| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190716115910.23093-1-iii@linux.ibm.com>
Date: Tue, 16 Jul 2019 13:59:10 +0200
From: Ilya Leoshkevich <iii@...ux.ibm.com>
To: bpf@...r.kernel.org, netdev@...r.kernel.org
Cc: gor@...ux.ibm.com, heiko.carstens@...ibm.com,
Ilya Leoshkevich <iii@...ux.ibm.com>
Subject: [PATCH bpf] bpf: fix narrower loads on s390
test_pkt_md_access is failing on s390, since the associated eBPF prog
returns TC_ACT_SHOT, which in turn happens because loading a part of a
struct __sk_buff field produces an incorrect result.
The problem is that when verifier emits the code to replace partial load
of a field with a full load, a shift and a bitwise AND, it assumes that
the machine is little endian.
Adjust shift count calculation to account for endianness.
Fixes: 31fd85816dbe ("bpf: permits narrower load from bpf program context fields")
Signed-off-by: Ilya Leoshkevich <iii@...ux.ibm.com>
---
kernel/bpf/verifier.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 5900cbb966b1..3f9353653558 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -8616,8 +8616,12 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
}
if (is_narrower_load && size < target_size) {
- u8 shift = (off & (size_default - 1)) * 8;
-
+ u8 load_off = off & (size_default - 1);
+#ifdef __LITTLE_ENDIAN
+ u8 shift = load_off * 8;
+#else
+ u8 shift = (size_default - (load_off + size)) * 8;
+#endif
if (ctx_field_size <= 4) {
if (shift)
insn_buf[cnt++] = BPF_ALU32_IMM(BPF_RSH,
--
2.21.0
Powered by blists - more mailing lists