Patch "powerpc/bpf: Fix detecting BPF atomic instructions" has been added to the 5.13-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 19 Jul 2021 09:22:22 -0400

This is a note to let you know that I've just added the patch titled

    powerpc/bpf: Fix detecting BPF atomic instructions

to the 5.13-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-bpf-fix-detecting-bpf-atomic-instructions.patch
and it can be found in the queue-5.13 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 2f050a301c296a109005507197ecd6c8d66d7842
Author: Naveen N. Rao <naveen.n.rao@xxxxxxxxxxxxxxxxxx>
Date:   Thu Jul 1 20:38:58 2021 +0530

    powerpc/bpf: Fix detecting BPF atomic instructions
    
    [ Upstream commit 419ac821766cbdb9fd85872bb3f1a589df05c94c ]
    
    Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other
    atomics in .imm") converted BPF_XADD to BPF_ATOMIC and added a way to
    distinguish instructions based on the immediate field. Existing JIT
    implementations were updated to check for the immediate field and to
    reject programs utilizing anything more than BPF_ADD (such as BPF_FETCH)
    in the immediate field.
    
    However, the check added to powerpc64 JIT did not look at the correct
    BPF instruction. Due to this, such programs would be accepted and
    incorrectly JIT'ed resulting in soft lockups, as seen with the atomic
    bounds test. Fix this by looking at the correct immediate value.
    
    Fixes: 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other atomics in .imm")
    Reported-by: Jiri Olsa <jolsa@xxxxxxxxxx>
    Signed-off-by: Naveen N. Rao <naveen.n.rao@xxxxxxxxxxxxxxxxxx>
    Tested-by: Jiri Olsa <jolsa@xxxxxxxxxx>
    Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/4117b430ffaa8cd7af042496f87fd7539e4f17fd.1625145429.git.naveen.n.rao@xxxxxxxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c
index 57a8c1153851..94411af24013 100644
--- a/arch/powerpc/net/bpf_jit_comp64.c
+++ b/arch/powerpc/net/bpf_jit_comp64.c
@@ -667,7 +667,7 @@ emit_clear:
 		 * BPF_STX ATOMIC (atomic ops)
 		 */
 		case BPF_STX | BPF_ATOMIC | BPF_W:
-			if (insn->imm != BPF_ADD) {
+			if (imm != BPF_ADD) {
 				pr_err_ratelimited(
 					"eBPF filter atomic op code %02x (@%d) unsupported\n",
 					code, i);
@@ -689,7 +689,7 @@ emit_clear:
 			PPC_BCC_SHORT(COND_NE, tmp_idx);
 			break;
 		case BPF_STX | BPF_ATOMIC | BPF_DW:
-			if (insn->imm != BPF_ADD) {
+			if (imm != BPF_ADD) {
 				pr_err_ratelimited(
 					"eBPF filter atomic op code %02x (@%d) unsupported\n",
 					code, i);






