| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170501.224127.912182311145633633.davem@davemloft.net> Date: Mon, 01 May 2017 22:41:27 -0400 (EDT) From: David Miller <davem@...emloft.net> To: ast@...com Cc: daniel@...earbox.net, netdev@...r.kernel.org Subject: Re: LLVM 4.0 code generation bug From: Alexei Starovoitov <ast@...com> Date: Mon, 1 May 2017 19:39:33 -0700 > On 5/1/17 7:31 PM, David Miller wrote: >> >> If the last BPF instruction before exit is a ldimm64, branches to the >> exit point at the wrong location. >> >> Here is what I get from test_pkt_access.c on sparc: >> >> 0000000000000000 <process>: >> 0: b7 00 00 00 00 00 00 02 mov r0, 2 >> 8: 61 21 00 50 00 00 00 00 ldw r2, [r1+80] >> 10: 61 11 00 4c 00 00 00 00 ldw r1, [r1+76] >> 18: bf 41 00 00 00 00 00 00 mov r4, r1 >> 20: 07 40 00 00 00 00 00 0e add r4, 14 >> 28: 2d 42 00 25 00 00 00 00 jgt r4, r2, 148 <LBB0_11> >> ... >> 0000000000000148 <LBB0_11>: >> 148: 18 00 00 00 ff ff ff ff ldimm64 r0, 4294967295 >> 150: 00 00 00 00 00 00 00 00 >> >> 0000000000000158 <LBB0_12>: >> 158: 95 00 00 00 00 00 00 00 exit >> >> The offset field in the "jgt" instruction is 0x25 which multiplied by >> 8 is 0x128, add 0x128 to the instruction location which is 0x28, and >> we get 0x150, which is the second 64-bit chunk of the ldimm64 >> instruction. > > looks fine to me. it jumps to 0x158, > since offset 0 is the next insn after jump which is 0x30 > That's how classic bpf defined jumps. Ok, let me first fix the binutils disassembler :-)
Powered by blists - more mailing lists