| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170501.223136.1311890506697006266.davem@davemloft.net> Date: Mon, 01 May 2017 22:31:36 -0400 (EDT) From: David Miller <davem@...emloft.net> To: ast@...com CC: daniel@...earbox.net, netdev@...r.kernel.org Subject: LLVM 4.0 code generation bug If the last BPF instruction before exit is a ldimm64, branches to the exit point at the wrong location. Here is what I get from test_pkt_access.c on sparc: 0000000000000000 <process>: 0: b7 00 00 00 00 00 00 02 mov r0, 2 8: 61 21 00 50 00 00 00 00 ldw r2, [r1+80] 10: 61 11 00 4c 00 00 00 00 ldw r1, [r1+76] 18: bf 41 00 00 00 00 00 00 mov r4, r1 20: 07 40 00 00 00 00 00 0e add r4, 14 28: 2d 42 00 25 00 00 00 00 jgt r4, r2, 148 <LBB0_11> ... 0000000000000148 <LBB0_11>: 148: 18 00 00 00 ff ff ff ff ldimm64 r0, 4294967295 150: 00 00 00 00 00 00 00 00 0000000000000158 <LBB0_12>: 158: 95 00 00 00 00 00 00 00 exit The offset field in the "jgt" instruction is 0x25 which multiplied by 8 is 0x128, add 0x128 to the instruction location which is 0x28, and we get 0x150, which is the second 64-bit chunk of the ldimm64 instruction. At least this is what my JIT is interpreting this situation as, am I off by one or something?
Powered by blists - more mailing lists