diff options
| author | Colin Ian King <colin.king@canonical.com> | 2021-07-15 13:57:12 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-07-28 09:12:35 +0200 |
| commit | 7d54e9ac1d84b7c722e69506ae17a30cd0a51623 (patch) | |
| tree | 1a6851d808bcc6e50f51a6628f9a8c83698774ac /arch | |
| parent | 3fbd744fc19578d3b196dd031742c2542ab9c959 (diff) | |
| download | linux-stable-7d54e9ac1d84b7c722e69506ae17a30cd0a51623.tar.gz linux-stable-7d54e9ac1d84b7c722e69506ae17a30cd0a51623.tar.bz2 linux-stable-7d54e9ac1d84b7c722e69506ae17a30cd0a51623.zip | |
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
[ Upstream commit 91091656252f5d6d8c476e0c92776ce9fae7b445 ]
Currently array jit->seen_reg[r1] is being accessed before the range
checking of index r1. The range changing on r1 should be performed
first since it will avoid any potential out-of-range accesses on the
array seen_reg[] and also it is more optimal to perform checks on r1
before fetching data from the array. Fix this by swapping the order
of the checks before the array access.
Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Ilya Leoshkevich <iii@linux.ibm.com>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Link: https://lore.kernel.org/bpf/20210715125712.24690-1-colin.king@canonical.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/s390/net/bpf_jit_comp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index bcf409997d6d..c5c3056f4c4a 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -115,7 +115,7 @@ static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) { u32 r1 = reg2hex[b1]; - if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15) + if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1]) jit->seen_reg[r1] = 1; } |