From: Nicolas Schichan <nschichan@xxxxxxxxxx>
emit_ldx_r() and emit_a32_mov_i() were both using TMP_REG_1 and
clashing with each other. Using TMP_REG_2 in emit_ldx_r() fixes
the issue.
Fixes: ec19e02b343 ("ARM: net: bpf: fix LDX instructions")
Cc: Russell King <rmk+kernel@xxxxxxxxxxxxxxx>
Signed-off-by: Nicolas Schichan <nschichan@xxxxxxxxxx>
Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
---
[ Note, this has been implicitly fixed upstream by a6eccac507e
("ARM: net: bpf: 64-bit accessor functions for BPF registers"),
so the fix here is a minimal stand-alone fix for 4.14. test_bpf
suite runs without error after the fix. ]
arch/arm/net/bpf_jit_32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
index ece2d1d..dafeb5f 100644
--- a/arch/arm/net/bpf_jit_32.c
+++ b/arch/arm/net/bpf_jit_32.c
@@ -915,7 +915,7 @@ static inline void emit_str_r(const u8 dst, const u8 src, bool dstk,
/* dst = *(size*)(src + off) */
static inline void emit_ldx_r(const u8 dst[], const u8 src, bool dstk,
s32 off, struct jit_ctx *ctx, const u8 sz){
- const u8 *tmp = bpf2a32[TMP_REG_1];
+ const u8 *tmp = bpf2a32[TMP_REG_2];
const u8 *rd = dstk ? tmp : dst;
u8 rm = src;
s32 off_max;
--
2.9.5
