tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

bpf: Fix jit blinding with new sdiv/smov insns

Handle new insns properly in bpf_jit_blind_insn() function.

Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20230728011225.3715812-1-yonghong.song@linux.dev
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Yonghong Song and committed by
Alexei Starovoitov 7058e3a3 ec0e2da9

+12 -6
+10 -4
include/linux/filter.h
··· 93 93 94 94 /* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */ 95 95 96 - #define BPF_ALU64_REG(OP, DST, SRC) \ 96 + #define BPF_ALU64_REG_OFF(OP, DST, SRC, OFF) \ 97 97 ((struct bpf_insn) { \ 98 98 .code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \ 99 99 .dst_reg = DST, \ 100 100 .src_reg = SRC, \ 101 - .off = 0, \ 101 + .off = OFF, \ 102 102 .imm = 0 }) 103 103 104 - #define BPF_ALU32_REG(OP, DST, SRC) \ 104 + #define BPF_ALU64_REG(OP, DST, SRC) \ 105 + BPF_ALU64_REG_OFF(OP, DST, SRC, 0) 106 + 107 + #define BPF_ALU32_REG_OFF(OP, DST, SRC, OFF) \ 105 108 ((struct bpf_insn) { \ 106 109 .code = BPF_ALU | BPF_OP(OP) | BPF_X, \ 107 110 .dst_reg = DST, \ 108 111 .src_reg = SRC, \ 109 - .off = 0, \ 112 + .off = OFF, \ 110 113 .imm = 0 }) 114 + 115 + #define BPF_ALU32_REG(OP, DST, SRC) \ 116 + BPF_ALU32_REG_OFF(OP, DST, SRC, 0) 111 117 112 118 /* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */ 113 119
+2 -2
kernel/bpf/core.c
··· 1272 1272 case BPF_ALU | BPF_MOD | BPF_K: 1273 1273 *to++ = BPF_ALU32_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm); 1274 1274 *to++ = BPF_ALU32_IMM(BPF_XOR, BPF_REG_AX, imm_rnd); 1275 - *to++ = BPF_ALU32_REG(from->code, from->dst_reg, BPF_REG_AX); 1275 + *to++ = BPF_ALU32_REG_OFF(from->code, from->dst_reg, BPF_REG_AX, from->off); 1276 1276 break; 1277 1277 1278 1278 case BPF_ALU64 | BPF_ADD | BPF_K: ··· 1286 1286 case BPF_ALU64 | BPF_MOD | BPF_K: 1287 1287 *to++ = BPF_ALU64_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm); 1288 1288 *to++ = BPF_ALU64_IMM(BPF_XOR, BPF_REG_AX, imm_rnd); 1289 - *to++ = BPF_ALU64_REG(from->code, from->dst_reg, BPF_REG_AX); 1289 + *to++ = BPF_ALU64_REG_OFF(from->code, from->dst_reg, BPF_REG_AX, from->off); 1290 1290 break; 1291 1291 1292 1292 case BPF_JMP | BPF_JEQ | BPF_K: