Commit f941461c authored Jan 05, 2016 by Rabin Vincent Committed by David S. Miller Jan 06, 2016

ARM: net: bpf: fix zero right shift



The LSR instruction cannot be used to perform a zero right shift since a
0 as the immediate value (imm5) in the LSR instruction encoding means
that a shift of 32 is perfomed.  See DecodeIMMShift() in the ARM ARM.

Make the JIT skip generation of the LSR if a zero-shift is requested.

This was found using american fuzzy lop.

Signed-off-by: Rabin Vincent <rabin@rab.in>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 60aa3b08

arch/arm/net/bpf_jit_32.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -756,6 +756,7 @@ static int build_body(struct jit_ctx *ctx)
		case BPF_ALU \| BPF_RSH \| BPF_K:
		if (unlikely(k > 31))
		return -1;
		if (k)
		emit(ARM_LSR_I(r_A, r_A, k), ctx);
		break;
		case BPF_ALU \| BPF_RSH \| BPF_X: