lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <65cdd042-c037-d7c8-e6e7-bcfb6e8b00cb@iogearbox.net>
Date:   Thu, 9 Apr 2020 01:17:01 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Luke Nelson <lukenels@...washington.edu>, bpf@...r.kernel.org
Cc:     Luke Nelson <luke.r.nels@...il.com>, Xi Wang <xi.wang@...il.com>,
        Shubham Bansal <illusionist.neo@...il.com>,
        Russell King <linux@...linux.org.uk>,
        Alexei Starovoitov <ast@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Andrii Nakryiko <andriin@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...omium.org>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf] arm: bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift
 by 0

On 4/8/20 8:12 PM, Luke Nelson wrote:
> The current arm BPF JIT does not correctly compile RSH or ARSH when the
> immediate shift amount is 0. This causes the "rsh64 by 0 imm" and "arsh64
> by 0 imm" BPF selftests to hang the kernel by reaching an instruction
> the verifier determines to be unreachable.
> 
> The root cause is in how immediate right shifts are encoded on arm.
> For LSR and ASR (logical and arithmetic right shift), a bit-pattern
> of 00000 in the immediate encodes a shift amount of 32. When the BPF
> immediate is 0, the generated code shifts by 32 instead of the expected
> behavior (a no-op).
> 
> This patch fixes the bugs by adding an additional check if the BPF
> immediate is 0. After the change, the above mentioned BPF selftests pass.
> 
> Fixes: 39c13c204bb11 ("arm: eBPF JIT compiler")
> Co-developed-by: Xi Wang <xi.wang@...il.com>
> Signed-off-by: Xi Wang <xi.wang@...il.com>
> Signed-off-by: Luke Nelson <luke.r.nels@...il.com>

Yikes, thanks for fixing, applied. Looks like noone was running BPF kselftests
on arm32 for quite a while. :(

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ