lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 9 Apr 2020 01:17:01 +0200
From:   Daniel Borkmann <>
To:     Luke Nelson <>,
Cc:     Luke Nelson <>, Xi Wang <>,
        Shubham Bansal <>,
        Russell King <>,
        Alexei Starovoitov <>,
        Martin KaFai Lau <>,
        Song Liu <>, Yonghong Song <>,
        Andrii Nakryiko <>,
        John Fastabend <>,
        KP Singh <>,
        "David S. Miller" <>,,,
Subject: Re: [PATCH bpf] arm: bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift
 by 0

On 4/8/20 8:12 PM, Luke Nelson wrote:
> The current arm BPF JIT does not correctly compile RSH or ARSH when the
> immediate shift amount is 0. This causes the "rsh64 by 0 imm" and "arsh64
> by 0 imm" BPF selftests to hang the kernel by reaching an instruction
> the verifier determines to be unreachable.
> The root cause is in how immediate right shifts are encoded on arm.
> For LSR and ASR (logical and arithmetic right shift), a bit-pattern
> of 00000 in the immediate encodes a shift amount of 32. When the BPF
> immediate is 0, the generated code shifts by 32 instead of the expected
> behavior (a no-op).
> This patch fixes the bugs by adding an additional check if the BPF
> immediate is 0. After the change, the above mentioned BPF selftests pass.
> Fixes: 39c13c204bb11 ("arm: eBPF JIT compiler")
> Co-developed-by: Xi Wang <>
> Signed-off-by: Xi Wang <>
> Signed-off-by: Luke Nelson <>

Yikes, thanks for fixing, applied. Looks like noone was running BPF kselftests
on arm32 for quite a while. :(

Powered by blists - more mailing lists