On 06/29/2019 07:57 AM, Luke Nelson wrote:
> The current x32 BPF JIT for shift operations is not correct when the
> shift amount in a register is 0. The expected behavior is a no-op, whereas
> the current implementation changes bits in the destination register.
>
> The following example demonstrates the bug. The expected result of this
> program is 1, but the current JITed code returns 2.
>
> r0 = 1
> r1 = 1
> r2 = 0
> r1 <<= r2
> if r1 == 1 goto end
> r0 = 2
> end:
> exit
>
> The bug is caused by an incorrect assumption by the JIT that a shift by
> 32 clear the register. On x32 however, shifts use the lower 5 bits of
> the source, making a shift by 32 equivalent to a shift by 0.
>
> This patch fixes the bug using double-precision shifts, which also
> simplifies the code.
>
> Fixes: 03f5781be2c7 ("bpf, x86_32: add eBPF JIT compiler for ia32")
> Co-developed-by: Xi Wang <xi.wang@xxxxxxxxx>
> Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>
> Signed-off-by: Luke Nelson <luke.r.nels@xxxxxxxxx>
Series applied, thanks!
