| From 0573b9b162054b2c75f6fce6d802a3115601cef5 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Thu, 1 Jul 2021 20:38:58 +0530 |
| Subject: powerpc/bpf: Fix detecting BPF atomic instructions |
| |
| From: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> |
| |
| [ Upstream commit 419ac821766cbdb9fd85872bb3f1a589df05c94c ] |
| |
| Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other |
| atomics in .imm") converted BPF_XADD to BPF_ATOMIC and added a way to |
| distinguish instructions based on the immediate field. Existing JIT |
| implementations were updated to check for the immediate field and to |
| reject programs utilizing anything more than BPF_ADD (such as BPF_FETCH) |
| in the immediate field. |
| |
| However, the check added to powerpc64 JIT did not look at the correct |
| BPF instruction. Due to this, such programs would be accepted and |
| incorrectly JIT'ed resulting in soft lockups, as seen with the atomic |
| bounds test. Fix this by looking at the correct immediate value. |
| |
| Fixes: 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other atomics in .imm") |
| Reported-by: Jiri Olsa <jolsa@redhat.com> |
| Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> |
| Tested-by: Jiri Olsa <jolsa@redhat.com> |
| Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> |
| Link: https://lore.kernel.org/r/4117b430ffaa8cd7af042496f87fd7539e4f17fd.1625145429.git.naveen.n.rao@linux.vnet.ibm.com |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| arch/powerpc/net/bpf_jit_comp64.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c |
| index aaf1a887f653..2657bf542985 100644 |
| --- a/arch/powerpc/net/bpf_jit_comp64.c |
| +++ b/arch/powerpc/net/bpf_jit_comp64.c |
| @@ -686,7 +686,7 @@ emit_clear: |
| * BPF_STX ATOMIC (atomic ops) |
| */ |
| case BPF_STX | BPF_ATOMIC | BPF_W: |
| - if (insn->imm != BPF_ADD) { |
| + if (imm != BPF_ADD) { |
| pr_err_ratelimited( |
| "eBPF filter atomic op code %02x (@%d) unsupported\n", |
| code, i); |
| @@ -708,7 +708,7 @@ emit_clear: |
| PPC_BCC_SHORT(COND_NE, tmp_idx); |
| break; |
| case BPF_STX | BPF_ATOMIC | BPF_DW: |
| - if (insn->imm != BPF_ADD) { |
| + if (imm != BPF_ADD) { |
| pr_err_ratelimited( |
| "eBPF filter atomic op code %02x (@%d) unsupported\n", |
| code, i); |
| -- |
| 2.30.2 |
| |