From patchwork Thu Nov  5 04:43:59 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Zi Shen Lim <zlim.lnx@gmail.com>
X-Patchwork-Id: 56021
Delivered-To: patch@linaro.org
Received: by 10.112.61.134 with SMTP id p6csp181053lbr;
 Wed, 4 Nov 2015 20:44:08 -0800 (PST)
X-Received: by 10.68.244.234 with SMTP id xj10mr7030569pbc.6.1446698648012; 
 Wed, 04 Nov 2015 20:44:08 -0800 (PST)
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id yk10si7188946pab.6.2015.11.04.20.44.07;
 Wed, 04 Nov 2015 20:44:07 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dkim=neutral (body hash did not verify) header.i=@gmail.com;
 dmarc=fail (p=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755616AbbKEEoG (ORCPT <rfc822;pingbo.wen@linaro.org>
 + 2 others); Wed, 4 Nov 2015 23:44:06 -0500
Received: from mail-pa0-f44.google.com ([209.85.220.44]:34324 "EHLO
 mail-pa0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1754063AbbKEEoF (ORCPT
 <rfc822;stable@vger.kernel.org>); Wed, 4 Nov 2015 23:44:05 -0500
Received: by padhx2 with SMTP id hx2so66845505pad.1;
 Wed, 04 Nov 2015 20:44:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:to:cc:subject:date:message-id;
 bh=D3+tM6y2Y4VMBp0T1r3KL6OkhIvbZ3PyE5xi0nB63Jw=;
 b=WUVOSC69Vj/CWsBq3MOm/VQJ4SP8xQOPZky/eWS1yRhu1qqUrVnEesBVBW70XHhcrY
 6MmpX8PiV59o1lsDeJB9peUBtPRFijR0mRcVARmwH1BgQGXVpPYP5Btkk+nOHkWFSrBl
 3FCxzYAnr17C1dLnuamMBGZvnjo5V4akXUyBp29KEnVmEV+9aKlAITIEjeESm10CENfQ
 xd4Uyv49brE5NaIZzxL/QpTpJXcSutJyrH2JEryPo9wat9Rp3dmWAZi7CHMqFoeuosdj
 i8+cSfX8USb5zo3w8q3DuirNHWlvMQ28q4vQzI8F28sB/fwLDSa9GNE7g6xhZIxLo2Jn
 ii2w==
X-Received: by 10.68.78.66 with SMTP id z2mr6781245pbw.144.1446698644679;
 Wed, 04 Nov 2015 20:44:04 -0800 (PST)
Received: from localhost.localdomain (c-73-223-118-172.hsd1.ca.comcast.net.
 [73.223.118.172]) by smtp.gmail.com with ESMTPSA id
 zk3sm5041447pbb.41.2015.11.04.20.44.03
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Wed, 04 Nov 2015 20:44:04 -0800 (PST)
From: Zi Shen Lim <zlim.lnx@gmail.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
 Alexei Starovoitov <ast@plumgrid.com>
Cc: Zi Shen Lim <zlim.lnx@gmail.com>, Yang Shi <yang.shi@linaro.org>,
 Xi Wang <xi.wang@gmail.com>,
 linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
 <stable@vger.kernel.org>
Subject: [PATCH] arm64: bpf: fix mod-by-zero case
Date: Wed,  4 Nov 2015 20:43:59 -0800
Message-Id: <1446698639-12362-1-git-send-email-zlim.lnx@gmail.com>
X-Mailer: git-send-email 1.9.1
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

Turns out in the case of modulo by zero in a BPF program:
	A = A % X;  (X == 0)
the expected behavior is to terminate with return value 0.

The bug in JIT is exposed by a new test case [1].

[1] https://lkml.org/lkml/2015/11/4/499

Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com>
Reported-by: Yang Shi <yang.shi@linaro.org>
Reported-by: Xi Wang <xi.wang@gmail.com>
CC: Alexei Starovoitov <ast@plumgrid.com>
CC: Catalin Marinas <catalin.marinas@arm.com>
Fixes: e54bcde3d69d ("arm64: eBPF JIT compiler")
Cc: <stable@vger.kernel.org> # 3.18+
---
This patch applies on top of "arm64: bpf: fix fiv-by-zero case" [2].

[2] https://lkml.org/lkml/2015/11/4/25

 arch/arm64/net/bpf_jit_comp.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index 9ae6f23..6217f80 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -269,6 +269,8 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
 		break;
 	case BPF_ALU | BPF_DIV | BPF_X:
 	case BPF_ALU64 | BPF_DIV | BPF_X:
+	case BPF_ALU | BPF_MOD | BPF_X:
+	case BPF_ALU64 | BPF_MOD | BPF_X:
 	{
 		const u8 r0 = bpf2a64[BPF_REG_0];
 
@@ -281,16 +283,19 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
 		check_imm26(jmp_offset);
 		emit(A64_B(jmp_offset), ctx);
 		/* else */
-		emit(A64_UDIV(is64, dst, dst, src), ctx);
+		switch (BPF_OP(code)) {
+		case BPF_DIV:
+			emit(A64_UDIV(is64, dst, dst, src), ctx);
+			break;
+		case BPF_MOD:
+			ctx->tmp_used = 1;
+			emit(A64_UDIV(is64, tmp, dst, src), ctx);
+			emit(A64_MUL(is64, tmp, tmp, src), ctx);
+			emit(A64_SUB(is64, dst, dst, tmp), ctx);
+			break;
+		}
 		break;
 	}
-	case BPF_ALU | BPF_MOD | BPF_X:
-	case BPF_ALU64 | BPF_MOD | BPF_X:
-		ctx->tmp_used = 1;
-		emit(A64_UDIV(is64, tmp, dst, src), ctx);
-		emit(A64_MUL(is64, tmp, tmp, src), ctx);
-		emit(A64_SUB(is64, dst, dst, tmp), ctx);
-		break;
 	case BPF_ALU | BPF_LSH | BPF_X:
 	case BPF_ALU64 | BPF_LSH | BPF_X:
 		emit(A64_LSLV(is64, dst, dst, src), ctx);