| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190313221436.GO3969@gate.crashing.org>
Date: Wed, 13 Mar 2019 17:14:37 -0500
From: Segher Boessenkool <segher@...nel.crashing.org>
To: Yauheni Kaliuta <yauheni.kaliuta@...hat.com>
Cc: "Naveen N. Rao" <naveen.n.rao@...ux.ibm.com>,
Sandipan Das <sandipan@...ux.ibm.com>,
Daniel Borkmann <daniel@...earbox.net>,
Michael Ellerman <mpe@...erman.id.au>, netdev@...r.kernel.org,
bpf@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
Jiri Olsa <jolsa@...hat.com>
Subject: Re: bpf jit PPC64 (BE) test_verifier PTR_TO_STACK store/load failure
Hi!
On Wed, Mar 13, 2019 at 12:54:16PM +0200, Yauheni Kaliuta wrote:
> This is because of the handling of the +2 offset.
The low two bits of instructions with primary opcodes 58 and 62 are part
of the opcode, not the offset. These instructions can not have offsets
with the low two bits non-zero.
> For stores it is:
> #define PPC_STD(r, base, i) EMIT(PPC_INST_STD | ___PPC_RS(r) | \
> ___PPC_RA(base) | ((i) & 0xfffc))
>
> and for loads
> #define PPC_LD(r, base, i) EMIT(PPC_INST_LD | ___PPC_RT(r) | \
> ___PPC_RA(base) | IMM_L(i))
> #define IMM_L(i) ((uintptr_t)(i) & 0xffff)
>
> So, in the load case the offset +2 (immediate value) is not
> masked and turns the instruction to lwa instead of ld.
>
> Would it be correct to & 0xfffc the immediate value as well?
That is only part of it. The other thing is you have to make sure those
low bits are zero *already* (and then you do not need the mask anymore).
For example, if the low two bits are not zero load the offset into a
register instead (and then do ldx or lwax).
Segher
Powered by blists - more mailing lists