On Thu, Jun 25, 2015 at 05:47:39AM -0700, Xi Wang wrote: > Problems occur when bpf_to or bpf_from has value prog->len - 1 (e.g., > "Very long jump backwards" in test_bpf where the last instruction is a > jump): since ctx->offset has length prog->len, ctx->offset[bpf_to + 1] > or ctx->offset[bpf_from + 1] will cause an out-of-bounds read, leading > to a bogus jump offset and kernel panic. > > This patch moves updating ctx->offset to after calling build_insn(), > and changes indexing to use bpf_to and bpf_from without + 1. > > Cc: Zi Shen Lim <[email protected]> > Cc: Alexei Starovoitov <[email protected]> > Cc: Will Deacon <[email protected]> > Fixes: e54bcde3d69d ("arm64: eBPF JIT compiler") > Signed-off-by: Xi Wang <[email protected]>
Thanks. Applied. -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
