diff options
author | Rabin Vincent <rabin@rab.in> | 2016-01-05 20:34:04 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-01-06 09:32:09 +0300 |
commit | f941461c925832fbeb7876b794ab9fbec6a7a8af (patch) | |
tree | 96cca8032172841f4514e2f5e721c09b38f368b4 | |
parent | 60aa3b080a3d2b408af2ca114edb3efc84ad1838 (diff) | |
download | linux-f941461c925832fbeb7876b794ab9fbec6a7a8af.tar.xz |
ARM: net: bpf: fix zero right shift
The LSR instruction cannot be used to perform a zero right shift since a
0 as the immediate value (imm5) in the LSR instruction encoding means
that a shift of 32 is perfomed. See DecodeIMMShift() in the ARM ARM.
Make the JIT skip generation of the LSR if a zero-shift is requested.
This was found using american fuzzy lop.
Signed-off-by: Rabin Vincent <rabin@rab.in>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | arch/arm/net/bpf_jit_32.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c index e153eb065fe4..93d0b6d0b63e 100644 --- a/arch/arm/net/bpf_jit_32.c +++ b/arch/arm/net/bpf_jit_32.c @@ -756,7 +756,8 @@ load_ind: case BPF_ALU | BPF_RSH | BPF_K: if (unlikely(k > 31)) return -1; - emit(ARM_LSR_I(r_A, r_A, k), ctx); + if (k) + emit(ARM_LSR_I(r_A, r_A, k), ctx); break; case BPF_ALU | BPF_RSH | BPF_X: update_on_xread(ctx); |