This is a note to let you know that I've just added the patch titled
net: bpf_jit: fix BPF_S_LDX_B_MSH compilation
to the 3.3-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch
and it can be found in the queue-3.3 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 997a695fc8a065c729ec228c0b87a7c22dc05e96 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <[email protected]>
Date: Sun, 18 Mar 2012 02:40:48 +0000
Subject: net: bpf_jit: fix BPF_S_LDX_B_MSH compilation
From: Eric Dumazet <[email protected]>
[ Upstream commit dc72d99dabb870ca5bd6d9fff674be853bb4a88d ]
Matt Evans spotted that x86 bpf_jit was incorrectly handling negative
constant offsets in BPF_S_LDX_B_MSH instruction.
We need to abort JIT compilation like we do in common_load so that
filter uses the interpreter code and can call __load_pointer()
Reference: http://lists.openwall.net/netdev/2011/07/19/11
Thanks to Indan Zupancic to bring back this issue.
Reported-by: Matt Evans <[email protected]>
Reported-by: Indan Zupancic <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/net/bpf_jit_comp.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -475,8 +475,10 @@ void bpf_jit_compile(struct sk_filter *f
case BPF_S_LD_W_ABS:
func = sk_load_word;
common_load: seen |= SEEN_DATAREF;
- if ((int)K < 0)
+ if ((int)K < 0) {
+ /* Abort the JIT because
__load_pointer() is needed. */
goto out;
+ }
t_offset = func - (image + addrs[i]);
EMIT1_off32(0xbe, K); /* mov imm32,%esi */
EMIT1_off32(0xe8, t_offset); /* call */
@@ -489,14 +491,8 @@ common_load: seen |= SEEN_DATAREF;
goto common_load;
case BPF_S_LDX_B_MSH:
if ((int)K < 0) {
- if (pc_ret0 > 0) {
- /* addrs[pc_ret0 - 1] is the
start address */
- EMIT_JMP(addrs[pc_ret0 - 1] -
addrs[i]);
- break;
- }
- CLEAR_A();
- EMIT_JMP(cleanup_addr - addrs[i]);
- break;
+ /* Abort the JIT because
__load_pointer() is needed. */
+ goto out;
}
seen |= SEEN_DATAREF | SEEN_XREG;
t_offset = sk_load_byte_msh - (image +
addrs[i]);
Patches currently in stable-queue which might be from [email protected] are
queue-3.3/net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch
queue-3.3/slub-do-not-hold-slub_lock-when-calling-sysfs_slab_add.patch
queue-3.3/net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch
queue-3.3/net-fix-napi_reuse_skb-skb-reserve.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
