ARM: net: bpf: fix zero right shift
authorRabin Vincent <rabin@rab.in>
Tue, 5 Jan 2016 17:34:04 +0000 (18:34 +0100)
committerDavid S. Miller <davem@davemloft.net>
Wed, 6 Jan 2016 06:32:09 +0000 (01:32 -0500)
The LSR instruction cannot be used to perform a zero right shift since a
0 as the immediate value (imm5) in the LSR instruction encoding means
that a shift of 32 is perfomed.  See DecodeIMMShift() in the ARM ARM.

Make the JIT skip generation of the LSR if a zero-shift is requested.

This was found using american fuzzy lop.

Signed-off-by: Rabin Vincent <rabin@rab.in>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
arch/arm/net/bpf_jit_32.c

index e153eb065fe453a03c5b4f1b4abacf8c57a460dd..93d0b6d0b63eede5f36de91428bb181bab2e0971 100644 (file)
@@ -756,7 +756,8 @@ load_ind:
                case BPF_ALU | BPF_RSH | BPF_K:
                        if (unlikely(k > 31))
                                return -1;
-                       emit(ARM_LSR_I(r_A, r_A, k), ctx);
+                       if (k)
+                               emit(ARM_LSR_I(r_A, r_A, k), ctx);
                        break;
                case BPF_ALU | BPF_RSH | BPF_X:
                        update_on_xread(ctx);