arm64: bpf: fix endianness conversion bugs

Upper bits should be zeroed in endianness conversion: - even when there's no need to change endianness (i.e., BPF_FROM_BE on big endian or BPF_FROM_LE on little endian); - after rev16. This patch fixes such bugs by emitting extra instructions to clear upper bits. Cc: Zi Shen Lim <zlim.lnx@gmail.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Fixes: e54bcde3d69d ("arm64: eBPF JIT compiler") Cc: <stable@vger.kernel.org> # 3.18+ Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
author: Xi Wang <xi.wang@gmail.com> 2015-06-25 21:39:15 -0400
committer: Catalin Marinas <catalin.marinas@arm.com> 2015-06-26 09:15:39 -0400
commit: d63903bbc30c7ccad040851dfdb4da12d9a17bcf (patch)
tree: 6ddc09f1a2289e833b51b373049649f416a586bf
parent: 8eee539ddea09bccae2426f09b0ba6a18b72b691 (diff)
2 files changed, 24 insertions, 2 deletions
diff --git a/arch/arm64/net/bpf_jit.h b/arch/arm64/net/bpf_jit.h
index de0a81a539a0..98a26ce82d26 100644
--- a/arch/arm64/net/bpf_jit.h
+++ b/arch/arm64/net/bpf_jit.h
@@ -110,6 +110,10 @@
 /* Rd = Rn >> shift; signed */
 #define A64_ASR(sf, Rd, Rn, shift) A64_SBFM(sf, Rd, Rn, shift, (sf) ? 63 : 31)
+/* Zero extend */
+#define A64_UXTH(sf, Rd, Rn) A64_UBFM(sf, Rd, Rn, 0, 15)
+#define A64_UXTW(sf, Rd, Rn) A64_UBFM(sf, Rd, Rn, 0, 31)
 /* Move wide (immediate) */
 #define A64_MOVEW(sf, Rd, imm16, shift, type) \
        aarch64_insn_gen_movewide(Rd, imm16, shift, \
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index c81ddd4ff7f7..c047598b09e0 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -289,23 +289,41 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
        case BPF_ALU | BPF_END | BPF_FROM_BE:
 #ifdef CONFIG_CPU_BIG_ENDIAN
                if (BPF_SRC(code) == BPF_FROM_BE)
-                        break;
+                        goto emit_bswap_uxt;
 #else /* !CONFIG_CPU_BIG_ENDIAN */
                if (BPF_SRC(code) == BPF_FROM_LE)
-                        break;
+                        goto emit_bswap_uxt;
 #endif
                switch (imm) {
                case 16:
                        emit(A64_REV16(is64, dst, dst), ctx);
+                        /* zero-extend 16 bits into 64 bits */
+                        emit(A64_UXTH(is64, dst, dst), ctx);
                        break;
                case 32:
                        emit(A64_REV32(is64, dst, dst), ctx);
+                        /* upper 32 bits already cleared */
                        break;
                case 64:
                        emit(A64_REV64(dst, dst), ctx);
                        break;
                }
                break;
+emit_bswap_uxt:
+                switch (imm) {
+                case 16:
+                        /* zero-extend 16 bits into 64 bits */
+                        emit(A64_UXTH(is64, dst, dst), ctx);
+                        break;
+                case 32:
+                        /* zero-extend 32 bits into 64 bits */
+                        emit(A64_UXTW(is64, dst, dst), ctx);
+                        break;
+                case 64:
+                        /* nop */
+                        break;
+                }
+                break;
        /* dst = imm */
        case BPF_ALU | BPF_MOV | BPF_K:
        case BPF_ALU64 | BPF_MOV | BPF_K:
author	Xi Wang <xi.wang@gmail.com>	2015-06-25 21:39:15 -0400
committer	Catalin Marinas <catalin.marinas@arm.com>	2015-06-26 09:15:39 -0400
commit	d63903bbc30c7ccad040851dfdb4da12d9a17bcf (patch)
tree	6ddc09f1a2289e833b51b373049649f416a586bf
parent	8eee539ddea09bccae2426f09b0ba6a18b72b691 (diff)