Daniel Borkmann 87f947e2bb bpf: Fix clobbering of r2 in bpf_gen_ld_abs ... [ Upstream commit e6a18d3611 ] Bryce reported that he saw the following with: 0: r6 = r1 1: r1 = 12 2: r0 = *(u16 *)skb[r1] The xlated sequence was incorrectly clobbering r2 with pointer value of r6 ... 0: (bf) r6 = r1 1: (b7) r1 = 12 2: (bf) r1 = r6 3: (bf) r2 = r1 4: (85) call bpf_skb_load_helper_16_no_cache#7692160 ... and hence call to the load helper never succeeded given the offset was too high. Fix it by reordering the load of r6 to r1. Other than that the insn has similar calling convention than BPF helpers, that is, r0 - r5 are scratch regs, so nothing else affected after the insn. Fixes: e0cea7ce98 ("bpf: implement ld_abs/ld_ind in native bpf") Reported-by: Bryce Kahle <bryce.kahle@datadoghq.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/cace836e4d07bb63b1a53e49c5dfb238a040c298.1599512096.git.daniel@iogearbox.net Signed-off-by: Sasha Levin <sashal@kernel.org>		2020-10-01 13:14:52 +02:00
..
datagram.c	net: add READ_ONCE() annotation in __skb_wait_for_more_packets()	2019-11-10 11:27:49 +01:00
dev_addr_lists.c
dev_ioctl.c
dev.c	net: disable netpoll on fresh napis	2020-09-12 13:40:23 +02:00
devlink.c	devlink: validate length of region addr/len	2020-03-18 07:14:18 +01:00
drop_monitor.c	drop_monitor: work around gcc-10 stringop-overflow warning	2020-05-20 08:18:33 +02:00
dst_cache.c
dst.c	netfilter: nf_tables: add tunnel support	2018-08-03 21:12:12 +02:00
ethtool.c	ethtool: reduce stack usage with clang	2020-01-17 19:46:55 +01:00
failover.c	failover: allow name change on IFF_UP slave interfaces	2019-04-27 09:36:30 +02:00
fib_notifier.c
fib_rules.c	net: fib_rules: Correctly set table field when table number exceeds 8 bits	2020-03-05 16:42:15 +01:00
filter.c	bpf: Fix clobbering of r2 in bpf_gen_ld_abs	2020-10-01 13:14:52 +02:00
flow_dissector.c	net: dsa: fix flow dissection on Tx path	2019-12-21 10:57:11 +01:00
gen_estimator.c	net: core: protect rate estimator statistics pointer with lock	2018-08-11 12:37:10 -07:00
gen_stats.c	net: sched: put back q.qlen into a single location	2019-03-10 07:17:16 +01:00
gro_cells.c	gro_cells: make sure device is up in gro_cells_receive()	2019-03-19 13:12:38 +01:00
hwbm.c
link_watch.c
lwt_bpf.c	bpf: in __bpf_redirect_no_mac pull mac only if present	2019-01-22 21:40:35 +01:00
lwtunnel.c
Makefile
neighbour.c	neigh_stat_seq_next() should increase position index	2020-10-01 13:14:29 +02:00
net_namespace.c	net/net_namespace: Check the return value of register_pernet_subsys()	2019-12-05 09:20:51 +01:00
net-procfs.c
net-sysfs.c	net-sysfs: add a newline when printing 'tx_timeout' by sysfs	2020-07-31 18:37:47 +02:00
net-sysfs.h
net-traces.c
netclassid_cgroup.c	cgroup, netclassid: remove double cond_resched	2020-05-10 10:30:12 +02:00
netevent.c
netpoll.c	net: disable netpoll on fresh napis	2020-09-12 13:40:23 +02:00
netprio_cgroup.c	netprio_cgroup: Fix unlimited memory leak of v2 cgroups	2020-05-20 08:18:38 +02:00
page_pool.c
pktgen.c	pktgen: do not sleep with the thread lock held.	2019-06-11 12:20:49 +02:00
ptp_classifier.c
request_sock.c
rtnetlink.c	rtnetlink: Fix memory(net_device) leak when ->newlink fails	2020-07-31 18:37:49 +02:00
scm.c
secure_seq.c
skbuff.c	net: handle the return value of pskb_carve_frag_list() correctly	2020-09-23 12:10:57 +02:00
sock_diag.c	net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()	2018-08-14 10:01:24 -07:00
sock_reuseport.c	udp: Copy has_conns in reuseport_grow().	2020-07-31 18:37:48 +02:00
sock.c	net/compat: Add missing sock updates for SCM_RIGHTS	2020-08-21 11:05:32 +02:00
stream.c	tcp: make sure EPOLLOUT wont be missed	2019-09-06 10:22:07 +02:00
sysctl_net_core.c	bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()	2020-07-16 08:17:27 +02:00
timestamping.c
tso.c
utils.c	net: Fix skb->csum update in inet_proto_csum_replace16().	2020-02-05 14:43:53 +00:00
xdp.c	net/xdp: Fix suspicious RCU usage warning	2018-08-16 21:55:21 +02:00