| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <091c2ed4-a07f-cc75-7b18-1c7cb7068652@iogearbox.net>
Date: Wed, 1 May 2019 23:43:45 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: Wang YanQing <udknight@...il.com>, ast@...nel.org,
davem@...emloft.net, kuznet@....inr.ac.ru, tglx@...utronix.de,
netdev@...r.kernel.org, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] bpf, x32: Fix bug for BPF_ALU64 | BPF_NEG
On 04/28/2019 04:33 AM, Wang YanQing wrote:
> The current implementation has two errors:
> 1: The second xor instruction will clear carry flag which
> is necessary for following sbb instruction.
> 2: The select coding for sbb instruction is wrong, the coding
> is "sbb dreg_hi,ecx", but what we need is "sbb ecx,dreg_hi".
>
> This patch rewrites the implementation and fixes the errors.
>
> This patch fixes below errors reported by bpf/test_verifier in x32
> platform when the jit is enabled:
> "
> 0: (b4) w1 = 4
> 1: (b4) w2 = 4
> 2: (1f) r2 -= r1
> 3: (4f) r2 |= r1
> 4: (87) r2 = -r2
> 5: (c7) r2 s>>= 63
> 6: (5f) r1 &= r2
> 7: (bf) r0 = r1
> 8: (95) exit
> processed 9 insns (limit 131072), stack depth 0
> 0: (b4) w1 = 4
> 1: (b4) w2 = 4
> 2: (1f) r2 -= r1
> 3: (4f) r2 |= r1
> 4: (87) r2 = -r2
> 5: (c7) r2 s>>= 63
> 6: (5f) r1 &= r2
> 7: (bf) r0 = r1
> 8: (95) exit
> processed 9 insns (limit 131072), stack depth 0
> ......
> Summary: 1189 PASSED, 125 SKIPPED, 15 FAILED
> "
>
> Signed-off-by: Wang YanQing <udknight@...il.com>
Applied, thanks!
Powered by blists - more mailing lists