ARM: net: bpf: fix zero right shift

The LSR instruction cannot be used to perform a zero right shift since a 0 as the immediate value (imm5) in the LSR instruction encoding means that a shift of 32 is perfomed. See DecodeIMMShift() in the ARM ARM. Make the JIT skip generation of the LSR if a zero-shift is requested. This was found using american fuzzy lop. Signed-off-by: Rabin Vincent <rabin@rab.in> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Rabin Vincent <rabin@rab.in> 2016-01-05 12:34:04 -0500
committer: David S. Miller <davem@davemloft.net> 2016-01-06 01:32:09 -0500
commit: f941461c925832fbeb7876b794ab9fbec6a7a8af (patch)
tree: 96cca8032172841f4514e2f5e721c09b38f368b4
parent: 60aa3b080a3d2b408af2ca114edb3efc84ad1838 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
index e153eb065fe4..93d0b6d0b63e 100644
--- a/arch/arm/net/bpf_jit_32.c
+++ b/arch/arm/net/bpf_jit_32.c
@@ -756,7 +756,8 @@ load_ind:
                case BPF_ALU | BPF_RSH | BPF_K:
                        if (unlikely(k > 31))
                                return -1;
-                        emit(ARM_LSR_I(r_A, r_A, k), ctx);
+                        if (k)
+                                emit(ARM_LSR_I(r_A, r_A, k), ctx);
                        break;
                case BPF_ALU | BPF_RSH | BPF_X:
                        update_on_xread(ctx);
author	Rabin Vincent <rabin@rab.in>	2016-01-05 12:34:04 -0500
committer	David S. Miller <davem@davemloft.net>	2016-01-06 01:32:09 -0500
commit	f941461c925832fbeb7876b794ab9fbec6a7a8af (patch)
tree	96cca8032172841f4514e2f5e721c09b38f368b4
parent	60aa3b080a3d2b408af2ca114edb3efc84ad1838 (diff)