Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c348d806 authored by Daniel Borkmann's avatar Daniel Borkmann Committed by Greg Kroah-Hartman
Browse files

bpf: Do not use ax register in interpreter on div/mod 



Partially undo old commit 144cd91c4c2b ("bpf: move tmp variable into ax
register in interpreter"). The reason we need this here is because ax
register will be used for holding temporary state for div/mod instruction
which otherwise interpreter would corrupt. This will cause a small +8 byte
stack increase for interpreter, but with the gain that we can use it from
verifier rewrites as scratch register.

Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Reviewed-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
[cascardo: This partial revert is needed in order to support using AX for
the following two commits, as there is no JMP32 on 4.19.y]
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent ce7d8be2

kernel/bpf/core.c

+15 −17
Original line number Diff line number Diff line
@@ -705,9 +705,6 @@ static int bpf_jit_blind_insn(const struct bpf_insn *from, 
	 * below.

	 *

	 * Constant blinding is only used by JITs, not in the interpreter.

	 * The interpreter uses AX in some occasions as a local temporary

	 * register e.g. in DIV or MOD instructions.

	 *

	 * In restricted circumstances, the verifier can also use the AX

	 * register for rewrites as long as they do not interfere with

	 * the above cases!
@@ -1057,6 +1054,7 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, u64 *stack) 
#undef BPF_INSN_3_LBL

#undef BPF_INSN_2_LBL

	u32 tail_call_cnt = 0;

	u64 tmp;



#define CONT	 ({ insn++; goto select_insn; })

#define CONT_JMP ({ insn++; goto select_insn; })
@@ -1117,36 +1115,36 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, u64 *stack) 
		(*(s64 *) &DST) >>= IMM;

		CONT;

	ALU64_MOD_X:

		div64_u64_rem(DST, SRC, &AX);

		DST = AX;

		div64_u64_rem(DST, SRC, &tmp);

		DST = tmp;

		CONT;

	ALU_MOD_X:

		AX = (u32) DST;

		DST = do_div(AX, (u32) SRC);

		tmp = (u32) DST;

		DST = do_div(tmp, (u32) SRC);

		CONT;

	ALU64_MOD_K:

		div64_u64_rem(DST, IMM, &AX);

		DST = AX;

		div64_u64_rem(DST, IMM, &tmp);

		DST = tmp;

		CONT;

	ALU_MOD_K:

		AX = (u32) DST;

		DST = do_div(AX, (u32) IMM);

		tmp = (u32) DST;

		DST = do_div(tmp, (u32) IMM);

		CONT;

	ALU64_DIV_X:

		DST = div64_u64(DST, SRC);

		CONT;

	ALU_DIV_X:

		AX = (u32) DST;

		do_div(AX, (u32) SRC);

		DST = (u32) AX;

		tmp = (u32) DST;

		do_div(tmp, (u32) SRC);

		DST = (u32) tmp;

		CONT;

	ALU64_DIV_K:

		DST = div64_u64(DST, IMM);

		CONT;

	ALU_DIV_K:

		AX = (u32) DST;

		do_div(AX, (u32) IMM);

		DST = (u32) AX;

		tmp = (u32) DST;

		do_div(tmp, (u32) IMM);

		DST = (u32) tmp;

		CONT;

	ALU_END_TO_BE:

		switch (IMM) {