summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRabin Vincent <rabin@rab.in>2016-01-05 20:34:04 +0300
committerDavid S. Miller <davem@davemloft.net>2016-01-06 09:32:09 +0300
commitf941461c925832fbeb7876b794ab9fbec6a7a8af (patch)
tree96cca8032172841f4514e2f5e721c09b38f368b4
parent60aa3b080a3d2b408af2ca114edb3efc84ad1838 (diff)
downloadlinux-f941461c925832fbeb7876b794ab9fbec6a7a8af.tar.xz
ARM: net: bpf: fix zero right shift
The LSR instruction cannot be used to perform a zero right shift since a 0 as the immediate value (imm5) in the LSR instruction encoding means that a shift of 32 is perfomed. See DecodeIMMShift() in the ARM ARM. Make the JIT skip generation of the LSR if a zero-shift is requested. This was found using american fuzzy lop. Signed-off-by: Rabin Vincent <rabin@rab.in> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--arch/arm/net/bpf_jit_32.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
index e153eb065fe4..93d0b6d0b63e 100644
--- a/arch/arm/net/bpf_jit_32.c
+++ b/arch/arm/net/bpf_jit_32.c
@@ -756,7 +756,8 @@ load_ind:
case BPF_ALU | BPF_RSH | BPF_K:
if (unlikely(k > 31))
return -1;
- emit(ARM_LSR_I(r_A, r_A, k), ctx);
+ if (k)
+ emit(ARM_LSR_I(r_A, r_A, k), ctx);
break;
case BPF_ALU | BPF_RSH | BPF_X:
update_on_xread(ctx);