Skip to content

Commit

Permalink
ARM: net: bpf: fix zero right shift
Browse files Browse the repository at this point in the history 
The LSR instruction cannot be used to perform a zero right shift since a
0 as the immediate value (imm5) in the LSR instruction encoding means
that a shift of 32 is perfomed.  See DecodeIMMShift() in the ARM ARM.

Make the JIT skip generation of the LSR if a zero-shift is requested.

This was found using american fuzzy lop.

Signed-off-by: Rabin Vincent <rabin@rab.in>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Rabin Vincent authored and David S. Miller committed Jan 6, 2016
1 parent 60aa3b0 commit f941461
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion arch/arm/net/bpf_jit_32.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -756,7 +756,8 @@ static int build_body(struct jit_ctx *ctx)
case BPF_ALU | BPF_RSH | BPF_K:
if (unlikely(k > 31))
return -1;
emit(ARM_LSR_I(r_A, r_A, k), ctx);
if (k)
emit(ARM_LSR_I(r_A, r_A, k), ctx);
break;
case BPF_ALU | BPF_RSH | BPF_X:
update_on_xread(ctx);
Expand Down

0 comments on commit f941461

Please sign in to comment.