lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170501.231908.1478616679170333208.davem@davemloft.net> Date: Mon, 01 May 2017 23:19:08 -0400 (EDT) From: David Miller <davem@...emloft.net> To: ast@...com Cc: daniel@...earbox.net, netdev@...r.kernel.org, xi.wang@...il.com, catalin.marinas@....com Subject: Re: sparc64 and ARM64 JIT bug From: David Miller <davem@...emloft.net> Date: Mon, 01 May 2017 23:02:34 -0400 (EDT) > for (i = 0; i < prog->len; i++) { > const struct bpf_insn *insn = &prog->insnsi[i]; > int ret; > > ret = build_insn(insn, ctx); > ctx->offset[i] = ctx->idx; > > if (ret > 0) { > i++; > continue; > } > if (ret) > return ret; > } Ok, the fix is to defer the ctx->offset[i] setting until after the potential extra "i++" increment inside of the "if (ret > 0)" test. This is how x86_64's JIT handles this. I'm testing this fix on sparc64 now.
Powered by blists - more mailing lists