bpf: Fix jit blinding with new sdiv/smov insns

Handle new insns properly in bpf_jit_blind_insn() function.

Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20230728011225.3715812-1-yonghong.song@linux.dev
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/include/linux/filter.h b/include/linux/filter.h
index a93242b..f5eabe3 100644 (file)
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -93,22 +93,28 @@ struct ctl_table_header;
 
 /* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */
 
-#define BPF_ALU64_REG(OP, DST, SRC)                            \
+#define BPF_ALU64_REG_OFF(OP, DST, SRC, OFF)                   \
        ((struct bpf_insn) {                                    \
                .code  = BPF_ALU64 | BPF_OP(OP) | BPF_X,        \
                .dst_reg = DST,                                 \
                .src_reg = SRC,                                 \
-               .off   = 0,                                     \
+               .off   = OFF,                                   \
                .imm   = 0 })
 
-#define BPF_ALU32_REG(OP, DST, SRC)                            \
+#define BPF_ALU64_REG(OP, DST, SRC)                            \
+       BPF_ALU64_REG_OFF(OP, DST, SRC, 0)
+
+#define BPF_ALU32_REG_OFF(OP, DST, SRC, OFF)                   \
        ((struct bpf_insn) {                                    \
                .code  = BPF_ALU | BPF_OP(OP) | BPF_X,          \
                .dst_reg = DST,                                 \
                .src_reg = SRC,                                 \
-               .off   = 0,                                     \
+               .off   = OFF,                                   \
                .imm   = 0 })
 
+#define BPF_ALU32_REG(OP, DST, SRC)                            \
+       BPF_ALU32_REG_OFF(OP, DST, SRC, 0)
+
 /* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */
 
 #define BPF_ALU64_IMM(OP, DST, IMM)                            \

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 3fe8951..646d2fe 100644 (file)
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -1272,7 +1272,7 @@ static int bpf_jit_blind_insn(const struct bpf_insn *from,
        case BPF_ALU | BPF_MOD | BPF_K:
                *to++ = BPF_ALU32_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm);
                *to++ = BPF_ALU32_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
-               *to++ = BPF_ALU32_REG(from->code, from->dst_reg, BPF_REG_AX);
+               *to++ = BPF_ALU32_REG_OFF(from->code, from->dst_reg, BPF_REG_AX, from->off);
                break;
 
        case BPF_ALU64 | BPF_ADD | BPF_K:
@@ -1286,7 +1286,7 @@ static int bpf_jit_blind_insn(const struct bpf_insn *from,
        case BPF_ALU64 | BPF_MOD | BPF_K:
                *to++ = BPF_ALU64_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm);
                *to++ = BPF_ALU64_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
-               *to++ = BPF_ALU64_REG(from->code, from->dst_reg, BPF_REG_AX);
+               *to++ = BPF_ALU64_REG_OFF(from->code, from->dst_reg, BPF_REG_AX, from->off);
                break;
 
        case BPF_JMP | BPF_JEQ  | BPF_K: