Re: [PATCH bpf 1/2] bpf, x32: fix bug with JMP32 JSET BPF_X checking upper bits

From: Daniel Borkmann
Date: Fri Mar 06 2020 - 09:03:51 EST

Next message: Hans Verkuil: "Re: [PATCHv4 10/11] videobuf2: add begin/end cpu_access callbacks to dma-sg"
Previous message: Jens Axboe: "Re: [PATCH BUGFIX] block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()"
In reply to: Luke Nelson: "[PATCH bpf 2/2] selftests: bpf: add test for JMP32 JSET BPF_X with upper bits set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/6/20 12:44 AM, Luke Nelson wrote:

The current x32 BPF JIT is incorrect for JMP32 JSET BPF_X when the upper
32 bits of operand registers are non-zero in certain situations.

[...]

We found this bug using our automated verification tool, Serval.

Fixes: 69f827eb6e14 ("x32: bpf: implement jitting of JMP32")
Co-developed-by: Xi Wang <xi.wang@xxxxxxxxx>
Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>
Signed-off-by: Luke Nelson <luke.r.nels@xxxxxxxxx>

Applied both, thanks for the fix!

Next message: Hans Verkuil: "Re: [PATCHv4 10/11] videobuf2: add begin/end cpu_access callbacks to dma-sg"
Previous message: Jens Axboe: "Re: [PATCH BUGFIX] block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()"
In reply to: Luke Nelson: "[PATCH bpf 2/2] selftests: bpf: add test for JMP32 JSET BPF_X with upper bits set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]