releases/5.10.73/powerpc-bpf-fix-bpf_sub-when-imm-0x80000000.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 2ab892bd24a51611c0f5d9c994dcfe261f38377f Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Wed, 6 Oct 2021 01:55:23 +0530
 Subject: powerpc/bpf: Fix BPF_SUB when imm == 0x80000000

 From: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>

 [ Upstream commit 5855c4c1f415ca3ba1046e77c0b3d3dfc96c9025 ]

 We aren't handling subtraction involving an immediate value of
 0x80000000 properly. Fix the same.

 Fixes: 156d0e290e969c ("powerpc/ebpf/jit: Implement JIT compiler for extended BPF")
 Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
 Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
 [mpe: Fold in fix from Naveen to use imm <= 32768]
 Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
 Link: https://lore.kernel.org/r/fc4b1276eb10761fd7ce0814c8dd089da2815251.1633464148.git.naveen.n.rao@linux.vnet.ibm.com
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  arch/powerpc/net/bpf_jit_comp64.c | 27 +++++++++++++++++----------
  1 file changed, 17 insertions(+), 10 deletions(-)

 diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c
 index e79f9eae2bc0..a2750d6ffd0f 100644
 --- a/arch/powerpc/net/bpf_jit_comp64.c
 +++ b/arch/powerpc/net/bpf_jit_comp64.c
 @@ -347,18 +347,25 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image,
  			EMIT(PPC_RAW_SUB(dst_reg, dst_reg, src_reg));
  			goto bpf_alu32_trunc;
  		case BPF_ALU | BPF_ADD | BPF_K: /* (u32) dst += (u32) imm */
 -		case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */
  		case BPF_ALU64 | BPF_ADD | BPF_K: /* dst += imm */
 +			if (!imm) {
 +				goto bpf_alu32_trunc;
 +			} else if (imm >= -32768 && imm < 32768) {
 +				EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm)));
 +			} else {
 +				PPC_LI32(b2p[TMP_REG_1], imm);
 +				EMIT(PPC_RAW_ADD(dst_reg, dst_reg, b2p[TMP_REG_1]));
 +			}
 +			goto bpf_alu32_trunc;
 +		case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */
  		case BPF_ALU64 | BPF_SUB | BPF_K: /* dst -= imm */
 -			if (BPF_OP(code) == BPF_SUB)
 -				imm = -imm;
 -			if (imm) {
 -				if (imm >= -32768 && imm < 32768)
 -					EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm)));
 -				else {
 -					PPC_LI32(b2p[TMP_REG_1], imm);
 -					EMIT(PPC_RAW_ADD(dst_reg, dst_reg, b2p[TMP_REG_1]));
 -				}
 +			if (!imm) {
 +				goto bpf_alu32_trunc;
 +			} else if (imm > -32768 && imm <= 32768) {
 +				EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(-imm)));
 +			} else {
 +				PPC_LI32(b2p[TMP_REG_1], imm);
 +				EMIT(PPC_RAW_SUB(dst_reg, dst_reg, b2p[TMP_REG_1]));
  			}
  			goto bpf_alu32_trunc;
  		case BPF_ALU | BPF_MUL | BPF_X: /* (u32) dst *= (u32) src */
 --
 2.33.0
	From 2ab892bd24a51611c0f5d9c994dcfe261f38377f Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Wed, 6 Oct 2021 01:55:23 +0530
	Subject: powerpc/bpf: Fix BPF_SUB when imm == 0x80000000

	From: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>

	[ Upstream commit 5855c4c1f415ca3ba1046e77c0b3d3dfc96c9025 ]

	We aren't handling subtraction involving an immediate value of
	0x80000000 properly. Fix the same.

	Fixes: 156d0e290e969c ("powerpc/ebpf/jit: Implement JIT compiler for extended BPF")
	Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
	Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
	[mpe: Fold in fix from Naveen to use imm <= 32768]
	Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
	Link: https://lore.kernel.org/r/fc4b1276eb10761fd7ce0814c8dd089da2815251.1633464148.git.naveen.n.rao@linux.vnet.ibm.com
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	arch/powerpc/net/bpf_jit_comp64.c \| 27 +++++++++++++++++----------
	1 file changed, 17 insertions(+), 10 deletions(-)

	diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c
	index e79f9eae2bc0..a2750d6ffd0f 100644
	--- a/arch/powerpc/net/bpf_jit_comp64.c
	+++ b/arch/powerpc/net/bpf_jit_comp64.c
	@@ -347,18 +347,25 @@ static int bpf_jit_build_body(struct bpf_prog fp, u32 image,
	EMIT(PPC_RAW_SUB(dst_reg, dst_reg, src_reg));
	goto bpf_alu32_trunc;
	case BPF_ALU \| BPF_ADD \| BPF_K: /* (u32) dst += (u32) imm */
	- case BPF_ALU \| BPF_SUB \| BPF_K: /* (u32) dst -= (u32) imm */
	case BPF_ALU64 \| BPF_ADD \| BPF_K: /* dst += imm */
	+ if (!imm) {
	+ goto bpf_alu32_trunc;
	+ } else if (imm >= -32768 && imm < 32768) {
	+ EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm)));
	+ } else {
	+ PPC_LI32(b2p[TMP_REG_1], imm);
	+ EMIT(PPC_RAW_ADD(dst_reg, dst_reg, b2p[TMP_REG_1]));
	+ }
	+ goto bpf_alu32_trunc;
	+ case BPF_ALU \| BPF_SUB \| BPF_K: /* (u32) dst -= (u32) imm */
	case BPF_ALU64 \| BPF_SUB \| BPF_K: /* dst -= imm */
	- if (BPF_OP(code) == BPF_SUB)
	- imm = -imm;
	- if (imm) {
	- if (imm >= -32768 && imm < 32768)
	- EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm)));
	- else {
	- PPC_LI32(b2p[TMP_REG_1], imm);
	- EMIT(PPC_RAW_ADD(dst_reg, dst_reg, b2p[TMP_REG_1]));
	- }
	+ if (!imm) {
	+ goto bpf_alu32_trunc;
	+ } else if (imm > -32768 && imm <= 32768) {
	+ EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(-imm)));
	+ } else {
	+ PPC_LI32(b2p[TMP_REG_1], imm);
	+ EMIT(PPC_RAW_SUB(dst_reg, dst_reg, b2p[TMP_REG_1]));
	}
	goto bpf_alu32_trunc;
	case BPF_ALU \| BPF_MUL \| BPF_X: /* (u32) dst = (u32) src /
	--
	2.33.0