bpf, arm32: correct check_imm24

imm24 is signed, so the right range is:

  [-(1<<(24 - 1)), (1<<(24 - 1)) - 1]

Note: this patch also fix a typo.

Fixes: 39c13c204bb1 ("arm: eBPF JIT compiler")
Signed-off-by: Wang YanQing <udknight@gmail.com>
Cc: Shubham Bansal <illusionist.neo@gmail.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux@armlinux.org.uk
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

1 files changed, 3 insertions, 3 deletions

diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
index d3ea6454e775..0d542007b49d 100644
--- a/arch/arm/net/bpf_jit_32.c
+++ b/arch/arm/net/bpf_jit_32.c
@@ -84,7 +84,7 @@
  *
  * 1. First argument is passed using the arm 32bit registers and rest of the
  * arguments are passed on stack scratch space.
- * 2. First callee-saved arugument is mapped to arm 32 bit registers and rest
+ * 2. First callee-saved argument is mapped to arm 32 bit registers and rest
  * arguments are mapped to scratch space on stack.
  * 3. We need two 64 bit temp registers to do complex operations on eBPF
  * registers.
@@ -1192,8 +1192,8 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
         s32 jmp_offset;
 
 #define check_imm(bits, imm) do {                               \
-        if ((((imm) > 0) && ((imm) >> (bits))) ||               \
-            (((imm) < 0) && (~(imm) >> (bits)))) {              \
+        if ((imm) >= (1 << ((bits) - 1)) ||                     \
+            (imm) < -(1 << ((bits) - 1))) {                     \
                 pr_info("[%2d] imm=%d(0x%x) out of range\n",    \
                         i, imm, imm);                           \
                 return -EINVAL;                                 \