From patchwork Mon Jul 26 15:38:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 486646 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1CBF4C4320A for ; Mon, 26 Jul 2021 15:41:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0E15960FDA for ; Mon, 26 Jul 2021 15:41:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235360AbhGZPAq (ORCPT ); Mon, 26 Jul 2021 11:00:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:39404 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235369AbhGZPAp (ORCPT ); Mon, 26 Jul 2021 11:00:45 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 20BD460F37; Mon, 26 Jul 2021 15:41:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627314073; bh=THRPQd07U0/NjkwYI4dY3h1BRoOnzj6doJLmUbsQQj4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QQv3x9q/SJlDyZrHa6VD2UZyftOkkc6CHf7N+jnhSjhTcVCOVLhWJheDXF2j9nUIf UskL1G3MmEWcsvPy0do6hWSRVld5iB5iCpGBmb5XGbpXWGmjJo8Jpepj2uR3rsXlYo xrZp/YbpyGVB56wJzSGK5G3ug5xtJetPu83C+324= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Colin Ian King , Daniel Borkmann , Ilya Leoshkevich , Sasha Levin Subject: [PATCH 4.4 23/47] s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] Date: Mon, 26 Jul 2021 17:38:41 +0200 Message-Id: <20210726153823.712379708@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210726153822.980271128@linuxfoundation.org> References: <20210726153822.980271128@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Colin Ian King [ Upstream commit 91091656252f5d6d8c476e0c92776ce9fae7b445 ] Currently array jit->seen_reg[r1] is being accessed before the range checking of index r1. The range changing on r1 should be performed first since it will avoid any potential out-of-range accesses on the array seen_reg[] and also it is more optimal to perform checks on r1 before fetching data from the array. Fix this by swapping the order of the checks before the array access. Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend") Signed-off-by: Colin Ian King Signed-off-by: Daniel Borkmann Tested-by: Ilya Leoshkevich Acked-by: Ilya Leoshkevich Link: https://lore.kernel.org/bpf/20210715125712.24690-1-colin.king@canonical.com Signed-off-by: Sasha Levin --- arch/s390/net/bpf_jit_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index bcf409997d6d..c5c3056f4c4a 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -115,7 +115,7 @@ static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) { u32 r1 = reg2hex[b1]; - if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15) + if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1]) jit->seen_reg[r1] = 1; }