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200501034228.GA4956@udknight \
--to=udknight@gmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=gregkh@linuxfoundation.org \
--cc=luke.r.nels@gmail.com \
--cc=lukenels@cs.washington.edu \
--cc=stable@vger.kernel.org \
--cc=xi.wang@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.