From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Dumazet Subject: [PATCH v2] bpf: fix divides by zero Date: Fri, 12 Jan 2018 17:43:23 -0800 Message-ID: <1515807803.3606.7.camel@gmail.com> References: <1515807206.3606.4.camel@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Cc: netdev , edumazet@google.com To: Alexei Starovoitov , Daniel Borkmann Return-path: Received: from mail-pl0-f67.google.com ([209.85.160.67]:42086 "EHLO mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965201AbeAMBnZ (ORCPT ); Fri, 12 Jan 2018 20:43:25 -0500 Received: by mail-pl0-f67.google.com with SMTP id bd8so6240plb.9 for ; Fri, 12 Jan 2018 17:43:25 -0800 (PST) In-Reply-To: <1515807206.3606.4.camel@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Eric Dumazet Divides by zero are not nice, lets avoid them if possible. Also do_div() seems not needed when dealing with 32bit operands, but this seems a minor detail. Fixes: bd4cf0ed331a ("net: filter: rework/optimize internal BPF interpreter's instruction set") Signed-off-by: Eric Dumazet Reported-by: syzbot --- v2: kernel patches 101 : do not mangle patch :/  kernel/bpf/core.c |    4 ++--  1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 51ec2dda7f08c6c90af084589bb6d80662c77d12..7949e8b8f94e9cc196e0449214493ccce61b0903 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -956,7 +956,7 @@ static unsigned int ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, DST = tmp; CONT; ALU_MOD_X: - if (unlikely(SRC == 0)) + if (unlikely((u32)SRC == 0)) return 0; tmp = (u32) DST; DST = do_div(tmp, (u32) SRC); @@ -975,7 +975,7 @@ static unsigned int ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, DST = div64_u64(DST, SRC); CONT; ALU_DIV_X: - if (unlikely(SRC == 0)) + if (unlikely((u32)SRC == 0)) return 0; tmp = (u32) DST; do_div(tmp, (u32) SRC);